Specifications
Local Identity: Specifies the identifier sent to the remote host during phase 1 negotiation. If left blank it will default to the IP address of the WAN connection. Currently we
only support identifiers in the form of an IP address, a user-fully qualified domain name (user@mydomain.com) or just a fully qualified domain name (www.mydomain.com). If
the remote side of the tunnel is configured to expect an identifier, then both must match in order for the negotiation to succeed. If NAT-T is being used, a single word (instead
of an address) can be used if a DynDNS connection is not being used.
Remote Identity: Specifies the identifier we expect to receive from the remote host during phase 1 negotiation. If no identifier is defined then no verification of the remote
peer's identification will be done. Currently we only support identifiers in the form of an IP address, a user-fully qualified domain name (user@mydomain.com) or just a fully
qualified domain name (www.mydomain.com). If left blank we will default to the IP address of the WAN connection. If NAT-T is being used, a single word (instead of an
address) can be used if a DynDNS connection is not being used.
Authentication Mode: Select from Pre-Shared Key and Certificate. Pre-Shared Key is used when there is a single key common to both ends of the VPN.
Certificate requires the creation of a set of certificates and a private key that can be uploaded to the router. Select Enable Certificate Support in the Global VPN
Settings section to upload a single set of certificates for the router to use.
Pre-Shared Key: Create a password or key. The routers on both sides of the tunnel must use this same key.
Mode: Tunnel or Transport. Tunnel Mode is used for protecting traffic between different networks, when traffic must pass through an intermediate, untrusted network.
Transport Mode is used for end-to-end communications (for example, for communications between a client and a server).
Initiation Mode: Always On or On Demand. Always On is used if you want the tunnel to initiate the tunnel connection whenever the WAN becomes available. Select
On Demand if you want the tunnel to initiate a connection if and only if there is data traffic bound for the remote side of the tunnel.
Tunnel Enabled: Enabled or Disabled.
MBR1200 Quick Connect: VPN tunnels in more advanced CradlePoint devices have more choices than they did in the MBR1200, so they are more complex to configure
now. Check this box to simplify setup by streamlining your options to match the old settings from the CradlePoint MBR1200.
Add/Edit Tunnel – Local Gateway
IP Version: Select IPv4 or IPv6.
WAN Binding: WAN Binding is an optional parameter used to configure the VPN tunnel to ONLY operate when the specified WAN device(s) are available and connected. An
example use case is when there is a router with both a primary and failover WAN device and the tunnel should only be used when the system has failed over to the backup
connection.
Make a selection for "When," "Condition," and "Value" to create a WAN Binding. The condition will be in the form of these examples:
When Condition Value
Port is USB Port 1
Type is not WiMAX
When:
Port – Select by the physical port on the router that you are plugging the modem into (e.g., "USB Port 2").
Manufacturer – Select by the modem manufacturer (e.g., "CradlePoint Inc.").
Model – Set your rule according to the specific model of modem.
Type – Select by type of Internet source (Ethernet, LTE, Modem, Wireless as WAN, WiMAX).
Serial Number – Select a 3G or LTE modem by the serial number.
MAC Address – Select a WiMAX modem by MAC Address.
Unique ID – Select by ID. This is generated by the router and displayed when the device is connected to the router.
Condition: Select “is,” “is not,” “starts with,” “contains,” or “ends with” to create your condition’s statement.
Value: If the correct values are available, select from the dropdown list. You may need to manually input the value.
CradlePoint AER 2100 – Manual
07/03/2014
123