Allied Telesis NetScreen Routers manual Network

Page 3

The network

This example illustrates a NAT-T solution, which you need when one or both of the routers are behind a NAT device such as some xDSL and cable modems. In this example, an Allied Telesis AR415S router is behind a NAT device. The following diagram shows the LANs and their interfaces and addresses.

Allied Telesis

vlan1:

router

192.168.1.1

eth0:

workstation:

192.168.254.1/30

192.168.1.100 by

 

automatic address

 

assignment

192.168.254.2/30

 

NAT device

 

100.100.100.1/30

 

100.100.100.2/30

VPN

 

tunnel

Internet

 

200.200.200.2/30

 

WAN:

 

200.200.200.1/30

 

SonicWALL

VLAN:

router

192.168.2.1

 

workstation:

 

192.168.2.100 by

 

automatic address

 

assignment

 

at-sonic.eps

Note: You can still use this example if you have no NAT device between the Allied Telesis router and the Internet, or if you have a NAT device between the SonicWALL router and the Internet, with slight alterations. See "Appendix: Using this example if you don’t have a NAT device in the same position" on page 31 for details.

Initiating the In this example, you can only initiate the tunnel from the Allied Telesis end, not the tunnel from SonicWALL end. If you want to let the SonicWALL initiate the VPN too, you have to

either end configure your NAT device to allow it. To do this, set up pinholes (allow rules) on the NAT device to allow through UDP traffic on ports 500 and 4500.

Page 3 AlliedWare™ OS How To Note: VPNs with SonicWALL routers

Page 2 Page 4
Image 3
Page 2 Page 4
Contents AlliedWareTM OS Related How To Notes What information will you find in this document?Which products and software version does it apply to? Router NetworkStart How to configure the Allied Telesis routerVPN tunnel 1. Open the Configuration Wizards Name the VPN connection Start the Site-to-Site VPN wizardEnter the remote site’s LAN IP address Enter the remote site’s WAN IP addressEnter the shared secret key Check the settingsSpecify Peer IDs Finish the wizard Check the settings againManager Set the PC’s IP address How to configure the SonicWALL routerAccess the Router Connect a PC to the routerLog on Browse to the router’s management GUI14 AlliedWare OS How To Note VPNs with SonicWALL routers Customise the router and set up the network Change the administrator passwordSet the time zone Choose the type of WAN address Enter the WAN settingsEnter the LAN address Set up the Dhcp serverClick the Close button Log in again Open the Address Objects summary Define the LAN subnet of the peerDefine the address object Open the Custom Address Objects summary22 AlliedWare OS How To Note VPNs with SonicWALL routers Create the VPN Return to the Configuration WizardsSelect the networks for each end of the LAN Create the Site-to-Site policySpecify security settings 26 AlliedWare OS How To Note VPNs with SonicWALL routers Specify the Local and Peer IKE IDs Set the VPN IKE IDs and use Main ModeIf necessary, restart the router Specify IKE Main ModeHow to test the tunnel Check the tunnel statusPing the SonicWALL LAN How to use the CLI instead of the GUI Wizard, for Remote Peer IP
Top Page Image Contents