Embed Size (px)
Citation preview
DI-804V with DI-804HV IPsec VPN Configuration Guide This configuration shows how to connect a DI-804V to a DI-804HV with an IPsec tunnel. This document is based on a DI-804V running the firmware (4.74) and the DI-804HV running firmware version v1.30.
DI-804V
LAN: 192.168.1.0/24
WAN IP: 195.74.119.177
InternetInternet
DSL-300G+
DSL-300G+
WAN IP: 80.107.233.32
LAN: 192.168.2.0/24
DI-804HV
DI-804V with DI-804HV IPsec VPN Configuration Guide Page 2
DI-804V Configuration 1. Log-in to the DI-804V using the
default username and password. Click on ‘Basic Setup’ and select ‘Device IP Settings’. Change the IP address of the DI-804V to 192.168.1.1/24 for this example.
2. Click on ‘VPN Settings’. Type in the Connection name as 2network and then Click on ‘Add’.
DI-804V with DI-804HV IPsec VPN Configuration Guide Page 3
3. The full VPN settings should then come up. Enter the following details for the VPN profile. Enter the ‘Remote IP Network’ as the Internal IP network of the DI-804HV which is 192.168.2.0/24. Enter the ‘Remote Gateway IP’ as the WAN IP of the DI-804HV. Click on Save.
4. Click on ‘Next’.
DI-804V with DI-804HV IPsec VPN Configuration Guide Page 4
5. Click on ‘Save and Restart’.
DI-804HV Configuration 1. Log-in to the DI-804HV using
the default IP address of 192.168.0.1 and using the default username and password. Click on LAN and set the IP address for the DI-804HV to 192.168.2.1/24. Click on ‘Apply’ and then ‘Restart’.
2. Click on ‘VPN’ on the left side. Click on the ‘Enable’ check box for the VPN. Enter 5 in ‘Max number of tunnels’. Type in the Tunnel name under number 1 and put in the name ‘1network’. Click on ‘Apply’ and then ‘Restart’.
DI-804V with DI-804HV IPsec VPN Configuration Guide Page 5
3. Click on Home VPN. To the right of ‘1network’, set the method to ‘IKE’ and then click on ‘More’. Enter the following details for the tunnel. Set the Remote subnet and netmask of the internal network on other side (192.168.1.0/255.255.255.0) and enter the Remote Gateway which is the WAN IP on the other side 195.74.119.177. Enter the Preshared Key. Click on ‘Apply’ and then ‘Restart’.
4. Click on Home VPN Click on ‘More’ to the right of ‘1network’ Click on ‘Select IKE proposal. Under ID #1, enter the name ‘3DES-MD5’, DH-Group = Group1, Encrypt algorithm = 3DES, Auth algorithm = MD5, Life Time = 28800, Life Time Unit = Sec. Set the Proposal ID at the bottom to #1 and then click on the ‘Add to’ button. Click on ‘Apply’ and then ‘Restart’.
5. Click on Home VPN Click on ‘More’ to the right of ‘1network’ Click on ‘Select IPsec Proposal’. Under ID #1, enter the Proposal Name = 3DES-MD5, DH-Group = Group1, Encap Protocol = ESP, Encrypt algorithm = 3DES, Auth algorithm = MD5, Life Time = 3600, Life Time Unit = Sec. Set the Proposal ID at the bottom to #1 and then click on the ‘Add to’ button. Click on ‘Apply’ and then ‘Restart’.
DI-804V with DI-804HV IPsec VPN Configuration Guide Page 6
Checking and Testing the Connection 1. From the DI-804V, you can
then ping one of the PCs on the DI-804V internal network from the DI-804HV network, in this case, it is a machine which is 192.168.1.100.
2. On the DI-804V, you can check the VPN connection status by clicking on Device Status VPN Status. The screen on the right will then come up to show the IPSec Connection Status. This screen shows a successful connection.
3. On The DI-804HV, you can check to see if the negotiation for the Ipsec tunnel went through correctly by going into Status Log. The message in this log shows “(195.74.119.177) <..>(81.107.233.32) Phase2(IPSEC SA) established”. This shows that the two routers have finished negotiation of the Ipsec tunnel.
