Page 86 / 131
Scroll up to view Page 81 - 85
86
Select Tunnel type:
LAN-to-LAN tunnel
Remote Net:
192.168.4.0/24
Remote Gateway:
194.0.2.10
Enable “Automatically add a route for the remote network”
Click
Apply
3.
Setup policies for the new tunnel,
Firewall->Policy:
Click
Global policy parameters
Enable
Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN
Click
Apply
4.
Click
Activate
and wait for the firewall to restart
This example will allow
all
traffic between the two offices. To get a more secure solution read
the
A more secure LAN-to-LAN VPN solution
in this chapter.
Page 87 / 131
LAN-to-LAN VPN using PPTP
Settings for Branch office
1.
Setup interfaces,
System->Interfaces
:
WAN IP:
193.0.2.10
LAN IP:
192.168.4.1
, Subnet mask:
255.255.255.0
2.
Setup PPTP client,
Firewall->VPN:
Under PPTP/L2TP clients click
Add new PPTP client
Name the tunnel
toMainOffice
Page 88 / 131
88
Username:
BranchOffice
Password:
1234567890
(Note! You should use a password that is hard to guess)
Retype password:
1234567890
Interface IP: leave blank
Remote gateway:
192.0.2.20
Remote net:
192.168.1.0/24
Dial on demand: leave unchecked
Under authentication
MSCHAPv2
should be the only checked option.
Page 89 / 131
Under MPPE encryption
128 bit
should be the only checked option.
Leave
Use IPsec encryption
unchecked
Click
Apply
3.
Setup policies for the new tunnel,
Firewall->Policy:
Click
Global policy parameters
Enable
Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN
Click
Apply
4.
Click
Activate
and wait for the firewall to restart.
Page 90 / 131
90
Settings for Main office
1.
Setup interfaces,
System->Interfaces
:
WAN IP:
193.0.2.20
LAN IP:
192.168.1.1
, Subnet mask:
255.255.255.0
2.
Setup PPTP server,
Firewall->VPN:
Under L2TP / PPTP Server click
Add new PPTP server
Name the server
pptpServer
Leave Outer IP and Inner IP blank
Set client IP pool to
Check
Proxy ARP dynamically added routes
Check
Use unit’s own DNS relayer addresses
Leave WINS settings blank
19216811.live