|
da questo dispositivo ha anche altre istruzioni :
Facilità d'uso
Set the LAN IPs on each modem router to different subnets and configure each correctly for the Internet. 2. Select Advanced - VPN > VPN Policies and click the Add Auto Policy button. The VPN Auto Policy screen displays: 3. Enter these policy settings: Auto Policy Field Description General Policy Name GtoG Remote VPN Endpoint Address Type Fixed Remote VPN Endpoint Address Data 22.23.24.25 Local LAN Use the default settings. Remote LAN IP Address Select Subnet address from the drop-down list. Start IP Address 192.168.3.1 Subnet Mask 255.255.255.0 IKE Direction Initiator and Responder Exchange Mode Main Mode Diffie-Hellman (DH) Group Group 2 (1024 Bit) Local Identity Type Use the default setting. Remote Identity Type Use the default setting. Parameters Encryption Algorithm 3DES Authentication Algorithm MD5 Pre-shared Key 12345678 4. Click Apply. The VPN Policies screen displays: 5. Repeat these steps for the DGN2200 on LAN B. Pay special attention to the following network settings: • General, Remote Address Data (for example, 14.15.16.17) • Remote LAN, Start IP Address - IP Address (for example, 192.168.0.1) - Subnet Mask (for example, 255.255.255.0) - Pre-shared Key (for example, 12345678) 6. Use the VPN Status screen to activate the VPN tunnel: Note: The VPN Status screen is only one of three ways to active a VPN tunnel. See Activate a VPN Tunnel on page 112 for information about the other ways. a.Select VPN > VPN Status to display the VPN Status/Log screen. Then click VPN Status to display the Current VPN Tunnels (SAs) screen: b. Click Connect for the VPN tunnel that you want to activate. Review the VPN Status/Log screen (Figure a on page 111) to verify that the tunnel is connected. Use Manual Policy to Configure VPN Tunnels As an alternative to IKE, you can use manual keying, in which you need to specify each phase of the connection. A manual VPN policy requires all settings for the VPN tunnel to be manually input at each end (both VPN endpoints). Select Advanced - VPN > VPN Policies, and then click the Add Manual Policy radio button to display the VPN - Manual Policy screen: The following sections explain the fields in the VPN Manual Policy screen. VPN Manual Policy General Settings The DGN2200 VPN tunnel network connection fields are as follows. • Policy Name. Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. It is used only to help you manage the policies. • Remote VPN Endpoint. The remote VPN endpoint has to have this VPN gateway’s address entered as its remote VPN endpoint. If the remote endpoint has a dynamic IP address, select Dynamic IP Address. No address data input is required. You can set up multiple remote dynamic IP policies, but only one such policy can be enabled at a time. Otherwise, select an option (IP address or domain name) and enter the address of the remote VPN endpoint to which you want to connect. VPN Manual Policy Local LAN Settings The remote VPN endpoint has to have these IP addresses entered as its remote addresses. • Subnet Address. Enter the network mask. • Single PC - no Subnet. Select this option if there is no LAN (only a single PC) at the remote endpoint. If this option is selected, no additional data is required. • Single/Start IP Address. The IP address for a single address, or the starting address for an address range used on the LAN. If you want to make a single server on your LAN available to remote users, use a single address Any settings. The remote VPN endpoint can be at any IP address. • Finish IP Address. For an address range, enter the finish IP address. This has to be an address range used on your LAN. • Subnet Mask. Enter the network mask. VPN Manual Policy Remote LAN Settings The remote VPN endpoint has to have these IP addresses entered as its local addresses. • IP Address. Select Single PC - no Subnet if there is no LAN (only a single PC) at the remote endpoint. If this option is selected, no additional data is required. The typical application is a PC running the VPN client at the remote end. • Single/Start IP Address. Enter an IP address on the remote LAN. You can use this setting to access a server. -For a range of addresses, enter the starting IP address. This has to be an address range used on the remote LAN. -Any. Any outgoing traffic from specified Local IP computers triggers an attempted VPN connection to the remote VPN endpoint. Be sure you want this option before selecting it. • Finish IP Address. Enter the finish IP address for a range of addresses. This has to be an address range used on the remote LAN. • Subnet Mask. Enter the network mask. VPN Manual Policy ESP Settings ESP (Encapsulating Security Payload) provides security for the payload (data) sent through the VPN tunnel. • SPI. Enter the required Security Policy Indexes (SPIs). Each policy has to have unique SPIs. These settings need to match the remote VPN endpoint. The in setting here has to match the out setting on the remote VPN endpoint...