Configuration Guide
144
Configuring VPN
Configuration Examples
5
Configuration Examples
5.1 Example for Configuring IPSec VPN
5.1.1 Network Requirements
A business requires a highly secure connection between one of the branch offices and the
head office. Thus we can build the site-to-site IPSec VPN tunnel between the branch office
and the head office to establish the virtual private connection.
5.1.2 Network Topology
As is shown below, computers in the branch office are connected to the banch office VPN
gateway router B via the LAN port, and the internal server group is connected to the head
office VPN gateway router A via the LAN port.
Figure 5-1 Site-to-Site IPSec VPN Topology
Router B
WAN IP: 20.20.20.1
LAN IP: 192.168.1.1
Router A
WAN IP: 30.30.30.1
LAN IP: 192.168.2.1
Branch Office
LAN: 192.168.1.0/24
Branch Office Gateway
Server Group
LAN: 192.168.2.0/24
Head Office Gateway
Internet
VPN Tunnel
5.1.3 Configuration Scheme
To meet the requirements, configure IPSec policy on Router A and Router B. (As the
network topology above shows, two VPN gateways are connected via the internet, so the
network mode should be configured as LAN-to-LAN.) Then verify whether the IPSec VPN
tunnel is established successfully.
The following section provides the configuration procedure.
5.1.4 Configuration Procedure
Follow the steps below to configure IPSec policy on Router A and Router B: