Examples, Configuration Settings | Planet Technology VRT-401

VPN

Examples

This section describes some examples of using VRT-401 in common VPN situations.

Example 1: Connecting 2 VRT-401s

In this example, 2 LANs are connected via VPN.

Figure 53: Connecting 2 VRT-401s

Note

∙The LANs MUST use different IP address ranges.

∙Both endpoints have fixed WAN (Internet) IP addresses.

Configuration Settings

Setting		LAN A Gateway	LAN B Gateway	Notes

Name		Policy 1	Policy 1	Name does not affect
				operation. Select a
				meaningful name.
Remote Endpoint		205.17.11.43	202.11.13.211	Other endpoint's WAN
				(Internet) IP address.
Local		Any	Any	Use a more restrictive
IP addresses				definition if possible.
Remote		192.168.1.1 to	192.168.0.1 to	Address range on other
IP addresses		192.168.1.254	192.168.0.254	endpoint.
				Use a more restrictive
				definition if possible.
Key Exchange		IKE	IKE	Must match

IKE SA Parameters

IKE Direction		Both ways	Both ways	Does not have to match.
				Either endpoint can
				block 1 direction.
Local Identity		IP address	IP address	IP address is the most
				common ID method
Remote Identity		IP address	IP address	IP address is the most
				common ID method
IKE Authentica-		Pre-shared Key	Pre-shared Key	Certificates are not
tion method				widely used.

83

Image 87

Planet Technology user manual Examples, Example 1 Connecting 2 VRT-401s, Configuration Settings, IKE SA Parameters

