VPN IPSec Application Installation Guide 1 Configuring a IPSec LAN-to-LAN VPN Connection Table 3: Network Configuration and Security Plan Local Network ID Local Router IP Remote Network ID Remote Router IP IKE Pre-shared Key VPN Connection Type Security Algorithm Branch Office 192.168.0.0/24 69.121.1.30 192.168.1.0/24 69.121.1.3 12345678 Tunnel mode ESP:MD5 with 3DES Head Office 192.168.1.0/24 69.121.1.3 192.168.0.0/24 69.121.1.30 12345678 Tunnel mode ESP:MD5 with 3DES Functions of IKE Pre-shared Key, VPN Connection Type and Security Algorithm MUST BE identically set up on both sides. Attention 2 Configuring IPSec VPN in the Head Office 1 2 3 4 5 Item 1 2 3 4 5 Function Connection Name Subnet IP Address Netmask Secure Gateway Address (or Hostname) Subnet IP Address Netmask ESP Authentication Encryption Prefer Forward Security Pre-shared Key Description IPSec_HeadOffice Given a name of IPSec connection Check Subnet radio button 192.168.1.0 Head office network 255.255.255.0 69.121.1.30 IP address of the head office router (in WAN side) Check Subnet radio button 192.168.0.0 255.255.255.0 Branch office network Check ESP radio button MD5 3DES None 12345678 Security plan 3 Configuring IPSec VPN in the Branch Office 1 2 3 4 5 Item 1 2 3 4 5 Function Connection Name Subnet IP Address Netmask Secure Gateway Address (or Hostname) Subnet IP Address Netmask ESP Authentication Encryption Prefer Forward Security Pre-shared Key Description IPSec_BranchOffice Given a name of IPSec connection Check Subnet radio button 192.168.0.0 Branch office network 255.255.255.0 IP address of the head office router (in WAN side) 69.121.1.3 Check Subnet radio button 192.168.1.0 255.255.255.0 Head office network Check ESP radio button MD5 3DES None 12345678 Security plan 4 Configuring a IPSec Host-to-LAN VPN Connection 5 Configuring IPSec VPN in the Office 1 2 3 4 5 Item 1 2 3 4 5 Function Connection Name Subnet IP Address Netmask Secure Gateway Address (or Hostname) Single Address IP Address ESP Authentication Encryption Prefer Forward Security Pre-shared Key Description IPSec Given a name of IPSec connection Check Subnet radio button 192.168.1.0 255.255.255.0 Head office network 69.121.1.30 IP address of the head office router (in WAN side) 69.121.1.30 Check Single Address radio button Remote worker’s IP address Check ESP radio button MD5 3DES None 12345678 Security plan 6 Configuring IPSec VPN Tunnel thru Microsoft Windows in Remote Host Step 1 Click “Start” => “Run…” and type “secpol.msc” in the field. Click OK to the next step. Step 2 Right-Click “IP Security Policies on Local Computer”. Click “Create IP Security Policy…” to the next step. Step 3 Click Next > to the next step. Step 4 Give a name to the IP Security Policy. Here we make it called “IPSec Test”. Click Next > to the next step. 7 Step 5 Check “Activate the default response rule.” box. If it is not checked. Click Next > to the next step. Step 6 Click Next > to continue. Step 7 Check “Edit Properties” box if it is not checked. Click Finish to the next step. 8 Step 8 Un-check “<Dynamic>” box if it is checked. Click Add… to the next step. Step 9 Click Next > to the next step. Step 10 Check “The tunnel endpoint is specified by this IP address:” radio button and enter the public IP of Remote Worker. Click Next > to the next step. 9 Step 11 Check “All network connections” radio button. Click Next > to the next step. Step 12 Check “Use this string to protect the key exchange [preshared key]:” radio button and input the key. This pre-share key should be identical as the set up in the Router. Click Next > to the next step. Step 13 Click Add… to the next step. 10 Step 14 Give a name and description to this IP Filter. Click Add… to configure an IP traffic filter that comes from Office LAN to Remote Worker. Step 15 Click Next > to the next step. Step 16 Select “Source address:” to “A specific IP Subnet” and enter both IP address and mask of Office LAN. Click Next > to the next step. 11 Step 17 Select “Destination address:” to “My IP Address”. Click Next > to the next step. Step 18 Select protocol type, “Any”. Click Next > to the next step. Step 19 Check “Edit properties” box if it is not checked. Click Finish to the next step. 12 Step 20 Un-check “Mirrored. Also match packets with the exact opposite source and destination addresses.” box if it is checked. Click OK to the next step. Step 21 Traffic in filter is created and listed in the Filter field. It is necessary to create another filter for the opposite direction. Click OK to the next step. Step 22 Check “Traffic in” radio button. Click Next > to the next step. 13 Step 23 A security plan