11.

VPN Dial-out Function
Suppose the Headquarters in Taipei use a Vigor 3300V, while the branch office in Shanghai uses a V2900V. The network administrator requires the employees in branch office to access the database in the headquarters through the encrypted VPN tunnel. The purpose is to avoid leakage of confidential information.

Figure 11-1. A scenario architecture graph Both sites have a fixed IP address and the connection is initiated from Vigor 3300V (Dial-Out) to V2900V (Dial-In). Below is a configuration table between Vigor 3300V and V2900V. Settings WAN IP LAN IP Internal Network Encryption Method Preshared Key 3300V Headquarters 220.135.240.207 PPPoE, fixed IP 192.168.33.1 192.168.33.X DES-SHA1 3300 2900V Branch Office 61.31.167.135 PPPoE, fixed IP 192.168.29.1 192.168.29.X

Vigor3300 Series Application Note V2.2

47

Enter V2900V'sthe web page of Vigor2900V. click the VPN and Remote Access Setup link.2 . LAN-to-LAN profile setup 48 Vigor3300 Series Application Note V2.1 Examples and Web Configurations 11. 2900V web configuration 2.11. Click the LAN-to-LAN Profile Setup link.1 Configurations in Vigor2900V 1. Figure 11-2.1. Figure 11-3.

Idle Timeout . please type 3300V. it is 300 seconds. Please refer to Figure 11-4. If the profile connection is idle over the threshold of the timer. Vigor3300 Series Application Note V2. In the web page. please set Common Setting first.By default. Click Index 1 and enter relevant settings for the VPN tunnel to Vigor 3300V.3.2 49 . Figure 11-4. so please select Dial-In. Enter relevant VPN setup 4.Specify a name to this profile. Profile Name . On this page there are four sections for relevant VPN setup as below.It deals with relevant settings of Dial-Out connection. In this example.Specify the call direction to this profile. Figure 11-5. the router will drop the connection. To facilitate easy management and differentiation. In this example the connection is initiated from V3300V to V2900V. we do not need to configure this part. Call Direction . Please refer to Figure 12-5. Common settings in Vigor2900V Dial-Out Settings .

0 respectively.207 of Vigor2900V. Select IPSec Tunnel and enter the WAN IP 220. Dial-In settings in Vigor2900V TCP/IP Network Settings . enter 192.135.255. including encryption method. Please refer to Figure 12-7. Press the “Confirm” button to finish the configuration of IKE Pre-Shared Key. and then a window will pop up.Figure 11-6.168. etc.It deals with relevant settings of Dial-In connection. Press the IKE Pre-Shared Key button.It deals with the internal network of the remote site. preshared key and the WAN IP of remote site. Please refer to Figure 12-8.0 and 255. Dial-Out settings in Vigor2900V Dial-In Settings .255. 50 Vigor3300 Series Application Note V2. Type 3300 (It must be identical with 3300V's). and then press “OK” to finish the configuration.33.240. Figure 11-7. In the Network IP and Mask fields.2 .

2 Configurations in Vigor 3300V 1. After configuration. and click 1. Table of LAN-to-LAN settings in Vigor2900V 11. Please refer to Figure 11-9.168.TCP/IP network settings 5. Suppose the internal network inside Vigor 3300V is 192. Confirm if the settings are correct. Please refer to Figure 12-10.33. for detailed setup instructions please refer to the LAN Setup chapter. the router will automatically switch to the LAN-to-LAN Profiles Setup page. Then press “Edit”. Now the configuration of V2900V is completed.Figure 11-8. Enter VPN \IPSec\Policy Table.2 51 .1.X. Figure 11-9. VPN setup. Figure 11-10. IPSec policy table Vigor3300 Series Application Note V2.

29.255.The internal network of Vigor2900V.Type 3300 (It must be identical with 2900V's).You can specify a name to this profile. Admin Status . First you should configure the Default page.2.168.167. des-sha1. Change the sequence of des-md5 and des-sha1 so that des-sha1 is in first place.It is the internal network of Vigor 3300V. Press “Apply” to finish the configuration. By default.0 /24 (/24 = Mask 255.Use the default settings (Enable). there are three parts users need to configure. In Local Gateway field: WAN Interface . Please enter 192. 52 Vigor3300 Series Application Note V2. 3. In Basic settings. Figure 11-11.0 /24 (/24 = Mask 255.Vigor 3300V has 4 WAN ports. Default page setup In Basic field: Name . 3des-md5 and 3des-sha1.255. Preshared Key .33. Access into Advanced page. Network IP / Subnet Mask .0) In Remote Gateway field: Security Gateway .255. Network IP / Subnet Mask .31.168. In this example.The WAN IP of Vigor2900V.255. please type 2900V. Please enter 61.2 . To facilitate easy management and differentiation.135. Vigor 3300V allows des-md5. Please enter 192.0). we choose WAN1 to establish the VPN tunnel.

Vigor3300 Series Application Note V2. After configuration. Click “Initiate”. You will find that this VPN tunnel has been established.Policy Table page.IPSec . Press “OK” to initiate this tunnel. A window for this Dial-Out connection will pop up. The confirmation window 6.2 53 .IPSec – Status page of Vigor 3300V. the router will switch to the VPN . Figure 11-14. Figure 11-13. Advanced page setup 4. IPSec policy table 5.Figure 11-12. and then enter the VPN . Please wait for 30~60 seconds.

1(2900V) to see if there is any response. Command prompt 8.Figure 12-15. And then you will find this VPN tunnel has been established. Figure 11-18. The numbers of packet in & packet out 9.168.2 . it means there is traffic through the VPN tunnel.Status page 7. Figure 11-17. If the numbers of Packet In & Packet Out increase. Please enter the main page of Vigor2900V and click “VPN Connection Management”.IPSec . VPN connection management 54 Vigor3300 Series Application Note V2.29. Figure 11-16. VPN . Please enter the CLI and ping 192.

Before the connection is established Vigor 3300V will continuously attempt to initiate VPN tunnel every 20 seconds. Figure 11-19. it means there is traffic through the VPN tunnel. Figure 11-20.2 55 . Enter the CLI and ping 192. If you want to keep a permanent connection. The numbers of Tx Pkts & Rx Pkts Now the VPN tunnel has been successfully established.10.168. Figure 11-21. The admin status Vigor3300 Series Application Note V2.1(3300V) to see if there is any response.33. Command prompt 11. If the numbers of Tx Pkts & Rx Pkts increase. please refer to the step 2 the configuration of Vigor 3300V and change “Admin Status” from Enable to Always-On.

56 Vigor3300 Series Application Note V2.2 .

Sign up to vote on this title
UsefulNot useful