1. Please specify a Policy Name. The ‘Policy Name’ is for your reference only.
2. Please select the correct IKE Policy, which in this case is the IKE policy Name we just created.
3. Please specify the ‘Remote VPN Endpoint’ as the Remote WAN’s IP address.
4. Please select and check IPSec PFS and select Group 1 (768 Bit) for the PFS Key Group.
5. Please specify the ‘Local IP’ under ‘Traffic Selector’ as ‘Subnet Address’ and specify the Local LAN IP and Mask address of the FVL328 accordingly.
6. Please specify the ‘Remote IP’ under ‘Traffic Selector’ as ‘Subnet Address’ and specify the Remote LAN IP and Mask address if a router is used on the remote site and the WAN IP and Mask Address if the Remote is connected directly to the Internet without a Router.
7. Now, we will check and enable Encryption, and Authentication. under ESP Configuration.
8. Please specify ‘Encryption Algorithm’ as ‘DES,’ and ‘Authentication Algorithm’ as ‘MD5.’

1. The above screen shot displays the logs and the IPSec and IKE SA that is displayed when a VPN Tunnel is established successfully.

返回

1. Start.
2. Control Panel.
3. Administrative Tools.
4. Local Security Policy.

1. Right click on IP Security Policies on Local Machine.
2. Select and click on Create IP Security Policy.

1. Select ‘Add.’

1. Select ‘Add.’

返回

1. Please set the IP address accordingly.

• Example: IP address is the WAN IP of the w2k system (206.135.38.247).
• The Subnet mask is set to broadcast.

1. Please set the IP address accordingly.

• Example: IP address is the LAN IP (192.168.10.11) of a workstation of the LAN and not that of the LAN IP of the FVL328
• The Subnet mask is set to broadcast.
• Please check ‘Mirrored.’
• Select ‘OK

Filter Action Properties

Q. Please select ‘Add.’

Filter Action Name for W2k_FVL328

R. Specify the Name as ‘w2k_fvl328.’ The description we entered for description only as ‘Filter Action from w2k to the fvl328.’

1. Select ‘Next.’

Filter Action for W2k_FVL328

S. Please select ‘Negotiate Security’ and then select ‘Next.’

Filter Action for W2k_FVL328

T. Please select ‘Do not communicate with computers that do not support IPSec.’

1. Select ‘Next.’

W2k_FVL328 Security Method

U. Please select High (Encapsulated Secure Payload) Data will be encrypted, authenticated, and modified.

1. Select ‘Next.’

返回

W2k_FVL328 Security Method Properties

V. We should now be at the New Rule Properties with w2k_fvl328 checked under ‘Filter Action.’

1. Double click on the w2k_fvl328 Filter Action Rule.
2. w2k_fvl328 properties is displayed as above.
3. Please make sure that ‘Accept unsecured communication, but always respond using IPSec’ is checked, and that ‘Session key_Perfect Forward Secrecy’ is checked also.
4. Select ‘OK

W2k_FVL328 Connection Type

W. Please select ‘Connection Type’ and make sure that ‘All network connections’ is selected.

1. Select ‘Apply.’

W2k_FVL328 Tunnel Setting

X. Please select ‘Tunnel Setting” and select ‘The tunnel endpoint is specified by this IP Address.’ Please enter the IP Address of the WAN of the FVL328 (in this case: 206.135.38.248).

1. Select ‘Apply.’

W2k_FVL328 Authentication Methods

Y. Please select ‘Authentication Methods’ and highlight ‘Kerberos’ and select ‘Add.’

W2k_FVL328 Authentication Method Properties

Z. Please select ‘Use the string to protect the key exchange (preshared key).’

1. Type the following digits: 123456789 (I use these digits as an example and for testing purposes only. You may use a different digit format).
2. Select ‘OK.’

返回

W2k_FVL328 Authentication Method Main Display after configuration

Z1. The display above is a display of the Authentication Method once it is configured.

1. Select ‘OK.’

W2k_FVL328 Properties

Z2. We will now create the Security Policy from the FVL328 to the W2k. A Security Policy is needed from both directions in-order to establish successfully.

1. Select ‘Add.’

IP Filter List Creation for FVL328_W2k

Z3. Please be sure that ‘New IP Filter List’ is checked and then select ‘Add.’

返回

IP Filter List for FVL328_W2k

Z4. Specify the Name as ‘fvl328_w2k.’ The description we entered for description only as ‘IP Filter List from fvl328 to the w2k.’

1. Select ‘Add.’

Z5. The Source address is set to ‘A specific IP Address.’

1. Please set the IP address accordingly.

• 1.Example : IP address is the LAN IP (192.168.10.11) of a workstation of the LAN and not that of the LAN IP of the FVL328.
• 2.The Subnet mask is set to broadcast (255.255.255.255).

Z6. The Destination address is set to ‘A specific IP Address.’

         2.  Please set the IP address accordingly.

• Example: IP Address is the WAN IP (206.135.38.247) of the W2k system
• The Subnet mask is set to broadcast (255.255.255.255).
• Please check ‘Mirrored.’
• Select ‘OK.’

IP Filter List after creation for FVL328_W2k

Z7. Select ‘Close.’

New Rule Properties for the FVL328_W2k

Z8. Please select fvl328_w2k in the IP Filter List and then select the ‘Filter Action’ tab.

返回

Filter Action Properties for FVL328_W2k

Z8. Please select w2k_fvl328 and proceed to the ‘Connection Type’ tab and select ‘All network connections.’(We will use the w2k_fvl328 configuration for all the authentication methods. They are the same both ways). Proceed to ‘Tunnel Setting.’

Tunnel Setting for FVL328_W2k

Z9. Please select ‘The tunnel endpoint is specified by this IP Address and specify the WAN IP (206.135.38.247) address of the W2k system.

1. Select the ‘Authentication Methods’ tab.

Authentication Methods for FVL328_W2k

Z10. Please highlight ‘Kerberos’ and select ‘Add.’

Authentication Method Properties for FVL328_W2k

Z11. Please select ‘Use this string to protect the key exchange (preshared key)’ and input the following digits: 123456789.

1. Select ‘OK.’

返回

Authentication Method Main display for FVL328_W2k

Z12. Select ‘OK.’