Sierra Wireless IPSec User manual

Type
User manual

Sierra Wireless IPSec is a powerful tool that can help you to protect your data and communications. With its advanced security features, IPSec can help you to keep your data confidential, prevent unauthorized access, and ensure that your communications are authentic and reliable.

Here are some of the key features and benefits of Sierra Wireless IPSec:

  • Data confidentiality: IPSec encrypts your data so that it cannot be read by unauthorized users. This is essential for protecting sensitive data, such as financial information, medical records, and trade secrets.
  • Access control: IPSec allows you to control who can access your network and data. This is important for preventing unauthorized users from gaining access to your systems and data.

Sierra Wireless IPSec is a powerful tool that can help you to protect your data and communications. With its advanced security features, IPSec can help you to keep your data confidential, prevent unauthorized access, and ensure that your communications are authentic and reliable.

Here are some of the key features and benefits of Sierra Wireless IPSec:

  • Data confidentiality: IPSec encrypts your data so that it cannot be read by unauthorized users. This is essential for protecting sensitive data, such as financial information, medical records, and trade secrets.
  • Access control: IPSec allows you to control who can access your network and data. This is important for preventing unauthorized users from gaining access to your systems and data.
IPSec
User Guide
2120028
Rev 2.2
Rev 2.2 Aug.08 i
Important Notice Duetothenatureofwirelesscommunications,transmission
andreceptionofdatacanneverbeguaranteed.Datamaybe
delayed,corrupted(i.e.,haveerrors)orbetotallylost.
Althoughsignificantdelaysorlossesofdataarerarewhen
wirelessdevicessuchastheSierraWirelessAirLinkProduct
Nameareusedin
anormalmannerwithawellconstructed
network,theSierraWirelessAirLinkProductNameshould
notbeusedinsituationswherefailuretotransmitorreceive
datacouldresultindamageofanykindtotheuserorany
otherparty,includingbutnotlimitedtopersonalinjury,death,
or
lossofproperty.SierraWirelessacceptsnoresponsibilityfor
damagesofanykindresultingfromdelaysorerrorsindata
transmittedorreceivedusingtheSierraWirelessAirLink
ProductName,orforfailureoftheSierraWirelessAirLink
ProductNametotransmitorreceivesuchdata.
Safety and Hazards DonotoperatetheSierraWirelessAirLink ProductNamein
areaswhereblastingisinprogress,whereexplosive
atmospheresmaybepresent,nearmedicalequipment,near
lifesupportequipment,oranyequipmentwhichmaybe
susceptibletoanyformofradiointerference.Insuchareas,the
SierraWirelessAirLinkProductName
MUSTBEPOWERED
OFF.TheSierraWirelessAirLinkProductNamecantransmit
signalsthatcouldinterferewiththisequipment.
DonotoperatetheSierraWirelessAirLink ProductNamein
anyaircraft,whethertheaircraftisonthegroundorinflight.
Inaircraft,theSierraWirelessAirLinkProductNameMUST
BEPOWEREDOFF.Whenoperating,theSierraWireless
AirLinkProductNamecantransmitsignalsthatcould
interferewithvarious
onboardsystems.
Note: Some airlines may permit the use of cellular phones while the
aircraft is on the ground and the door is open. Sierra Wireless AirLink
Product Name may be used at this time.
Thedriveroroperatorofanyvehicleshouldnotoperatethe
SierraWirelessAirLinkProductNamewhileincontrolofa
vehicle.Doingsowilldetractfromthedriveroroperatorʹs
controlandoperationofthatvehicle.Insomestatesand
provinces,operatingsuchcommunicationsdeviceswhilein
controlof
avehicleisanoffence.
Limitation of
Liability
Theinformationinthismanualissubjecttochangewithout
noticeanddoesnotrepresentacommitmentonthepartof
