To the knowledge base

Connecting the FRITZ!Box with a company's VPN (IPSec)

IPSec allows you to establish VPN connections to your company's VPN server with your FRITZ!Box. This way you can access devices and data in the company's network from your home network. It is not possible to access devices in your home network from the company network.

You can find an overview of additional VPN connection options in our guide VPN with FRITZ!.

Example values used in this guide

In this guide we show you how to connect a FRITZ!Box as a VPN client to a VPN server via IPSec. When setting up the connection, replace the values used in this guide with your actual values.

Requirements / Restrictions

  • The FRITZ!Box supports VPN connections according to the IPsec standard with ESP, IKEv1, and pre-shared keys. Authentication Header (AH) and Perfect Forward Security (PFS) are not supported.
  • Supported IPSec algorithms for IKE phase 1:
    • Encryption methods: AES with 256, 192, 128 bit
    • Hash algorithms: SHA2-512, SHA2-384, SHA2-256 or SHA1
    • The FRITZ!Box uses 2048-bit Diffie-Hellman initial key exchange (DH group 14). If a connection cannot be established with it, use 1024 bits (DH group 2).
  • Supported IPSec algorithms for IKE phase 2:
    • Encryption methods: AES with 256, 192, 128 bit
    • Hash algorithms: SHA2-512, SHA2-384, SHA2-256 or SHA1
    • The Diffie-Hellman group is determined by IKE phase 1
    • Compression: None

1 Setting up a VPN connection in the VPN server

  1. Have the administrator of the VPN server in your company set up a VPN client connection for the FRITZ!Box. The IPsec algorithms given above must be used.

2 Setting up a VPN connection in the FRITZ!Box

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click the "VPN (IPSec)" tab.
  4. Click the "Add VPN Connection" button.
  5. Click "Connect this FRITZ!Box with a corporate VPN" and then "Next".
  6. In the field "VPN username (Key ID)", enter the IPsec ID or key ID of the VPN connection (John Smith) configured for the FRITZ!Box in the VPN server.
  7. Enter the password for the VPN connection (Zj7hPCouK65IrPU4) in the field "VPN password (pre-shared key)".
  8. If the VPN server uses XAUTH, enable the option "Use XAUTH" and enter the XAUTH username (John Doe) and the XAUTH password (secret1234) in the corresponding fields.
  9. Enter a unique name for the connection (Headquarters) in the field "Name of the VPN connection".
  10. Enter the VPN server's domain name or fixed public IP address (sec.companydomain.com or 212.42.244.80 in the field "Web address of the remote site".
  11. Enter the IP network of the company's VPN (172.16.0.0) in the "Remote network" field.
  12. In the "Subnet mask" field, enter the subnet mask (255.255.0.0) that corresponds to the IP network of the company's VPN.
  13. Enable the option "Hold VPN connection permanently" if you want to maintain the VPN connection to the VPN server at all times.
  14. Enable the option "Allow NetBIOS over this connection" if access to SMB shared files in the company network should be allowed.
  15. Click "Advanced Settings for Network Traffic".
  16. If you do not only want to use the VPN connection to access the company's network, but also want all web requests to be sent to the company's VPN, enable the option "Send all network traffic via the VPN connection".
  17. If only certain devices should be able to access the company network, enable the option "Only certain devices use the VPN connection" and select the corresponding devices.
  18. Click "Apply" to save the settings and on the FRITZ!Box, confirm that the procedure may be executed, if you are asked to do so.

3 Establishing a VPN connection

If you enabled the option "Hold VPN connection permanently" in the FRITZ!Box, the FRITZ!Box continuously maintains the VPN connection and automatically establishes the connection again if the VPN server clears the connection.

If you did not enable the option "Hold VPN connection permanently", the FRITZ!Box automatically establishes the VPN connection when the company's network is accessed. After an hour of inactivity, the FRITZ!Box clears the VPN connection again.

Note:Active VPN connections are displayed in the FRITZ!Box user interface under "Overview" in the section "Connections".