Sierra Wireless IPSec User's Guide

IPSec User Guide2120028Rev 2.2

Introducing IPSecRev 2.2 Jun.11 3ScenariosSierraWirelessAirLinkmodemswithIPSecaredesignedtosupportthegateway‐to‐gatewaysecuritymodel.I

IPsec User Guide4 2120028Figure 1-3: Corporate Email Server scenarioc. Google(twowaytransmissionofinsecuredata):Thelaptopuserwantstoacce

Introducing IPSecRev 2.2 Jun.11 5Figure 1-5: Pass through mode Thenextchapterwalksyouthroughtheinstallationandconfigurationstepsofesta

IPsec User Guide6 2120028

Rev 2.2 Jun.11 622: Installation and Configuration• Set-Up• Installation• Configuration Settings Thischaptercoversinstallationandconfiguration

IPsec User Guide7 2120028Set-UpIPSechasawidevarietyofuserconfigurationoptions.WhenIPSecisenabled,itmustbedoneforthepurposeofcrea

IPsec User Guide8 2120028InstallationPleaseuninstallanypreviousversionsofAceManagerthathadbeeninstalledonyourPC,priortoinstallingthe

IPsec User Guide9 2120028Figure 2-3: IPSec Pane in AceManager2. Click on IPSecThedesiredgrouptabwillshowrespectiveparametersanddetailsont

IPsec User Guide10 2120028IPSec Gateway 64.163.70.30 Fill in the IPSec of the VPN concentrator.Pre-shared Key 1 SierraWireless 8 to 31 case sensitive

IPsec User Guide11 2120028Remote Address 10.11.12.0 Address of the remote device. Choose from two options: 5- Single Address and 17-Subnet Address.Re

IPsec User Guide12 2120028Toconfirmasuccessfulconnection,thefollowingtestscanberun:• ConnectaPCtothemodemandattempttopingtheIPa

IPsec User Guide13 2120028m. Outgoing Host Out of Band:ToaccessinternetbybypassingtheIPSectunnel,youcansetthisparameteras“1”.Note: I

IPsec User Guide14 2120028Figure 2-5: PinPoint Configuration2. Providethe Server IP Addressontheright‐handsidepane.3. EntertheReport Interv

IPsec User Guide15 2120028AnAVLApplicationservermodemreportnotificationimageisprovidedasanexample.Figure 2-6: Application Server Tunnel7

Installation and ConfigurationRev 2.2 Jun.11 16Figure 2-8: Host Private Subnet 3. Clickon PPP ethernet.Setthemodemtoprivatemode.Figure 2-9:

IPsec User Guide17 21200284. Configurethe IPSec Interface parameteras“1”,toenableIPSec.OnceIPSecisenabled,thefactorydefaultsettingssho

Rev 2.2 Jun.11 18AA: Sample Configuration File VPN Configuration fileTwoexamplesofStaticIPandDynamicIPareprovidedinthefollowingsections

IPsec User Guide19 username progent privilege 15 password 0 progent!crypto isakmp policy 2 encr 3des authentication pre-share group 2 lifetime 28000c

Sample Configuration FileRev 2.2 Jun.11 20interface FastEthernet0/1 ip address 192.168.2.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex

IPsec User Guide21 Dynamic IP1841b_dynamic#1841b_dynamic#sh runBuilding configuration...Current configuration : 1479 bytes!version 12.4service timest

Rev 2.2 Jun.11 iImportant Notice Duetothenatureofwirelesscommunications,transmissionandreceptionofdatacanneverbeguaranteed.Datamay

Sample Configuration FileRev 2.2 Jun.11 22!crypto isakmp policy 100 encr 3des authentication pre-share group 2 lifetime 28000crypto isakmp key 6 key

IPsec User Guide23 ip route 0.0.0.0 0.0.0.0 64.163.70.1!ip http serverno ip http secure-serverip nat pool nat 64.163.70.104 64.163.70.104 netmask 255

Rev 2.2 Jun.11 24BB: IPsec Architecture Standards of the M2M IPSec Support SierraWirelessM2MIPSecsupportsthefollowi ngstandards:• RFC1829–

IPsec User Guide25 · MODP4096(available,butnotcurrentlysupported)· MODP6144(available,butnotcurrentlysupported)· MODP8192(available,

Rev 2.2 Jun.11 iiDIRECT,INDIRECT,SPECIAL,GENERAL,INCIDENTAL,CONSEQUENTIAL,PUNITIVEOREXEMPLARYDAMAGESINCLUDING,BUTNOTLIMITEDTO,LOSSO

Rev 2.2 Jun.11 iiiConsultourwebsiteforup‐to‐dateproductdescriptions,documentation,applicationnotes,firmwareupgrades,trouble‐shootingti

Rev 2.2 Jun.11 1ContentsIntroducing IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

IPsec User Guide2 2120028

Rev 2.2 Jun.11 111: Introducing IPSec• Overview• Scenarios IPprotocolthatdrivestheInternetisinherentlyinsecure.InternetProtocolSecurity

IPsec User Guide2 2120028otherend.TheremotegatewayisconnectedtoaRemotenetworkandtheVPNisconnectedtotheLocalnetwork.Thecommunicat