configuring a vpn for static ip connections... · 2017-07-21 · 1 configuring a vpn for static ip...

Global Leader in 4G LTE Network Solutions

1111 W Jefferson St #400, Boise, ID, 83702 | Toll Free: +1.855.813.3385 | cradlepoint.com 1

Configuring a VPN for Static IP Connections

Summary

A Virtual Private Network (VPN) is a virtual private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet. This article explains how to set up a basic IPSEC VPN-terminated tunnel between capable CradlePoint Series 3 routers when the connections on both routers are configured with publicly routable static IP addresses. Before getting started, first make sure that both CradlePoint routers are online and are properly obtaining static IP addresses from your ISP(s). Additionally, you will need to make sure that the local networks of the routers do not match. For example, if Router #1 is already set up using the default network of 192.168.0.1, you would want to change Router #2's local network to use a different private network (such as 192.168.100.1 or 172.16.0.1). For assistance changing the local IP address of a Series 3 CradlePoint router, please refer to this article: How to change the router's local IP address.

After verifying that both CradlePoint routers are online with routable static IP addresses, and after verifying that both routers have been configured on different local subnets, the directions below will help configure a VPN tunnel between the two routers.

This is an example setup where both routers have routable static WAN IP addresses. Computer #1 is connected behind Router #1 and Computer #2 is connected behind Router #2.

A typical VPN tunnel between these routers would allow Computer #1 (and other computers getting addresses from Router #1) to be able to connect directly to Computer #2 (and other computers getting addresses from Router #2) using a secure tunnel across the unsecure public Internet.

Configuration

Configuration Difficulty: Intermediate

Router #1 Configuration:

- Step 1: Log into NCOS. For help with logging in please click here. - Step 2: Click on Networking and select Tunnels and then IPSec VPN.

http://knowledgebase.cradlepoint.com/articles/Support/Change-the-LAN-IP-Address-of-a-Series-3-CradlePoint

http://knowledgebase.cradlepoint.com/articles/Support/NCOS-Accessing-the-Setup-Pages-of-a-CradlePoint-router?retURL=%2Fapex%2FknowledgeSearch%3Fc%3DWiPipe_Series_3%26k%3Daccessing%2Bthe%2Bsetup%2Bpages%26lang%3Den_US&popup=false&c=WiPipe_Series_3&lang=en_US



- Step 3: Under VPN Tunnels click Add. - Step 4: Enter a Tunnel Name. - Step 5: Enter a Pre-Shared Key. - Step 6: Set the Initiation Mode to your desired setting.

o Note: On Demand will leave the tunnel idle until traffic bound for the other side of the tunnel is detected. Always

On will keep the tunnel active whenever the WAN connection is active. - Step 7: Click Next.



- Step 8: In the Local Networks section click Add and enter the LAN of Router #1 you want to be available across the VPN

tunnel. - Step 9: Click Next.



- Step 10: Enter the WAN IP of Router #2 in the Remote Gateway. - Step 11: In the Remote Networks section click add and enter the LAN of Router #2 you want to be available across the

VPN tunnel. - Step 12: Click Next.



- Step 13: For IKE Phase 1 leave the default settings. - Step 14: Click Next.

- Step 15: For IKE Phase 2 leave the default settings. - Step 16: Click Next.



- Step 17: For Dead Peer Detection leave the default settings. - Step 18: Click Finish.



- Step 19: Under VPN Tunnels click Enable VPN Service and then Start to start the VPN service on the router.

Router #2 Configuration:

- Step 1: Log into the router's Setup Page. For help with logging in please click here. - Step 2: Click on Networking and select Tunnels and then IPSec VPN. - Step 3: Under VPN Tunnels click Add. - Step 4: Enter a Tunnel Name. - Step 5: Enter a Pre-Shared Key. - Step 6: Set the Initiation Mode to your desired setting.

o Note: On Demand will leave the tunnel idle until traffic bound for the other side of the tunnel is detected. Always On will keep the tunnel active whenever the WAN connection is active.

- Step 7: Click Next. - Step 8: In the Local Networks section click Add and enter the LAN of Router #2 you want to be available across the VPN

tunnel. - Step 9: Click Next.

http://knowledgebase.cradlepoint.com/articles/Support/Accessing-the-Setup-Pages-of-a-Series-3-CradlePoint-router?c=WiPipe_Series_3&c=All_Products



- Step 10: Enter the WAN IP of Router #1 in the Remote Gateway. - Step 11: In the Remote Networks section click add and enter the LAN of Router #1 you want to be available across the

VPN tunnel. - Step 12: Click Next.



- Step 13: For IKE Phase 1 leave the default settings. - Step 14: Click Next. - Step 15: For IKE Phase 2 leave the default settings. - Step 16: Click Next. - Step 17: For Dead Peer Detection leave the default settings. - Step 18: Click Finish. - Step 19: Under VPN Tunnels click Enable VPN Service and then Start to start the VPN service on the router.

Note: This example VPN shows how to make local networks available across a VPN. If you need to have other local or public networks

routed across the VPN, these networks will need to be added into the “Remote Gateway” settings for the router sending the traffic across the VPN.

For example, if the “Remote Network” in Router #2’s VPN configuration was changed from 172.16.0.0/255.255.0.0 to 0.0.0.0/0.0.0.0, this would force all Internet traffic coming from Router #2 to be sent across the VPN rather than being handled by Router #2’s WAN source.

configuring a vpn for static ip connections... · 2017-07-21 · 1 configuring a vpn for static ip...

Documents