Building LAN to LAN VPN from Vigor2920 to Vigor3900 By Using IPSec Tunnel (Aggressive Mode)

possibledisastrousΑσφάλεια

9 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

110 εμφανίσεις


1
Building LAN to LAN VPN from Vigor2920 to Vigor3900 By
Using IPSec Tunnel (Aggressive Mode)
In this document we will introduce how to create an IPSec LAN to LAN VPN from Vigor2920 to
Vigor3900 in Aggressive mode. We use the following scenario.


Configuration on Vigor3900
1. Log into the web user interface of Vigor3900.
2. Open VPN and Remote Access>>VPN Profiles.
3. Select IPSec service and click Add for creating a new profile.


2
4. In the following dialog, check Enable This Profile and type the name for the profile, e.g. 2920.

Disable Always On since Vigor3900 acts as Dial-In server. Select PSK for Auth Type
(authentication type) and set the Preshared Key (the same key as the client). Type the LAN IP
of the remote side in the field of Remote IP/Subnet Mask (e.g., 192.168.26.0 in this case).
5. Click the Advanced tab.


3
Click Enable to enable Aggressive Mode. Set Remote Peer ID.
6. Click Apply to save the settings.
7. Once the IPSec tunnel is established, you can check the tunnels under connection management
(simply open VPN and Remote Access >> Connection Management). In addition, you can
use Ping Diagnosis under Diagnostics to check if you can ping the remote side.


Configuration on Vigor2920
1. Log into the web user interface of Vigor2920.
2. Open VPN and Remote Access>>LAN to LAN to create a LAN-to-LAN profile. The
following settings are for a permanent VPN connection.


4
3. Click any index number to open the configuration page. Type a name which is easy for
identification for such profile (in this case, type HQ3900), and check the box of Enable This
Profile. For Vigor2920 will be set as a client, the call direction shall be set as Dial-Out. Check
the box of Always on for a permanent VPN connection.

4. Now navigate to the next section, Dial-Out Settings to select the IPSec Tunnel service and
type the remote server IP/host name. Press the IKE Pre-Shared Key button to set the PSK; and
select High (ESP) for higher security.


5
5. Click the Advanced button below IPSec Security Method to open the following dialog.

Click the Aggressive Mode radio button. Set Local ID (same like remote Peer ID from server
side) and click OK.
6. Continue to navigate to the TCP/IP Network Settings for setting the LAN IP of the remote side.

7. Click OK to save the settings.

6
8. Once the IPSec tunnel is established, you can check the tunnels under connection management
(simply open VPN and Remote Access >> Connection Management). In addition, you can
use Ping Diagnosis under Diagnostics to check if you can ping the remote side.