Billion BIPAC 7400/7402 User manual

Billion BIPAC 7400/7402 User manual
VPN IPSec Application
Installation Guide
1
Configuring a IPSec LAN-to-LAN VPN Connection
Table 3: Network Configuration and Security Plan
Local Network ID
Local Router IP
Remote Network ID
Remote Router IP
IKE Pre-shared Key
VPN Connection Type
Security Algorithm
Branch Office
192.168.0.0/24
69.121.1.30
192.168.1.0/24
69.121.1.3
12345678
Tunnel mode
ESP:MD5 with 3DES
Head Office
192.168.1.0/24
69.121.1.3
192.168.0.0/24
69.121.1.30
12345678
Tunnel mode
ESP:MD5 with 3DES
Functions of IKE Pre-shared Key, VPN Connection Type and
Security Algorithm MUST BE identically set up on both sides.
Attention
2
Configuring IPSec VPN in the Head Office
1
2
3
4
5
Item
1
2
3
4
5
Function
Connection Name
Subnet
IP Address
Netmask
Secure Gateway Address
(or Hostname)
Subnet
IP Address
Netmask
ESP
Authentication
Encryption
Prefer Forward Security
Pre-shared Key
Description
IPSec_HeadOffice Given a name of IPSec connection
Check Subnet radio button
192.168.1.0
Head office network
255.255.255.0
69.121.1.30
IP address of the head office router (in
WAN side)
Check Subnet radio button
192.168.0.0
255.255.255.0
Branch office network
Check ESP radio button
MD5
3DES
None
12345678
Security plan
3
Configuring IPSec VPN in the Branch Office
1
2
3
4
5
Item
1
2
3
4
5
Function
Connection Name
Subnet
IP Address
Netmask
Secure Gateway Address
(or Hostname)
Subnet
IP Address
Netmask
ESP
Authentication
Encryption
Prefer Forward Security
Pre-shared Key
Description
IPSec_BranchOffice Given a name of IPSec connection
Check Subnet radio button
192.168.0.0
Branch office network
255.255.255.0
IP address of the head office router
(in WAN side)
69.121.1.3
Check Subnet radio button
192.168.1.0
255.255.255.0
Head office network
Check ESP radio button
MD5
3DES
None
12345678
Security plan
4
Configuring a IPSec Host-to-LAN VPN Connection
5
Configuring IPSec VPN in the Office
1
2
3
4
5
Item
1
2
3
4
5
Function
Connection Name
Subnet
IP Address
Netmask
Secure Gateway Address
(or Hostname)
Single Address
IP Address
ESP
Authentication
Encryption
Prefer Forward Security
Pre-shared Key
Description
IPSec
Given a name of IPSec connection
Check Subnet radio button
192.168.1.0
255.255.255.0
Head office network
69.121.1.30
IP address of the head office router (in
WAN side)
69.121.1.30
Check Single Address radio button
Remote worker’s IP address
Check ESP radio button
MD5
3DES
None
12345678
Security plan
6
Configuring IPSec VPN Tunnel thru Microsoft Windows in Remote Host
Step 1
Click “Start” => “Run…” and type
“secpol.msc” in the field.
Click OK to the next step.
Step 2
Right-Click “IP Security Policies on
Local Computer”.
Click “Create IP Security Policy…” to the
next step.
Step 3
Click Next > to the next step.
Step 4
Give a name to the IP Security Policy.
Here we make it called “IPSec Test”.
Click Next > to the next step.
7
Step 5
Check “Activate the default response
rule.” box. If it is not checked.
Click Next > to the next step.
Step 6
Click Next > to continue.
Step 7
Check “Edit Properties” box if it is not
checked.
Click Finish to the next step.
8
Step 8
Un-check “<Dynamic>” box if it is
checked.
Click Add… to the next step.
Step 9
Click Next > to the next step.
Step 10
Check “The tunnel endpoint is specified
by this IP address:” radio button and
enter the public IP of Remote Worker.
Click Next > to the next step.
9
Step 11
Check “All network connections” radio
button.
Click Next > to the next step.
Step 12
Check “Use this string to protect the key
exchange [preshared key]:” radio button
and input the key. This pre-share key
should be identical as the set up in the
Router.
Click Next > to the next step.
Step 13
Click Add… to the next step.
10
Step 14
Give a name and description to this IP
Filter.
Click Add… to configure an IP traffic
filter that comes from Office LAN to
Remote Worker.
Step 15
Click Next > to the next step.
Step 16
Select “Source address:” to “A specific
IP Subnet” and enter both IP address and
mask of Office LAN.
Click Next > to the next step.
11
Step 17
Select “Destination address:” to “My IP
Address”.
Click Next > to the next step.
Step 18
Select protocol type, “Any”.
Click Next > to the next step.
Step 19
Check “Edit properties” box if it is not
checked.
