Compatible Systems 2 Manual De Usuario
48
Chapter 6 - Basic Configuration Guide
Configuring the Server for LAN-to-LAN Tunnels
This section configures VPN tunnel parameters and defines a virtual port
for LAN-to-LAN tunnel traffic. It assumes that you have already
assigned IP addresses to the Ethernet interface(s), and set up static
routes, as shown in
for LAN-to-LAN tunnel traffic. It assumes that you have already
assigned IP addresses to the Ethernet interface(s), and set up static
routes, as shown in
v Note: VPN Ports are only used for LAN-to-LAN tunnels. VPN Client
tunnels do not use VPN Ports. LAN-to-LAN tunneling requires that
you set parameters for a VPN port on each end of a tunnel, so you
must repeat the following steps on the remote end.
you set parameters for a VPN port on each end of a tunnel, so you
must repeat the following steps on the remote end.
1. Add a VPN Port.
Use the configure command to add a VPN Port.
Example
configure VPN Port 0
VPN Port(0) does not exist, do you wish to add it to the
config? y
2. Set up the Tunnel Partner.
Once you have created a VPN port, you need to provide some informa-
tion about the remote Tunnel Partner and specify how tunnels will be set
up.
tion about the remote Tunnel Partner and specify how tunnels will be set
up.
Use configure and set keywords in the Tunnel Partner VPN port
number section (this will be the number of the port you just created).
number section (this will be the number of the port you just created).
Partner-Specifies the IP address of the remote Tunnel Partner with
which this VPN port will communicate via the tunnel. This
will be an interface on the remote router which has been set to
route IP and will also be the remote VPN port’s BindTo inter-
face.
will be an interface on the remote router which has been set to
route IP and will also be the remote VPN port’s BindTo inter-
face.
BindTo-This specifies which interface on this device will act as the
end point for the tunnels defined by this configuration. Packets
sent from this device to the remote Tunnel Partner will use this
interface's IP address as a source address. If you are using both
Ethernet ports, then the BindTo interface should be set to
Ethernet 1. For single Ethernet setups, it should be Ethernet 0.
sent from this device to the remote Tunnel Partner will use this
interface's IP address as a source address. If you are using both
Ethernet ports, then the BindTo interface should be set to
Ethernet 1. For single Ethernet setups, it should be Ethernet 0.
KeyManage-Sets how the tunnel will be set up.
If Auto key management is specified, IKE will be used to
allow two devices to negotiate between themselves which
encryption and authentication methods will be used for the
tunnel.
allow two devices to negotiate between themselves which
encryption and authentication methods will be used for the
tunnel.