Contents

Broadband VPN Router Copyright Table of Contents 107 Using Certificates 101Remote Administration 111 106 Internet Access Features VRT-401 Features Advanced Internet Functions LAN FeaturesConfiguration & Management Security Features Package Contents Front-mounted LEDs Physical Details Rear Panel To Clear All Data and restore the factory default values Connect LAN Cables ProcedureChoose an Installation Site Requirements Check the LEDs Using the DMZ PortPower Up Connect WAN Cable To Do this Refer to Overview Preparation Configuration ProgramUsing UPnP Using your Web Browser If you cant connect Password Dialog DSL Modems Config WizardCommon Connection Types Cable Modems Other Modems e.g. Broadband Wireless Big Pond Cable AustraliaSingTel RAS Navigation & Data Input Home Screen Data LAN Screen LAN Screen What Dhcp Does Using VRT-401’s Dhcp ServerUsing another Dhcp Server To Configure your PCs to use Dhcp Windows Clients TCP/IP Settings Overview Checking TCP/IP Settings Windows 9x/ME Using DhcpUsing Specify an IP Address Gateway Tab Win 95/98 Windows NT4.0 TCP/IP Checking TCP/IP Settings Windows NT4.0 Specify an IP Address Obtain an IP address from a Dhcp Server Windows NT4.0 Add Gateway Windows NT4.0 DNS Network Configuration Win Checking TCP/IP Settings Windows TCP/IP Properties Win Using a fixed IP Address Use the following IP Address Network Configuration Windows XP Checking TCP/IP Settings Windows XP TCP/IP Properties Windows XP For Windows XP Internet AccessAccessing AOL For Windows 9x/ME/2000 Fixed IP Address Macintosh ClientsLinux Clients Other Unix Systems Status Screen Operation Data Status Screen PPPoE Link Status Connection Status PPPoEData PPPoE Screen Connection Physical Address Connection Log Messages Operation and Status Dress Connection Status PptpData Pptp Screen Connection Physical Ad Data Telstra Big Pond Screen Connection Status Telstra Big Pond Connection Status Connection Details SingTel RAS Data SingTel RAS Screen Connection Details Fixed/Dynamic IP Address Data Fixed/Dynamic IP address ScreenInternet Physical Ad Buttons Release/Renew Internet Screen Advanced Internet Screen Communication Applications Special ApplicationsSpecial Applications Screen Using a Special Application Data Special Applications ScreenCheckbox Name Incoming Ports Outgoing Ports URL Filter DMZ Data URL Filter Screen URL Filter Screen Service works as follows Dynamic DNS Domain Name ServerDynamic DNS Screen Ddns Data User Name Ddns ServicePassword Domain Name Data Dynamic DNS Screen IP Address seen by Internet Users Virtual Servers Using the DMZ port for Virtual Servers Virtual Servers ScreenData Virtual Servers Screen Defining your own Virtual Servers Connecting to the Virtual ServersBackup DNS IP Address Options MTU size MTU Admin Login Screen Admin Login Password Dialog Access Control Access Control ScreenTo use this feature Data Access Control Screen View Log Group Members Screen Access Control Log Security Configuration This feature is for advanced administrators only Firewall RulesFirewall Rules Screen Data Firewall Rules Screen Source IP Define Firewall RuleData Define Firewall Rule Screen Type Dest IP ActionLog Internet Connec Enable Logs DoS AttacksLogs Data Logs Screen Timezone Access ControlSyslog Server Enable Syslog Firewall Rules Include Firewall SPI Firewall Enable DoSSecurity Options Data Security Options Screen Allow L2TP Options Respond toAllow IPsec Allow Pptp Scheduling Define Schedule ScreenData Define Schedule Screen Data Services Screen Services Buttons Delete VRT-401 does not support Transport Mode VRT-401 always uses Tunnel ModeIPSec Policies VPN Configuration Common VPN Situations VPN Pass-throughClient PC to VPN Gateway Connecting 2 VPN Gateways Connecting 2 LANs via VPN VPN Configuration VPN Policies ScreenData VPN Policies Screen Able/Disable Copy Adding a New PolicyOperations Add Keys General SettingsEnable Policy Endpoint Local IP addresses Type VPN Wizard Traffic Selector Manual Key Exchange Remote IP addresses Type ESP Authentica Tication is enabledManually assigned Keys ESP Encryption IKE Phase Local IdentityRemote Identity Mode AuthenticationEncryption IKE Exchange IPSec PFS IKE Phase 2 IPsec SA IPsec SA LifeAH Authentication Time Examples Example 1 Connecting 2 VRT-401sConfiguration Settings Setting LAN a Gateway LAN B Gateway IPSec SA Parameters DES VRT-401 Configuration Setting ValueExample 2 Windows 2000/XP Client to LAN Windows 2000/XP Local Security Settings Windows Client Configuration Windows 2000/XP Policy Properties Filter Properties Addressing New Rule Properties Filter Action Modify Security Method VPN Setting Windows Setting Tunnel Setting Windows 2000/XP Client to VRT-401 Filter List Filter Action Modify Security Method DUT to Win2K Properties Properties General Tab IKE Security Algorithms Key Exchange Security Methods Example 3 Windows 2000 Server to VPN Gateway Setting Single Client Server/Gateway Windows 2000 Server Addressing Windows 2000 Server Configuration Using Certificates Adding a Self Certificate Adding a Trusted Certificate Length Hash AlgorithmSignature Algorithm Signature Key To add a New CRL CRLs Upload CRL Remote Administra Tion RoutingUpgrade PC Database PC Database Screen PC Database Data PC Database Screen PC Database Admin Data PC Database Admin ScreenPC Properties Name Entry Update Se∙ Dchp Client Reserved IP Address Select this if the PC Buttons Add as New Remote Administration Data Remote Administration ScreenTo connect from a remote PC via the Internet Routing Screen Using this ScreenRouting Overview Enable RIP Data Routing ScreenStatic Routing Static Routing Table Entries Local Router Configuring Other Routers on your LAN For VRT-401’s Routing Table For Router As Default RouteStatic Routing Example Other Routers on the Local LAN Firmware Upgrade For Router Bs Default RouteTo perform the Firmware Upgrade Data Upnp Screen General Problems Internet AccessProblem 1 Cant connect to VRT-401 to configure it 119 FCC Statement VRT-401 FCC Radiation Exposure Statement CE Marking Warning