Click Finish to the next step.
12
Step 20
Un-check “Mirrored. Also match packets
with the exact opposite source and
destination addresses.” box if it is
checked.
Click OK to the next step.
Step 21
Traffic in filter is created and listed in the
Filter field.
It is necessary to create another filter for
the opposite direction.
Click OK to the next step.
Step 22
Check “Traffic in” radio button.
Click Next > to the next step.
13
Step 23
A security plan must be create between
Office LAN and Remote Worker.
Note: This information should be identical on
both Office LAN and Remote Worker.
Click Add… to the next step.
Step 24
Click Next > to the next step.
Step 25
Give a name to this Filter Action.
Click Next > to the next step.
14
Step 26
Check “Negotiate security” radio button.
Click Next > to the next step.
Step 27
Check “Do not communicate with
computers that do not support IPSec.”
radio button.
Click Next > to the next step.
Step 28
Check “Custom” radio button.
Click Settings… to the next step.
15
Step 29
ESP mode (MD5 authentication and
3DES encryption method ) must be
identical on both sites, the Office LAN
and Remote Worker.
Click OK to the next step.
Step 30
Click Next > to the next step.
Step 31
Un-check “Edit properties” box if it is
checked.
Click Finish to the next step.
16
Step 32
Check “Security Plan” radio button.
Click Next > to the next step.
Step 33
Un-check “Edit properties” if it is
checked.
Click Finish to the next step.
Step 34
A rule called “Traffic in” in the IP Filter
List. It is necessary to create another
rule for Traffic out.
Click Add… to the next step.
17
Step 35
Click Next > to the next step.
Step 36
Check “The tunnel endpoint is specified
by this IP address:” radio button and
enter the public IP of Office LAN.
Click Next > to the next step.
Step 37
Check “All network connections” radio
button.
Click Next > to the next step.
18
Step 38
Check “Use this string to protect the key
exchange [preshared key]:” radio button
and enter the key.
Note: This pre-share key must be identical as
the set up in the router.
Click Next > to the next step.
Step 39
Click Add… to the next step.
Step 40
Give a name and description to this IP
Filter.
Click Add… to configure an IP traffic
filter that comes from Remote Worker to
Office LAN.
19
Step 41
Click Next > to the next step.
Step 42
Select “Source address:” to “My IP
Address”.
Click Next > to the next step.
Step 43
Select “Destination address:” to “A
specific IP Subnet” and enter both IP
address and mask of Office LAN.
Click Next > to the next step.
20
Step 44
Select protocol types, “Any”.
Click Next > to the next step.
Step 45
Check “Edit properties” box if it is not
checked
.
Click Finish to the next step.
Step 46
Un-check “Mirrored. Also match packets
with the exact opposite source and
destination addresses.” box if it is
checked.
Click OK to next step.
21
Step 47
Traffic out filter is created and listed in the
Filter field.
Both incoming and outgoing traffic rule,
Traffic in and Traffic out are completed!
Click OK to the next step.
Step 48
Check “Traffic out” radio button.
Click Next > to the next step.
Step 49
Check “Security Plan” radio button.
For both Traffic in and Traffic out, we
should use the same security plan.
Click Next > to the next step.
22
Step 50
Un-check “Edit properties” if it is
checked.
Click Finish to the next step.
Step 51
Click OK to apply your settings.
Step 52
Right click “IPSec Test”.
Click “Assign” to enable IPSec setting on
this machine.
Step 53
Congratulation! ! You have completed the
setting.
Completed!
23
Configuring a IPSec LAN-to-LAN VPN Connection
24
Configuring IPSec VPN in the Head Office
1
2
3
4
5
Item
1
2
3
4
5
Function
Connection Name
Subnet
IP Address
Netmask
Secure Gateway Address
(or Hostname)
Subnet
IP Address
Netmask
ESP
Authentication
Encryption
Prefer Forward Security
Pre-shared Key
Description
IPSec_HeadOffice Given a name of IPSec connection
Check Subnet radio button
192.168.1.0
Head office network
255.255.255.0
69.121.1.30
IP address of the head office router (in
WAN side)
Check Subnet radio button
192.168.0.0
255.255.255.0
Branch office network
Check ESP radio button
MD5
3DES
None
12345678
25
Security plan
Configuring IPSec VPN thru Microsoft Windows in Branch Office
Step 1
Click “Start” => “Run…” and type
“secpol.msc” in the field.
Click OK to the next step.
Step 2
Right-Click “IP Security Policies on
Local Computer”.
Click “Create IP Security Policy…” to the
next step.
Step 3
Click Next > to the next step.
Step 4
Give a name to the IP Security Policy.
Here we make it called “IPSec Test”.
Click Next > to the next step.
26
Step 5
Check “Activate the default response
rule.” box. If it is not checked.
Click Next > to the next step.
