Filter
Top Products
101
Configure Digi devices
IP address requirements for VPN tunnels
To establish an IPSec VPN tunnel, the IP address of the mobile interface must be publicly
accessible. The IP address can be either static or dynamic depending upon the
requirements of your VPN end point. The IP address, however, cannot be within a private
range of addresses (for example, 10.0.0.0, 172.16.0.0 or 192.168.0.0). If the mobile IP
address is within one of the private IP address ranges, the mobile carrier is using a NAT
(Network Address Translation) server between your mobile IP address and the internet.
The Digi Connect WAN VPN does not currently support NAT-Traversal.
GSM GPRS/EDGE APN type needed
If the VPN end points require static (persistent) IP addresses, you may need a custom
access point name (APN). An Internet APN can work in these cases:
The main site (HQ) VPN appliance can support Dynamic DNS names.
Another form of authentication is used (for example, FQDN).
Be aware that these APNs are based on Cingular Blue; other carrier APNs may have
similar requirements.
CDMA carrier requirements
The CDMA (Code-Division Multiple Access) carrier requirements are similar to GSM in
that static IP addresses may be required depending on the host site concentrator VPN
implementation. In both cases, the Digi device’s mobile IP address will likely need to
support mobile terminated data; that is, the ability to accept incoming data connections.
HQ router / VPN appliance configuration
For supported protocols, see the IPsec specifications your Digi device. Security policies
on the HQ VPN device must match those on the Digi device. The HQ VPN appliance’s
peer address is the Digi device’s mobile IP address.