Examples, Configuration Settings | LevelOne FBR-1404TX guide

LevelOne Broadband VPN Gateway User Guide

Examples

This section describes some examples of using the LevelOne Broadband VPN Gateway in common VPN situations.

Example 1: Connecting 2 LevelOne Broadband VPN Gateways

In this example, 2 LANs are connected via VPN.

Figure 62: Connecting 2 LevelOne Broadband VPN Gateways

Note

•The LANs MUST use different IP address ranges.

•Both endpoints have fixed WAN (Internet) IP addresses.

Configuration Settings

Setting		LAN A Gate-	LAN B Gate-	Notes
		way	way

Name		Policy 1	Policy 1	Name does not affect
				operation. Select a mean-
				ingful name.

Remote Endpoint		205.17.11.43	202.11.13.211	Other endpoint's WAN
				(Internet) IP address.

Local		Any	Any	Use a more restrictive
IP addresses				definition if possible.

Remote		192.168.1.1 to	192.168.0.1 to	Address range on other
IP addresses		192.168.1.254	192.168.0.254	endpoint.
				Use a more restrictive
				definition if possible.

Key Exchange		IKE	IKE	Must match

IKE SA Parameters

IKE Direction		Both ways	Both ways	Does not have to match.
				Either endpoint can block
				1 direction.

Local Identity		IP address	IP address	IP address is the most
				common ID method

Remote Identity		IP address	IP address	IP address is the most
				common ID method

86

Image 89

LevelOne FBR-1404TX user manual Examples, Example 1 Connecting 2 LevelOne Broadband VPN Gateways, Configuration Settings

