The document discusses the setup and configuration of VPN and remote access services on a router, including:
1. Enabling VPN protocols like PPTP, IPSec, and L2TP and configuring NAT settings for a VPN server.
2. Configuring PPP settings like authentication, encryption, and IP address assignment for dial-in users.
3. Configuring IPSec IKE settings like authentication methods and security settings for remote dial-in users and LAN to LAN VPN tunnels.
4. Configuring profiles and settings for LAN to LAN VPN tunnels including common settings, dial-out settings, dial-in settings, and TCP/IP network settings.
The document discusses the setup and configuration of VPN and remote access services on a router, including:
1. Enabling VPN protocols like PPTP, IPSec, and L2TP and configuring NAT settings for a VPN server.
2. Configuring PPP settings like authentication, encryption, and IP address assignment for dial-in users.
3. Configuring IPSec IKE settings like authentication methods and security settings for remote dial-in users and LAN to LAN VPN tunnels.
4. Configuring profiles and settings for LAN to LAN VPN tunnels including common settings, dial-out settings, dial-in settings, and TCP/IP network settings.
The document discusses the setup and configuration of VPN and remote access services on a router, including:
1. Enabling VPN protocols like PPTP, IPSec, and L2TP and configuring NAT settings for a VPN server.
2. Configuring PPP settings like authentication, encryption, and IP address assignment for dial-in users.
3. Configuring IPSec IKE settings like authentication methods and security settings for remote dial-in users and LAN to LAN VPN tunnels.
4. Configuring profiles and settings for LAN to LAN VPN tunnels including common settings, dial-out settings, dial-in settings, and TCP/IP network settings.
The document discusses the setup and configuration of VPN and remote access services on a router, including:
1. Enabling VPN protocols like PPTP, IPSec, and L2TP and configuring NAT settings for a VPN server.
2. Configuring PPP settings like authentication, encryption, and IP address assignment for dial-in users.
3. Configuring IPSec IKE settings like authentication methods and security settings for remote dial-in users and LAN to LAN VPN tunnels.
4. Configuring profiles and settings for LAN to LAN VPN tunnels including common settings, dial-out settings, dial-in settings, and TCP/IP network settings.
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1of 4
VPN and Remote Access >> Remote Access Control Setup
Remote Access Control Setup
Enable PPTP VPN Service
Enable IPSec VPN Service
Enable L2TP VPN Service
Note: If you intend running a VPN server inside your LAN, you should uncheck the appropriate protocol above to allow pass-through, as well as the appropriate NAT settings.
VPN and Remote Access >> PPP General Setup
PPP General Setup PPP/MP Protocol Dial-In PPP Authentication PAP or CHAP
Dial-In PPP Encryption(MPPE) Optional MPPE
Mutual Authentication (PAP) Yes No Username
Password
IP Address Assignment for Dial-In Users (When DHCP Disable set)
Assigned IP start LAN 1 192.168.1.200
LAN 2 192.168.2.200
LAN 3 192.168.3.200
LAN 4 192.168.4.200
VPN and Remote Access >> IPSec General Setup
VPN IKE/IPSec General Setup Dial-in Set up for Remote Dial-in users and Dynamic IP Client (LAN to LAN). IKE Authentication Method Pre-Shared Key
Confirm Pre-Shared Key
IPSec Security Method
Medium (AH)
Data will be authentic, but will not be encrypted. High (ESP) DES 3DES AES Data will be encrypted and authentic.
VPN and Remote Access >> IPSec Peer Identity
1230
Profile Index : 1 Profile Name CSL
Enable this account
Accept Any Peer ID
Accept Subject Alternative Name Type IP Address
IP 1.1.1.1
Accept Subject Name Country (C)
State (ST)
Location (L)
Orginization (O)
Orginization Unit (OU)
Common Name (CN)
Email (E)
VPN and Remote Access >> Remote Dial-in User
Index No. 1 User account and Authentication Enable this account Idle Timeout 300 second(s)
Allowed Dial-In Type
PPTP IPSec Tunnel L2TP with IPSec Policy None
Specify Remote Node Remote Client IP or Peer ISDN Number 1.1.1.1
or Peer ID Netbios Naming Packet Pass Block Username ???
Password
Enable Mobile One-Time Passwords(mOTP) PIN Code
Secret
IKE Authentication Method Pre-Shared Key
********
Digital Signature(X.509) None
IPSec Security Method Medium(AH) Multicast via VPN Pass Block (for some IGMP,IP-Camera,DHCP Relay..etc.)
Subnet LAN 1
Assign Static IP Address 0.0.0.0
High(ESP) DES 3DES AES Local ID (optional)
VPN and Remote Access >> LAN to LAN
Profile Index : 1 1. Common Settings Profile Name CSL
Enable this profile
VPN Dial-Out Through WAN1 Only
Netbios Naming Packet Pass Block Multicast via VPN Pass Block (for some IGMP,IP-Camera,DHCP Relay..etc.) Call Direction Both Dial-Out Dial-in Always on Idle Timeout 0 second(s) Enable PING to keep alive PING to the IP 172.16.16.254
2. Dial-Out Settings Type of Server I am calling PPTP IPSec Tunnel L2TP with IPSec Policy None
Server IP/Host Name for VPN. (such as draytek.com or 123.45.67.89) 1.1.1.1
Username
Password
PPP Authentication PAP/CHAP
VJ Compression On Off
IKE Authentication Method Pre-Shared Key
**********
Digital Signature(X.509) Peer ID None
Local ID Alternative Subject Name First Subject Name First
IPSec Security Method Medium(AH) High(ESP) AES with Authentication
Index(1-15) in Schedule Setup: , , , 3. Dial-In Settings Allowed Dial-In Type PPTP IPSec Tunnel L2TP with IPSec Policy None
Specify Remote VPN Gateway
Peer VPN Server IP
1.1.1.1
or Peer ID
Username ???
Password
VJ Compression On Off
IKE Authentication Method Pre-Shared Key
*********
Digital Signature(X.509) None
Local ID Alternative Subject Name First Subject Name First
IPSec Security Method Medium(AH) High(ESP) DES 3DES AES Enable IPSec Dial-Out function GRE over IPSec Logical Traffic My GRE IP Peer GRE IP 4. TCP/IP Network Settings My WAN IP 2.2.2.2
Remote Gateway IP 1.1.1.1
Remote Network IP 172.16.16.0
Remote Network Mask 255.255.240.0
Local Network IP 192.168.1.1
Local Network Mask 255.255.255.0
RIP Direction Disable
From first subnet to remote network, you have to do
Route
Change default route to this VPN tunnel ( Only single WAN supports this )