Embed Size (px)
Citation preview
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 1
HUB AND SPOKE VPN Release Date: 2005/7/12
1 介绍(Introduction) 这是介绍如何使用华硕SL系列VPN路由器(ASUS Internet Security Routers)建立星型拓扑
(”hub and spoke” topology)结构的VPN应用文档。这里的设置是基于固件版本(firmware version)1.1.68A.410. 您可以触类旁通,即使固件版本有变化,设置也基本相同。
建建议议您您在在设设置置hhuubb--aanndd--ssppookkee”” VVPPNN时时关关闭闭防防火火墙墙,,然然后后再再根根据据您您的的应应用用添添加加AACCLL。。
2 所有分支机构可以采用动态IP(Dynamic IP for All Branch Offices) 中心节点(Headquarter)采用静态IP,其他所有分支机构可以采用动态IP地址
2.1 网络拓扑(Network topology) 如下图连接网络
2.2 设置Branch A的IPSec VPN通道 创建VPN策略A_HUB,设置Branch A 到中心(Headquarter)的VPN通道
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 2
Branch A 到中心(Headquarter)VPN通道的规则如下: Configuration Parameters Value Comment Site-to-Site Selected Enable Selected Tunnel Name A_HUB Local Secure Group Subnet
192.168.21.0 255.255.255.0
Branch A的局域网
Remote Secure Group Any Remote Gateway IP Address
66.228.128.1 中心(Headquarter)网关的WAN IP
Local ID
E-Mail [email protected]
Remote ID None Preshared Key 1234
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 3
2.3 设置Branch B的IPSec VPN通道 创建VPN策略B_HUB,设置Branch B 到中心(Headquarter)的VPN通道
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 4
Branch B 到中心(Headquarter)VPN通道的规则如下 Configuration Parameters Value Comment Site-to-Site Selected Enable Selected Tunnel Name B_HUB Local Secure Group Subnet
192.168.22.0 255.255.255.0
Branch B的局域网
Remote Secure Group Any Remote Gateway IP Address
66.228.128.1 中心(Headquarter)网关的WAN IP
Local ID
E-Mail [email protected]
Remote ID None Preshared Key abcd
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 5
2.4 设置Branch C的IPSec VPN通道 创建VPN策略C_HUB,设置Branch C 到中心(Headquarter)的VPN通道
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 6
Branch C 到中心(Headquarter)VPN通道的规则如下 Configuration Parameters Value Comment Site-to-Site Selected Enable Selected Tunnel Name C_HUB Local Secure Group Subnet
192.168.23.0 255.255.255.0
Branch C的局域网
Remote Secure Group Any Remote Gateway IP Address
66.228.128.1 中心(Headquarter)网关的WAN IP
Local ID
E-Mail [email protected]
Remote ID None Preshared Key 5678
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 7
2.5 设置中心节点(Headquarter)的IPSec VPN通道 创建VPN策略HUB_A,设置中心(Headquarter)到Branch A 的VPN通道 创建VPN策略HUB_B,设置中心(Headquarter)到Branch B 的VPN通道 创建VPN策略HUB_C,设置中心(Headquarter)到Branch C 的VPN通道
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 8
中心(Headquarter)到Branch A VPN通道的规则如下: Configuration Parameters Value Comment Site-to-Site Selected Enable Selected Tunnel Name HUB_A Local Secure Group Any Remote Secure Group Subnet
192.168.21.0 255.255.255.0
Branch A的局域网
Remote Gateway Any 因为不知道Branch A的网关地
址,所以用Any标注Branch A的网关地址
Local ID None Remote ID E-Mail
[email protected] Branch A的ID
Preshared Key 1234
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 9
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 10
中心(Headquarter)到Branch B VPN通道的规则如下: Configuration Parameters Value Comment Site-to-Site Selected Enable Selected Tunnel Name HUB_B Local Secure Group Any Remote Secure Group Subnet
192.168.22.0 255.255.255.0
Branch B的局域网
Remote Gateway Any 因为不知道Branch B的网关地
址,所以用Any标注Branch A的网关地址
Local ID None Remote ID E-Mail
[email protected] Branch B的ID
Preshared Key abcd
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 11
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 12
中心(Headquarter)到Branch C VPN通道的规则如下: Configuration Parameters Value Comment Site-to-Site Selected Enable Selected Tunnel Name HUB_C Local Secure Group Any Remote Secure Group Subnet
192.168.23.0 255.255.255.0
Branch C的局域网
Remote Gateway Any 因为不知道Branch C的网关地
址,所以用Any标注Branch A的网关地址
Local ID None Remote ID E-Mail
[email protected] Branch C的ID
Preshared Key 5678
HUB AND SPOKE VPN
Copyright 2005, ASUSTeK Computer, Inc. Page 13