must be create between Office LAN and Remote Worker. Note: This information should be identical on both Office LAN and Remote Worker. Click Add… to the next step. Step 24 Click Next > to the next step. Step 25 Give a name to this Filter Action. Click Next > to the next step. 14 Step 26 Check “Negotiate security” radio button. Click Next > to the next step. Step 27 Check “Do not communicate with computers that do not support IPSec.” radio button. Click Next > to the next step. Step 28 Check “Custom” radio button. Click Settings… to the next step. 15 Step 29 ESP mode (MD5 authentication and 3DES encryption method ) must be identical on both sites, the Office LAN and Remote Worker. Click OK to the next step. Step 30 Click Next > to the next step. Step 31 Un-check “Edit properties” box if it is checked. Click Finish to the next step. 16 Step 32 Check “Security Plan” radio button. Click Next > to the next step. Step 33 Un-check “Edit properties” if it is checked. Click Finish to the next step. Step 34 A rule called “Traffic in” in the IP Filter List. It is necessary to create another rule for Traffic out. Click Add… to the next step. 17 Step 35 Click Next > to the next step. Step 36 Check “The tunnel endpoint is specified by this IP address:” radio button and enter the public IP of Office LAN. Click Next > to the next step. Step 37 Check “All network connections” radio button. Click Next > to the next step. 18 Step 38 Check “Use this string to protect the key exchange [preshared key]:” radio button and enter the key. Note: This pre-share key must be identical as the set up in the router. Click Next > to the next step. Step 39 Click Add… to the next step. Step 40 Give a name and description to this IP Filter. Click Add… to configure an IP traffic filter that comes from Remote Worker to Office LAN. 19 Step 41 Click Next > to the next step. Step 42 Select “Source address:” to “My IP Address”. Click Next > to the next step. Step 43 Select “Destination address:” to “A specific IP Subnet” and enter both IP address and mask of Office LAN. Click Next > to the next step. 20 Step 44 Select protocol types, “Any”. Click Next > to the next step. Step 45 Check “Edit properties” box if it is not checked . Click Finish to the next step. Step 46 Un-check “Mirrored. Also match packets with the exact opposite source and destination addresses.” box if it is checked. Click OK to next step. 21 Step 47 Traffic out filter is created and listed in the Filter field. Both incoming and outgoing traffic rule, Traffic in and Traffic out are completed! Click OK to the next step. Step 48 Check “Traffic out” radio button. Click Next > to the next step. Step 49 Check “Security Plan” radio button. For both Traffic in and Traffic out, we should use the same security plan. Click Next > to the next step. 22 Step 50 Un-check “Edit properties” if it is checked. Click Finish to the next step. Step 51 Click OK to apply your settings. Step 52 Right click “IPSec Test”. Click “Assign” to enable IPSec setting on this machine. Step 53 Congratulation! ! You have completed the setting. Completed! 23 Configuring a IPSec LAN-to-LAN VPN Connection 24 Configuring IPSec VPN in the Head Office 1 2 3 4 5 Item 1 2 3 4 5 Function Connection Name Subnet IP Address Netmask Secure Gateway Address (or Hostname) Subnet IP Address Netmask ESP Authentication Encryption Prefer Forward Security Pre-shared Key Description IPSec_HeadOffice Given a name of IPSec connection Check Subnet radio button 192.168.1.0 Head office network 255.255.255.0 69.121.1.30 IP address of the head office router (in WAN side) Check Subnet radio button 192.168.0.0 255.255.255.0 Branch office network Check ESP radio button MD5 3DES None 12345678 25 Security plan Configuring IPSec VPN thru Microsoft Windows in Branch Office Step 1 Click “Start” => “Run…” and type “secpol.msc” in the field. Click OK to the next step. Step 2 Right-Click “IP Security Policies on Local Computer”. Click “Create IP Security Policy…” to the next step. Step 3 Click Next > to the next step. Step 4 Give a name to the IP Security Policy. Here we make it called “IPSec Test”. Click Next > to the next step. 26 Step 5 Check “Activate the default response rule.” box. If it is not checked. Click Next > to the next step. Step 6 Click Next > to the continue. Step 7 Check “Edit Properties” box if it is not checked. Click Finish to the next step. 27 Step 8 Un-check “<Dynamic>” box if it is checked. Click Add… to the next step. Step 9 Click Next > to the next step. Step 10 Check “The tunnel endpoint is specified by this IP address:” radio button and enter the public IP of Branch Office. Click Next > to