Contents

LevelOne Table of Contents Upgrade Firmware Remote AdministrationGeneral Problems Internet Access Internet Access Features LevelOne Broadband VPN Gateway Features Configuration & Management LAN FeaturesSecurity Features Advanced Internet Functions Package Contents Front-mounted LEDs Physical Details Rear Panel Choose an Installation Site ProcedureRequirements Connect LAN Cables Check the LEDs Power UpConnect WAN Cable To Do this Refer to Overview Preparation Configuration ProgramUsing UPnP If you cant connect Using your Web Browser Common Connection Types Setup WizardCable Modems DSL Modems SingTel RAS Other Modems e.g. Broadband WirelessBig Pond Cable Australia Navigation & Data Input Home Screen Buttons LAN ScreenData LAN Screen Using another Dhcp Server Using the LevelOne Broadband VPN Gateway s Dhcp ServerTo Configure your PCs to use Dhcp What Dhcp Does Password Screen Windows Clients TCP/IP Settings Overview Using Specify an IP Address Checking TCP/IP Settings Windows 9x/MEUsing Dhcp Gateway Tab Win 95/98 Windows NT4.0 TCP/IP Checking TCP/IP Settings Windows NT4.0 Specify an IP Address Obtain an IP address from a Dhcp Server Windows NT4.0 Add Gateway Windows NT4.0 DNS Network Configuration Win Checking TCP/IP Settings Windows TCP/IP Properties Win Using a fixed IP Address Use the following IP Address Network Configuration Windows XP Checking TCP/IP Settings Windows XP TCP/IP Properties Windows XP Accessing AOL Internet AccessFor Windows 9x/ME/2000 For Windows XP Linux Clients Macintosh ClientsOther Unix Systems Fixed IP Address Status Screen Operation System Data Status ScreenInternet Data PPPoE Screen Connection Status PPPoEConnection Connection Log Message Description Connection Log Messages Pptp Status Connection Status PptpData Pptp Screen Connection Status Connection Status Telstra Big PondData Telstra Big Pond Screen RAS Plan Connection Details SingTel RASData SingTel RAS Screen DNS IP Address Default GatewayDhcp Client Release/Renew Data Fixed/Dynamic IP address Screen Connection Details Fixed/Dynamic IP Address Update the data shown on screen Internet Features Data WAN Port Screen WAN Port Configuration ScreenIdentification IP Address Login Communication Applications Advanced Internet ScreenMAC Address Communication Applications Special Applications Screen Special ApplicationsData Special Applications Screen Send incoming calls to Incoming Using a Special ApplicationPorts Outgoing URL Filter Screen URL FilterData URL Filter Screen Filter Strings Dynamic DNS Domain Name Server Ddns ServiceDynamic DNS Screen Data Dynamic DNS Screen Ddns Data Password Domain NameUser Name Ddns Status IP Address seen by Internet Users Virtual Servers Virtual Servers Screen Connecting to the Virtual ServersDefining your own Virtual Servers Data Virtual Servers Screen Internet Options Backup DNSData Options Screen MTU size Security Configuration Access Control Screen Access ControlTo use this feature Data Access Control Screen Internet Access Group Members Screen Access Control LogDate/Time Source IP address Firewall Rules This feature is for advanced administrators onlyFirewall Rules Screen Data Firewall Rules Screen Edit DataMove Delete Data Firewall Rule Screen Firewall RuleType Source IP Log Dest IPAction Data Logs Screen Enable LogsLogs Syslog Server Mail Logs SPI Firewall Security OptionsData Security Options Screen Options Data Define Schedule Screen SchedulingDefine Schedule Screen Data Services Screen ServicesAvailable Services Add New Service Cancel IPSec LevelOne Broadband VPN Gateway always uses Tunnel Mode Policies VPN Configuration Client PC to VPN Gateway Common VPN SituationsVPN Pass-through Connecting 2 VPN Gateways Connecting 2 LANs via VPN VPN Policies Screen VPN PoliciesData VPN Policies Screen VPN List Copy Enable/DisableAdding a New Policy Enable Policy General SettingsEndpoint Keys Local IP addresses VPN Wizard Traffic Selector Manual Key Exchange Remote IP addresses Tion is enabled ESP AuthenticationManually assigned Keys ESP Encryption IKE Phase 1 IKE SA IKE Phase IKE Phase 2 IPsec SA Want to enable both ESP Encryption and ESP Authentication Self Certificates CertificatesTrusted Certificates Adding a Self Certificate Adding a Trusted Certificate Signature Key Length Hash AlgorithmSignature Algorithm Add Self Certificate To add a New CRL CRLs Current VPN SAs VPN StatusData VPN Status Screen Configuration Settings Example 1 Connecting 2 LevelOne Broadband VPN GatewaysSetting LAN a Gate LAN B Gate Way Examples IPSec SA Parameters DES Example 2 Windows 2000/XP Client to LAN LevelOne Broadband VPN Gateway ConfigurationSetting Value Windows 2000/XP Local Security Settings Windows Client Configuration Windows 2000/XP Policy Properties Filter Properties Addressing New Rule Properties Filter Action Modify Security Method VPN Setting Windows Setting Tunnel Setting Windows 2000/XP Client to LevelOne Broadband VPN Gateway Filter List Filter Action Modify Security Method DUT to Win2K Properties Properties General Tab IKE Security Algorithms Key Exchange Security Methods Example 3 Windows 2000 Server to VPN Gateway Setting Single Client Server/Gateway Windows 2000 Server Addressing Windows 2000 Server Configuration Upgrade AdministrationRemote Firmware PC Database Screen PC Database Known PCs Data PC Database ScreenGenerate Report Advanced PC Properties PC Database AdminData PC Database Admin Screen Add as New Update SelectedEntry Clear Form Data Remote Administration Screen Remote AdministrationRemote Administration To connect from a remote PC via the Internet Routing Using this ScreenOverview Routing Screen Static Routing Data Routing Screen Other Routers on the Local LAN Configuring Other Routers on your LANLocal Router For Router Bs Default Route For Router As Default RouteStatic Routing Example For the LevelOne Broadband VPN Gateway s Routing Table To perform the Firmware Upgrade Upgrade Firmware UPnP UPnPData Upnp Screen Internet Access General Problems Appendix a Troubleshooting FCC Statement LevelOne Broadband VPN Gateway FCC Radiation Exposure Statement CE Marking Warning