Black Box LR11xx Series Router Configurations Guide
14.5IPSec Remote Access Mode Configuration Group Method
The following example demonstrates how to configure a Black Box router to be an IPSec VPN server using
In this example, the client needs to access the corporate private network 10.0.1.0/24 through the VPN tunnel. The server has a pool of IP addresses from 20.1.1.100 through 20.1.1.150 to be allocated for mode config enabled VPN clients. The assigned IP address is used by the VPN client as the source address in the inner IP header. The outer IP header will carry the dynamic IP address assigned by the Internet Service Provider as the source address. The security requirements are as follows:
3DES with SHA1, Mode Config
IPSec ESP tunnel with AES256 and
Figure 29 Configuration Mode Remote Access Configuration
VPN Client 1
Local Outer Address:
Dynamic
Local Inner Assigned
Address: 10.0.1.100/32
Local ID:
david@tasmannetworks.
david@blackboxcom .com
| EL |
IPSEC | TUNN |
|
|
|
|
|
|
|
|
|
|
|
|
| Black box 1 |
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| VPN Server |
|
|
|
|
|
| Corporate | 172.16.0.1 | ||||||
|
|
|
|
|
| Mode Config IP | |||||||
|
|
|
|
| Headquarters | ||||||||
|
|
|
|
| Pool: | ||||||||
|
|
|
| 10.0.1.0/24 |
| ||||||||
|
|
|
|
| 10.0.1.100- | ||||||||
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| 10.0.1.150 |
IPSEC TUNNEL
VPN Client 2
Local Outer Address:
Dynamic
Local Inner Assigned
Address: 10.0.1.101/32
Local ID:
mike@blackbox.com
To configure the VPN gateway:
Blackbox>configure term Blackbox/configure>interface ethernet 1 Blackbox/configure/interface/ethernet 1>ip address 10.0.1.1 24 Blackbox/configure/interface/ethernet 1>crypto corp
Blackbox/configure> interface bundle wan Blackbox/configure/interface/bundle wan>link t1
92