the next step. 28 Step 11 Check “All network connections” radio button. Click Next > to the next step. Step 12 Check “Use this string to protect the key exchange [preshared key]:” radio button and input the key. This pre-share key should be identical as the set up in the Router. Click Next > to the next step. Step 13 Click Add… to the next step. 29 Step 14 Give a name and description to this IP Filter. Click Add… to configure an IP traffic filter that comes from Head Office to Branch Office. Step 15 Click Next > to the next step. Step 16 Select “Source address:” to “A specific IP Subnet” and enter both IP address and mask of Office LAN. Click Next > to the next step. 30 Step 17 Select “Destination address:” to “A specific IP Subnet” and enter both IP address and mask of Branch Office LAN. Click Next > to the next step. Step 18 Select protocol types, “Any”. Click Next > to the next step. Step 19 Check “Edit properties” box if it is not checked. Click Finish to next step. 31 Step 20 Un-check “Mirrored. Also match packets with the exact opposite source and destination addresses.” box if it is checked. Click OK to next step. Step 21 Traffic in filter is created and listed in the Filter field. It is necessary to create another filter for the opposite direction. Click OK to the next step. Step 22 Check “Traffic in” radio button. Click Next > to the next step. 32 Step 23 A security plan must be create between Head and Branch office. Note: This information should be identical on both Head and Branch office. Click Add… to the next step. Step 24 Click Next > to the next step. Step 25 Give a name to this Filter Action. Click Next > to the next step. 33 Step 26 Check “Negotiate security” radio button. Click Next > to the next step. Step 27 Check “Do not communicate with computers that do not support IPSec.” radio button. Click Next > to the next step. Step 28 Check “Custom” radio button. Click Settings… to the next step. 34 Step 29 ESP mode (MD5 authentication and 3DES encryption method ) must be identical on both sites, the Branch office and Head office. Click OK to the next step. Step 30 Click Next > to the next step. Step 31 Un-check “Edit properties” box if it is checked. Click Finish to the next step. 35 Step 32 Check “Security Plan” radio button. Click Next > to the next step. Step 33 Un-check “Edit properties” if it is checked. Click Finish to the next step. Step 34 A rule called “Traffic in” in the IP Filter List. It is necessary to create another rule for Traffic out. Click Add… to the next step. 36 Step 35 Click Next > to the next step. Step 36 Check “The tunnel endpoint is specified by this IP address:” radio button and enter the public IP of Head Office. Click Next > to next step. Step 37 Check “All network connections” radio button. Click Next > to the next step. 37 Step 38 Check “Use this string to protect the key exchange [preshared key]:” radio button and enter the key. Note: This pre-share key must be identical as the set up in the router. Click Next > to the next step. Step 39 Click Add… to the next step. Step 40 Given a name and description of this IP Filter. Click Add… to configure an IP traffic filter that comes from Branch Office to Head Office. 38 Step 41 Click Next > to the next step. Step 42 Select “Source address:” to “A specific IP Subnet” and enter both IP address and mask of Branch Office LAN. Click Next > to the next step. Step 43 Select “Destination address:” to “A specific IP Subnet” and enter both IP address and mask of Head Office LAN. Click Next > to the next step. 39 Step 44 Select protocol type, “Any”. Click Next > to the next step. Step 45 Check “Edit properties” box if it is not checked . Click Finish to the next step. Step 46 Un-check “Mirrored. Also match packets with the exact opposite source and destination addresses.” box if it is checked. Click OK to the next step. 40 Step 47 Traffic out filter is created and listed in the Filter field. Both incoming and outgoing traffic rule, Traffic in and Traffic out are completed! Click OK to the next step. Step 48 Check “Traffic out” radio button. Click Next > to the next step. Step 49 Check “Security Plan” radio button. For both Traffic in and Traffic out, we should use the same security plan. Click Next > to the next step. 41 Step 50 Un-check “Edit properties” if it is checked. Click Finish to the next step. Step 51 Click OK to apply your settings. Step 52 Right click “IPSec Test”. Click “Assign” to enable IPSec setting on this machine. 42 Step 53 Congratulation! ! You have completed the setting. Completed! 43
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project
advertisement
© 2021