Enhancing Broadband
  All Products Modems Routers Business Wireless Forum News Contact Us  

 
All Products
Modems
Routers
Business
     ST 608
    ST 610
Wireless

Forum
News Press
Contact Us

Setting up IPSEC on the SpeedTouch 610

Before setting up a IPSEC tunnel between two SpeedTouch 610s or a Speedtouch 610 and another client you must know the public IP address at both locations and have a common secret/password and agree on an encapsulation mode.

These instructions are for the software release (release 4.2) and is based around having a local network IP address range of 192.168.1.x and remote network IP address range of 10.0.0.x.

Instructions:

Activate IPSEC

Ensure that the software key has been installed and enabled on the router.
Go to System Config – Add-On to verify this is correct



Set Connection Sharing 

Ensure that the PPPoA connection has connection sharing set for everybody.
If not Hang-up, make the change, click Apply, and Dial-in again.

 

Create Firewall rules 

Create the new firewall rules needed for IPSEC.
Copy these lines into an open telnet session. 

:firewall chain create chain=allow_ipsec_sink
:firewall chain create chain=allow_ipsec_source 

:firewall rule create chain=allow_ipsec_sink index=0 prot=udp dstport=ike action=accept
:firewall rule create chain=allow_ipsec_sink index=1 prot=ah action=accept
:firewall rule create chain=allow_ipsec_sink index=2 prot=esp action=accept
:firewall rule create chain=allow_ipsec_sink index=3 srcintfgrp=wan prot=tcp ack=yes action=accept

:firewall rule create chain=allow_ipsec_source index=0 prot=udp dstport=ike action=accept
:firewall rule create chain=allow_ipsec_source index=1 prot=tcp action=accept

:firewall rule create chain=sink index=0 clink=allow_ipsec_sink action=link
:firewall rule create chain=source index=0 clink=allow_ipsec_source action=link

All of these commands can also be performed on the web interface CLI, but will have to entered manually.

Setup Peers and Connections 

Go to IP Router – IPSEC Policy. 

Create a Peer. The following are needed to create a peer –

  • Peer name
  • The peer’s public IP address
  • Secret (must be same on both routers)

Create the connection to the peer. The following are needed to create the connection –

  • Connection Name
  • Peer connecting to
  • Local range
  • Remote range

 

Start Connection

Click on the appropriate connection and click on the start button.

The connection should now be active.

Confirm by either: 

1. Opening a telnet session a typing 

:ipsec salist 

This displays the Secure Associations List. The result should look something like this –  

 

2. Going into the web based CLI. 

Go into the ipsec folder and click salist 

This displays the Secure Associations List. The result should look something like this –  

 

If either phase of the ipsec salist are blank, the connection was not successful.

 

Copyright of Connectplay Ltd.