11.

VPN Dial-out Function
Suppose the Headquarters in Taipei use a Vigor 3300V, while the branch office in Shanghai uses a V2900V. The network administrator requires the employees in branch office to access the database in the headquarters through the encrypted VPN tunnel. The purpose is to avoid leakage of confidential information.

Figure 11-1. A scenario architecture graph Both sites have a fixed IP address and the connection is initiated from Vigor 3300V (Dial-Out) to V2900V (Dial-In). Below is a configuration table between Vigor 3300V and V2900V. Settings WAN IP LAN IP Internal Network Encryption Method Preshared Key 3300V Headquarters 220.135.240.207 PPPoE, fixed IP 192.168.33.1 192.168.33.X DES-SHA1 3300 2900V Branch Office 61.31.167.135 PPPoE, fixed IP 192.168.29.1 192.168.29.X

Vigor3300 Series Application Note V2.2

47

Click the LAN-to-LAN Profile Setup link.2 . LAN-to-LAN profile setup 48 Vigor3300 Series Application Note V2. Figure 11-3. Figure 11-2.1 Configurations in Vigor2900V 1. 2900V web configuration 2.1. click the VPN and Remote Access Setup link.11.1 Examples and Web Configurations 11. Enter V2900V'sthe web page of Vigor2900V.

It deals with relevant settings of Dial-Out connection. it is 300 seconds. To facilitate easy management and differentiation.Specify a name to this profile. If the profile connection is idle over the threshold of the timer. Call Direction . please set Common Setting first. Profile Name . On this page there are four sections for relevant VPN setup as below. Please refer to Figure 12-5. so please select Dial-In.3.2 49 . In this example. Figure 11-4.Specify the call direction to this profile. Vigor3300 Series Application Note V2. Please refer to Figure 11-4. Common settings in Vigor2900V Dial-Out Settings . Click Index 1 and enter relevant settings for the VPN tunnel to Vigor 3300V. Figure 11-5. the router will drop the connection. Enter relevant VPN setup 4. In this example the connection is initiated from V3300V to V2900V. we do not need to configure this part.By default. Idle Timeout . In the web page. please type 3300V.

It deals with relevant settings of Dial-In connection. Select IPSec Tunnel and enter the WAN IP 220. and then press “OK” to finish the configuration.207 of Vigor2900V.255. Dial-In settings in Vigor2900V TCP/IP Network Settings . Figure 11-7.240.255.It deals with the internal network of the remote site. enter 192. Please refer to Figure 12-7. and then a window will pop up. including encryption method. Press the IKE Pre-Shared Key button. preshared key and the WAN IP of remote site.33. Please refer to Figure 12-8.0 respectively.2 .0 and 255. In the Network IP and Mask fields. 50 Vigor3300 Series Application Note V2. etc.Figure 11-6. Press the “Confirm” button to finish the configuration of IKE Pre-Shared Key. Dial-Out settings in Vigor2900V Dial-In Settings . Type 3300 (It must be identical with 3300V's).168.135.

33. IPSec policy table Vigor3300 Series Application Note V2. Enter VPN \IPSec\Policy Table.TCP/IP network settings 5. After configuration.168. Please refer to Figure 11-9. for detailed setup instructions please refer to the LAN Setup chapter. Now the configuration of V2900V is completed. Confirm if the settings are correct.2 Configurations in Vigor 3300V 1. Please refer to Figure 12-10.1. the router will automatically switch to the LAN-to-LAN Profiles Setup page. Figure 11-9. Figure 11-10.X. Then press “Edit”.2 51 . and click 1. Suppose the internal network inside Vigor 3300V is 192. Table of LAN-to-LAN settings in Vigor2900V 11. VPN setup.Figure 11-8.

In this example.255. Vigor 3300V allows des-md5. des-sha1.33. there are three parts users need to configure. By default.2. To facilitate easy management and differentiation. Network IP / Subnet Mask . 3des-md5 and 3des-sha1.255.The internal network of Vigor2900V. Please enter 192. Please enter 61. In Local Gateway field: WAN Interface . 3.The WAN IP of Vigor2900V. In Basic settings. Change the sequence of des-md5 and des-sha1 so that des-sha1 is in first place. we choose WAN1 to establish the VPN tunnel. First you should configure the Default page.168. Press “Apply” to finish the configuration.Type 3300 (It must be identical with 2900V's).135.2 .Vigor 3300V has 4 WAN ports.You can specify a name to this profile. Admin Status .31.255.Use the default settings (Enable).29. Preshared Key . Network IP / Subnet Mask .0 /24 (/24 = Mask 255.167. Default page setup In Basic field: Name .0) In Remote Gateway field: Security Gateway .It is the internal network of Vigor 3300V. Figure 11-11. please type 2900V.168. 52 Vigor3300 Series Application Note V2.0 /24 (/24 = Mask 255. Access into Advanced page.255.0). Please enter 192.

A window for this Dial-Out connection will pop up. Advanced page setup 4. Figure 11-13.Figure 11-12. After configuration. The confirmation window 6.2 53 . Please wait for 30~60 seconds. and then enter the VPN . Vigor3300 Series Application Note V2.Policy Table page. Click “Initiate”. Figure 11-14. You will find that this VPN tunnel has been established. IPSec policy table 5.IPSec .IPSec – Status page of Vigor 3300V. Press “OK” to initiate this tunnel. the router will switch to the VPN .

1(2900V) to see if there is any response.Status page 7.168. Please enter the CLI and ping 192. And then you will find this VPN tunnel has been established. Figure 11-18. VPN connection management 54 Vigor3300 Series Application Note V2. The numbers of packet in & packet out 9. VPN . Command prompt 8. Figure 11-16.IPSec .2 . Please enter the main page of Vigor2900V and click “VPN Connection Management”. it means there is traffic through the VPN tunnel.29. If the numbers of Packet In & Packet Out increase.Figure 12-15. Figure 11-17.

it means there is traffic through the VPN tunnel.2 55 . Figure 11-19.1(3300V) to see if there is any response. Before the connection is established Vigor 3300V will continuously attempt to initiate VPN tunnel every 20 seconds. Figure 11-21. please refer to the step 2 the configuration of Vigor 3300V and change “Admin Status” from Enable to Always-On. The numbers of Tx Pkts & Rx Pkts Now the VPN tunnel has been successfully established. The admin status Vigor3300 Series Application Note V2. Enter the CLI and ping 192. If you want to keep a permanent connection.10. Command prompt 11.33. Figure 11-20. If the numbers of Tx Pkts & Rx Pkts increase.168.

56 Vigor3300 Series Application Note V2.2 .

Sign up to vote on this title
UsefulNot useful