How to Establish an IPSec VPN Tunnel Between a - PDF by pvb52213

VIEWS: 4 PAGES: 9

									How to Establish an IPSec VPN Tunnel
Between a VPN 800/2 G or VPN 800/2,
LB-2 VPN and a 401VPN X2

                                   How To
  How to Establish an IPSec VPN Tunnel Between
  A VPN 800/2 G or VPN 800/2, LB-2 VPN and a 401VPN X2

  The HotBrick VPN 800/2 G and 401 VPN X2 are VPN capable gateways with industry standard IPSec
  encryption and Load Balancing. They provide secure LAN-to-LAN and LAN-to-Client connectivity over
  the Internet. The VPN 1400/2, VPN 800/8 F and LB-2 VPN support VPN with encryption, encapsulation,
  and authentication using the following methods:

  • DES
  • 3DES
  • AES
  • MD5
  • SHA-1
  • SHA-2


  IPSec VPN tunnel between a VPN 800/2 G and a VPN 401 X2 scenario
  overview




  The picture above displays two sites that are joined by an IPSec VPN tunnel between the LB-2
  VPN and VPN 1400/2 or VPN 800/8F.




IPSec VPN Tunnel Setup Guide Between a VPN 800/2 G and 401VPN X2    Property of HotBrick — 2008        2
VPN 800/2 G Setup

1) Login into the GUI of the HotBrick LB-2 VPN and click on VPN Configuration then on
IKE Global Setup to set the primary settings.

2) Once on this page input the following parameters:

        Enable Setting: select the check mark to enable the Global Parameters
        ISAKmp Port: Input 500 in the text box
        Phase 1 DH Group: select from the drop down menu DH Group 1 (DH768-bit)
        Phase 1 Encryption Method: select from the drop down menu 3DES
        Phase 1 Authentication Method: select from the drop down menu MD5
        Phase 1 SA Lifetime: input in the text box 28800 seconds
        Retry Counter: enter in the text box 5 retries
        Retry Interval: enter in the text box 10 seconds
        Maxtime to complete Phase 1: input 180 seconds
        Maxtime to complete Phase 2: input 120 seconds
        Count Per Send: input 1 in the text box
        NAT Traversal Port: input port 4500
        Log Level: set the log level to Information
        Click Submit and Reboot




IPSec VPN Tunnel Setup Guide Between a VPN 800/2 G and 401VPN X2   Property of HotBrick — 2008   3
IPSec Policy Setup Page




3) Policy Entry, Traffic Binding and Local Identity Option:
Name: input a generic name in the text box, for this example we used 401VPN
State: select the ENABLED check box
Interface: select from the drop down box WAN 1
Session: leave as defaulted
Local Identity type: set to IP Address

4) Traffic Selector
Protocol Type: select from the drop down menu ANY
Local Security Network: these settings apply to the local subnet on the VPN 800/2 G
Local Type: select Subnet IP Address: input the local subnet ID. ex. 192.168.2.0
Subnet Mask: input the local subnet mask. ex. 255.255.255.0
Prot Range: leave all ZEROs (0 ~ 0)
Remote Security Network: these settings apply to the local subnet of the 401 VPN X2
Remote Type: select Subnet IP Address: input the remote subnet ID. ex. 192.168.3.0
Subnet Mask: input the remote subnet mask. ex. 255.255.255.0
Port Range: leave all ZEROs (0 ~ 0)
Remote Security Gateway:
Identity Type: select IP Address and input the public IP address of the 401VPN X2 ex.
67.111.37.232




IPSec VPN Tunnel Setup Guide Between a VPN 800/2 G and 401VPN X2   Property of HotBrick — 2008   4
 5) Security Level
 Encapsulation Format: leave as defaulted ESP
 Encryption Method: select from the drop down menu 3DES
 Authentication Method: select from the drop down menu MD5

 6) Key Management
 Key Type: select from the drop down menu AUTOKEY (IKE)
 Phase 1 Negotiation: select from the drop down menu MAIN MODE
 Perfect Forward Secrecy: select from the drop down menu DH Group 2 (1024-bit)
 Preshared Key: input in the text box the word TESTLAB (lower case)
 Key Lifetime: In Time: input in the text box 28800 seconds In Volume: input in the text
 box 0 Kbytes
 Click the ADD button to save the policy.



