Page 81 / 133
Scroll up to view Page 76 - 80
4. Click
Activate
and wait for the firewall to restart
Settings for Main office
1.
Setup interfaces,
System->Interfaces
:
WAN IP:
193.0.2.20
LAN IP:
192.168.1.1
, Subnet mask:
255.255.255.0
2.
Setup IPsec tunnel,
Firewall->VPN:
Under IPsec tunnels click
add new
Name the tunnel
ToBranchOffice
Local net:
192.168.1.0/24
PSK:
1234567890
(Note! You should use a key that is hard to guess)
Retype PSK:
1234567890
Page 82 / 133
82
Select Tunnel type:
LAN-to-LAN tunnel
Remote Net:
192.168.4.0/24
Remote Gateway:
194.0.2.10
Enable “Automatically add a route for the remote network”
Click
Apply
3.
Setup policies for the new tunnel,
Firewall->Policy:
Click
Global policy parameters
Enable
Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN
Click
Apply
4.
Click
Activate
and wait for the firewall to restart
This example will allow
all
traffic between the two offices. To get a more secure solution read
the
A more secure LAN-to-LAN VPN solution
in this chapter.
Page 83 / 133
LAN-to-LAN VPN using PPTP
Settings for Branch office
1.
Setup interfaces,
System->Interfaces
:
WAN IP:
193.0.2.10
LAN IP:
192.168.4.1
, Subnet mask:
255.255.255.0
2.
Setup PPTP client,
Firewall->VPN:
Under PPTP/L2TP clients click
Add new PPTP client
Name the tunnel
toMainOffice
Page 84 / 133
84
Username:
BranchOffice
Password:
1234567890
(Note! You should use a password that is hard to guess)
Retype password:
1234567890
Interface IP: leave blank
Remote gateway:
192.0.2.20
Remote net:
192.168.1.0/24
Dial on demand: leave unchecked
Under authentication
MSCHAPv2
should be the only checked option.
Page 85 / 133
Under MPPE encryption
128 bit
should be the only checked option.
Leave
Use IPsec encryption
unchecked
Click
Apply
3.
Setup policies for the new tunnel,
Firewall->Policy:
Click
Global policy parameters
Enable
Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN
Click
Apply
4.
Click
Activate
and wait for the firewall to restart.
19216811.live