Configuring the VPN concentrator
On the VPN concentrator network, you must create one VPN tunnel for each of the prospective VPN concentrator members and then add these tunnels to a VPN concentrator. You can add both AutoIKE and manual key VPN tunnels to a VPN concentrator.
Encrypt policies control the direction of traffic through the VPN concentrator. You must create a separate encrypt policy for each VPN added to the concentrator. These policies allow inbound and outbound VPN connections between the concentrator and the member VPN tunnels. The encrypt policy for each member VPN tunnel must include the member VPN tunnel name.
To configure the VPN concentrator:
•Add the required number of remote gateways.
Each AutoIKE key tunnel requires a remote gateway. See Adding a remote gateway.
•Add the required number of AutoIKE key VPN tunnels and include the remote gateways added in step 1.
See Adding an AutoIKE key VPN tunnel.
•Add the required number of manual key VPN tunnels. See Adding a manual key VPN tunnel.
•Add a VPN concentrator that includes the tunnels added in steps 2 and 3. See Adding a VPN concentrator.
•Add one encrypt policy for each member VPN. Use the following configuration for each policy:
Source Destination Action VPN Tunnel Allow inbound Allow outbound Inbound NAT Outbound NAT
VPN concentrator address. Member VPN address.
ENCRYPT
The member VPN tunnel name. Select allow inbound.
Select allow outbound
Select inbound NAT if required. Select outbound NAT if required.
See Adding an encrypt policy.
Configuring the member VPNs
For each member VPN, you must create a VPN tunnel to the VPN concentrator network. This tunnel can be an AutoIKE key or manual key tunnel.
You must create an encrypt policy that allows inbound and outbound VPN connections between the member VPN and the concentrator.
You must create additional encrypt policies that allow inbound and outbound VPN connections between each of the member VPNs.
The policy between the member VPN and the concentrator must be arranged in the policy list above the policies between member VPNs. Each encrypt policy must include the same tunnel name.
To configure each member VPN:
•Add a remote gateway if you are adding AutoIKE key tunnels. See Adding a remote gateway.
•Add an AutoIKE key VPN tunnel and include the remote gateway added in step 1.
51 | |
|