Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Vigor 2130 Lantolan

    Încărcat de

    Boontje Henk
    29 vizualizări8 pagini

    Titlu original

    Vigor2130lantolan

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    29 vizualizări8 pagini

    Vigor 2130 Lantolan

    Încărcat de

    Boontje Henk

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 8

    LAN to LAN IPSec VPN between Vigor2130 and Vigor2820 using Aggressive mode

    In this document we will introduce how to create a LAN to LAN IPSec VPN between Vigor2130 and a Vigor2820 using Aggressive mode. We use the following scenario.

    Case 1: VPN direction from Vigor2130 to Vigor2820 VPN configuration on Vigor2130


    1. Create a LAN-to-LAN profile.

    2. 3. 4. 5. 6.

    Enable it and give it a name. In this example the profile name is Demo. Enter Vigor2820s WAN IP address in the Remote IP field. Select Aggressive Mode as IKE phase 1 mode. Setup a pre-shared key, which must be the same as in Vigor2820. Setup the Local Identity and Remote Identity, which are for Vigor2130 and Vigor2820 respectively. During IPSec Aggressive mode negotiation, the VPN client must send its identity to the VPN server for verification. The VPN client may also verify the identity of the VPN server, which is optional. In this example we setup vigor2130 as the identity of Vigor2130, and vigor2820 as the identity of Vigor2820.

    7. 8. 9.

    Enter Vigor2130s private network in the Local Network / Mask field. Enter Vigor2820s private network in the Remote Network / Mask field. Use default value Automatic for IKE phase 1 and phase 2 proposals. Click OK.

    10. Accessing the VPN network of Vigor2820 from a PC behind Vigor2130 to initiate the VPN connection, for example, ping 192.168.1.x from a PC (192.168.30.x). Vigor2130 will be triggered to dial the IPSec VPN to Vigor2820. After the VPN is connected, you can monitor the status.

    VPN configuration on Vigor2820


    1. Create a LAN-to-LAN profile.

    2. 3. 4. 5.

    Enable it and give it a name. In this example the profile name is test. Select Dial-in as Call Direction. In Dial-Out Settings part, select IPSec Tunnel and press the Advanced button. In the pop-up window please enter vigor2820 in the Local ID field. Click OK to return to the profile setting page.

    6. 7. 8. 9.

    In Dial-In Settings part, please enable Specify Remote VPN Gateway and enter vigor2130 in the Peer ID field. Setup a pre-shared key, which must be the same as in Vigor2130. Enter Vigor 2130s private network in the Remote Network IP / Mask field. Click OK.

    Note: Vigor2130 supports the following proposals by default. For phase 1, Mode Selection When you select Automatic When you select 3DES When you select AES(any) When you select AES-128 When you select AES-192 When you select AES-256 For phase 2, Mode Selection When you select Automatic Proposals will be sent AES-128, MD5; AES-128, SHA1; AES-192, MD5; AES-192, SHA1; AES-256, MD5; AES-256, SHA1; 3DES, SHA1; 3DES, MD5 3DES, MD5; 3DES, SHA1 AES-256, MD5; AES-256, SHA1 AES-128, MD5; AES-128, SHA1
    4

    Proposals will be sent 3DES, SHA1, Group 2 3DES, MD5, Group 5 AES, MD5, Group 5 AES-128, MD5, Group 5 AES-192, MD5, Group 5 AES-256, MD5, Group 5

    When you select 3DES When you select AES(any) When you select AES-128

    When you select AES-192 When you select AES-256

    AES-192, MD5; AES-192, SHA1 AES-256, MD5; AES-256, SHA1

    Case 2: VPN direction from Vigor 2820 to Vigor 2130 VPN configuration on Vigor 2130
    1. Create a LAN-to-LAN profile.

    2. 3. 4. 5. 6.

    Enable it and give it a name. In this example the profile name is Demo. Enter 0.0.0.0 in the Remote IP field. Select Aggressive Mode as IKE phase 1 mode. Setup a pre-shared key, which must be the same as in Vigor2820. Setup the Local Identity and Remote Identity, which are for Vigor2130 and Vigor2820 respectively. During IPSec Aggressive mode negotiation, the VPN client must send its identity to the VPN server for verification. The VPN client may also verify the identity of the VPN server, which is optional. As VPN client Vigor2820 dont verify the identity of VPN server. So in this example we just setup vigor2820 as the identity of Vigor2820.
    5

    7. 8. 9.

    Enter Vigor2130s private network in the Local Network / Mask field. Enter Vigor2820s private network in the Remote Network / Mask field. Use default value Automatic for IKE phase 1 and phase 2 proposals.

    10. After the VPN is connected, you can monitor the status.

    VPN configuration on Vigor2820


    1. Create a LAN-to-LAN profile.

    2.

    Enable it and give it a name. In this example the profile name is test.

    3. 4. 5. 6. 7.

    Select Dial-Out as Call Direction and enable Always on. Select IPSec Tunnel and enter Vigor2130s WAN IP address in the Server IP/Host Name for VPN field. Setup a pre-shared key, which must be the same as in Vigor2130. Select ESP (High) and 3DES with Authentication. Press the Advanced button.

    8.

    In the pop-up window, please select Aggressive mode and select DES_MD5_G2/ DES_SHA1_G2/3DES_MD5_G2/3DES_SHA1_G2 as IKE phase 1 proposal. Enter vigor2820 in the Local ID field. Click OK to return to the profile setting page. Enter Vigor2130s private network in the Remote Network IP / Mask field.

    9.

    10. Click OK.

    S-ar putea să vă placă și