Product Manual
Page 80
Setup IPSec tunnel, Firewall->VPN: Under IPSec tunnels click Add new Name the tunnel ToMainOffice Local net: 192.168.4.0/24 PSK: 1234567890 (Do not use this as your PSK) Retype PSK: 1234567890 80 LAN-to-LAN VPN using IPSec Settings for Branch office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2.
Setup IPSec tunnel, Firewall->VPN: Under IPSec tunnels click Add new Name the tunnel ToMainOffice Local net: 192.168.4.0/24 PSK: 1234567890 (Do not use this as your PSK) Retype PSK: 1234567890 80 LAN-to-LAN VPN using IPSec Settings for Branch office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2.
Product Manual
Page 81
Click Activate and wait for the firewall to -LAN tunnel Remote Net: 192.168.1.0/24 Remote Gateway: 194.0.2.20 Enable Automatically add a route for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Select Tunnel type: LAN-to restart Setup policies for the remote network Click Apply 3.
Click Activate and wait for the firewall to -LAN tunnel Remote Net: 192.168.1.0/24 Remote Gateway: 194.0.2.20 Enable Automatically add a route for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Select Tunnel type: LAN-to restart Setup policies for the remote network Click Apply 3.
Product Manual
Page 82
You should use a key that is hard to guess) Retype PSK: 1234567890 Select Tunnel type: LAN-to-LAN tunnel Remote Net: 192.168.4.0/24 Remote Gateway: 194.0.2.10 Enable "Automatically add a route for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Settings for the remote network" Click Apply 82 Setup IPSec tunnel, Firewall->VPN: Under IPSec tunnels click add new Name the tunnel ToBranchOffice Local net: 192.168.1.0/24 PSK: 1234567890 (Note!
You should use a key that is hard to guess) Retype PSK: 1234567890 Select Tunnel type: LAN-to-LAN tunnel Remote Net: 192.168.4.0/24 Remote Gateway: 194.0.2.10 Enable "Automatically add a route for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Settings for the remote network" Click Apply 82 Setup IPSec tunnel, Firewall->VPN: Under IPSec tunnels click add new Name the tunnel ToBranchOffice Local net: 192.168.1.0/24 PSK: 1234567890 (Note!
Product Manual
Page 83
To get a more secure solution read the A more secure LAN-to restart This example will allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Setup policies for the firewall to -LAN VPN solution section of this user guide. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all traffic between the two offices. 3.
To get a more secure solution read the A more secure LAN-to restart This example will allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Setup policies for the firewall to -LAN VPN solution section of this user guide. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all traffic between the two offices. 3.
Product Manual
Page 84
LAN-to-LAN VPN using PPTP Settings for Branch office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup PPTP client, Firewall->VPN: Under PPTP/L2TP clients click Add new PPTP client Name the tunnel toMainOffice 84
LAN-to-LAN VPN using PPTP Settings for Branch office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup PPTP client, Firewall->VPN: Under PPTP/L2TP clients click Add new PPTP client Name the tunnel toMainOffice 84
Product Manual
Page 86
Setup policies for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 86 Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Leave Use IPSec encryption unchecked Click Apply 3. Under MPPE encryption 128 bit should be the only checked option. Click Activate and wait for the firewall to restart.
Setup policies for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 86 Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Leave Use IPSec encryption unchecked Click Apply 3. Under MPPE encryption 128 bit should be the only checked option. Click Activate and wait for the firewall to restart.
Product Manual
Page 87
2. Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check Use unit's own DNS relayer addresses Leave WINS settings blank
2. Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check Use unit's own DNS relayer addresses Leave WINS settings blank
Product Manual
Page 88
Under MPPE encryption 128 bit should be the only checked option. Leave Use IPsec encryption unchecked Click Apply 3. Under authentication MSCHAPv2 should be the only checked option. Setup policies for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 88
Under MPPE encryption 128 bit should be the only checked option. Leave Use IPsec encryption unchecked Click Apply 3. Under authentication MSCHAPv2 should be the only checked option. Setup policies for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 88
Product Manual
Page 90
Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup L2TP client, Firewall->VPN: Under L2TP / PPTP client click Add new L2TP client Name the server toMainOffice 90 LAN-to-LAN VPN using L2TP Settings for Branch office 1.
Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup L2TP client, Firewall->VPN: Under L2TP / PPTP client click Add new L2TP client Name the server toMainOffice 90 LAN-to-LAN VPN using L2TP Settings for Branch office 1.
Product Manual
Page 92
Under MPPE encryption only None should use a key that is hard to restart 92 You should be checked Check Use IPsec encryption Enter key 1234567890 (Note! Setup policies for the firewall to guess) Retype key 1234567890 Click Apply 3. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4.
