Main
AlliedWareTM OS How To |
Introduction
Contents
Configure VPNs in a Corporate Network, with Optional Prioritisation of VoIP
Which products and software versions does this information apply to?
Related How To Notes
About IPsec modes: tunnel and transport
Page 4 | AlliedWare OS How To Note: VPNs for Corporate Networks
Background: NAT-T and policies
hotel
Internet
headquarters
hotel
Page
How to configure VPNs in typical corporate networks
Before you start
How to configure the headquarters VPN access concentrator
2. Configure IP for internet access
3. Configure remote management access, if desired
4. Capture status information remotely, if desired
5. Configure dynamic PPP over L2TP connections
6. Check feature licences
7. Configure the VPNs for the branch offices and roaming clients
Page
8. Configure the firewalls basic settings
9. Configure the firewalls access rules
10. Save your configuration
How to configure the AR440S router at branch office
2. Configure ADSL for internet access
3. Configure PPP for PPPoA
4. Configure IP
5. Configure remote management access, if desired
6. Capture status information remotely, if desired
7. Configure dynamic PPP over L2TP connections
8. Check feature licences
9. Configure the VPNs for connecting to headquarters and roaming clients
Page
10. Configure the firewalls basic settings
11. Configure the firewalls access rules
12. Save your configuration
How to configure the AR440S router at branch office 2
2. Configure ADSL for internet access
3. Configure PPP for PPPoE
4. Configure IP
5. Configure remote management access, if desired
6. Capture status information remotely, if desired
7. Check feature licences
8. Configure the VPNs for connecting to the headquarters office
9. Configure the firewalls basic settings
10. Configure the firewalls access rules
11. Save your configuration
How to make voice traffic high priority
How to prioritise outgoing VoIP traffic from the headquarters router
4. For site-to-site VPNs, apply the SQoS policy to the tunnels
5. For roaming clients, use triggers to apply SQoS to dynamic interfaces
7. Save your configuration
6. For roaming clients, set L2TP TOS reflection
How to prioritise outgoing VoIP traffic from the branch office
router
4. For the site-to-site VPN, apply the SQoS policy to the tunnel
5. For roaming clients, use triggers to apply SQoS to dynamic interfaces
6. For roaming clients, set L2TP TOS reflection
7. Save your configuration
How to prioritise outgoing VoIP traffic from the branch office 2 router
4. Apply the SQoS policy to the tunnel 5. Save your configuration
How to test your VPN solution
Configuration scripts for headquarters and branch offices
Before you use these scripts
Headquarters VPN access concentrator's configuration
Page
Page
Page
Page
Branch office
AR440S configurationthe PPPoA site with VPN client access and a fixed IP address
Page
Page
Page
Page
Branch office 2 AR440S configurationthe PPPoEoA site with a dynamically assigned IP address
Page
Page
Page
Extra configuration scripts for lab testing the VPN solution
ISP's PPPoE access concentrator configuration
Hotel's NAT gateway firewall configuration