User manual

101

Configure Digi devices

IP address requirements for VPN tunnels

To establish an IPSec VPN tunnel, the IP address of the mobile interface must be publicly

accessible. The IP address can be either static or dynamic depending upon the

requirements of your VPN end point. The IP address, however, cannot be within a private

range of addresses (for example, 10.0.0.0, 172.16.0.0 or 192.168.0.0). If the mobile IP

address is within one of the private IP address ranges, the mobile carrier is using a NAT

(Network Address Translation) server between your mobile IP address and the internet.

The Digi Connect WAN VPN does not currently support NAT-Traversal.

GSM GPRS/EDGE APN type needed

If the VPN end points require static (persistent) IP addresses, you may need a custom

access point name (APN). An Internet APN can work in these cases:

 The main site (HQ) VPN appliance can support Dynamic DNS names.

 Another form of authentication is used (for example, FQDN).

Be aware that these APNs are based on Cingular Blue; other carrier APNs may have

similar requirements.

CDMA carrier requirements

The CDMA (Code-Division Multiple Access) carrier requirements are similar to GSM in

that static IP addresses may be required depending on the host site concentrator VPN

implementation. In both cases, the Digi device’s mobile IP address will likely need to

support mobile terminated data; that is, the ability to accept incoming data connections.

HQ router / VPN appliance configuration

For supported protocols, see the IPsec specifications your Digi device. Security policies

on the HQ VPN device must match those on the Digi device. The HQ VPN appliance’s

peer address is the Digi device’s mobile IP address.