Series 3: What is the procedure for setting up a VPN tunnel on a CradlePoint router?

This article was written based on the 4.3.0 series 3 firmware version.

If you are unsure of which CradlePoint Series or Model number you have, please click here.

Description:

This article provides a thorough explanation of how to setup a VPN tunnel between a MBR1400, CBR400/450, IBR600/650, MBR1200B; and another device.

Directions:

  1. To setup the tunnel, connect to your router, login to the router’s admin pages (http://192.168.0.1 by default), 
  2. Click on INTERNET and then VPN Tunnels from the drop-down menu
  3. Enable VPN Service.
  4. Click Add.
  5. Give the tunnel a Name.  Local Identity: this is not required for connections with Static IP addresses, but you can use it if you’d like to. Make it whatever you want, this is your identity, but it must match the “Remote Identity” on the other end of the tunnels settings. If you are using a Dynamic DNS domain service for your DHCP IP address from your carrier, you will want to add a Local Identity here.  This essentially adds an additional layer of “security” when initializing the secured tunnel. If you use a Local Identity, you must use a Remote Identity on the other end of the tunnel.
  6. Remote Identity: this is not required for connections with Static IP addresses, but you can use it if you’d like to. Make it whatever you want, this is the other end of the tunnel’s identity, but it must match   the “Local Identity” on the other end of the tunnels settings. If you are using a Dynamic DNS domain service for your DHCP IP address from your carrier, you will want to add a Remote Identity here.  This essentially adds an additional layer of “security” when initializing the secured tunnel.  If you use a Remote Identity, you must use a LocalIdentity on the other end of the tunnel.
  7. Pre-shared Key: Any password works here, it just must be the same on both ends of the tunnel!
  8. Ensure the Tunnel Enabled checkbox is checked.
  9. If you are creating a tunnel between your MBR1400 and the MBR1200, check the MBR1200 Quick Connect checkbox. NOTE: this will combine the IKE Phase 1 and IKE Phase 2 Negotiation settings in one window popup – you will see the difference when you get down to adjusting the IKE Phase settings below.
  10. Click Next.
  11. Under Local Network:  Network: this should auto-fill in with your router’s Network IP address.  Subnet Mask: this should also auto-fill in with your router’s Subnet Mask.
  12. Under Remote Network:  Gateway: this is the Static IP address of the network on the other end of the tunnel.  Network: this is the network address of the other end of the tunnel.  Subnet Mask: this should auto-fill in with the same Subnet Mask as the Local Network, but you can change it to match how the network is setup on the other end of the tunnel.
  13. Click Next.
  14. Here you will adjust all preferred IKE Phase 1 algorithms and encryptions for your tunnel.  Exchange Mode can be set to the following (this mode must match on both ends of the tunnel!):  Main – use this if you have a Static IP from your carrier.  Aggressive – use this if you are using a Dynamic DNS domain service.  NOTE: if one end of the tunnel has a Static IP and the other end is using a Dynamic DNS domain service, use the Aggressive Mode on both ends.
  15. Click Next.
  16. Here you will adjust all preferred IKE Phase 2 algorithms and encryptions for your tunnel.
  17. Click Next.
  18. If you want to “ping-check” the other end of the tunnel to ensure it’s still up (the other end of the tunnel’s network is still up), leave thisEnabled, otherwise you can uncheck it if you’d like.
  19. Click Finish. Click Yes to the Configuration Change.

INITIALIZING THE TUNNEL:  After you have saved the rules for the tunnel, you must initialize the tunnel – ping from one end of the tunnel to the other (meaning, ping from a computer on the LAN side of the tunnel to a computer on the LAN side of the other side of the tunnel).  Go to STATUS -> VPN to see your tunnel connection state.

If you would like to see a full sample case setup for two MBR1400’s, please click here.


Category: Cradlepoint Series 3

← FAQs