1. Home
    2. /
  2. Manuals
    3. /
  3. Cradlepoint
    4. /
  4. MBR1200
    5. /
  5. 20
Page 96 / 132 Scroll up to view Page 91 - 95
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 94
7.5.2
IPSEC Advanced Section
This section includes advanced features to affect how IKE will behave. You can manually
configure your IPSec policies rather than using those in the main section of this page.
Some of these features can be used if you are having difficulties with IKE, using the
CradlePoint IPSec VPN feature alongside a Linksys router, or working with legacy
hardware. However, this section is meant for advanced users and should only be
changed if you know what you are doing or a system administrator directs you to change
something.
Aggressive Mode.
Enables Aggressive Mode phase 1 negotiation in IKE. The IKE
protocol has 2 modes of negotiating phase 1 - Identity Protection (main mode) and
Aggressive. In Identity Protection mode, IKE separates the key information from the
identities allowing for the identities of peers to be secure at the expense of extra packet
exchanges. In Aggressive Mode, IKE tries to combine as much information into fewer
packets while maintaining security. Un-checking this option tells IKE to use Identity
Protection mode instead of Aggressive. Disabling Aggressive mode may be required for
using IPSec alongside certain Linksys routers.
ESP Only.
Enables
ESP Only
mode for IPSec. IPSec utilizes two protocols to secure
communication through an IPSec tunnel: ESP and AH. Both protocols can be used
together or separately.
If you are using any legacy hardware, which may expect AH, disable this feature.
Enabling this option tells IPSec to only use the ESP protocol when securing the data.
Only using ESP reduces the packet overhead but does not reduce security.
Perfect Forward Security (PFS).
Enabling this feature will require IKE to generate a new
set of keys in Phase 2 rather than using the same key generated in Phase 1. Additionally, the new keys generated in Phase 2 (with this option
enabled) are exchanged in an encrypted session. Enabling this feature affords the policy greater security.
Dead Peer Detection.
Defines how the router will detect when one end of the IPSec session loses connection while a policy is in use.
Connection Idle Time
allows you to configure how long the router will allow an IPSec session to be idle before beginning to send Dead Peer
Detection (DPD) packets to the peer machine. You can adjust the
delay between these DPD packets
to send as quickly as every 2 seconds up
to 30 seconds apart. Additionally, you can specify the
Max number of DPD requests
to send at the time interval mentioned above.
(continued)
Page 97 / 132
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 95
Manual (No automatic key exchange).
Select this to enable
Manual Key Exchange
. This feature is useful if you experience difficulties with IKE
or simply prefer not to use the form above for creating an IPSec policy. In those cases where you opt to use manual configuration instead, be sure
you first generate both the local and remote values on one router then communicate the remote values as the remote network‟s
local values and
vice versa, so that the data here is exactly swapped in the rem
ote router‟s IPSec settings. To populate the key fields simply select the
Generate
key to the right for AH, ESP, or Both
Authentication Header (AH) / Encapsulation Security Payload (ESP) Mode.
Allows you to pick the mode AH/ESP should operate in for this
policy
Transport or Tunnel. See VPN Tunnel description above for details.
AH/ESP SPI.
These are hexadecimal numbers used to uniquely identify different IPsec tunnels between peers at the protocol level.
AH/ESP HMAC.
These are the keys used by the AH/ESP protocol to authenticate the IP header protocol and the message payload.
ESP Keys.
These are the keys used to encrypt and decrypt the messages being passed between peers.
When you are done editing the settings, you must click the
Save Settings
button at the top of the page to make the changes effective and
permanent.
7.5.3
IPSEC Policy List
This section shows the currently defined IPsec Policies. An
entry can be changed by clicking the
Edit
icon or can be
deleted by clicking the
Delete
icon. When you click the
Edit
icon, the
Edit IPsec Policy
section is activated for editing.
When you are done editing the settings, you must click the
Save Settings
button at the top of the page to make the changes effective and
permanent.
Page 98 / 132
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 96
7.6 Managed Services
Use the Managed Services sub-menus to securely control your
routers from anywhere on the Internet. You can manage their
configuration, change their f/w, monitor their status and view their
stored logs from any Internet-connected web browser. When this
feature is enabled the router will automatically attempt to contact the
management server whenever its WAN link comes up. All session
management is done over the WAN link using an SSL-secured
connection.
In order for the router to establish a session it must be registered
with the server. Contact CradlePoint for details on how to create an
account.
Enable Managed Services.
Tell the router to attempt to establish a
management session over the active WAN link.
Ethernet Only.
A management session can involve non-trivial
amounts of data transfer, especially for f/w upgrades. Since many modem plans impose data limits you may want to disable managed services
when the modem is the primary WAN interface. By checking this box you ensure that the router will only establish a management session when
Ethernet is the primary WAN link.
Session Retry.
If a router is not yet registered with the server it will periodically retry to establish a session. This setting controls how long it will
wait between retry attempts.
Registration URL.
If you have contacted Cradlepoint about registering your router, you may have received an email with a URL link. Paste that
link here, and the next time your router fails to start a session it will register via this link.
When you are done editing the settings, you must click the
Save Settings
button at the top of the page to make the changes effective and
permanent.
Page 99 / 132
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 97
7.7 Schedules
Use the Schedules sub-menu to create schedules employed to enforce rules. For
example, if you want to restrict web access to Mon-Fri from 3 PM to 8 PM you
could create a schedule selecting Mon, Tue, Wed, Thu, and Fri and enter a Start
Time of 3 PM and End Time of 8 PM.
The schedules your create in this submenu are used in the other submenus that
allow you to apply a time-based schedule, including
Virtual Server
Special Applications
Gaming
Parental Controls
7.7.1
Add Schedule Rule
Name.
Name the schedule, such as
Weekday
rule.
Day(s).
Place a check mark in the
All Week
radio button to select all seven days
of the week or place a check mark in the
Select Day(s)
radio button, then put a
check mark in the boxes next to the days of the week that you want your schedule
to be in effect.
All Day.
Select this option if you want your schedule in effect all 24 hours for the selected day(s).
Start Time.
If you don‟t use the
All Day
option, then enter the
Start Time
, which consists of two fields. Enter the hour of the Start Time in the first
field and enter the minute of the Start Time in the second field. Email events only require a Start Time (an End Time is not required for email
events).
End Time.
Enter the
End Time
, which like the
Start Time
function, which consists of two fields. Enter the hour of the
End Time
in the first field
and enter the minute of the
End Time
in the second field. Entering an
End Time
is required for most rules (but not for email events).
Save/Update.
Record the changes you have made.
Clear.
Re-initialize this area of the screen, discarding any changes you have made.
(continued)
Page 100 / 132
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 98
7.7.2
Schedule Rules List.
This list displays all of the currently defined schedules. An entry can
be changed by clicking the
Edit
icon or can be deleted by clicking
the
Delete
icon. When you click the
Edit
icon, the item populates
the
Edit Schedule Rule
and is activated for editing.
Update.
Record the changes you have made.
The router must reboot before new settings will take effect. You will
be prompted to
Reboot the Device
or
Continue
. If you need to
make additional settings changes, click
Continue
. If you are
finished with all configuration settings, click the
Reboot the Device
button.

Rate

3.5 / 5 based on 2 votes.

Popular Cradlepoint Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top