text.skipToContent text.skipToNavigation

Creating an IPSec tunnel Client to Gateway on a Linksys Gigabit VPN router

What is a Client to Gateway Tunnel?
 
A Client to Gateway Tunnel is a tunnel created between the VPN router and the client mobile user which is using a VPN client software that supports IPSec.  This setup allows a remote client to connect to the router. 
 
 
Creating a Client to Gateway VPN
 
Step 1:
Access the router’s web-based setup page.  For instructions, click here
 
Step 2:
In the Configuration page, click VPN > Client To Gateway.
 
 
Step 3:
Create a name you want to set for your VPN tunnel in the Tunnel Name field and then select an Interface

NOTE:  By default, the Enable checkbox is already marked.  If you need to disable the VPN tunnel you can do so after you create the tunnel.
 

 
NOTE:  In this example, Tunnel 1 is used as the Tunnel Name and WAN1 is used for Interface.  If you have Dual WAN setup, select the appropriate WAN interface where the remote client should come in through.

Step 4:
In the LOCAL GROUP SETUP section, select the preferred Local Security Gateway Type.

 
  • IP Only - If users decide to use IP only, entering the IP Address is the only way to gain access to this VPN tunnel.  The WAN IP Address will be automatically filled into this space.  Users don't need to do further settings. 
     
  • IP + Domain Name (FQDN) Authentication - The WAN IP Address will be automatically filled into this space.  Users don't need to do further settings.  FQDN refers to the combination of host name and domain name and can be retrieved from the Internet (i.e. vpn.server.com). 
     
  • IP + E-mail Addr. (USER FQDN) Authentication - If users select IP Address and E-mail, enter the IP Address and E-mail address to gain access to this VPN tunnel and the WAN IP Address will be automatically filled into this space.  Users don't need to do further settings. 
     
  • Dynamic IP + Domain Name (FQDN) Authentication - If users use dynamic IP Address to connect to the device, users may select this option to link to VPN.  If users select this option to link to VPN, please enter the domain name. 
     
  • Dynamic IP + E-mail Addr. (USER FQDN) Authentication - If users use dynamic IP Address to connect to the device, users may select this option to connect to VPN without entering IP Address.  If users select this option to link to VPN, enter E-Mail address to the empty field for E-Mail authentication. 
Step 5:
Select the applicable Local Security Group Type.
 
 
  • IP - This option allows the only IP Address which is entered to build the VPN tunnel. 
     
  • Subnet - This option allows local computers in this subnet to be connected to the VPN tunnel. 
     
  • IP Range - This option allows a range of IP Addresses to use this VPN tunnel.  Enter the begin IP and the end IP of the range.
Step 6:
Enter the subnet mask of your router in the Subnet Mask field.
 
 
Step 7:
Under REMOTE GROUP SETUP, select the preferred Remote Security Gateway Type.
 
 
  • IP Only - If users decide to use IP only, entering the IP address is the only way to gain access to the VPN tunnel.  You can also select IP by DNS Resolved, and enter the domain name of the client on the Internet.  The router will automatically get the IP address by DNS Resolved.
     
  • IP + Domain Name (FQDN) Authentication - If this is selected, enter the domain name and IP address. 
     
  • IP + E-mail Addr. (USER FQDN) Authentication - If this is selected, enter the IP address (or IP By Resolved) and E-mail address. 
     
  • Dynamic IP + Domain Name (FQDN) Authentication - If remote user uses dynamic IP address to connect to the device, select this option and enter the domain name to authenticate the client.  The domain name can be used for only one (1) VPN tunnel. 
     
  • Dynamic IP + E-mail Addr. (USER FQDN) Authentication - If remote user uses dynamic IP address to connect to the device, select this option and enter the Email address to authenticate the client.
Step 8:
Enter the IP Address of the client computer in the Remote Group IP Type field.
 
 
NOTE:  In this example, 192.168.111.222 was used as the IP Address of the client computer.  If users decide to use IP only, entering the IP address is the only way to gain access to this VPN tunnel.

Step 9:
Under IPSEC SETUP, select your Keying Mode.  This can either be Manual or IKE with Preshared Key.
 
 
Step 10:
Under Preshared Key, create a key for the VPN connection to establish a VPN tunnel with.
 
 
QUICK TIP:  The Preshared Key Strength Meter describes how secure your Preshared Key is.  The higher the meter, the more secure it becomes.  Use a combination of upper-case letters, lower-case letters, and numbers to maximize the strength of your password.

Step 11:
Click Save.
 
You have now successfully created a Client to Gateway Tunnel with IPSec on your Linksys Gigabit VPN router.   The next step is to configure your remote client to connect to the VPN using a VPN client software.  Click on the links below to know how:
 
Establishing Client to Gateway IPsec Tunnel with Shrewsoft VPN Client
Establishing Client to Gateway IPsec Tunnel with IPSecuritas VPN Client

Was this support article useful?

Additional Support Questions?

Search Again

CONTACT SUPPORT