H o w

Transcription

H o w
How to establish a VPN connection between Vigor router
and AboCom router (e.g., MH200)?
Vigor router (Dial-out end):
WAN IP: 113.161.14.110
LAN IP: 192.168.10.240/255.255.255.0
---------------------------------------------------Taiwan AboCom MH-200 (Dial-in end):
WAN IP: 220.130.23.112
LAN IP: 192.168.41.1/255.255.255.0
---------------------------------------------------Use IPSec- AES-SHA1 VPN tunnel for connection:
Note: You can, also, set Vigor router as dail-in end and AboCom MH-200 as dial-out end.
Corresponding Settings for Vigor router (example -- Vigor2910):
1. Open VPN and Remote Access>>LAN to LAN from Vigor2910 web configurator.
1
Enable this profile
Check this box to enable such profile.
Call Direction
Choose Dial-Out and check Always on. Dial out side will try to
connect continuously if it is off-line.
Dial-Out Setting
Type the IP address of remote VPN server IP.
IKE Key
Click and type Pre-Shared Key. Such key must be set with the same
value configured in MH-200.
2. Next, click Advanced to open the following page. Look at the authentication and encryption
method used by Phase1 and Phase 2.
In Phase 2, AES/SHA1 will be used first to authenticate the remote client. If it fails, the system
will use AES/MD5 to authenticate next. In Phase 1, DES-MD5 , DES-SHA1 , 3DES-MD5 will
be used to authenticate sequentially. It depends on the practical operation and environment.
3. Next, set the subnet for remote side (MH-200), e.g., 192.168.41.0/255.255.255.0.
4. Finish the corresponding settings for Vigor2910.
2
Corresponding Settings for AboCom MH-200
1. Open VPN Auto Key Management Channel and configure the following settings.
2. Set the subnet/mask as 192.168.41.0/255.255.255.0。
Remote Gateway of Destination - - Static IP: Type WAN IP address and subnet mask of
Vigor2910 -- 192.168.10.0/255.255.255.0.
Authentication: Set the pre-shared key. The key value must be set the same as configured in
Vigor2910.
Encryption/Authentication Algorithm for ISAKMP: Here, Group 1 is chosen with the settings
of 3DES-MD5. It must be the same as the setting configured with 3DES_MD5_G1 (the third
priority listed in phase1) in Vigor2910
Encryption/Authentication Algorithm for IPSec: Must correspond to the content set in Phase2
(the first priority) in Vigor2910.
3. Finish the corresponding settings for AboCom MH-200.
3
Check the connection status
¾
In Vigor2910
¾
In AboCom MH-200
¾
Use the Telnet command of Vigor2910 to ping the LAN IP (192.168.41.1) of MH200. The
message displayed on the screen also indicates the connection is OK.
4