SierraWireless.SIERRAWIRELESSANDITSAFFILIATES
SPECIFICALLYDISCLAIMLIABILITYFORANYANDALL
Rev 2.2 Aug.08 ii
DIRECT,INDIRECT,SPECIAL,GENERAL,INCIDENTAL,
CONSEQUENTIAL,PUNITIVEOREXEMPLARYDAMAGES
INCLUDING,BUTNOTLIMITEDTO,LOSSOFPROFITSOR
REVENUEORANTICIPATEDPROFITSORREVENUE
ARISINGOUTOFTHEUSEORINABILITYTOUSEANY
SIERRAWIRELESSPRODUCT,EVENIFSIERRAWIRELESS
AND/ORITSAFFILIATESHASBEENADVISEDOFTHE
POSSIBILITY
OFSUCHDAMAGESORTHEYARE
FORESEEABLEORFORCLAIMSBYANYTHIRDPARTY.
Notwithstandingtheforegoing,innoeventshallSierra
Wirelessand/oritsaffiliatesaggregateliabilityarisingunderor
inconnectionwiththeSierraWirelessproduct,regardlessof
thenumberofevents,occurrences,orclaimsgivingriseto
liability,beinexcessofthepricepaidbythepurchaserforthe
SierraWireless
product.
Patents Portionsofthisproductmaybecoveredbysomeorallofthe
followingUSpatents:
5,515,013 5,629,960 5,845,216 5,847,553 5,878,234
5,890,057 5,929,815 6,169,884 6,191,741 6,199,168
6,339,405 6,359,591 6,400,336 6,516,204 6,561,851
6,643,501 6,653,979 6,697,030 6,785,830 6,845,249
6,847,830 6,876,697 6,879,585 6,886,049 6,968,171
6,985,757 7,023,878 7,053,843 7,106,569 7,145,267
7,200,512 D442,170 D459,303
andotherpatentspending.
Copyright ©2008SierraWireless.Allrightsreserved.
Trademarks AirCard
®
and“HeartoftheWirelessMachine
®
areregistered
trademarksofSierraWireless.Watcher
®
isatrademarkof
SierraWireless,registeredintheEuropeanCommunity.
AirLink™andAceWare™aretrademarksofSierraWireless.
SierraWireless,theSierraWirelesslogo,theredwavedesign,
andtheredtippedantennaaretrademarksofSierraWireless.
Windows
®
isaregisteredtrademarkofMicrosoftCorporation.
Othertrademarksarethepropertyoftherespectiveowners.
Rev 2.2 Aug.08 iii
Contact
Information
Consultourwebsiteforuptodateproductdescriptions,
documentation,applicationnotes,firmwareupgrades,trouble
shootingtips,andpressreleases:
www.sierrawireless.com
Revision History
Support Desk: Phone: 1-877-231-1144
Hours: 5:00 AM to 5:00 PM Pacific Time,
Monday to Friday, except US Holidays
Sales Desk: Phone: 1-510-624-4200
1-604-232-1488
Hours: 8:00 AM to 5:00 PM Pacific Time
Post: Sierra Wireless America
39677 Eureka Drive
Newark, CA
USA 94560
Sierra Wireless
13811 Wireless Way
Richmond, BC
Canada V6V 3A4
Fax: 1-510-624-4299
1-604-231-1109
Web: www.sierrawireless.com
Revision
number
Release
date
Changes
1.x Q2: 2008 IPSec User Guide documentation created.
2.x Q2:2008 IPSec User Guide documentation revised and updated.
Rev 2.2 Aug.08 1
Contents
Introducing IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Key Features of IPSec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Remote Access Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Set-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Modem Configuration Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
AT*RESETCFG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
HTTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Network behind the modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Sample Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
VPN Configuration file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Static IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Dynamic IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
IPsec Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Standards of the M2M IPSec Support . . . . . . . . . . . . . . . . . . . . . . . . . 24
Security Algorithms: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Reference Material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Rev 2.2 Aug.08 1
1
1: Introducing IPSec
Overview
Scenarios IPprotocolthatdrivestheInternetisinherentlyinsecure.
InternetProtocolSecurity(IPSec),whichisastandardsbased
