Page 91 / 224
Scroll up to view Page 86 - 90
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Virtual Private Networking
7-17
December 2003, M-10041-01
FVS328 Scenario 1: How to Configure the IKE and VPN Policies
Note
: This scenario assumes all ports are open on the FVS328. You can verify this by reviewing
the security settings as seen in the
“Rules menu” on page 6-6
.
Use this scenario illustration and configuration screens as a model to build your configuration.
Figure 7-6:
LAN to LAN VPN access from an FVS328
to an FVS328
1.
Log in to the FVS328 labeled Gateway A as in the illustration.
Log in to the firewall at its default LAN address of
with its default user
name of
admin
and default password of
password
, or using whatever Password and LAN
address you have chosen for the firewall.
2.
Configure the WAN (Internet) and LAN IP addresses of the FVS328.
a.
From the main menu Setup section, click the Basic Settings link.
Figure 7-7:
FVS328
Internet IP Address menu
Gateway
B
FVS328
Scenario 1
14.15.16.17
22.23.24.25
WAN IP
WAN IP
172.23.9.1/24
10.5.6.1/24
LAN IP
LAN IP
Gateway
A
WAN IP
addresses
ISP provides
these addresses
Page 92 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
7-18
Virtual Private Networking
December 2003, M-10041-01
b.
Select whether enable or disable NAT (Network Address Translation). NAT allows all
LAN computers to gain Internet access via this Router, by sharing this Router's WAN IP
address. In most situations, NAT is essential for Internet access via this Router. You should
only disable NAT if you are sure you do not require it. When NAT is disabled, only
standard routing is performed by this Router.
c.
Configure the WAN Internet Address according to the settings in
Figure 7-6
above and
click Apply to save your settings. For more information on configuring the WAN IP
settings in the Basic Setup topics, please see
“Manually Configuring Your Internet
Connection” on page 3-14
.
d.
From the main menu Advanced section, click the LAN IP Setup link.
e.
Configure the LAN IP address according to the settings in
Figure 7-6
above and click
Apply to save your settings. For more information on LAN TCP/IP setup topics, please
see
“How to Configure LAN TCP/IP Setup Settings” on page 5-3
.
Page 93 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Virtual Private Networking
7-19
December 2003, M-10041-01
Note:
After you click Apply to change the LAN IP address settings, your workstation will
be disconnected from the FVS328. You will have to log on with
which is
now the address you use to connect to the built-in Web-based configuration manager of
the FVS328.
3.
Set up the IKE Policy illustrated below on the FVS328.
a.
From the main menu VPN section, click the IKE Policies link, and then click the Add
button to display the screen below.
Figure 7-8:
Scenario 1 IKE Policy
b.
Configure the IKE Policy according to the settings in the illustration above and click
Apply to save your settings. For more information on IKE Policy topics, please see
“IKE
Policies’ Automatic Key and Authentication Management” on page 7-3
.
Page 94 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
7-20
Virtual Private Networking
December 2003, M-10041-01
4.
Set up the FVS328 VPN -Auto Policy illustrated below.
a.
From the main menu VPN section, click the VPN Policies link, and then click the Add
Auto Policy button.
Figure 7-9:
Scenario 1 VPN - Auto Policy
b.
Configure the IKE Policy according to the settings in the illustration above and click
Apply to save your settings. For more information on IKE Policy topics, please see
“IKE
Policies’ Automatic Key and Authentication Management” on page 7-3
.
Page 95 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Virtual Private Networking
7-21
December 2003, M-10041-01
5.
After applying these changes, you will see a table entry like the one below.
Figure 7-10:
VPN Policies table
Now all traffic from the range of LAN IP addresses specified on FVS328 A and FVS328 B
will flow over a secure VPN tunnel.
How to Check VPN Connections
You can test connectivity and view VPN status information on the FVS328.
1.
To test connectivity between the Gateway A FVS328 LAN and the Gateway B LAN, follow
these steps:
a.
Using our example, from a computer attached to the FVS328 on LAN A, on a Windows
computer click the Start button on the taskbar and then click Run.
b.
Type
ping -t
172.23.9.1
, and then click OK.
c.
This will cause a continuous ping to be sent to the LAN interface of Gateway B. After
between several seconds and two minutes, the ping response should change from “timed
out” to “reply.”
d.
At this point the connection is established.
19216811.live