background image

How To establish an IPSec VPN tunnel with LB-2 VPN 

Property of HotBrick — 2005 

10 

 

Figure 12 - Logs with tunnel established in Site A

 

   

Figure 13 - Logs with tunnel established in Site B

 

Summary of Contents for LB-2

Page 1: ...Firewall HotBrick LB 2 How To LB 2 IPSec Tunnel Setup Guide ...

Page 2: ...VPN tunnel between two LB 2s with VPN Note The LB 2 must have the VPN upgrade to establish an IPSec Tunnel This will also help you setup an IPSec Tunnel if you have an LB 2 VPN with license key Please upgrade your LB 2 VPN to the latest version by going to our website and clicking on the Downloads link http hotbrick com support asp IPsec Tunnel between two LB 2 VPN Figure 1 LB 2 site to site tunne...

Page 3: ... Encryption Method 3DES Phase 1 Authentication Method MD5 Phase 1 SA Lifetime 28800 8 Once you have selected the Global Parameters then hit Submit 9 The LB 2 will be restarted and refreshed to save the settings 10 After the settings are refreshed click on Policy Setup 11 Under IPSec Traffic Binding input a name for Tunnel Name In Figures 3 and 4 below we have the tunnel name LB2VPN 12 Make sure yo...

Page 4: ...How To establish an IPSec VPN tunnel with LB 2 VPN Property of HotBrick 2005 4 Figure 3 IPSec Traffic Binding for Site A Figure 4 IPSec Traffic Binding for Site B ...

Page 5: ...or Remote Security Network for Remote Type select Subnet 20 The IP address must again reflect the entire subnet In Figure 3 the remote security network for Site B is 10 1 1 0 In Figure 4 the remote security network for Site A its 192 168 2 0 21 For the Remote Security Gateway the gateway type is IP Address The IP address is the WAN1 IP address of the remote site Site B 22 Under Security Level the ...

Page 6: ... enable it or not In our example we have used DH Group 2 1024 bit 28 The Preshared Key must be characters and or hexadecimal units The preshared key entered in our example is hotbrick 29 The Key life time can be set in seconds with zero indicating no expirations In our example we used 28800 seconds or eight hours 30 For the service In Volume we left the default 0 Kbytes 31 If Manual Key was chosen...

Page 7: ...e we have selected DPD RFC 3706 Under Action it is important that you select Keep Tunnel Alive 36 Under Options you can enable NetBIOS Broadcast to be able to send NetBIOS traffic through the tunnel Also enable Auto Triggered to always reconnect the tunnel if the tunnel happens to drop 37 When you are finished click Set This will take you back to the Policy Setup page then scroll down to the botto...

Page 8: ...nnel with LB 2 VPN Property of HotBrick 2005 8 Figure 9 IPSec Policy Option for Site B Figures 10 and 11 show the tunnel established under Policy Setup Figures 11 and 12 show the log with all the phases of the IPSec tunnel established ...

Page 9: ...How To establish an IPSec VPN tunnel with LB 2 VPN Property of HotBrick 2005 9 Figure 10 Site A tunnel established Figure 11 Site B tunnel established ...

Page 10: ...How To establish an IPSec VPN tunnel with LB 2 VPN Property of HotBrick 2005 10 Figure 12 Logs with tunnel established in Site A Figure 13 Logs with tunnel established in Site B ...

Page 11: ... available MD5 and SHA1 Secure Hash Algorithm Phase 1 SA Life Time By default the Security Association lifetime is set at 28800 Sec Maxtime to complete phase 1 Aim of phase 1 is to authenticate and establish a secure tunnel which will protect further IKE negotiation The maximum time default is 30 Sec Maxtime to complete phase 2 Maximum time to establish the IPSec SAs By default the maximum time is...

Page 12: ...Select either remote side domain name or remote side IP address WAN IP Address as your remote side security gateway Security Level Encryption Method It specifies the encryption method to use Data encryption makes the data unreadable if intercepted There are 3 encryption methods available DES 3DES and AES The default is null Authentication This specifies the packet authentication mechanism to use P...

Page 13: ... Keep Alive This is to help maintain the IPSec connection tunnel It can be reestablished immediately if a connection is dropped Anti Replay This mechanism works by keeping track of the sequence numbers in packets as they arrive Passive Mode When enabled your PC establishes the data connection Check ESP Pad When checked this will enable ESP Encapsulating Security Payload padding Allow Full ECN Enab...

Reviews: