User Manual
Table Of Contents
- Table of Contents
- Introduction and Scope
- Glossary
- Product Features
- Pepwave MAX Mobile Router Overview
- Installation
- Connecting to Web Admin Interface
- Configuration of LAN Interface(s)
- Configuration of WAN Interface(s)
- Wi-Fi Settings
- Site-to-Site VPN
- Management of Outbound Traffic to WAN
- Port Forwarding
- NAT Mappings
- QoS
- Firewall
- Miscellaneous Settings
- System Settings
- Status
- Restoration of Factory Defaults
- Declaration
http://www.pepwave.com 44 Copyright @ 2011 Pepwave
Pepwave MAX supports making two Site-to-Site VPN connections with a remote Pepwave MAX unit or a
Peplink Balance 210/310/380/390/580/710/1350.
The local LAN subnet and subnets behind the LAN (defined under Static Route in the LAN settings page)
will be advertised to the VPN. All VPN members (branch offices and headquarters) will be able to route
to the local subnets.
Note that all LAN subnet and subnets behind it have to be unique. Otherwise, VPN members will not be
able to access each other.
All data can be routed over the VPN with 256-bit AES encryption standard.
To configure, navigate to Advanced > Site-to-Site VPN, click the Add VPN Connection button to create
a new VPN profile.
VPN Settings
Active
Check this box to enable the VPN.
Encryption
By default, VPN traffic is encrypted with 256-bit AES standard. If the option Off is
selected on both sides of a VPN connection, no encryption will be applied.
Peer Serial
Number
Pepwave MAX only establishes VPN connection with a remote peer that has a
serial number specified here. If the remote peer is in high availability setup, you
can check the box Remote client is set up in high availability mode, and enter the
second unit's serial number into the second text box.
Pre-shared Key
This is an optional field which defines the pre-shared key used for this particular
VPN connection. The VPN connection's session key will be further protected by
the factor of the pre-shared key. The connection will be up only if the pre-shared
keys on each side match.
When the remote peer is running firmware 5.0 or 5.1, this setting will be ignored.