Page 96 / 131
Scroll up to view Page 91 - 95
96
Under MPPE encryption only
None
should be checked
Check
Use IPsec encryption
Enter key
1234567890
(Note! You should use a key that is hard to guess)
Retype key
1234567890
Click
Apply
3.
Setup policies for the new tunnel,
Firewall->Policy:
Click
Global policy parameters
Enable
Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN
Click
Apply
Page 97 / 131
4.
Click
Activate
and wait for the firewall to restart
Settings for Main office
1.
Setup interfaces,
System->Interfaces
:
WAN IP:
193.0.2.20
LAN IP:
192.168.1.1
, Subnet mask:
255.255.255.0
2.
Setup L2TP server,
Firewall->VPN:
Under L2TP / PPTP Server click
Add new L2TP server
Name the server
l2tpServer
Leave Outer IP and Inner IP blank
Set client IP pool to
Check
Proxy ARP dynamically added routes
Check
Use unit’s own DNS relayer addresses
Page 98 / 131
98
Leave WINS settings blank
Under authentication
MSCHAPv2
should be the only checked option.
Under MPPE encryption
None
should be the only checked option.
Check
Use IPsec encryption
Enter key
1234567890
(Note! You should use a key that is hard to guess)
Retype key
1234567890
Click
Apply
Page 99 / 131
3.
Setup policies for the new tunnel,
Firewall->Policy:
Click
Global policy parameters
Enable
Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN
Click
Apply
4.
Set up authentication source,
Firewall->Users
:
Select
Local database
Click
Apply
Page 100 / 131
100
5.
Add a new user,
Firewall->Users
:
Under
Users in local database
click
Add new
Name the new user
BranchOffice
Enter password:
1234567890
Retype password:
1234567890
Leave static client IP empty (could also be set to eg 192.168.1.200. If no IP is set
here the IP pool from the L2TP server settings are used).
Set Networks behind user to
192.168.4.0/24
Click
Apply
6.
Click
Activate
and wait for the firewall to restart.
This example will allow
all
traffic between the two offices. To get a more secure solution read
the
A more secure LAN-to-LAN VPN solution
section in this chapter.
19216811.live