Chapter 4 – Configuration Examples
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)
36
Example 2 – Remote Client-to-LAN VPN Configuration
The VPN function to setup your RouteFinder so that your network allows a remote client to have access to the LAN through
a secure tunnel on the Internet. Your RouteFinder includes an easy-to-use IPSec VPN client connection that transparently
secures your Internet communications anytime, anywhere. This example shows the setup to allow a remote client to see a
LAN, where the remote client is using SSH Sentinel.
The example shows how to configure a Remote Client-to-LAN setup. For details about this and other setups, refer to the
RF660VPN Setup Examples Reference Guide, which is available on the CD included with your RouteFinder and on the
Multi-Tech Systems, Inc. Web site at
http://www.multitech.com/DOCUMENTS
.
This setup requires:
•
one RF660VPN at the home office and
•
a remote client with SSH Sentinel software.
For the SSH Sentinel Client Setup at the remote site, see the separate SSH Sentinel Guide.
SSH Sentinel Client Accessing LAN Through
RF660VPN RouteFinder (Input these
parameters on the RF660VPN in the home
office).
1. Domain name = Sentinel
2. Public Class C = 204.26.122.x
3. Networks & Services > Network
LAN: 192.168.2.0 – 255.255.255.0
Sentinel_Client: 204.26.122.50 –
255.255.255.255
4. Network Setup > Interface
Default gateway = 204.26.122.1
Host name = RF660VPN.Site-A.com
Eth0 = LAN, 192,168.2.1, 255.255.255.0
Eth1 = WAN, 204.26.122.103, 255.255.255.0
Eth2 = DMZ (don’t care)
5a. Packet Filters > Packet Filter Rules (remote
client static IP)
LAN – ANY – ANY – Accept
Sentinel – ANY – ANY – Accept
5b. Packet Filter > Packet Filter Rules (remote
client dynamic IP)
ANY – ANY – ANY – Accept
6. VPN > IPSec
Check and Save VPN Status
Add an IKE connection:
Connection name = Sentinel
Check Perfect Forward Secrecy
Authentication Method = Secret
Enter secret key (must be same both sides)
Select Encryption = 3DES
Local Interface = WAN
Local LAN Subnet = LAN
Remote IP = Sentinel_Client (remote client
static IP)
Remote IP = Any (remote client dynamic IP)
Remote Subnet = None
UID = Disable