User manual

ManualsBrandsDigi ManualsSoftwareNetwork Router 90000566_H

221

222

223

224

225

226

227

228

229

230

set vpn

228 Chapter 2 Command Descriptions

set vpn

Devices

supported

This command is supported in Digi Cellular Family products only, except

Digi Connect WAN.

Purpose Configures Virtual Private Network (VPN) settings. Virtual Private Networks

(VPN) are used to securely connect two private networks together so that

devices may connect from one network to the other network using secure

channels. VPN uses IP Security (IPSec) technology to protect the

transferring of data over the Internet Protocol (IP).

The Digi Cellular Family device is responsible for handling the routing

between networks. Devices within the private network of the Digi Cellular

Family device can connect directly to devices on the other private network

to which the VPN tunnel is established to. The VPN tunnels are configured

using various security settings and methods to ensure the networks are

secured.

Connect WAN products support up to two VPN tunnels. ConnectPort WAN

products support up to five VPN tunnels.

It is generally easier to configure VPN tunnel settings through the Web user

interface. VPN settings are configured on the

Network > Virtual Private Network (VPN) configuration pages named

VPN Settings and VPN Tunnel Settings.

There are several uses of the “set vpn” command:

• Configure global VPN options, including:

• The connection mode method used to negotiate Internet Key

Exchange (IKE) Phase One using Internet Security Association and

Key Management Protocol (ISAKMP).

• How the VPN client is identified to the remote VPN endpoint.

• The Diffie-Hellman group used within IKE to establish the session

keys used to create a secure channel. The method and security fac-

tor used to control the key exchange is specified by the Diffie-Hell-

man group.

• Use of Perfect Forward Secrecy (PFS).

• Use of antireplay.

• Configure and modify VPN tunnel options: VPN Tunnels define the

actual tunnels that exist between two private networks. The tunnels

specify the information required to establish the secure channel, the

routing between the networks, and the security policies used to encrypt

and authorize the data. A maximum of two tunnels may be created.

Configuring a VPN tunnel requires the remote VPN endpoint and the

method by which to establish the VPN tunnel. These settings are

typically specified by the remote VPN server and should correspond

accordingly. Both manually keyed and ISAKMP tunnels can be

configured.