Need a quote? A specific configuration, a project? Contact us on 02 51 99 13 03 .
Tutoriel

IPSEC VPN thanks to MILESIGHT 4G routers

VPN IPSEC grâce aux routeur 4G MILESIGHT

Equipe Sparwan |

Introduction

Milesight UR32 / UR35 / UR75 routers support both IPsec server and IPsec client mode. This allows you to secure data transmitted over the Internet or any public network. This tutorial describes how to establish an IPsec VPN between Milesight routers.

 

Prerequisites

 

You only need (at least) two Milesight UR32 / UR35 / UR75 routers

 

Router Configuration

 

In this example configuration, one Milesight router is used as an IPsec server and the other Milesight router is used as an IPsec client.

Make sure the server's router has a public IP address and that both routers are configured with different subnets.

Below is a typology graph:

Configure IPsec server

 

Configure IPsec server on Router A at Network -> VPN -> IPsec Server.

Local Subnet/Subnet Mask : Subnet/subnet mask of the server router.

 

Remote Subnet/Subnet Mask : Subnet/subnet mask of the client router.

 

ID Type : For authentication. There are 4 types:

 

Default, ID, FQDN, User FQDN.

 

  • Default: None.
  • ID: Use IP address as ID.
  • FQDN (Fully Qualified Domain Name): Use the FQDN as ID. For example: test.user.com (hostname or domain name format).
  • User's FQDN: Use the user's FQDN as ID. ex: test@user.com (email address format).

In IKE settings, local authentication supports PSK and CA. When using PSK, you need to add the PSK list as a secret for the IPsec client.

Open UDP ports 500 and 4500

 

Please note that the IPSEC server must be accessible via UDP ports 500 and 4500. You must remember to open these ports on your network and in your firewall.

 

Configure IPSEC Client

 

Based on the IPsec server settings, configure the IPsec client on Router B via

 

network -> VPN -> IPsec .

 

IPsec Gateway Address : The public IP address of the server router. In this example, it is the WAN IP address of Router A.

 

IPsec mode/IPsec protocol : Same as server settings.

 

Local Subnet/Subnet Mask : Subnet/subnet mask of the customer router.

 

Remote Subnet/Subnet Mask : Subnet/subnet mask of the server router.

 

Local ID Type : The type of remote ID defined in the server.

 

Remote ID Type : The local ID type defined in the server.

Check IPSEC VPN connection

Once the IPsec VPN is established, you can see the connection status on Status -> VPN

Router A (Server):

Router B (Client):

Go to Maintenance -> Tools -> Ping to ping the remote subnet and PC IP. Successful ping means successful data transmission over VPN.

Router A:

Router B:

Note: With firewall enabled on PC, pinging PC IP would fail. So you can disable it for now for testing purposes.

Back to top