IPSec VPN Configuration between a Cyberoam CR35iNG router and a UTT Business Router (Public IP to Public IP)

IPSec VPN Configuration between a Cyberoam CR35iNG router and a UTT Business Router (Public IP to Public IP)

Purpose

The head office and the branch office need to connect with IPSec VPN. The head office has a Cyberoam CR35iNG router, and the branch office has a UTT Business Router (for example, a UTT AC750W) This document describes how to configure the IPSec VPN.

Prerequisites

  1. A UTT Business Router (hereinafter referred to as “the Router”), such as UTT router N518W, AC750W, AC750GW, and etc. Firmware Version: 1.7.0 or above.
  2. A Cyberoam CR35iNG router. Firmware Version: 10.6.1 MR-3.
  3. A PC/laptop connects one of the routers, either through its LAN port or wireless network.

Configuration

  1. Log on the Web UI of UTT AC750W. Go to the IPSec page under VPN. Click Add.
Figure 1-1
 
  1. Select Bidirectional in Connection Type.
In the Remote area on the page, enter the remote gateway IP or domain name, which is the WAN IP of the Cyberoam router, x.x.40.54.
Enter the subnet address and subnet mask of the Cyberoam router. For example, 192.168.1.0 and 255.255.255.0.
In the Local area on the page, select WAN1 in Bind to.
Enter the subnet address and subnet mask of the UTT router. For example, 192.168.3.0 and 255.255.255.0.
Set the Pre-shared Key and P2 Encrypt/Auth Algorithms 1 (for example, esp-ase128-md5) in Security Options.
Figure 1-2
 
  1. Click Advanced Options.
In Phase 1, select Main in Exchange Mode. Set 28800 in SA Lifetime. Select 3des-md5-group2 in Encrypt/Auth Algorithms 1. Leave Encrypt/Auth Algorithms 2, Encrypt/Auth Algorithms 3 and Encrypt/Auth Algorithms 4 blank.
In Phase 2, leave Encrypt/Auth Algorithms 2, Encrypt/Auth Algorithms 3 and Encrypt/Auth Algorithms 4 blank. Enter 3600 in SA Lifetime.
Keep other options as default.
Click Save.
 
 
  1. Log on the Web UI of the Cyberoam router. Go to Hosts under OBJECTS. Configure two hosts as follows.
    1. Name: UTT1
IP Family: IPv4
  • : Network
IP Address: 192.168.3.0
  • : 255.255.255.0
    1. Name: Local_LAN_HO_145
IP Family: IPv4
  • : Network
IP Address: 192.168.1.0
  • : 255.255.255.0
Figure 1-4
 
  1. Go to VPN > Policy. Click Add. Specify the Name as UTTVPN. Select Main Mode in Authentication Mode.
In Phase 1, select 3DES in Encryption Algorithm and MD5 in Authentication Algorithm. Check 2 in DH Group. Enter 28800 in Key Life.
In Phase 2, select AES128 in Encryption Algorithm and MD5 in Authentication Algorithm. Enter 3600 in Key Life.
Keep other options as default. Save the configuration.
Figure 1-5
 
  1. Go to VPN > IPSec. Click Add. Specify utt2 as the Name. Select Site to Site in Connection Type and UTTVPN in Policy. Select Initiate or Respond Only in Action on VPN Restart.
Select Preshared Key in Authentication Type and configure the preshared key (which should match that of the UTT end).
Specify the Local and Remote gateway IP address in Endpoint Details.
Add Local_LAN_HO_145 to Local Subnet in Local Network Details.
Select UTT1 in Remote LAN Network under Remote Network Details.
Keep other options as default. Save the configuration.
Figure 1-6
 
  1. Click the red spots under Active and Connection of utt2 to make them turn green. Now the IPSec VPN is successfully connected, which are shown in the below screenshots.
 
Figure 1-7
 
  1. If there’s no traffic passing through the tunnel, even though IPSec Connection is active and connected, please refer to https://kb.cyberoam.com/default.asp?id=2475.