Knowledge Base

 
Reset Search
 

 

Article

Series 3: VPN Quick Start Guide for capable Cradlepoint products

« Go Back

Information

 
Content

Series 3: VPN Quick Start Guide for capable Cradlepoint products

Products Supported: AER3100, AER2100, MBR1400, MBR1200B, CBR4x0, IBR6x0, IBR6x0B, IBR11x0. Click here to identify your router.

Firmware Version: 5.3.0 (4.3.2 for CBR4x0)- for information on upgrading firmware, click here.

Firmware version 6.0 has been released and introduces a vastly improved GUI for all current Series 3 routers.  Cradlepoint has created new Knowledge Base articles with updated screen shots and instructions for the new GUI layout.  As a result, this article has received its final update.  To view the version of this Knowledge Base article for Firmware 6.0 and Later please click here.


Quick Links

Summary

Configuration

Use Cases

Related Articles


Summary

This article provides a general explanation of how to setup a VPN tunnel.


Configuration

Configuration Difficulty: Intermediate
  • Step 1: Log into the router's Setup Page. For help with logging in please click here.
  • Step 2: Click on Internet and select VPN Tunnels from the drop-down menu.
  • Step 3: Under VPN Tunnels click Enable VPN Service.
  • Step 4: Under VPN Tunnels click Add.
  • Step 5: Configure the General settings for the VPN tunnel.
    • Name: The name is to allow you to easily reference the Tunnel so it should be simple but descriptive.
    • Local Identity: This is not required for connections with Static IP addresses, but you can use it if you’d like to. Make it whatever you want, this is your identity, but it must match the Remote Identity on the other end of the tunnels settings. If you are using a Dynamic DNS domain service for your DHCP IP address from your carrier, you will want to add a Local Identity here. This essentially adds an additional layer of security when initializing the secured tunnel. If you use a Local Identity, you must use a Remote Identity on the other end of the tunnel.
    • Remote Identity: this is not required for connections with Static IP addresses, but you can use it if you’d like to. Make it whatever you want, this is the other end of the tunnel’s identity, but it must match the Local Identity on the other end of the tunnels settings. If you are using a Dynamic DNS domain service for your DHCP IP address from your carrier, you will want to add a Remote Identity here. This essentially adds an additional layer of security when initializing the secured tunnel. If you use a Remote Identity, you must use a Local Identity on the other end of the tunnel.
    • Pre-shared Key: Any password works here, it just must be the same on both ends of the tunnel.
    • Initiation Mode:
      • Always On is used if you want the router to initiate the tunnel connection whenever the WAN becomes available.
      • On Demand is used when you want the router to initiate the tunnel connection if and only if there is data traffic intended for the remote side of the tunnel.
    • Ensure the Tunnel Enabled checkbox is checked.
  • Step 6: Click Next.
  • Step 7: Configure Local Networks.
    • Click Add to specify a new Local Network.
    • Network Address: The network address of any LANs you want to be accessible across the VPN.
    • Subnet Mask: The Subnet Mask of the network described in the Network Address.
  • Step 8: Click Next.
  • Step 9: Configure the Remote Gateway and Networks.
    • Remote Gateway: The WAN IP of the device terminating the other end of the VPN tunnel.
    • Remote Networks: The network address of the LANs you wish to reach across the VPN tunnel.
    • Subnet Mask: The Subnet Mask of the network described in the Remote Networks.
  • Step 10: Click Next.
  • Step 11: Configure IKE Phase 1 settings.
    • Exchange Mode: Main should be used when both sides of the tunnel have Public WAN IP's. Aggressive is used when one side is a NAT'd IP.
    • Encryption: Select the Encryption Algorithm(s) you wish to use.
    • Hash: Select the Hash Algorithm(s) you wish to use.
    • DH Groups: Select the Diffee-Hellman Group(s) you wish to use.
    • Note: These setting will need to match the IKE Phase 1 settings on the other side of the tunnel.
  • Step 12: Click Next.
  • Step 13: Configure IKE Phase 2 settings.
    • Perfect Forward Secrecy: Enabling this feature will require IKE to generate a new set of keys in Phase 2 rather than using the same key generated in Phase 1.
    • Encryption: Select the Encryption Algorithm(s) you wish to use.
    • Hash: Select the Hash Algorithm(s) you wish to use.
    • DH Groups: Select the Diffee-Hellman Group(s) you wish to use.
    • Note: These setting will need to match the IKE Phase 2 settings on the other side of the tunnel.
  • Step 14: Click Next.
  • Step 15: Configure Dead Peer Detection settings as needed.
  • Step 16: Click Finish.
  • Step 17: Review your settings on the Tunnel Summary window.
  • Step 18: Click Yes to submit your tunnel.

Use Cases

General VPN Setup

VPN to Other Vendors


Related Articles/Links


Published Date: 08/13/2015


This article not have what you need?  Not find what you were looking for?  Think this article can be improved?  Please let us know at suggestions@cradlepoint.com.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255