Page 91 / 234
Scroll up to view Page 86 - 90
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Virtual Private Networking
6-21
May 2004, 202-10030-02
FVL328 Scenario 1: How to Configure the IKE and VPN Policies
Note
: This scenario assumes all ports are open on the FVL328. You can verify this by reviewing
the security settings as seen in the Rules menu.
Use this scenario illustration and configuration screens as a model to build your configuration.
Figure 6-11:
LAN to LAN VPN access from an
FVL328
to an
FVL328
1.
Log in to the FVL328 labeled Gateway A as in the illustration.
Log in to the firewall at its default LAN address of
with its default user
name of
admin
and default password of
password
, or using whatever Password and LAN
address you have chosen for the firewall.
2.
Configure the WAN (Internet) and LAN IP addresses of the FVL328.
a.
From the main menu Setup section, click the Basic Settings link.
Note:
If you have turned NAT off, before configuring VPN IPSec tunnels you must first
open UDP port 500 for inbound traffic as explained in
“Example: Port Forwarding for
VPN Tunnels when NAT is Off” on page 5-9
.
Gateway
B
FVL328
Scenario 1
14.15.16.17
22.23.24.25
WAN IP
WAN IP
172.23.9.1/24
10.5.6.1/24
LAN IP
LAN IP
Gateway
A
Page 92 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
6-22
Virtual Private Networking
May 2004, 202-10030-02
Figure 6-12:
FVL328
Internet IP Address menu
b.
Select whether enable or disable NAT (Network Address Translation). NAT allows all
LAN computers to gain Internet access via this Router, by sharing this Router's WAN IP
address. In most situations, NAT is essential for Internet access via this Router. You should
only disable NAT if you are sure you do not require it. When NAT is disabled, only
standard routing is performed by this Router.
c.
Configure the WAN Internet Address according to the settings in
Figure 6-11
above and
click Apply to save your settings. For more information on configuring the WAN IP
settings in the Basic Setup topics, please see
“How to Complete a Manual Configuration”
on page 3-11
.
WAN IP
addresses
ISP provides
these addresses
Page 93 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Virtual Private Networking
6-23
May 2004, 202-10030-02
d.
From the main menu Advanced section, click the LAN IP Setup link.
e.
Configure the LAN IP address according to the settings in
Figure 6-11
above and click
Apply to save your settings. For more information on LAN TCP/IP setup topics, please
see
“How to Configure LAN TCP/IP Settings and View the DHCP Log” on page 4-3
.
Note:
After you click Apply to change the LAN IP address settings, your workstation will
be disconnected from the FVL328. You will have to log on with
which is
now the address you use to connect to the built-in Web-based configuration manager of
the FVL328.
3.
Set up the IKE Policy illustrated below on the FVL328.
Page 94 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
6-24
Virtual Private Networking
May 2004, 202-10030-02
a.
From the main menu VPN section, click the IKE Policies link, and then click the Add
button to display the screen below.
Figure 6-13:
Scenario 1 IKE Policy
b.
Configure the IKE Policy according to the settings in the illustration above and click
Apply to save your settings. For more information on IKE Policy topics, please see
“IKE
Policies’ Automatic Key and Authentication Management” on page 6-3
.
Page 95 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Virtual Private Networking
6-25
May 2004, 202-10030-02
4.
Set up the FVL328 VPN -Auto Policy illustrated below.
a.
From the main menu VPN section, click the VPN Policies link, and then click the Add
Auto Policy button.
Figure 6-14:
Scenario 1 VPN - Auto Policy
b.
Configure the IKE Policy according to the settings in the illustration above and click
Apply to save your settings. For more information on IKE Policy topics, please see
“IKE
Policies’ Automatic Key and Authentication Management” on page 6-3
.
19216811.live