Under MPPE encryption only None should use a key that is hard to restart 92 You should be checked Check Use IPsec encryption Enter key 1234567890 (Note! Setup policies for the firewall to guess) Retype key 1234567890 Click Apply 3. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4.
Product Manual
Page 93
Setup L2TP server, Firewall->VPN: Under L2TP / PPTP Server click Add new L2TP server Name the server l2tpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check Use unit's own DNS relayer addresses Leave WINS settings blank Settings for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2.
Setup L2TP server, Firewall->VPN: Under L2TP / PPTP Server click Add new L2TP server Name the server l2tpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check Use unit's own DNS relayer addresses Leave WINS settings blank Settings for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2.
Product Manual
Page 95
3. Setup policies for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Set up authentication source, Firewall->Users: Select Local database Click Apply
3. Setup policies for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Set up authentication source, Firewall->Users: Select Local database Click Apply
Product Manual
Page 97
...Policy: Click Global policy parameters Disable Allow all traffic between the two private Networks. Setup policies for the VPN interfaces. Click Add new to enable some common services allowed through the VPN tunnel. Settings for Branch office 1. In this example we have a mail server, ... show how to create the first rule Select from the branch office. A more secure LAN-to-LAN VPN solution In order to establish a more secure LAN-to-LAN VPN connection, traffic policies should be created instead of allowing all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 2.
...Policy: Click Global policy parameters Disable Allow all traffic between the two private Networks. Setup policies for the VPN interfaces. Click Add new to enable some common services allowed through the VPN tunnel. Settings for Branch office 1. In this example we have a mail server, ... show how to create the first rule Select from the branch office. A more secure LAN-to-LAN VPN solution In order to establish a more secure LAN-to-LAN VPN connection, traffic policies should be created instead of allowing all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 2.
Product Manual
Page 100
Now it is possible to create policies for Main office 1. Select from toBranchOffice to restart. 100 Create the same 4 policy rules that were created on the branch office firewall (allow_pop3, allow_imap, allow_ftp and allow_http). 4. Settings for the VPN interfaces. Setup policies for the firewall to LAN and click Show. 3. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Disable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 2.
Now it is possible to create policies for Main office 1. Select from toBranchOffice to restart. 100 Create the same 4 policy rules that were created on the branch office firewall (allow_pop3, allow_imap, allow_ftp and allow_http). 4. Settings for the VPN interfaces. Setup policies for the firewall to LAN and click Show. 3. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Disable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 2.
Product Manual
Page 108
Click OK. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 108 13. All settings needed for Main office 1. Settings for the XP client are now complete. Select the Networking tab and change Type of VPN to the Main office. Once we have configured the server on the firewall you should be able to click Connect to establish the connection to PPTP VPN.
Click OK. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 108 13. All settings needed for Main office 1. Settings for the XP client are now complete. Select the Networking tab and change Type of VPN to the Main office. Once we have configured the server on the firewall you should be able to click Connect to establish the connection to PPTP VPN.
Product Manual
Page 109
Setup policies for the firewall to restart. If no IP is set to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check ... the only checked option. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer Leave Outer IP and Inner IP blank...
Setup policies for the firewall to restart. If no IP is set to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check ... the only checked option. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer Leave Outer IP and Inner IP blank...
Product Manual
Page 111
Settings for the client side. The only changes to L2TP IPSec VPN. In step 13, change the Type of VPN to the PPTP guide are: 1. Windows XP client and L2TP server The Windows XP client to L2TP server setup is quite similar to the PPTP setup above for the Windows XP client To setup a L2TP connection from Windows XP to the Main office firewall, please follow the steps in the PPTP guide above .
Settings for the client side. The only changes to L2TP IPSec VPN. In step 13, change the Type of VPN to the PPTP guide are: 1. Windows XP client and L2TP server The Windows XP client to L2TP server setup is quite similar to the PPTP setup above for the Windows XP client To setup a L2TP connection from Windows XP to the Main office firewall, please follow the steps in the PPTP guide above .
Product Manual
Page 113
Setup L2TP server, Firewall->VPN: Under L2TP / PPTP Server click Add new L2TP server Name the server l2tpServer Leave Outer IP and Inner IP blank Set client IP pool to ... same pre-shared key Click Apply 3. Set up authentication source, Firewall->Users: Select Local database Click Apply Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Setup policies for Main office 1. Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow...
Setup L2TP server, Firewall->VPN: Under L2TP / PPTP Server click Add new L2TP server Name the server l2tpServer Leave Outer IP and Inner IP blank Set client IP pool to ... same pre-shared key Click Apply 3. Set up authentication source, Firewall->Users: Select Local database Click Apply Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Setup policies for Main office 1. Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow...