Intel 8205 quick start Connecting Two Branch Offices, Firewalls and network address translation

Page 16

VPN Tunnel Example 2

Connecting Two Branch Offices

Two sites can use a VPN tunnel to send and receive secure business data over the Internet. The two sites could be two branch offices, a remote worker and a central office, a branch office and a central office, or your site and a business partner’s site. For more information, see the online documentation on the Intel® Device View CD-ROM.

Connecting two branch offices with a VPN tunnel enables both offices to share each other’s resources securely. Using a VPN tunnel saves the cost of dialing into a distant site; the only cost is that of connecting to the local Internet service provider (ISP).

In this example, the IP address on the local side is dynamically assigned. Therefore, the Local User ID identifies the branch office, rather than a permanent external IP address. If the local router had a perma- nent IP address, then you would not have to enter a Local User ID. The IP address would identify the branch office.

Table 3 shows the configuration parameters used in the VPN Tunnel Wizard to create a tunnel for the Branch Office to Branch Office example.

Note: The values for the parameters in Table 3 are examples only; you must enter the values specific to your network.

Firewalls and network address translation

If you are using firewall filters or network address translation (NAT) on the LAN 2 port, the VPN Tunnel Wizard modifies your settings to enable the tunnel.

Branch Office 1

Local Network Address 192.168.1.0

Intel® 8205 Router

 

xDSL/cable

Connection to

modem

Internet with dynamic

 

IP address

Internet

 

(ISP)

Permanent

connection to Internet with

 

a fixed IP address

 

Fixed

Intel® Router

IP address

175.123.45.1

 

Branch Office 2

 

Remote Network Address 175.123.45.0

7073

Figure 24. Example Branch Office to Branch Office

VPN Tunnel. A VPN tunnel between two remote offices.

Parameter

Setting

Remote IP Address

175.123.45.1

Local User ID

aradomsk23

Local Network Address

192.168.1.0

Local Network Mask

255.255.255.0

Remote Network Address

175.123.45.0

Remote Network Mask

255.255.255.0

Encryption Algorithm

DES

Authentication Algorithm

MD5

Re-keying Interval

1 Day

Table 3. Configuration Parameters. Settings used for the Branch Office to Branch Office example when configuring the VPN tunnel using the VPN Tunnel Wizard.

14

Page 15 Page 17
Image 16
Page 15 Page 17
Contents Intel Express 8205 and 8205 with VPN Routers First Edition October A43586-001 Contents Install the Router Hardware Connect the powerConnect the LAN 1 port to your local network Connect the LAN 2 port to your DSL or cable modemSelect a Scenario Parameter Setting To reset the router to factory defaultsScenario Descriptions LAN PCs Get IP Address from Dhcp Server on RouterInstall Intel Device View for Scenarios 2, 3, Install Intel Device ViewFirewall Filters and NAT for Scenarios 2, 3, and 4 See For non-Windows* operating systemsConnecting to a Cable Modem Firewall filtering and local serversExisting Dhcp Server on Disable the Dhcp server on the routerConnect a PC directly to the Router Restore your network connections Change the LAN 1 IP addressStatic IP Address from ISP and Server Access on LAN Configure a static IP address on LANAccess internal servers from the Internet Firewall Filters and NATFirewall Filtering and NAT for Servers on the LAN Create firewall filters for LAN usersUsing the VPN Option Setting up a VPN TunnelTo add a VPN tunnel For more information about VPN tunnelsChange the default IP address on LAN VPN Tunnel ExampleChange the range of IP addresses used by the Dhcp server Branch Office SettingStart the VPN Tunnel Wizard Connecting Two Branch Offices Firewalls and network address translationVPN Tunnel Worksheet
Top Page Image Contents