protocol,securescommunicationsofIPpacketsoverpublic
networks.
Organizationsarestrivingtoprotecttheircommunication
channelsfromunauthorizedviewingandenforcingauthenti
cationoftheentitiesattheothersideofthechannel.
Unauthorizedaccesstothesensitivedatacanbeavoidedby
usingIPSec.ByapplyingsecurityattheIPlayerintheOSI
model,communicationscanbeprotected.Inthismannerthe
upperlayersintheOSImodelcanleveragethesecurity
servicesprovidedattheIPlayer.
SierraWirelessAirLink™hasaddedIPSec,asalatestaddition
tothelistoffeatures,inalltheALEOSpoweredAirLinkXand
XTplatformsofdevices.
Overview
IPSecisacommonnetworklayersecuritycontrolandisused
tocreateavirtualprivatenetwork(VPN).
TheadvantagesoftheIPSecfeatureincludes:
DataProtection:DataContentConfidentialityallowsusers
toprotecttheirdatafromanyunauthorizedview,because
thedataisencrypted(encryptionalgorithmsareused).
AccessControl:AccessControlimpliesasecurityservice
thatpreventsunauthorizeduseofaSecurityGateway,a
networkbehindagatewayorbandwidthonthatnetwork.
DataOriginAuthentication:DataOriginAuthentication
verifiestheactualsender,thuseliminatingthepossibility
offorgingtheactualsendersidentificationbyathird
party.
DataIntegrity:DataIntegrityAuthenticationallowsboth
endsofthecommunicationchanneltoconfirmthatthe
originaldatasenthasbeenreceivedastransmitted,
withoutbeingtamperedwithintransit.Thisisachieved
byusingauthenticationalgorithmsandtheiroutputs.
TheIPSecarchitecturemodelincludestheSierraWireless
AirLinkmodemasaremotegatewayatoneendcommuni
cating,throughaVPNtunnel,withaVPNgatewayatthe
IPsec User Guide
2 2120028
otherend.TheremotegatewayisconnectedtoaRemote
networkandtheVPNisconnectedtotheLocalnetwork.The
communicationofdataissecurethroughtheIPSecprotocols.
Figure 1-1: IPSec Architecture
Key Features of IPSec VPN
IPseciscompatiblewithawiderangeofapplications
Providesenhanceddatasecurityforallapplications
connectedthroughacompatibleAirlinkgateway
Noadditionalinstallationrequired
Simplewizardbasedsetup
Remotemanagement,controlandconfigurationvia
AceWaretoolsandutilities
Securetwowaycommunicationchannelwithdata
encryption
Canbedownloaded,configuredandinstalledovertheair
forcurrentlydeployedAirLinkRavenX,PinPointXand
RavenXTdevice
Sectionsinthisdocument,thatprovidefurtherinformation
aboutIPSec,are:
1. UserscenarioswithgraphicillustrationoftheIPSec
feature.
2. VPNconfigurationsettingsandVPNparameters.
3. IPsecconfigurationsettings.Itisassumedthataudience
hasknowledgeofAceManager.
4. Testingandbasictroubleshooting.
Introducing IPSec
Rev 2.2 Aug.08 3
Scenarios
SierraWirelessAirLinkmodemswithIPSecaredesignedto
supportthegatewaytogatewaysecuritymodel.
IPsecisthemostgeneralsecuritymodel,inthatitallowseither
sidetoinitiateaVPNsession.Someuserscenario’sare
discussedinthissection.
Intheseexamples,theterm“VPNtunnel”isusedtoindicatea
secureIPSecconnection.
Remote Access Scenarios
1. Thisscenarioshowsthreeremoteaccessactivities:
a. AVLApplicationServer(onewaytransmissionof
securedata):AirLinkmodemhasGPScapability
(PinPointmodel).ThemodemhassetupaVPNtunnel
withacorporateVPNboxandisconfiguredtosend
GPSlocationdatatothecorporatenetwork.
Figure 1-2: AVL Application Server scenario
b. CorporateEmailServer(twowaytransmissionof
securedata):AirLinkmodemisconnectedtoalaptop.
ThemodemsetuphasaVPNtunnelwiththe
corporateVPNbox.Throughthemodem,thelaptop
cansecurelyaccessthecorporateemailserver.
IPsec User Guide
4 2120028
Figure 1-3: Corporate Email Server scenario
c. Google(twowaytransmissionofinsecuredata):The
laptopuserwantstoaccessGoogle.TheGoogleaccess
canbeperformedwhilethecorporateVPNtunnelis
active.
Figure 1-4: Web Server scenario
d. Passthrough(twowaytransmissionofsecuredata):
