VPN IPSec Application Installation Guide 1
Configuring a IPSec LAN-to-LAN VPN Connection Table 3: Network Configuration and Security Plan Branch Office Head Office Local Network ID 192.168.0.0/24 192.168.1.0/24 Local Router IP 69.121.1.30 69.121.1.3 Remote Network ID 192.168.1.0/24 192.168.0.0/24 Remote Router IP 69.121.1.3 69.121.1.30 IKE Pre-shared Key 12345678 12345678 VPN Connection Type Tunnel mode Tunnel mode Security Algorithm ESP:MD5 with 3DES ESP:MD5 with 3DES Functions of IKE Pre-shared Key, VPN Connection Type and Security Algorithm MUST BE identically set up on both sides. Attention 2
Configuring IPSec VPN in the Head Office 1 2 3 4 5 Item Function Description 1 Connection Name IPSec_HeadOffice Given a name of IPSec connection Subnet Check Subnet radio button 2 IP Address 192.168.1.0 Netmask 255.255.255.0 Head office network 3 Secure Gateway Address IP address of the head office router (in 69.121.1.30 (or Hostname) WAN side) Subnet Check Subnet radio button 4 IP Address 192.168.0.0 Netmask 255.255.255.0 Branch office network ESP Check ESP radio button Authentication MD5 5 Encryption 3DES Prefer Forward Security None Security plan Pre-shared Key 12345678 3
Configuring IPSec VPN in the Branch Office 1 2 3 4 5 Item Function Description 1 Connection Name IPSec_BranchOffice Given a name of IPSec connection Subnet Check Subnet radio button 2 IP Address 192.168.0.0 Netmask 255.255.255.0 Branch office network 3 Secure Gateway Address IP address of the head office router 69.121.1.3 (or Hostname) (in WAN side) Subnet Check Subnet radio button 4 IP Address 192.168.1.0 Netmask 255.255.255.0 Head office network ESP Check ESP radio button Authentication MD5 5 Encryption 3DES Prefer Forward Security None Security plan Pre-shared Key 12345678 4
Configuring a IPSec Host-to-LAN VPN Connection 5
Configuring IPSec VPN in the Office 1 2 3 4 5 Item Function Description 1 Connection Name IPSec Given a name of IPSec connection Subnet Check Subnet radio button 2 IP Address 192.168.1.0 Netmask 255.255.255.0 Head office network 3 Secure Gateway Address IP address of the head office router (in 69.121.1.30 (or Hostname) WAN side) 4 Single Address Check Single Address radio button IP Address 69.121.1.30 Remote worker s IP address ESP Check ESP radio button Authentication MD5 5 Encryption 3DES Prefer Forward Security None Security plan Pre-shared Key 12345678 6
Configuring IPSec VPN Tunnel thru Microsoft Windows in Remote Host Step 1 Click Start => Run and type secpol.msc in the field. Click OK to the next step. Step 2 Right-Click IP Security Policies on Local Computer. Click Create IP Security Policy to the next step. Step 3 Step 4 Give a name to the IP Security Policy. Here we make it called IPSec Test. 7
Step 5 Check Activate the default response rule. box. If it is not checked. Step 6 Click Next > to continue. Step 7 Check Edit Properties box if it is not checked. Click Finish to the next step. 8
Step 8 Un-check <Dynamic> box if it is checked. Click Add to the next step. Step 9 Step 10 Check The tunnel endpoint is specified by this IP address: radio button and enter the public IP of Remote Worker. 9
Step 11 Check All network connections radio button. Step 12 Check Use this string to protect the key exchange [preshared key]: radio button and input the key. This pre-share key should be identical as the set up in the Router. Step 13 Click Add to the next step. 10
Step 14 Give a name and description to this IP Filter. Click Add to configure an IP traffic filter that comes from Office LAN to Remote Worker. Step 15 Step 16 Select Source address: to A specific IP Subnet and enter both IP address and mask of Office LAN. 11
Step 17 Select Destination address: to My IP Address. Step 18 Select protocol type, Any. Step 19 Check Edit properties box if it is not checked. Click Finish to the next step. 12
