CalAmp Fusion User Manual - page 117
Fusion Multi-Network LTE Router PN 001-0000-602 Rev. B
| Page 111
2. IPSEC TUNNEL
IPsec utilizes the client-server model, where the IPsec client (Fusion) will initiate an encrypted tunnel to the IPsec
server using a pre-established security key. The tunnel creates a virtual private network (VPN) linking the networks
attached to either endpoint. Once the tunnel is created, data can flow in either direction.
The IPsec protocol encapsulates and encrypts the entire packet destined for the remote network. The packet will have
a new IP header, allowing the packet to be forwarded over the public network from the IPsec client to the IPsec server
or vice versa. At the receiving end, the IPsec header will be stripped from the packet. The packet will be decrypted and
then forwarded into the local area network as if both remote networks were connected directly.
Imagine a scenario where the user programs the Fusion’s interface priority as shown in Figure 89 in Section 1.
Priority #1: WiFi Client
Priority #2: AT&T
WWAN0 – Wireless Wide Area Network 0
Priority #3: Verizon WWAN1 – Wireless Wide Area Network 1
In the diagram below, the Fusion powers up, connects to both cellular providers, AT&T and Verizon. Since no WiFi is
available and AT&T (WWAN0) is the highest priority available interface, the IPsec tunnel is established between the
Fusion and the IPsec server using WWAN0.
Figure 90 Fusion using WWAN0 as the default interface
If by chance AT&T becomes unavailable at some later time, the Fusion will switch to the backup cellular provider (in
this example, Verizon). The IPsec tunnel will be reestablished through the Fusion’s WWAN1 interface, and
communications between the remote networks will continue as they had initially.
Figure 91 Fusion using WWAN1 as the default interface