- FVL328与Windows 2000 自带 VPN 客户端的连接配置过程
-
发布时间:2010-11-08 13:15:08
发布时间:2010-11-08 13:15:08
The following will walk you through configuring the FVL328 and Windows 2000 Prof/Server and XP for VPN.
Wednesday, August 31, 2005
ROUTER STATUS
A. Please obtain the following information for Proper VPN configuration.
IKE POLICY
B. Proceed and select ‘ADD.’
IKE POLICY CONFIGURATION
Cont.
C.IKE Policy Configuration
VPN Policies
D. Please select ‘Add Auto Policy.’ The Policy in this screen shot is what the policy will look like after we configure the policy.
AUTO VPN POLICY CONFIGURATION
E. Auto VPN policy
VPN STATUS
F. VPN Status
Windows 2000, XP Local Security Settings
G. Local Security Policy is located at:
H. Local Security Settings.
IP Security Policy Wizard
I. Uncheck to ‘Activate the default response rule.’
IP Security Policy Name
J. Enter a ‘Name’ for the Policy, for example: “w2k_fvl328.”
K. The Description above was entered for Policy Description only and it states:
“Tunnel settings from the W2k to the FVL328.”
W2k_FVL328 Policy
L. Now we will create an IP security Rule for each tunnel one at a time as follows.
New Rule Properties for W2k_FVL328
M. Please select ‘New IP Filter List’ and Select ‘Add.’
IP Filter List for W2k_FVL328
N. Specify the Name as ‘w2k_fvl328.’ The description we entered for description only as ‘IP Filter List from w2k to the fvl328.’
IP Filter List Properties for W2k_FVL328
O. The Source address is set to ‘A specific IP Address.’
P. The Destination address is set to ‘A specific IP Address.’
Filter Action Properties
Q. Please select ‘Add.’
Filter Action Name for W2k_FVL328
R. Specify the Name as ‘w2k_fvl328.’ The description we entered for description only as ‘Filter Action from w2k to the fvl328.’
Filter Action for W2k_FVL328
S. Please select ‘Negotiate Security’ and then select ‘Next.’
Filter Action for W2k_FVL328
T. Please select ‘Do not communicate with computers that do not support IPSec.’
W2k_FVL328 Security Method
U. Please select High (Encapsulated Secure Payload) Data will be encrypted, authenticated, and modified.
W2k_FVL328 Security Method Properties
V. We should now be at the New Rule Properties with w2k_fvl328 checked under ‘Filter Action.’
W2k_FVL328 Connection Type
W. Please select ‘Connection Type’ and make sure that ‘All network connections’ is selected.
W2k_FVL328 Tunnel Setting
X. Please select ‘Tunnel Setting” and select ‘The tunnel endpoint is specified by this IP Address.’ Please enter the IP Address of the WAN of the FVL328 (in this case: 206.135.38.248).
W2k_FVL328 Authentication Methods
Y. Please select ‘Authentication Methods’ and highlight ‘Kerberos’ and select ‘Add.’
W2k_FVL328 Authentication Method Properties
Z. Please select ‘Use the string to protect the key exchange (preshared key).’
W2k_FVL328 Authentication Method Main Display after configuration
Z1. The display above is a display of the Authentication Method once it is configured.
W2k_FVL328 Properties
Z2. We will now create the Security Policy from the FVL328 to the W2k. A Security Policy is needed from both directions in-order to establish successfully.
IP Filter List Creation for FVL328_W2k
Z3. Please be sure that ‘New IP Filter List’ is checked and then select ‘Add.’
IP Filter List for FVL328_W2k
Z4. Specify the Name as ‘fvl328_w2k.’ The description we entered for description only as ‘IP Filter List from fvl328 to the w2k.’
Z5. The Source address is set to ‘A specific IP Address.’
Z6. The Destination address is set to ‘A specific IP Address.’
2. Please set the IP address accordingly.
IP Filter List after creation for FVL328_W2k
Z7. Select ‘Close.’
New Rule Properties for the FVL328_W2k
Z8. Please select fvl328_w2k in the IP Filter List and then select the ‘Filter Action’ tab.
Filter Action Properties for FVL328_W2k
Z8. Please select w2k_fvl328 and proceed to the ‘Connection Type’ tab and select ‘All network connections.’(We will use the w2k_fvl328 configuration for all the authentication methods. They are the same both ways). Proceed to ‘Tunnel Setting.’
Tunnel Setting for FVL328_W2k
Z9. Please select ‘The tunnel endpoint is specified by this IP Address and specify the WAN IP (206.135.38.247) address of the W2k system.
Authentication Methods for FVL328_W2k
Z10. Please highlight ‘Kerberos’ and select ‘Add.’
Authentication Method Properties for FVL328_W2k
Z11. Please select ‘Use this string to protect the key exchange (preshared key)’ and input the following digits: 123456789.
1. Select ‘OK.’
Authentication Method Main display for FVL328_W2k
Z12. Select ‘OK.’
w2k_fvl328 & fvl328_w2k IP Security Rules main
Z13. Please select the ‘General’ tab. It is not important which IP Security Rule is selected (but please makesure that both are checked) at this point.
w2k_fvl328 General Properties.
Z14. Please select ‘Advanced.’
w2k_fvl328 General/Key Exchange Settings
Z15. Please select ‘Methods.’
W2k_fvl328 Key Exchange Security Method
Z16. Please move up the correct Security Method Preference, which is the following:
Type = IKE
Encryption = DES
Integrity = MD5
Ditfie-Hellman Group = Low (1)
Key Exchange Security Method Main
Z17. The above is the correct Security Method preference order.
Z18. Please select ‘OK, OK, Close.’
Local Security Settings Main
Z19. Please highlight the ‘w2k_fvl328’ Policy and right click on the policy and highlight ‘Assign.’
Local Security Settings Main
Z20. Once the w2k_fvl328 is assigned, the ‘Policy Assigned’ becomes ‘yes.’
Z21. Proceed to MS-DOS and ping the Workstation IP Address (192.168.10.11) specified in the VPN configuration.
Ping Command on the W2k system
Z22. Above we have pinged the LAN IP of the workstation on the FVL328. The replies indicate successful establishment.
FVL328 VPN Status with Success
Revised 04/08/03