Users Manual Part 1

ManualsBrandsPepwave ManualsElectronicsPEPWAVE/peplink Wireless Product

100

https://www.peplink.com 99 Copyright @ 2018 Pepwave

Active

When this box is checked, this VPN connection profile will be enabled. Otherwise,

it will be disabled.

Encryption

By default, VPN traffic is encrypted with 256-bit AES. If Off is selected on both

sides of a VPN connection, no encryption will be applied.

Authentication

Select from By Remote ID Only, Preshared Key, or X.509 to specify the method

the Peplink Balance will use to authenticate peers. When selecting By Remote ID

Only, be sure to enter a unique peer ID number in the Remote ID field.

Remote ID /

Pre-shared Key

This optional field becomes available when Remote ID / Pre-shared Key is

selected as the Peplink Balance’s VPN Authentication method, as explained

above. Pre-shared Key defines the pre-shared key used for this particular VPN

connection. The VPN connection's session key will be further protected by the pre-

shared key. The connection will be up only if the pre-shared keys on each side

match. When the peer is running firmware 5.0+, this setting will be ignored.

Enter Remote IDs either by typing out each Remote ID and Pre-shared Key, or by

pasting a CSV. If you wish to paste a CSV, click the icon next to the “Remote

ID / Preshared Key” setting.

Remote

ID/Remote

Certificate

These optional fields become available when X.509 is selected as the Peplink

Balance’s VPN authentication method, as explained above. To authenticate VPN

connections using X.509 certificates, copy and paste certificate details into these

fields. To get more information on a listed X.509 certificate, click the Show Details

link below the field.

Allow Shared

Remote ID

When this option is enabled, the router will allow multiple peers to run using the

same remote ID.

NAT Mode

Check this box to allow the local DHCP server to assign an IP address to the

remote peer. When NAT Mode is enabled, all remote traffic over the VPN will be

tagged with the assigned IP address using network address translation.

Remote IP

Address / Host

Names

(Optional)

If NAT Mode is not enabled, you can enter a remote peer’s WAN IP address or

hostname(s) here. If the remote uses more than one address, enter only one of

them here. Multiple hostnames are allowed and can be separated by a space

character or carriage return. Dynamic-DNS host names are also accepted.

This field is optional. With this field filled, the Peplink Balance will initiate

connection to each of the remote IP addresses until it succeeds in making a

connection. If the field is empty, the Peplink Balance will wait for connection from

the remote peer. Therefore, at least one of the two VPN peers must specify this

value. Otherwise, VPN connections cannot be established.

Cost

Define path cost for this profile.

OSPF will determine the best route through the network using the assigned cost.

Default: 10

Data Port

This field is used to specify a UDP port number for transporting outgoing VPN