Page 91 / 131
Scroll up to view Page 86 - 90
Under authentication
MSCHAPv2
should be the only checked option.
Under MPPE encryption
128 bit
should be the only checked option.
Leave
Use IPsec encryption
unchecked
Click
Apply
3.
Setup policies for the new tunnel,
Firewall->Policy:
Click
Global policy parameters
Enable
Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN
Click
Apply
Page 92 / 131
92
4.
Set up authentication source,
Firewall->Users
:
Select
Local database
Click
Apply
5.
Add a new user,
Firewall->Users
:
Under
Users in local database
click
Add new
Name the new user
BranchOffice
Enter password:
1234567890
Retype password:
1234567890
Leave static client IP empty (could also be set to eg 192.168.1.200. If no IP is set
here the IP pool from the PPTP server settings are used).
Set Networks behind user to
192.168.4.0/24
Page 93 / 131
Click
Apply
6.
Click
Activate
and wait for the firewall to restart.
This example will allow
all
traffic between the two offices. To get a more secure solution read
the
A more secure LAN-to-LAN VPN solution
section in this chapter.
Page 94 / 131
94
LAN-to-LAN VPN using L2TP
Settings for Branch office
1.
Setup interfaces,
System->Interfaces
:
WAN IP:
193.0.2.10
LAN IP:
192.168.4.1
, Subnet mask:
255.255.255.0
2.
Setup L2TP client,
Firewall->VPN:
Under L2TP / PPTP client click
Add new L2TP client
Name the server
toMainOffice
Page 95 / 131
Username:
BranchOffice
Password:
1234567890
(Note! You should use a password that is hard to guess)
Retype password:
1234567890
Interface IP: leave blank
Remote gateway:
192.0.2.20
Remote net:
192.168.1.0/24
Dial on demand: leave unchecked
Under authentication only
MSCHAPv2
should be checked
19216811.live