Инструкция для ASUS sl1000

UB AND

POKE

VPN

Page

UB AND

POKE

VPN

Release Date: 2005/6/29

1 Introduction

This application note details the steps for creating VPN tunnels based on “hub and spoke” topology between
ASUS Internet Security Routers. All settings and screen dumps contained in this application note are taken from
ASUS Internet Security Routers running firmware 1.1.68A.410. However, the instructions are applicable to newer
firmware as well.

In the "hub and spoke" VPN topology, all branch offices connect to the central office and each office is able to
connect to resources on the central network, as well as other offices, by going through their local VPN gateway to
link to the central office.

Note

It is recommended that you disable firewall initially to simplify the configuration procedure
when setting up “hub-and-spoke” VPN. You can then create proper ACL rules based on
secure requirement in your network.

2 Dynamic IP for All Branch Offices

This topology allows all branch offices to use dynamic IP to construct a fully meshed VPN networks. Note that
only the headquarter requires static IP.

2.1 Network

Setup

Connect all the devices as indicated in Figure 2.1. You may change the IP address, subnet mask and default
gateway IP address of any device to match your true network environment.

WAN: 66.228.128.1
LAN: 192.168.1.0/24

PC2

192.168.22.10

PC1

192.168.21.10

PC3

192.168.23.10

WAN: dynamic IP
LAN: 192.168.23.0/24

WAN: dynamic IP
LAN: 192.168.21.0/24

WAN: dynamic IP
LAN: 192.168.22.0/24

Branch C

Branch A

Branch B

Headquarter

Server

192.168.1.20

Internet

Figure 2.1. Network Toppology Diagram – Dynamic IP for All Branch Offices