This guide applies to the Motorola MG8702, MG8725, and MT8733 devices.
Virtual Private Networks (VPNs) provide protected connections across the Internet. Some companies and other organizations provide remote access to their internal networks via a VPN. Employees are typically provided with software that makes the VPN connection from a computer.
When a computer provisioned for this type of VPN connection is connected behind the MG8702, MG8725, or MT8733, the modem-router must pass through the VPN traffic. The MG8702 is configured by default for VPN pass-through. (The IPsec and PPTP Pass-through settings on the Advanced > Options page respectively enable IPsec and PPTP VPN passthrough. IPsec and PPTP are protocols used in different VPN implementations. The pass-through settings for both are enabled by default).
The most common type of VPN connection that MG8702, MG8725, and MT8733 users will encounter is the type of VPN described above, which simply needs to pass through the device. The VPN pages support features that allow you to terminate VPN connections on the modem-router itself. The modem-router can terminate PPTP, L2TP, and IPsec connections in specific scenarios. It can act as a VPN server to terminate PPTP and L2TP connections, for example from remote client computers. It can act as a VPN endpoint for IPsec connections, for example from a remote office to a central office (“site-to-site”). It cannot act as a VPN server to terminate IPsec connections from remote client computers.
To summarize, the MG8702, MG8725, and MT8733 support:
- VPN Pass-through (for clients connected behind the device that need to access for example a corporate network)
- Termination of VPN clients via PPTP & L2TP (The modem-router can be configured as a VPN server in a small office or similar environment. Clients located on the Internet can connect to the small office network through VPN tunnels terminated at the MG8702, MG8725, or MT8733.)
The L2TP/PPTP page allows you to configure server and security settings. The L2TP (Layer 2 Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol) both allow PPP frames to be tunneled through the network. PPTP is a Microsoft proprietary protocol, (which is very similar to L2TP).
To configure an L2TP or PPTP tunnel, navigate to the L2TP/PPTP page (VPN > L2TP/PPTP). Then select to enable either an L2TP or a PPTP tunnel, and enter the required information following the descriptions in the Info Text (i) fields. Make sure to click Save as you complete each field.
- Site-to-Site VPN via IPsec (the modem-router can be configured to create a tunnel for all devices on the MG8702, MG8725, or MT8733's LAN side to connect to a corporate network).
- The MG8702, MG8725, and MT8733 do not support the termination of client VPN connections via IPsec.
The IPSec page allows you to configure the IPSec tunnel and endpoint settings. An IPSec tunnel is usually established in two phases. Each phase establishes a security association (SA), a contract indicating what security parameters the cable modem/router and the remote IPSec router will use.
The first phase establishes an Internet Key Exchange (IKE) SA between the cable modem/router and the remote IPSec router. The second phase uses the IKE SA to securely establish an IPSec SA through which the cable modem/router and remote IPSec Router can send data between computers on the local network and remote network.
To configure an IPSec tunnel, navigate to the IPSec page (VPN > IPSec) and click the Create a New Tunnel button. Then enter the required information, following the descriptions in the Info Text (i) fields. Make sure to click Save when you have completed the entries.
Additional Information on VPN options
IPsec uses encryption and provides the strongest security. PPTP is considered to be the least secure VPN option. PPTP connections are not required to include encryption or authentication. L2TP is based on PPTP, and adds some level of compulsory authentication.
In the implementation of PPTP and L2TP on the MG8702, MG8725, or MT8733, MPPE encryption is optional. Both protocols require a login; L2TP requires a passkey for authentication.
There are three pages under VPN in the configuration manager: IPsec, L2TP/PPTP, and Event Log. Use the IPsec page to set up an endpoint for a site-to-site IPsec connection. Use the PPTP/L2TP page to set up a server for a set of remote clients that connect via PPTP or L2TP. You may find the Event Log useful to determine what has gone wrong if you have trouble setting up a VPN.
For details on how to configure a VPN on the MG8702, MG8725, or MT8733, follow the help available through the information icons on the configuration manager pages.
When the MG8702, MG8725, or MT8733 is configured as a VPN endpoint, devices that connect to the endpoint will need to know the IP Address of the modem-router. You can find this address on the Status > Connections page. To provide the most stable VPN connections, the MG8702, MG8725, or MT8733’s router should be provisioned with a static IP Address. You will need to order this from your cable service provider.
The VPN implementations on the MG8702, MG8725, and MT8733 are best effort. They are also Windows-centric. You will have to verify suitability for your own environment.