Page 181 / 199 Scroll up to view Page 176 - 180
Configuring a Gateway-to-Gateway VPN Tunnel Between RV0xx Series Routers
Configuring a VPN Tunnel on a Cisco RV0xx Series Router
Cisco Small Business RV0xx Series Routers Administration Guide
181
D
Settings on the Site B Router:
Phase 2 SA Life
Time
3600
Preshared Key
13572468#123456789
Minimum
Preshared Key
Complexity
Enabled
Advanced
Default settings
Field
Values
Local Group Setup
Local Security
Gateway Type
Dynamic IP + Domain Name (FQDN) Authentication
Domain Name
cisco.com
Local Security
Group Type
Subnet
IP Address
192.168.2.0
Subnet Mask
255.255.255.0
Remote Group Setup
Remote Security
Gateway Type
IP Only
IP Address
203.165.200.226
Remote Security
Group Type
Subnet
IP Address
192.168.1.0
Subnet Mask
255.255.255.0
Field
Value
Page 182 / 199
Configuring a Gateway-to-Gateway VPN Tunnel Between RV0xx Series Routers
Configuring a VPN Tunnel on a Cisco RV0xx Series Router
Cisco Small Business RV0xx Series Routers Administration Guide
182
D
IPSec Setup
Keying Mode
IKE with Preshared Key
Phase 1
Encryption
DES
Phase 1
Authentication
MD5
Phase 1 SA Life
Time
28800
Perfect Forward
Secrecy
Enabled
Phase 2 DH
Group
Group 1 - 768 bit
Phase 2
Encryption
DES
Phase 2
Authentication
MD5
Phase 2 SA Life
Time
3600
Preshared Key
13572468#123456789
Minimum
Preshared Key
Complexity
Enabled
Advanced
Default settings
Field
Values
Page 183 / 199
E
Cisco Small Business RV0xx Series Routers Administration Guide
183
IPSec NAT Traversal
Overview
Network Address Translation (NAT) traversal is a technique developed so that
data protected by IPSec can pass through a NAT. Since IPSec provides integrity
for the entire IP datagram, any changes to the IP addressing will invalidate the
data. To resolve this issue, NAT traversal appends a new IP and UDP header to the
incoming datagram, ensuring that no changes are made to the incoming datagram
stream.
In the following scenario, Router A initiates IKE negotiation, while Router B is the
responder.
RV016
RV042
RV016
RV042
199787
WAN: 192.168.11.101
Router A - Initiator
LAN: 192.168.1.0/24
WAN: 192.168.111.101
NAT 1
LAN: 192.168.11.1
WAN: 192.168.99.11
NAT 2
LAN: 192.168.111.1
WAN: 192.168.99.22
Router B - Responder
LAN: 192.168.2.0/24
192.168.1.101
192.168.2.100
Page 184 / 199
IPSec NAT Traversal
Overview
Cisco Small Business RV0xx Series Routers Administration Guide
184
E
NOTE
Both the IPSec initiator and responder must support the mechanism for detecting
the NAT router in the path and changing to a new port, as defined in RFC 3947.
Configuration of Router A
Follow these instructions for Router A.
STEP 1
Launch the web browser for a networked computer, designated PC 1.
STEP
2
Access the configuration utility of Router A.
STEP
3
Click
VPN > Gateway to Gateway
in the navigation tree.
STEP
4
Enter a name in the
Tunnel Name
field.
STEP
5
For the VPN Tunnel setting, select
Enable
.
STEP
6
For the Local Security Gateway Type, select
IP Only
. The WAN IP address of
Router A will be automatically detected.
For the Local Security Group Type, select
Subnet
. Enter Router A’s local network
settings in the
IP Address
and
Subnet Mask
fields.
STEP
7
For the Remote Security Gateway Type, select
IP Only
. Enter Router B’s WAN IP
address in the
IP Address
field.
STEP
8
For the Remote Security Group Type, select
Subnet
. Enter Router B’s local
network settings in the
IP Address
and
Subnet Mask
fields.
STEP
9
In the IPSec Setup section, select the appropriate encryption, authentication, and
other key management settings.
STEP 10
In the
Preshared Key
field, enter a string for this key, for example, 13572468.
STEP 11
Click
Advanced Settings
.
STEP 12
Check the
NAT Traversal
box to enable this feature.
STEP 13
Click
Save
.
STEP 14
Proceed to the next section,
Configuration of Router B, page185
.
Page 185 / 199
IPSec NAT Traversal
Overview
Cisco Small Business RV0xx Series Routers Administration Guide
185
E
Configuration of Router B
Follow these instructions for Router B.
STEP 1
Launch the web browser for a networked computer, designated PC 2.
STEP
2
Access the configuration utility of Router B.
STEP
3
Click
VPN > Gateway to Gateway
in the navigation tree.
STEP
4
Enter a name in the
Tunnel Name
field.
STEP
5
For the VPN Tunnel setting, select
Enable
.
STEP
6
For the Local Security Gateway Type, select
IP Only
. The WAN IP address of
Router B will be automatically detected.
For the Local Security Group Type, select
Subnet
. Enter Router B’s local network
settings in the
IP Address
and
Subnet Mask
fields.
STEP
7
For the Remote Security Gateway Type, select
IP Only
. Enter the WAN IP address
of the NAT 2 router in the
IP Address
field.
STEP
8
For the Remote Security Group Type, select
Subnet
. Enter Router A’s local
network settings in the
IP Address
and
Subnet Mask
fields.
STEP
9
In the IPSec Setup section, select the appropriate encryption, authentication, and
other key management settings.
STEP 10
In the
Preshared Key
field, enter a string for this key, for example, 13572468.
STEP 11
Click
Advanced Settings
.
STEP 12
Check the
NAT Traversal
box to enable this feature.
STEP 13
Click
Save
.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top