Step 20 Un-check Mirrored. Also match packets with the exact opposite source and destination addresses. box if it is checked. Click OK to the next step. Step 21 Traffic in filter is created and listed in the Filter field. It is necessary to create another filter for the opposite direction. Click OK to the next step. Step 22 Check Traffic in radio button. 13
Step 23 A security plan must be create between Office LAN and Remote Worker. Note: This information should be identical on both Office LAN and Remote Worker. Click Add to the next step. Step 24 Step 25 Give a name to this Filter Action. 14
Step 26 Check Negotiate security radio button. Step 27 Check Do not communicate with computers that do not support IPSec. radio button. Step 28 Check Custom radio button. Click Settings to the next step. 15
Step 29 ESP mode (MD5 authentication and 3DES encryption method ) must be identical on both sites, the Office LAN and Remote Worker. Click OK to the next step. Step 30 Step 31 Un-check Edit properties box if it is checked. Click Finish to the next step. 16
Step 32 Check Security Plan radio button. Step 33 Un-check Edit properties if it is checked. Click Finish to the next step. Step 34 A rule called Traffic in in the IP Filter List. It is necessary to create another rule for Traffic out. Click Add to the next step. 17
Step 35 Step 36 Check The tunnel endpoint is specified by this IP address: radio button and enter the public IP of Office LAN. Step 37 Check All network connections radio button. 18
Step 38 Check Use this string to protect the key exchange [preshared key]: radio button and enter the key. Note: This pre-share key must be identical as the set up in the router. Step 39 Click Add to the next step. Step 40 Give a name and description to this IP Filter. Click Add to configure an IP traffic filter that comes from Remote Worker to Office LAN. 19
Step 41 Step 42 Select Source address: to My IP Address. Step 43 Select Destination address: to A specific IP Subnet and enter both IP address and mask of Office LAN. 20
Step 44 Select protocol types, Any. Step 45 Check Edit properties box if it is not checked. Click Finish to the next step. Step 46 Un-check Mirrored. Also match packets with the exact opposite source and destination addresses. box if it is checked. Click OK to next step. 21
Step 47 Traffic out filter is created and listed in the Filter field. Both incoming and outgoing traffic rule, Traffic in and Traffic out are completed! Click OK to the next step. Step 48 Check Traffic out radio button. Step 49 Check Security Plan radio button. For both Traffic in and Traffic out, we should use the same security plan. 22
Step 50 Un-check Edit properties if it is checked. Click Finish to the next step. Step 51 Click OK to apply your settings. Step 52 Right click IPSec Test. Click Assign to enable IPSec setting on this machine. Step 53 Congratulation!! You have completed the setting. Completed! 23
Configuring a IPSec LAN-to-LAN VPN Connection 24
Configuring IPSec VPN in the Head Office 1 2 3 4 5 Item Function Description 1 Connection Name IPSec_HeadOffice Given a name of IPSec connection Subnet Check Subnet radio button 2 IP Address 192.168.1.0 Netmask 255.255.255.0 Head office network 3 Secure Gateway Address IP address of the head office router (in 69.121.1.30 (or Hostname) WAN side) Subnet Check Subnet radio button 4 IP Address 192.168.0.0 Netmask 255.255.255.0 Branch office network ESP Check ESP radio button Authentication MD5 5 Encryption 3DES Prefer Forward Security None Security plan Pre-shared Key 12345678 25
Configuring IPSec VPN thru Microsoft Windows in Branch Office Step 1 Click Start => Run and type secpol.msc in the field. Click OK to the next step. Step 2 Right-Click IP Security Policies on Local Computer. Click Create IP Security Policy to the next step. Step 3 Step 4 Give a name to the IP Security Policy. Here we make it called IPSec Test. 26
Step 5 Check Activate the default response rule. box. If it is not checked. Step 6 Click Next > to the continue. Step 7 Check Edit Properties box if it is not checked. Click Finish to the next step. 27
