FEC Onlineservices
 
IKE Config Mode and Xauth on a bintec Router - Configuration: Setup Tool
This FAQ describes the configuration of a VPN-IPSec Peer with IKE Config Mode and a Xauth profile on a bintec router. A bintec R3002 featuring software version 7.9.1 patch 2 is used in the example. Other bintec routers with comparable software versions are configured identically. The configuration is effected via Setup Tool.The Xauth profile is optional and does not need to be chosen when using the IKE Config Mode.

1. Requirements
  • the bintec router is accessible via internet
  • the bintec router features at least software version 7.8.7

2. Establishing the IP Pool
R3002 Setup Tool                       Funkwerk Enterprise Communications GmbH
[IP][DYNAMIC][POOL][ADD]: Define Range of IP Addresses                   r3002
_______________________________________________________________________________

     Identifier                              1
     Description                             Pool-IKE
     IP Address                              192.168.1.1
     Number of Consecutive Addresses         20
     Primary Domain Name Server              0.0.0.0
     Secondary Domain Name Server            0.0.0.0



                    SAVE                               CANCEL
_______________________________________________________________________________
At first, please establish an IP Pool for the VPN-IPSec user in case that it has not been exisiting yet. (you can also use an already exisiting IP Pool). It can be established via IP > IP Address Pools > Pools > ADD

3. Configuration of the IPSec Peer
The configuration of the IPSec Peer is effected as usual. The screenshots below show some example settings:

R3002 Setup Tool                       Funkwerk Enterprise Communications GmbH
[PEERS][EDIT]: Configure Peer                                            r3002
_______________________________________________________________________________


     Description:       IKE-xauth
     Admin Status:      up

     Peer Address:
     Peer IDs:          IKE-xauth
     Pre Shared Key:    *

     IPSec Callback >
     Peer specific Settings >

     Virtual Interface: yes
     Interface IP Settings >

 

                          SAVE                          CANCEL
_______________________________________________________________________________
R3002 Setup Tool                       Funkwerk Enterprise Communications GmbH
[PEERS][EDIT][SPECIAL][PHASE1][EDIT]                                     r3002
_______________________________________________________________________________

   Description (Idx 1) :    phase1
   Proposal              :  19 (AES/MD5)
   Lifetime Policy       :  Propose this lifetime,accept and use all proposals
                            Seconds: 28800       KBytes: 0
   Group                 :  2 (1024 bit MODP)
   Authentication Method :  Pre Shared Keys
   Mode                  :  aggressive
   Alive Check           :  autodetect
   Block Time            :  30
   Local ID              :  R3002
   Local Certificate     :  none
   CA Certificates       :
   Nat-Traversal         :  enabled

   View Proposals >

                         SAVE                          CANCEL
_______________________________________________________________________________
R3002 Setup Tool                       Funkwerk Enterprise Communications GmbH
[PEERS][EDIT][SPECIAL][PHASE2][EDIT]                                     r3002
_______________________________________________________________________________

   Description (Idx 1) :    phase2

   Proposal              :  23 (ESP(AES/MD5))
   Lifetime Policy       :  Propose this lifetime,accept and use all proposals
                            Seconds: 14400       KBytes: 0
   Use PFS               :  none
   Alive Check           :  autodetect
   Propagate PMTU        :  yes

   View Proposals >

 

                         SAVE                          CANCEL
_______________________________________________________________________________
R3002 Setup Tool                       Funkwerk Enterprise Communications GmbH
[PEERS][EDIT][SPECIAL][IP][BASIC]: IP-Settings (IKE-xauth)               r3002
_______________________________________________________________________________


  IP Transit Network                    IKE Config Server Mode

 
  Local IP Address                      192.168.1.254

 
  IP Address Pool                       Pool-IKE
 

                    SAVE                               CANCEL
_______________________________________________________________________________
Please choose IKE Config Server Mode as well as your IP Adress Pool (in this example, Pool-IKE) via Interface IP Settings > Basic Settings.

R3002 Setup Tool                       Funkwerk Enterprise Communications GmbH
[PEERS][EDIT][][IP][ADVANCED]: Advanced Settings (IKE-xauth)             r3002
_______________________________________________________________________________


  RIP Send                          none
  RIP Receive                       none

  IP Accounting                     off
  Back Route Verify                 off
  Route Announce                    up or dormant
  Proxy Arp                         on (up only)


                    OK                                 CANCEL
_______________________________________________________________________________
Please got to Interface IP Settings > Advanced Settings to activate Proxy Arp.

Of course, Proxy Arp has to be activated on your LAN, too. (LAN Ethernet > en1-x > Advanced Settings)

4. Configuration of a Xauth Profile (optional)
Please choose Peer Specific Settings in your IPSec Peer (in this example, IKE-xauth)

R3002 Setup Tool                       Funkwerk Enterprise Communications GmbH
[PEERS][EDIT][SPECIAL]: Special Settings (IKE-xauth)                     r3002
_______________________________________________________________________________


     Special settings for peer No. 1  :  IKE-xauth

 

     IKE (Phase 1) Profile:   phase1                 edit >

     IPsec (Phase 2) Profile: phase2                 edit >

     Special Peer Type:       None
     Start Mode:              On Demand


     XAUTH Profile:           (none)               edit >

                          SAVE                          CANCEL

_______________________________________________________________________________
Please go to XAUTH Profile and choose edit > XAUTH Profiles

R3002 Setup Tool                       Funkwerk Enterprise Communications GmbH
[PEERS][EDIT][SPECIAL][XAUTH]: IPsec Configuration - XAUTH Profiles      r3002
_______________________________________________________________________________


  Id  Description    Role      Mode

  

     ADD                 DELETE              EXIT
_______________________________________________________________________________
You can add a new XAUTH profile by using the ADD button.

R3002 Setup Tool                       Funkwerk Enterprise Communications GmbH
[PEERS][EDIT][SPECIAL][XAUTH][ADD]                                       r3002
_______________________________________________________________________________

   Index                  : 1
   Description            : xauthpool
   Role                   : server
   Mode                   : local

   UserListGroupId        : 1


   View UserList >

 

                         SAVE                          CANCEL
_______________________________________________________________________________
The description is arbitrary. However, please choose server as Role and as Mode local.

Moreover, please choose View UserList in order to add and edit new users for the XAUTH profile.

R3002 Setup Tool                       Funkwerk Enterprise Communications GmbH
[PEERS][EDIT][SPECIAL][XAUTH][ADD][ULIST][EDIT]                          r3002
_______________________________________________________________________________


   Name      : IKE-xauth
   Password  : *
   GroupId   : 1
 


                         SAVE                          CANCEL
_______________________________________________________________________________
Please assign a name and a password for each user.

R3002 Setup Tool                       Funkwerk Enterprise Communications GmbH
[PEERS][EDIT][SPECIAL]: Special Settings (IKE-xauth)                     r3002
_______________________________________________________________________________


     Special settings for peer No. 1  :  IKE-xauth

 

     IKE (Phase 1) Profile:   phase1                 edit >

     IPsec (Phase 2) Profile: phase2                 edit >

     Special Peer Type:       None
     Start Mode:              On Demand


     XAUTH Profile:           xauthpool              edit >

                          SAVE                          CANCEL

_______________________________________________________________________________
Finally, you can choose the new XAUTH profile at the Peer specific settings.

lm

2013 bintec elmeg GmbH