TheAirLinkmodemhasregulardataconnectionwith
thelaptop(VPNClient)andtheVPNgateway.
Introducing IPSec
Rev 2.2 Aug.08 5
Figure 1-5: Pass through mode
Thenextchapterwalksyouthroughtheinstallationand
configurationstepsofestablishinganIPSecsetuponyour
modemtoconnecttothetestserversatSierraWireless.You
canfollowthesameprocessforconnectingtoyourownVPN
gateway.
Rev 2.2 Aug.08 6
2
2: Installation and Configuration
Set-Up
Installation
Configuration Settings Thischaptercoversinstallationandconfigurationsteps(Sierra
Wirelesstestsetup),tousetheIPSecfeature.
Note: Factory default settings
allow you to connect to Sierra
Wireless test equipment.
Theillustrationbelowshowstheuserbeingconnectedtothe
SierraWirelesstestenvironmentsetup.Theuserlaptop
connectedtoanAirLinkmodem,communicateswiththeweb
serverovertheinternetandthroughtheSierraWirelessVPN
Gateway(CiscoandNetgear).
Figure 2-1: User set up
Oncethetunnelisestablishedandyouareconnectedtothe
webserver,thewebbrowserdisplaysconnectivitytothe
SierraWirelessIPSectestserver.
Figure 2-2: Connection to the web browser
IPsec User Guide
7 2120028
Set-Up
IPSechasawidevarietyofuserconfigurationoptions.When
IPSecisenabled,itmustbedoneforthepurposeofcreatinga
VPNtunnelwithacorporateVPNbox.InorderfortheSierra
WirelessAirLinkmodemtocommunicatewiththeVPNbox,
themodemmustbeconfiguredtosupport
atleastoneofthe
securitypoliciesoftheVPNbox.Hence,theVPNboxsecurity
configurationmustbeavailableasareferencebeforeconfig
uringtheAirLinkmodemforIPSec.
Theinstallationstepsareasfollows:
1. ForStaticIP:Usingyourmodem’sstaticIP,configureyour
CiscoVPNtoallowatunneltobeestablishedwithyour
modem’sIPaddress.
2. ForDynamicIP:ConfigureyourCiscoVPNtoallowa
tunneltobeestablisheddynamicallywithyourmodem’s
currentIPaddress
3. ConnectyourPCtothemodem,andlaunchAceManager.
NavigatetotheIPSecconfigurationscreen.Selectthe
parametersthatcorrespondtoyourCiscoconfiguration,
andpresstheWritebuttononthetop.CloseAceManager.
4. Openabrowserorotherapplicationandattemptto
communicatewithyourenterprisenetwork.
Modem Configuration Requirements
Themodemshouldbeprovisionedandcapableofpassing
trafficoverthecarriernetwork.Ifthemodemisnotprovi
sioned,youwillneedtoactivateitinordertoconfigurethe
accountparameters.TheQuickStartGuideforyourmodem
willleadyouthroughthestepstoactivateorconfigureyour
modem.YoucanaccesstheQuickStartGuidesonthesupport
pageforyourmodem.For1xorEV
DOmodems,youwillalso
needaSetupWizard,whichisavailableonthesupportpageas
well.
ThemodemcanhaveastaticordynamicIPaddress,which
canbeobtainedfromAceManager.The IPaddressislistedas
thefirstdisplayedentryontheStatuspage.
Themodemfirmwareversionshouldbe3.3orhigher.Ifthe
modemfirmwareis3.2orlower,youwillneedtoupgradethe
modemfirmware.PleasecontactyourSierraWirelesssales
engineerfortheappropriatefirmwareupdateutility.
IPsec User Guide
8 2120028
Installation
PleaseuninstallanypreviousversionsofAceManagerthathad
beeninstalledonyourPC,priortoinstallingthelatestversion
ofAceManager.
AceManagerisavailableforfreefromSierraWirelessAirLink
andcanbedownloadedfromhttp://www.sierrawireless.com/
support/AirLink/Wireless_Ace.aspx.
OncethisnewversionofAceManagerandthenewfirmwareis
installedonyourPC,pleaseperformafactorydefaultresetof
themodemusingaATcommand:
AT*RESETCFG
Thiscommandwillresetthemodemwithfactorydefaultsand
oncethemodemcomesbackup,pleaseconnectthemodem
withAceManager.
Configuration Settings
OncetheAceManagerapplicationisinstalled,youcanrunit
fromyourStartmenuorfromtheicononthedesktop.
1. Start AceManager
Start > All Programs >AirLink Communications > AceManager
IPsec User Guide
9 2120028
Figure 2-3: IPSec Pane in AceManager
2. Click on IPSec
Thedesiredgrouptabwillshowrespectiveparametersand
