SecureMesh
TM
Extender Bridge
Installation Guide
Trilliant Incorporated
page 10 of 26
in a secure manner over the IPsec VPN tunnel, requiring the VPN credentials in order to establish the
tunnel and thus necessitating that they be configured before deployment). Because a SecureMesh
WAN node’s IP address may be dynamic (for instance, a node may connect to different IP subnets
through different SecureMesh WAN Gateways), a VPN router will be unable to differentiate between
different VPN clients, and the SecureMesh WAN nodes in a network must all employ the same VPN
shared secret. The VPN shared secret is any ACSII string up to 64 bytes in length, using any
combination of letters, numbers, or symbols.
As an option, Trilliant recommends that the following Extender parameters be configured in order to speed up
the time required for an Extender Bridge to discover other SecureMesh WAN nodes and become part of the
network:
primary frequency
– the primary frequency should be configured to be the same center frequency
value as configured for the Gateway to which the Extender Bridge is expected to connect. Specify the
primary frequency in MHz as a four digit number (e.g. 5745).
allowed frequencies
– the allowed frequencies defines the various frequencies which the Extender
Bridge will ―hunt‖ for other SecureMesh WAN nodes and Gateways. The range of frequencies should
be configured to the range that will be used by other SecureMesh WAN nodes in this specific
deployment. The range may be specif
ied as ―all‖ or a group of specific frequencies. When specifying a
group, enter each value separately as a 4 digit number (MHz), evenly divisible by 5.
Collector Parameters
To configure the Extender Bridge’s Collector parameters, connect the Extender Bridge to an Ethernet network,
invoke the TstBench software, and establish connectivity with IP address 192.168.0.3 to access the Extender
Bridge’s Collector functionality. The parameters listed below are in Table ND05 74: SSH VPN Configuration.
The following Collector parameter
must
be configured to enable IPsec VPN:
VPN credentials
— the shared secret allowing a SecureMesh NAN data tunnel to be established to the
VPN router (note that in automatic provisioning mode, node configuration is provided in a secure
manner over the IPsec VPN tunnel, requiring the VPN credentials in order to establish the tunnel and
thus necessitating that they be configured before deployment)..The VPN shared secret is an ASCII
string up to 64 bytes in length.
The following Collector parameters
may
be configured to provide additional security:
Secure SHell security
— Secure SHell (SSH) is used to authenticate users and encrypt messages
between the Command-
Line Interface (CLI) of the Extender Bridge’s Collector the user’s computer.
The SSH username and password insure that only authorized personnel can access the CLI. Both the
username and password are ASCII strings up to 32 bytes in length.
