Page 116 / 185
Scroll up to view Page 111 - 115
Virtual Private Networking
116
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Example of Using Auto Policy
VPN Tunnel
Internet
Gateway A
Gateway B
22.23.24.25
14.15.16.17
IP:192.168.3.1
Figure 46.
The following settings are assumed for this example:
Table 20.
Gateway-to-gateway VPN tunnel configuration worksheet
Parameter
Value to Be Entered
Field Selection
Connection Name
GtoG
N/A
Pre-Shared Key
12345678
N/A
Secure Association
N/A
Main Mode
Manual Keys
Perfect Forward secrecy
N/A
Enabled
Disabled
Encryption Protocol
N/A
DES
3DES
Authentication Protocol
N/A
MD5
SHA-1
Diffie-Hellman (DH) Group
N/A
Group 1
Group 2
Key Life in seconds
28800 (8 hours)
N/A
IKE Life Time in seconds
3600 (1 hour)
N/A
VPN Endpoint
Local IPSecID
LAN IP Address
Subnet Mask
FQDN or Gateway
IP (WAN IP Address
Gateway_A
GW_A
192.168.0.1
255.255.255.0
14.15.16.17
Gateway_B
GW_B
192.168.3.1
255.255.255.0
22.23.24.25
1.
Set the LAN IPs on each wireless modem router to different subnets and configure each
correctly for the Internet. On the main menu, select
VPN Policies
and click the
Add
Auto Policy
button.
Downloaded from
www.Manualslib.com
manuals search engine
Page 117 / 185
Virtual Private Networking
117
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
The VPN - Auto Policy screen displays:
2.
Enter these policy settings:
Auto Policy Field
Description
General
Policy Name
GtoG
Remote VPN Endpoint
Address Type
Fixed
Remote VPN Endpoint
Address Data
22.23.24.25
Local LAN
Use the default settings.
Remote LAN
IP Address
Select
Subnet address
from the drop-down list.
Start IP Address
192.168.3.1
Subnet Mask
255.255.255.0
Downloaded from
www.Manualslib.com
manuals search engine
Page 118 / 185
Virtual Private Networking
118
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
3.
Click
Apply
. The VPN Policies screen displays:
4.
Repeat these steps for the N600 Wireless Dual Band Gigabit ADSL2+ Modem Router
DGND3700 on LAN B. Pay special attention to the following network settings:
•
General, Remote Address Data (for example, 14.15.16.17)
•
Remote LAN, Start IP Address
-
-
Subnet Mask (for example, 255.255.255.0)
-
Pre-shared Key (for example, 12345678)
5.
Use the VPN Status screen to activate the VPN tunnel:
Note:
The VPN Status screen is only one of three ways to active a VPN
tunnel. See
Activate a VPN Tunnel
on page 105 for information
about the other ways.
IKE
Direction
Initiator and Responder
Exchange Mode
Main Mode
Diffie-Hellman (DH) Group
Group 2 (1024 Bit)
Local Identity Type
Use the default setting.
Remote Identity Type
Use the default setting.
Parameters
Encryption Algorithm
3DES
Authentication Algorithm
MD5
Pre-shared Key
12345678
Auto Policy Field
Description
Downloaded from
www.Manualslib.com
manuals search engine
Page 119 / 185
Virtual Private Networking
119
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
a.
From the main menu, select
VPN Status
to display the VPN Status/Log screen. Then
click
VPN Status
to display the Current VPN Tunnels (SAs) screen:
b.
Click
Connect
for the VPN tunnel that you want to activate. Review the VPN
Status/Log screen (
Figure a
on page 104) to verify that the tunnel is connected.
Use Manual Policy to Configure VPN Tunnels
As an alternative to IKE, you can use manual keying, in which you have to specify each
phase of the connection. A manual VPN policy requires all settings for the VPN tunnel to be
manually input at each end (both VPN endpoints).
Downloaded from
www.Manualslib.com
manuals search engine
Page 120 / 185
Virtual Private Networking
120
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
On the main menu, select
VPN Policies
, and then click the
Add Manual Policy
radio button
to display the VPN - Manual Policy screen:
The following table explains the fields in the VPN - Manual Policy screen.
Table 21.
VPN Manual Policy fields and settings
Fields and Settings
Description
General
The N600 Wireless Dual
Band Gigabit ADSL2+
Modem Router
DGND3700 VPN tunnel
network connection
fields.
Policy Name
Enter a unique name to identify this policy. This name is not
supplied to the remote VPN endpoint. It is used only to help you
manage the policies.
Remote VPN
Endpoint
• The remote VPN endpoint has to have this VPN’s gateway
address entered as its remote VPN endpoint.
• If the remote endpoint has a dynamic IP address, select
Dynamic IP Address
. No address data input is required. You
can set up multiple remote dynamic IP policies, but only one
such policy can be enabled at a time. Otherwise, select an
option (
IP address
or
domain name
) and enter the address of
the remote VPN endpoint to which you want to connect.
Downloaded from
www.Manualslib.com
manuals search engine
19216811.live