|
lan to lan with ipsec tunnel aggressive mode(vigor to vigor)
vigor to vigor with ipsec tunnel
at the head office (vpn server):
1.common settings:
a.enter a profile name.
b.select "enable this profile".
c.select "dial-in" and set the idle timeout to "0" to keep this tunnel open until terminated by the remote site.
3.dial-in settings:
a.tick "ipsec tunnel".
b.tick "specify remote vpn geteway".
c.enter the peer id (you may use ip address, email, or a string as the peer id).
d.enter the code for ike pre-shared key.
e.select an ipsec security method: medium (ah) or high (esp).
4.tcp/ip network settings:
enter remote network ip and remote network mask.
from main menu, select system management > vpn connection management, and check the connection status for a dial-in connection (from the branch office/tele-worker).
at the branch office/tele-worker (vpn client):
1.common settings:
a.enter a profile name.
b.select "enable this profile".
c.select "dial-out" and set the idle timeout to "0" to keep this tunnel open until terminated by the remote site.
if always on is selected, select "enable ping to keep alive" and type a remote network ip in "ping to the ip", and vigor will try to reconnect to this remote ip if the tunnel is broken.
2.dial-out settings:
a.tick "ipsec tunnel"
b.enter the ip address or the host name of the head office.
c.enter the code for ike pre-shared key.
d.select an ipsec security method: medium (ah) or high (esp).
e.click "advance". enable "aggressive mode" and enter local id (you may use ip address, email, or a string as the local id).
4.tcp/ip network settings:
enter remote network ip and remote network mask.
from main menu, select system management > vpn connection management, and check the connection status for a dial-out connection (to the head office).
|