Allied Telesis AR440S manual

C613-16049-00 REV E www.alliedtelesis.com

AlliedWareTM OSHow To |

Introduction

In this How To Note’s example, a headquarters office has VPNs to two branch offices and a

number of roaming VPN clients. The example illustrates the following possible components

that you could use in a corporate network:

zVPNs between a headquarters office and roaming VPN clients, such as travellers’ laptops

zVPNs between a branch office and roaming VPN clients, such as travellers’ laptops

za VPN between a headquarters office and a branch office with a fixed IP address, when the

branch office has an ADSL PPPoA connection to the internet

za VPN between a headquarters office and a branch office with a dynamically assigned IP

address, when the branch office has an ADSL PPPoEoA connection to the internet

zusing software QoS to prioritise voice (VoIP) traffic over the VPNs

Select the solution components that are relevant for your network requirements and

internet connection type.

Contents

Which products and software versions does this information apply to? ................................... 2

Related How To Notes .......................................................................................................................... 2

About IPsec modes: tunnel and transport ......................................................................................... 3

Background: NAT-T and policies .......................................................................................................... 4

How to configure VPNs in typical corporate networks ................................................................. 6

Before you start ............................................................... ................................................................ 7

How to configure the headquarters VPN access concentrator ........................................... 8

How to configure the AR440S router at branch office

1

..................................................... 16

How to configure the AR440S router at branch office 2 ..................................................... 24

Configure VPNs in a Corporate Network, with Optional Prioritisation of VoIP

Contents

Main AlliedWareTM OS How To | Introduction Contents Configure VPNs in a Corporate Network, with Optional Prioritisation of VoIP Which products and software versions does this information apply to? Related How To Notes About IPsec modes: tunnel and transport Page 4 | AlliedWare OS How To Note: VPNs for Corporate Networks Background: NAT-T and policies hotel Internet headquarters hotel Page How to configure VPNs in typical corporate networks Before you start How to configure the headquarters VPN access concentrator 2. Configure IP for internet access 3. Configure remote management access, if desired 4. Capture status information remotely, if desired 5. Configure dynamic PPP over L2TP connections 6. Check feature licences 7. Configure the VPNs for the branch offices and roaming clients Page 8. Configure the firewalls basic settings 9. Configure the firewalls access rules 10. Save your configuration How to configure the AR440S router at branch office 2. Configure ADSL for internet access 3. Configure PPP for PPPoA 4. Configure IP 5. Configure remote management access, if desired 6. Capture status information remotely, if desired 7. Configure dynamic PPP over L2TP connections 8. Check feature licences 9. Configure the VPNs for connecting to headquarters and roaming clients Page 10. Configure the firewalls basic settings 11. Configure the firewalls access rules 12. Save your configuration How to configure the AR440S router at branch office 2 2. Configure ADSL for internet access 3. Configure PPP for PPPoE 4. Configure IP 5. Configure remote management access, if desired 6. Capture status information remotely, if desired 7. Check feature licences 8. Configure the VPNs for connecting to the headquarters office 9. Configure the firewalls basic settings 10. Configure the firewalls access rules 11. Save your configuration How to make voice traffic high priority How to prioritise outgoing VoIP traffic from the headquarters router 4. For site-to-site VPNs, apply the SQoS policy to the tunnels 5. For roaming clients, use triggers to apply SQoS to dynamic interfaces 7. Save your configuration 6. For roaming clients, set L2TP TOS reflection How to prioritise outgoing VoIP traffic from the branch office router 4. For the site-to-site VPN, apply the SQoS policy to the tunnel 5. For roaming clients, use triggers to apply SQoS to dynamic interfaces 6. For roaming clients, set L2TP TOS reflection 7. Save your configuration How to prioritise outgoing VoIP traffic from the branch office 2 router 4. Apply the SQoS policy to the tunnel 5. Save your configuration How to test your VPN solution Configuration scripts for headquarters and branch offices Before you use these scripts Headquarters VPN access concentrator's configuration Page Page Page Page Branch office AR440S configurationthe PPPoA site with VPN client access and a fixed IP address Page Page Page Page Branch office 2 AR440S configurationthe PPPoEoA site with a dynamically assigned IP address Page Page Page Extra configuration scripts for lab testing the VPN solution ISP's PPPoE access concentrator configuration Hotel's NAT gateway firewall configuration