H o w
Transcription
H o w
How to establish a VPN connection between Vigor router and AboCom router (e.g., MH200)? Vigor router (Dial-out end): WAN IP: 113.161.14.110 LAN IP: 192.168.10.240/255.255.255.0 ---------------------------------------------------Taiwan AboCom MH-200 (Dial-in end): WAN IP: 220.130.23.112 LAN IP: 192.168.41.1/255.255.255.0 ---------------------------------------------------Use IPSec- AES-SHA1 VPN tunnel for connection: Note: You can, also, set Vigor router as dail-in end and AboCom MH-200 as dial-out end. Corresponding Settings for Vigor router (example -- Vigor2910): 1. Open VPN and Remote Access>>LAN to LAN from Vigor2910 web configurator. 1 Enable this profile Check this box to enable such profile. Call Direction Choose Dial-Out and check Always on. Dial out side will try to connect continuously if it is off-line. Dial-Out Setting Type the IP address of remote VPN server IP. IKE Key Click and type Pre-Shared Key. Such key must be set with the same value configured in MH-200. 2. Next, click Advanced to open the following page. Look at the authentication and encryption method used by Phase1 and Phase 2. In Phase 2, AES/SHA1 will be used first to authenticate the remote client. If it fails, the system will use AES/MD5 to authenticate next. In Phase 1, DES-MD5 , DES-SHA1 , 3DES-MD5 will be used to authenticate sequentially. It depends on the practical operation and environment. 3. Next, set the subnet for remote side (MH-200), e.g., 192.168.41.0/255.255.255.0. 4. Finish the corresponding settings for Vigor2910. 2 Corresponding Settings for AboCom MH-200 1. Open VPN Auto Key Management Channel and configure the following settings. 2. Set the subnet/mask as 192.168.41.0/255.255.255.0。 Remote Gateway of Destination - - Static IP: Type WAN IP address and subnet mask of Vigor2910 -- 192.168.10.0/255.255.255.0. Authentication: Set the pre-shared key. The key value must be set the same as configured in Vigor2910. Encryption/Authentication Algorithm for ISAKMP: Here, Group 1 is chosen with the settings of 3DES-MD5. It must be the same as the setting configured with 3DES_MD5_G1 (the third priority listed in phase1) in Vigor2910 Encryption/Authentication Algorithm for IPSec: Must correspond to the content set in Phase2 (the first priority) in Vigor2910. 3. Finish the corresponding settings for AboCom MH-200. 3 Check the connection status ¾ In Vigor2910 ¾ In AboCom MH-200 ¾ Use the Telnet command of Vigor2910 to ping the LAN IP (192.168.41.1) of MH200. The message displayed on the screen also indicates the connection is OK. 4