beautypg.com

Amer Networks E5Web GUI User Manual

Page 576

background image

internal network and handed out to a client.

Use a new address range that is totally different to any internal network. This prevents
any chance of an address in the range also being used on the internal network.

2.

Define two other IP objects:

wan_ip which is the external public IPv4 address through which clients connect (assume
this is on the wan interface).

lan_ip which is the internal IP address of the interface to which the internal network is
connected (let's call this interface lan).

3.

Define a Pre-shared Key for the IPsec tunnel.

4.

Define an IPsec Tunnel object (let's call this object ipsec_tunnel) with the following
parameters:

Set Local Network to wan_ip (specify all-nets instead if cOS Core is behind a NATing
device).

Set Remote Network to all-nets.

Set Remote Endpoint to none.

For Authentication select the Pre-shared Key object defined in the first step.

Set Encapsulation Mode to Transport.

Select the IKE and IPsec algorithm proposal lists to be used.

Disable the IPsec tunnel routing option Dynamically add route to the remote network
when tunnel established.

When all-nets is the destination network, as is the case here, the advanced setting option
Add route for remote network must also be disabled. This setting is enabled by
default.

5.

Define an PPTP/L2TP Server object (let's call this object l2tp_tunnel) with the following
parameters:

Set Inner IP Address to lan_ip.

Set Tunnel Protocol to L2TP.

Set Outer Interface Filter to ipsec_tunnel.

Set Outer Server IP to wan_ip.

Select the Microsoft Point-to-Point Encryption allowed. Since IPsec encryption is used
this can be set to be None only, otherwise double encryption will degrade throughput.

Set IP Pool to l2tp_pool.

Enable Proxy ARP on the lan interface to which the internal network is connected.

Make the interface a member of a specific routing table so that routes are automatically
added to that table. Normally the main table is selected.

6.

For user authentication:

Define a Local User DB object (let's call this object TrustedUsers).

Chapter 9: VPN

576

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: