FEC Onlineservices
 
Configuration of an IPSec tunnel between the FEC Secure IPSec Client and a bintec R232bw with the FCI
This FAQ describes how to configure an IPSec connection with the FEC Secure IPSec Client (V 1.30 build 86) to a R232bw (Rev. 7.4.4 patch 2) with the new graphical Funkwerk Configuration Interface (FCI).

1. Scenario


2. Conditions
- R232bw is running with a FCI software version >= 7.4.4 patch 2
- The router and the client have an active Internet connection.
- The DynDNS state of the router is up-to-date.

3. IPSec connection details
- Gateway Address: bintec-test.dyndns.org
- PSK:                         test
- Proposal:                  AES/MD5
- DH Group:                2 (1024 Bit)
- Mode:                       Aggressive
- Local ID client:          test-client (FQDN)
- Local ID router:         R232bw.test (not required)
- Client IP address:     100.100.100.100/32
- Router IP address:   192.168.100.1/24

4. IPSec Client configuration
An assistant will guide you through the configuration steps when the IPSec Client is started for the first time or a new connection is going to be configured.



Enter a name for the IPSec connection.



Choose your Internet connection type.



Enter the domain name or the IP address of the IPSec Gateway (R232bw).



Choose the IPSec mode and PFS Group.



Enter the Pre Shared Key and the Local ID.



Choose manual IP assignment and enter the IP address and subnet mask.



Choose your firewall state and finish the assistant. Firewall should be enabled if the FEC secure IPSec Client is directly connected to the internet. In this example it is disabled.



To enter the destination network (192.168.100.0/24) choose the menu Configuration -> Profile Settings -> Profile Entry (R232bw test) Configure -> Remote Networks. If no destination is entered the IPSec connection would act as a default route.


5. R232bw FCI configuration
Enter the IP address of the R232bw in your web browser and login to the router. Then choose VPN -> IPSec in the navigation bar.

Choose the Phase-1 Profiles register to edit the phase 1 parameters.



Choose the Phase-2 Profiles register to edit the phase 2 parameters.



Choose the IPSec Peers register to add the IPSec peer.


6. Test
Your IPSec connection has been successfully established once you see the following message after connecting to the router.



To Check the status of the IPSec connection on the router, choose Monitoring -> IPSec in the navigation bar. The IPSec connection is established if the state shows a green symbol with an up arrow. Click on the loupe to get detailed connection information.








on

2013 bintec elmeg GmbH