Step 8 Un-check <Dynamic> box if it is checked. Click Add to the next step. Step 9 Step 10 Check The tunnel endpoint is specified by this IP address: radio button and enter the public IP of Branch Office. 28
Step 11 Check All network connections radio button. Step 12 Check Use this string to protect the key exchange [preshared key]: radio button and input the key. This pre-share key should be identical as the set up in the Router. Step 13 Click Add to the next step. 29
Step 14 Give a name and description to this IP Filter. Click Add to configure an IP traffic filter that comes from Head Office to Branch Office. Step 15 Step 16 Select Source address: to A specific IP Subnet and enter both IP address and mask of Office LAN. 30
Step 17 Select Destination address: to A specific IP Subnet and enter both IP address and mask of Branch Office LAN. Step 18 Select protocol types, Any. Step 19 Check Edit properties box if it is not checked. Click Finish to next step. 31
Step 20 Un-check Mirrored. Also match packets with the exact opposite source and destination addresses. box if it is checked. Click OK to next step. Step 21 Traffic in filter is created and listed in the Filter field. It is necessary to create another filter for the opposite direction. Click OK to the next step. Step 22 Check Traffic in radio button. 32
Step 23 A security plan must be create between Head and Branch office. Note: This information should be identical on both Head and Branch office. Click Add to the next step. Step 24 Step 25 Give a name to this Filter Action. 33
Step 26 Check Negotiate security radio button. Step 27 Check Do not communicate with computers that do not support IPSec. radio button. Step 28 Check Custom radio button. Click Settings to the next step. 34
Step 29 ESP mode (MD5 authentication and 3DES encryption method ) must be identical on both sites, the Branch office and Head office. Click OK to the next step. Step 30 Step 31 Un-check Edit properties box if it is checked. Click Finish to the next step. 35
Step 32 Check Security Plan radio button. Step 33 Un-check Edit properties if it is checked. Click Finish to the next step. Step 34 A rule called Traffic in in the IP Filter List. It is necessary to create another rule for Traffic out. Click Add to the next step. 36
Step 35 Step 36 Check The tunnel endpoint is specified by this IP address: radio button and enter the public IP of Head Office. Click Next > to next step. Step 37 Check All network connections radio button. 37
Step 38 Check Use this string to protect the key exchange [preshared key]: radio button and enter the key. Note: This pre-share key must be identical as the set up in the router. Step 39 Click Add to the next step. Step 40 Given a name and description of this IP Filter. Click Add to configure an IP traffic filter that comes from Branch Office to Head Office. 38
Step 41 Step 42 Select Source address: to A specific IP Subnet and enter both IP address and mask of Branch Office LAN. Step 43 Select Destination address: to A specific IP Subnet and enter both IP address and mask of Head Office LAN. 39
Step 44 Select protocol type, Any. Step 45 Check Edit properties box if it is not checked. Click Finish to the next step. Step 46 Un-check Mirrored. Also match packets with the exact opposite source and destination addresses. box if it is checked. Click OK to the next step. 40
Step 47 Traffic out filter is created and listed in the Filter field. Both incoming and outgoing traffic rule, Traffic in and Traffic out are completed! Click OK to the next step. Step 48 Check Traffic out radio button. Step 49 Check Security Plan radio button. For both Traffic in and Traffic out, we should use the same security plan. 41
Step 50 Un-check Edit properties if it is checked. Click Finish to the next step. Step 51 Click OK to apply your settings. Step 52 Right click IPSec Test. Click Assign to enable IPSec setting on this machine. 42
Step 53 Congratulation!! You have completed the setting. Completed! 43