Step 6
Click Next > to the continue.
Step 7
Check “Edit Properties” box if it is not
checked.
Click Finish to the next step.
27
Step 8
Un-check “<Dynamic>” box if it is
checked.
Click Add… to the next step.
Step 9
Click Next > to the next step.
Step 10
Check “The tunnel endpoint is specified
by this IP address:” radio button and
enter the public IP of Branch Office.
Click Next > to the next step.
28
Step 11
Check “All network connections” radio
button.
Click Next > to the next step.
Step 12
Check “Use this string to protect the key
exchange [preshared key]:” radio button
and input the key. This pre-share key
should be identical as the set up in the
Router.
Click Next > to the next step.
Step 13
Click Add… to the next step.
29
Step 14
Give a name and description to this IP
Filter.
Click Add… to configure an IP traffic
filter that comes from Head Office to
Branch Office.
Step 15
Click Next > to the next step.
Step 16
Select “Source address:” to “A specific
IP Subnet” and enter both IP address and
mask of Office LAN.
Click Next > to the next step.
30
Step 17
Select “Destination address:” to “A
specific IP Subnet” and enter both IP
address and mask of Branch Office LAN.
Click Next > to the next step.
Step 18
Select protocol types, “Any”.
Click Next > to the next step.
Step 19
Check “Edit properties” box if it is not
checked.
Click Finish to next step.
31
Step 20
Un-check “Mirrored. Also match packets
with the exact opposite source and
destination addresses.” box if it is
checked.
Click OK to next step.
Step 21
Traffic in filter is created and listed in the
Filter field.
It is necessary to create another filter for
the opposite direction.
Click OK to the next step.
Step 22
Check “Traffic in” radio button.
Click Next > to the next step.
32
Step 23
A security plan must be create between
Head and Branch office.
Note: This information should be identical on
both Head and Branch office.
Click Add… to the next step.
Step 24
Click Next > to the next step.
Step 25
Give a name to this Filter Action.
Click Next > to the next step.
33
Step 26
Check “Negotiate security” radio button.
Click Next > to the next step.
Step 27
Check “Do not communicate with
computers that do not support IPSec.”
radio button.
Click Next > to the next step.
Step 28
Check “Custom” radio button.
Click Settings… to the next step.
34
Step 29
ESP mode (MD5 authentication and
3DES encryption method ) must be
identical on both sites, the Branch office
and Head office.
Click OK to the next step.
Step 30
Click Next > to the next step.
Step 31
Un-check “Edit properties” box if it is
checked.
Click Finish to the next step.
35
Step 32
Check “Security Plan” radio button.
Click Next > to the next step.
Step 33
Un-check “Edit properties” if it is
checked.
Click Finish to the next step.
Step 34
A rule called “Traffic in” in the IP Filter
List. It is necessary to create another
rule for Traffic out.
Click Add… to the next step.
36
Step 35
Click Next > to the next step.
Step 36
Check “The tunnel endpoint is specified
by this IP address:” radio button and
enter the public IP of Head Office.
Click Next > to next step.
Step 37
Check “All network connections” radio
button.
Click Next > to the next step.
37
Step 38
Check “Use this string to protect the key
exchange [preshared key]:” radio button
and enter the key.
Note: This pre-share key must be identical as
the set up in the router.
Click Next > to the next step.
Step 39
Click Add… to the next step.
Step 40
Given a name and description of this IP
Filter.
Click Add… to configure an IP traffic
filter that comes from Branch Office to
Head Office.
38
Step 41
Click Next > to the next step.
Step 42
Select “Source address:” to “A specific
IP Subnet” and enter both IP address and
mask of Branch Office LAN.
Click Next > to the next step.
Step 43
Select “Destination address:” to “A
specific IP Subnet” and enter both IP
address and mask of Head Office LAN.
Click Next > to the next step.
39
Step 44
Select protocol type, “Any”.
Click Next > to the next step.
Step 45
Check “Edit properties” box if it is not
checked
.
Click Finish to the next step.
Step 46
Un-check “Mirrored. Also match packets
with the exact opposite source and
destination addresses.” box if it is
checked.
Click OK to the next step.
40
Step 47
Traffic out filter is created and listed in the
Filter field.
Both incoming and outgoing traffic rule,
Traffic in and Traffic out are completed!
Click OK to the next step.
Step 48
Check “Traffic out” radio button.
Click Next > to the next step.
Step 49
Check “Security Plan” radio button.
For both Traffic in and Traffic out, we
should use the same security plan.
Click Next > to the next step.
41
Step 50
Un-check “Edit properties” if it is
checked.
Click Finish to the next step.
Step 51
Click OK to apply your settings.
Step 52
Right click “IPSec Test”.
Click “Assign” to enable IPSec setting on
this machine.
42
Step 53
Congratulation! ! You have completed the
setting.
Completed!
43
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement