1. Home
    2. /
  2. Manuals
    3. /
  3. Peplink
    4. /
  4. Balance_One
    5. /
  5. 21
Page 101 / 234 Scroll up to view Page 96 - 100
USER MANUAL
Peplink Balance Series
-101 / 234 -
Copyright © 2014 Peplink
14
IPsec VPN
Peplink Balance IPsec VPN functionality securely connects one or more branch offices to your company's
main headquarters or to other branches. Data, voice, and video communications between these locations
are kept safe and confidential across the public Internet.
IPsec VPN on the Peplink Balance is specially designed for multi-WAN environments. For instance, if a
user sets up multiple IPsec profiles for his multi-WAN environment and WAN1 is connected and healthy,
IPsec traffic will go through this link. However, should unforeseen problems (e.g.,unplugged cables or ISP
problems) cause WAN1 to go down, our IPsec implementation will make use of WAN2 and WAN3 for
failover.
14.1
IPsec VPN Settings
All Peplink products can make multiple IPsec VPN connections with Peplink routers, as well as Cisco and
Juniper routers.
Note that all LAN subnets and the subnets behind them must be unique. Otherwise, VPN members will
not be able to access each other.
All data can be routed over the VPN with a selection of encryption standards, such as 3DES, AES-128,
and AES-256.
To configure, navigate to
Network>IPsec VPN
.
A
NAT-Traversal
option and list of defined
IPsec VPN
profiles will be shown.
NAT-Traversal
should be enabled if your system is behind a NAT router.
Click the
New Connection
button to create new IPsec VPN profiles that make VPN connections to
remote Peplink Balance, Cisco, or Juniper Routers via available WAN connections. To edit any of the
profiles, click on its associated connection name in the leftmost column.
Page 102 / 234
USER MANUAL
Peplink Balance Series
-102 / 234 -
Copyright © 2014 Peplink
IPsec VPN Settings
Name
This field is for specifying a local name to represent this connection profile.
Active
When this box is checked, this IPsec VPN connection profile will be enabled. Otherwise, it
will be disabled.
Remote
Gateway IP
Address
Enter the remote peer’s public
IP address. For
Aggressive Mode
, this is optional.
Local Networks
Enter the local LAN subnets here. If you have defined static routes, they will be shown here.
Remote
Networks
Enter the LAN and subnets that are located at the remote site here.
Page 103 / 234
USER MANUAL
Peplink Balance Series
-103 / 234 -
Copyright © 2014 Peplink
Authentication
To access your VPN, clients will need to authenticate by your choice of methods. Choose
between the Preshared Key and X.509 methods of authentication.
Mode
Choose
Main Mode
if both IPsec peers use static IP addresses.
Choose
Aggressive Mode
if one of the IPsec peers uses dynamic IP addresses.
Force UDP
Encapsulation
For forced UDP encapsulation regardless of NAT-traversal, tick this checkbox.
Pre-shared Key
This defines the peer authentication pre-shared key used to authenticate this VPN
connection. The connection will be up only if the pre-shared keys on each side match.
Local ID
In
Main Mode
, this field can be left blank.
In
Aggressive Mode
, if
Remote Gateway IP Address
is filled on this end and the peer
end, this field can be left blank. Otherwise, this field is typically a U-FQDN.
Remote ID
In
Main Mode
, this field can be left blank.
In
Aggressive Mode
, if
Remote Gateway IP Address
is filled on this end and the peer
end, this field can be left blank. Otherwise, this field is typically a U-FQDN.
Phase 1 (IKE)
Proposal
In
Main Mode
, this allows setting up to six encryption standards, in descending order of
priority, to be used in initial connection key negotiations.
In
Aggressive Mode
, only one selection is permitted.
Phase 1 DH
Group
This is the Diffie-Hellman group used within IKE. This allows two parties to establish a
shared secret over an insecure communications channel. The larger the group number, the
higher the security.
Group 2 -
1024-bit
is the default value.
Group 5 -
1536-bit
is the alternative option.
Phase 1 SA
Lifetime
This setting specifies the lifetime limit of this Phase 1 Security Association. By default, it is
set at 3600 seconds.
Phase 2 (ESP)
Proposal
In
Main Mode
, this allows setting up to six encryption standards, in descending order of
priority, to be used for the IP data that is being transferred.
In
Aggressive Mode
, only one selection is permitted.
Phase 2 PFS
Group
Perfect forward secrecy (PFS) ensures that if a key was compromised, the attacker will be
able to access only the data protected by that key.
None
- Do not request for PFS when initiating connection. However, since there is no valid
reason to refuse PFS, the system will allow the connection to use PFS if requested by the
remote peer. This is the default value.
Group 2
- 1024-bit Diffie-Hellman group. The larger the group number, the higher the
security.
Group 5
-
1536-bit
is the third option.
Phase 2 SA
Lifetime
This setting specifies the lifetime limit of this Phase 2 Security Association. By default, it is
set at 28800 seconds.
Page 104 / 234
USER MANUAL
Peplink Balance Series
-104 / 234 -
Copyright © 2014 Peplink
Send All Traffic To
This feature enables you to prioritize the WAN connections used by this VPN profile.
14.2
IPsec Status
IPsec Status shows the current connection status of each connection profile and is displayed at
Status>IPsec VPN.
Page 105 / 234
USER MANUAL
Peplink Balance Series
-105 / 234 -
Copyright © 2014 Peplink
15
Outbound Policy Management
The Peplink Balance can flexibly manage and load balance outbound traffic among WAN connections.
Important Note
Outbound policy is applied only when more than one WAN connection is active.
The settings for managing and load balancing outbound traffic are located at
Network>Outbound Policy
.
Outbound policies for managing and load balancing outbound traffic are located at
Network>Outbound Policy>click on
.

Rate

3.5 / 5 based on 2 votes.

Popular Peplink Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top