detailsontherightsideofthepane.ClickingonIPSecwill
displaylistofparameterswithdefaultvaluesanduserconfig
urableinputfields(New Value).
Table 2-1: Configuration Parameters in AceManager
Name Default Value Description
IPSec Interface 0 Select 1-Modem-OTA.
Choose “0” fir disabling IPSec.
Choose “1” for enabling IPSec.
Choose “4” when you use
ethernet for testing IPSec.
IPSec Status Disconnected Shows the status of IPSec.
IPsec User Guide
10 2120028
IPSec Gateway 64.163.70.30 Fill in the IPSec of the VPN
concentrator.
Pre-shared Key 1 SierraWireless 8 to 31 case sensitive ASCII
characters
Negotiation Mode 1 The choices in drop down options
are main or aggressive.
IKE Encryption Algorithm 7 You can choose other options
like, Blowfish, 3 DES, Cast 128
and AES.
3DES or AES can be used for
stronger encryption.
IKE Authentication Algorithm 2 Three different authentication
algorithms are among the drop-
down choices.
1-MD5 is for minimal security and
2-SH-1 is higher security. 5-SHA-
256 is also an option.
IKE Key Group 2 Different Key Groups are, 1-DH1,
2-DH2 and 3-DH3.
IKE SA Life Time 7200 (seconds) Enter the lifetime of VPN of how
long it is valid. “0” reflects no
expiry.
Local Address Type 1 Choose from drop-down menu.
“1” indicates Modem Public
IP. It is the IP of the device
behind the modem, when the
modem is in public mode.
“2” indicates Host Private
Subnet of the device behind
the modem on the same
subnet, when the modem is
in private mode.
“5” indicates Single Address.
“17” indicates Subnet
Address.
Local Address 0.0.0.0 Local Address of the device
connected to the modem.
Local Address - end or mask 0.0.0.0 Subnet address with the Subnet
Mask
Remote Address Type 17 Network behind the Concentrator.
Table 2-1: Configuration Parameters in AceManager
Name Default Value Description
IPsec User Guide
11 2120028
Remote Address 10.11.12.0 Address of the remote device.
Choose from two options: 5-
Single Address and 17-Subnet
Address.
Remote Address - end or mask 255.255.255.0 Subnet address with the Subnet
Mask.
IPSec Encryption Algorithm 3 You can choose other options
like, Blowfish, 3 DES, Cast 128
and AES. The option “0” indicates
that IPSec encryption may not be
used.
3DES or AES can be used for
stronger encryption.
IPSec Authentication Algorithm 2 Three different authentication
algorithms are among the drop-
down choices.
1-MD5 is for minimal security and
2-SH-1 is higher security. 5-SHA-
256 is also an option. “0” is also
an option for not applying IPSec
aunthentication algorithm.
IPSec Key Group 2 Different Key Groups are, 1-DH1,
2-DH2 and 5-DH5.
DH5 denotes highest security
IPSec SA Life Time 7200 (seconds) This indicates how often the
modem renegotiates the IKE SA.
While the renegotiation happens
the VPN tunnel gets
disconnected temporarily.
Incoming Out of Band 0 Enable (1) or Disable (0) access
to modem remotely from
machines that are not part of the
IPSec network.
Outgoing Aleos Out of Band 1 Enable (1) or Disable (0) sending
of ALEOS traffic over the IPSec
tunnel to a remote location.
This option allows ALEOS
generated data (E.g. RAP) to be
sent outside the IPSec tunnel.
Outgoing Host Out of Band 0 Enable (1) or Disable (0) access
to resources outside the IPSec
network. (e.g. Enable access to
sites like www.google.com over
non IPSec channel).
Table 2-1: Configuration Parameters in AceManager
Name Default Value Description
IPsec User Guide
12 2120028
Toconfirmasuccessfulconnection,thefollowingtestscanbe
run:
ConnectaPCtothemodemandattempttopingtheIP
address
10.11.12.13.Thetunnelmighttakesometimeto
beestablished.Howeveroncethetunnelisestablishedyou
willreceiveresponsestoyourping.
Oncetheabilitytopingtheprivateaddresshasbeenestab