 IPSec Policy Setup – Set Options




 7) Set Options Page
 After adding the policy on the same page, click on the Set Options button
 Dead Peer Detection Feature
 Check enabled the Detection check mark
 Check Method: select DPD (RFC 3706)
 Check After Idle, and Retry Times: leave as is
 Action: select Keep Tunnel Alive
 Click on the SET button
 Click on the Update button on the IPSec Policy Setup screen.




IPSec VPN Tunnel Setup Guide Between a VPN 800/2 G and 401VPN X2   Property of HotBrick — 2008   5
  401 VPN X2 Setup

  Tunnel to HotBrick Unit




  8) Tunnel to HotBrick unit:

  Name: input a generic name in the text box, for this example we used VPN1
  State: select the ENABLED check box
  WAN Port: select from the drop down box WAN1
  Local Security Network: these settings apply to the local subnet on the 401 VPN X2
  IP Address: input the local subnet ID. ex. 192.168.3.0 Subnet Mask: input the local
  subnet mask. ex. 255.255.255.0
  Remote Security Network: these settings apply to the local subnet of the VPN 800/2 G
  IP Address: input the remote subnet ID. ex. 192.168.2.0 Subnet Mask: input the remote
  subnet mask. ex. 255.255.0.0
  Remote Security Gateway: IP Address: select IP Address and input the public IP
  address of the VPN 800/2 G ex. 68.143.210.87
  Negotiation Type: from the drop down menu select Main Mode.
  Preshared Key: input a pre-shared key, for this example we used TESTLAB (lower case)

  Press the Submit button




IPSec VPN Tunnel Setup Guide Between a VPN 800/2 G and 401VPN X2   Property of HotBrick — 2008   6
Advance Settings




9) Advanced Settings

Tunnel List: Select from the drop down list the VPN1 policy.
PPPOE: leave as defaulted (grayed out, if static IP).
Enable Setting: check the enable setting checkmark.
Key Type: select AutoKey (IKE) from the drop down menu.
Negotiation Type: select Main Mode from the drop down menu.
DH Group: select from the drop menu DH Group 1 (768-bit)
Encryption Method: select 3DES
Authentication Method: select MD5
SA Lifetime: input 28800 seconds
Encapsulation Format: select ESP from the drop down menu
Encryption Method: select 3DES for the encryption method.
Authentication Method: select MD5
Perfect Forward Secrecy: for the PFS select DH GROUP 2 (1024-bit)




IPSec VPN Tunnel Setup Guide Between a VPN 800/2 G and 401VPN X2   Property of HotBrick — 2008   7
  Key Lifetime: In Time: input 28800 seconds In Volume: set to 0 Kb.
  ESP Mode: should be left as defaulted Tunnel.
  Click Submit




  IPSec Policy Setup - Set Option




  10) Set Options Page
  After adding the policy on the same page, click on the Set Options button
  Dead Peer Detection Feature
  Check enabled the Detection check mark
  Check Method: select DPD (RFC 3706)
  Check After Idle, and Retry Times: leave as is
  Action: select Keep Tunnel Alive
  Click on the SET button
  Click on the Submit button on the IPSec Policy Setup screen.




IPSec VPN Tunnel Setup Guide Between a VPN 800/2 G and 401VPN X2   Property of HotBrick — 2008   8
     Establishing the VPN tunnel

     To establish the VPN tunnel on the Advance Settings page click the connect button below:




     Once the VPN tunnel has been established, proceed to test the VPN connectivity by pinging the
     internal IP address of the 401 VPN X2 from the VPN 800/2 G network or vice versa.
     Ex. Ping 192.168.2.1 –t

     If when pinging this IP after establishing the VPN tunnel, you get request timed out, contact HotBrick
     Technical Support. However, if you get replies from 192.168.2.1 (LAN IP address of the VPN 800/2 G
     in our example), then the VPN Connectivity has been configured properly.




IPSec VPN Tunnel Setup Guide Between a VPN 800/2 G and 401VPN X2      Property of HotBrick — 2008             9

								
To top