Vigor Router to Mikrotik – IPsec

公司是用一般住家當辦公司兩間辦公室距離遠拉專線又浪費錢,只好自已架IPsec VPN, 原面就有Vigor 2925n,買一台Mikrotik RouterOS 450G就可以將兩間辦公室串在一起共用資源,設定如下(很簡單,不難有問題可以問我):

clip_image002

一、Configuring the Mikrotik Router

1.  Create a new IPsec proposal: Go to IPsec

image

3、Proposal, and

4、add a new one.

5、Enter Name

6、 Select Auth. Algorithms as md5

7、 Select Encr. Algorithms as 3des.

8、 Click OK to save the configuration.

clip_image006

9、 Peer

10、 and add a new one.

11、 Enter Address as Draytek’s WAN IP.

12、 Select Auth. Method as pre shared key

13、 enter Secret. àmykey

14、 Hash Algorithm à md5

15、 Encryption Algorithm à 3ces.

16、 OK

17、 Policy configuration: Go to IPsec >> Policies,

18、 add a new one.

19、 In General Tab

20、 Enter Src. Address as Mikrotik’s LAN IP.

21、 Enter Dst. Address as DrayTek’s LAN IP.

clip_image008

22、 In Action Tab

23、 Enable Tunnel.

24、 Set SA Src. Address as Mikrotik’s WAN IP.

25、 Set SA Dst. Address as Draytek’s WAN IP.

26、 As for Proposal, select the Proposal we just created.

27、 Click OK to save the configuration.

clip_image010

NAT configuration:

28、 Go to IP

29、 Firewall

clip_image012

30、 NAT Table

31、 add a new rule. (Note: This rule must be the first rule in NAT Rules)

32、 In General Tab,

33、 Select Chain as srcnat.

34、 Set Dst. Address as the range of your destination network.

35、 Select Out. Interface as a WAN interface, here we use ether1.

clip_image014

36、In Action Tab:

37、Select Action as accept.

38、Click OK to save the configuration.

clip_image016

二、Configuring the Vigor Router

Create a LAN-to-LAN profile:

1、 VPN and Remote Access

2、 LAN to LAN.

3、 Click on an Index number to add a new profile.

clip_image018

4、 Enter Profile Name and Enable this profile.

5、 Select Call Direction as Dial-out.

6、 Always on

clip_image020

In Dial-Out Settings:

7、 Select Type of Sever I am calling as IPsec Tunnel.

8、 Enter Mikrotik’s Server IP or Host Name.

9、 For IKE Authentication Method, choose Pre-Shared Key and enter the key.

10、 For IPSEC Security Method, choose High(ESP), and select 3DES with Authentication.

11、 Click on Advanced for advanced setting.

clip_image022

12、 In IKE advances setttings: Select IKE phase 2 proposal as 3DES_MD5,

13、 click OK.

clip_image024

In TCP/IP Network Settings:

14、 Enter Remote Network IP as Mikrotik’s LAN IP.

15、 Click OK to save the configuration.

clip_image026

To check VPN connection status, Go to Advanced >> VPN and Remote Access >> Connection Management.

clip_image028

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。

這個網站採用 Akismet 服務減少垃圾留言。進一步瞭解 Akismet 如何處理網站訪客的留言資料

分類
BlogUpp!