lished,pleasetryopeningabrowserandpointingitto
http://10.11.12.13.
Oncethesetwotestspass,abaselinefortheIPSecconfigu
rationinthemodemhasbeenestablished.
YoucannowbegintomaketheIPSecconfigurationchangesto
getthemodemconnectingtoyourownIPSecgateway.
Differentscenariousecasesandtheirconfigurationstepsin
AceManager,toestablishtheIPSectunnel,areaddressedin
thefollowingsections.
HTTP Server
APCconnectedtoaSierraWirelessAirLinkModemusesweb
browsertoviewanHTTPserverbehindtheIPsecGateway.
TheConfigurationstepsare:
1. InAceManager,clickontheIPSectab.Pleasereferto
Figure23.
2. ConfiguretheIPSec Interface parameteras1”,toenable
IPSec.OnceIPSecisenabled,thefactorydefaultsettings
shouldberestored.
Table21listsalltheIPSecparameter
defaultvalues.TherequiredfieldsforIPSectobeestab
lishedare:
a. IPSec Gateway
b. Pre-shared Key 1
c. IKE Encryption Algorithm
d. IKE Authorization Algorithm
e. IKE Key Group
f. IKE SA Life Time
g. Remote Address
h. IPSec Encryption Algorithm
i. IPSec Authentication Algorithm
j. IPSec Key Group
k. IPSec SA Life Time
l. Incoming Out of Band:Ifyouwantmobiletermination
IPsec User Guide
13 2120028
m. Outgoing Host Out of Band:Toaccessinternetby
bypassingtheIPSectunnel,youcansetthisparameter
as
1”.
Note: In Chapter 1, Remote Access Scenarios section includes the
Google web server scenario, where the outgoing Host Out of Band
can be set to 1 to access internet outside the IPSec tunnel.
3. ClickonWrite,inthetopbar.
4. ClickonReset,toresetthemodem.
5. IPSecstatusdisplaysasConnected”.
Oncethetunnelcomesup,pingthewebbrowser.Theweb
browsershouldbeabletoreachtheserver.Anexampleofa
webbrowserscreenshot,afterthetunnelestablishes,is
provided.
Figure 2-4: Web Browser
Application Server
ASierraWirelessAirLinkModemsendsAVLApplication
ServerdatathroughthetunnelfortheReportServerthatis
behindtheIPsecGateway.
TheConfigurationstepsare:
1. InAceManager,clickonthePinPointtabandensurevalues
thatcorrespondto
Figure25.
IPsec User Guide
14 2120028
Figure 2-5: PinPoint Configuration
2. Providethe Server IP Addressontherighthandsidepane.
3. EntertheReport Interval time.
4. Configurethe IPSec Interface parameteras1”,toenable
IPSec.OnceIPSecisenabled,thefactorydefaultsettings
shouldberestored.
Table21listsalltheIPSecparameter
defaultvalues.TherequiredfieldsforIPSectobeestab
lishedare:
a. IPSec Gateway
b. Pre-shared Key 1
c. IKE Encryption Algorithm
d. IKE Authorization Algorithm
e. IKE Key Group
f. IKE SA Life Time
g. Remote Address
h. IPSec Encryption Algorithm
i. IPSec Authentication Algorithm
j. IPSec Key Group
k. IPSec SA Life Time
l. Incoming Out of Band:Ifyouwantmobiletermination
m. Outgoing Host Out of Band:Toaccessinternetoutsidethe
tunnel,fromthemodem.
5. ClickonWrite.
6. ClickonReset,toresetthemodem.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32

Sierra Wireless IPSec User manual

Type
User manual

Sierra Wireless IPSec is a powerful tool that can help you to protect your data and communications. With its advanced security features, IPSec can help you to keep your data confidential, prevent unauthorized access, and ensure that your communications are authentic and reliable.

Here are some of the key features and benefits of Sierra Wireless IPSec:

  • Data confidentiality: IPSec encrypts your data so that it cannot be read by unauthorized users. This is essential for protecting sensitive data, such as financial information, medical records, and trade secrets.
  • Access control: IPSec allows you to control who can access your network and data. This is important for preventing unauthorized users from gaining access to your systems and data.

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI