HOW to Setup VPN IPsec Between DSR-Series FW.2.x
Step 1 – Setup WAN port setup DSR1
Network > WAN1 Settings
Step 2 – Here you will need to select the ISP Connection Type
Wan1 Setup:
Connection Type: Static IP (In our example it was set as static)
IP Address: 1.1.1.1
IP Subnet Mask: 255.0.0.0
Domain Name System (DNS) Servers
Primary DNS Server: 8.8.8.8 (Google DNS)
Secondary DNS Server: 8.8.4.4 (Google DNS)
Click on “Save”
Step 3 – Setup LAN Configuration DSR1
Network > LAN Settings
Step 4 – Enter an IP address for the LAN interface and DHCP Server
In our example we have given the IP: 192.168.10.1
IP Address Setup:
IP Address: 192.168.10.1
Subnet Mask: 255.255.255.0
DHCP Setup:
DHCP Mode: DHCP Server
Starting IP Address: 192.168.10.2
Ending IP Address: 192.168.10.254
Default Gateway: 192.168.10.1
Click on “Save”
Step 4 – Setup WAN port setup DSR2
Network > WAN1 Settings
Step 5 – Here you will need to select the ISP Connection Type
Wan1 Setup:
Connection Type: Static IP (In our example it was set as static)
IP Address: 1.1.1.1
IP Subnet Mask: 255.0.0.0
Domain Name System (DNS) Servers
Primary DNS Server: 8.8.8.8 (Google DNS)
Secondary DNS Server: 8.8.4.4 (Google DNS)
Click on “Save”
Step 6 – Setup LAN Configuration DSR2
Network > LAN Settings
Step 7 – Enter an IP address for the LAN interface and DHCP Server
In our example we have given the IP: 192.168.10.1
IP Address Setup:
IP Address: 192.168.20.1
Subnet Mask: 255.255.255.0
DHCP Setup:
DHCP Mode: DHCP Server
Starting IP Address: 192.168.20.2
Ending IP Address: 192.168.20.254
Default Gateway: 192.168.20.1
Click on “Save”
VPN IPsec Setup – DSR1:
Step 8 – You will now need to setup an IPsec Policy
VPN > Policies
Step 9 – Click “Add New IPSec Policy” to configure a new IPsec Policy
IPSec Policy Configuration
General
Policy Name: VPN1
Policy Name: Auto Policy
IP Protocol Version: IPv4
IKE Version: IKEv1
L2TP Version: None
IPSec Model Tunnel Model
Select Local Gateway: Dedicated WAN
Remote Endpoint: 2.2.2.2
Enable DHCP: Off
Local IP: Subnet
Local Start IP Address: 192.168.10.1 (LAN IP Address of DSR1)
Local Subnet Mask: 255.255.255.0
Remote IP: Subnet
Remote Start IP Address: 192.168.20.1
Remote Subnet Mask: 255.255.255.0
Enable Keepalive: Off
Phase 1 (IKE SA Parameters)
Exchange Mode: Main
Direction Type: Both
Nat traversal: On
NAT Keep Alive Frequency: 20
Remote Identifier Type: Local Wan IP
Remote Identifier Type: Remote Wan IP
Encryption Algorithm
DES: On 3DES: On
AES-128: On AES-192: On
AES-256: On
BLOWFISH: Off
CAST128: Off
Authentication Algorithm
MD5: On SHA-1: On
SHA2-256: Off SHA2-384: Off
SHA2-512: Off
Authentication Method: Pre-Shared Key
Pre-Shared Key: sharedkey
Diffie-Hellman (DH) Group: Group: Group 2 (1024 bit)
SA-Lifetime: 28800
Enable Dead Peer Detection: Off
Extended Authentication: None
Phase2 – (Auto Policy Parameters)
SA Lifetime: 3600 Seconds
Encryption Algorithm
DES: On None: Off
3DES: On AES-128: On
AES-192: On AES-256: On
TWOFISH (128): Off TWOFISH (192): Off
TWOFISH (256): Off
BLOWFISH: Off
CAST128: Off
Integrity Algorithm
MD5: On SHA1: On
SHA2-224: Off SHA2-256: Off
SHA2-384: Off SHA2-512: Off
PFS Key Group: Off
Click “Save”
VPN IPsec Setup – DSR2:
Step 10 – You will now need to setup an IPsec Policy for the second DSR
VPN > Policies
Step 11 – Click “Add New IPSec Policy” to configure a new IPsec Policy
IPSec Policy Configuration
General
Policy Name: VPN2
Policy Name: Auto Policy
IP Protocol Version: IPv4
IKE Version: IKEv1
L2TP Version: None
IPSec Model Tunnel Model
Select Local Gateway: Dedicated WAN
Remote Endpoint: 2.2.2.2
Enable DHCP: Off
Local IP: Subnet
Local Start IP Address: 192.168.10.1 (LAN IP Address of DSR1)
Local Subnet Mask: 255.255.255.0
Remote IP: Subnet
Remote Start IP Address: 192.168.20.1
Remote Subnet Mask: 255.255.255.0
Enable Keepalive: Off
Phase 1 (IKE SA Parameters)
Exchange Mode: Main
Direction Type: Both
Nat traversal: On
NAT Keep Alive Frequency: 20
Remote Identifier Type: Local Wan IP
Remote Identifier Type: Remote Wan IP
Encryption Algorithm
DES: On 3DES: On
AES-128: On AES-192: On
AES-256: On
BLOWFISH: Off
CAST128: Off
Authentication Algorithm
MD5: On SHA-1: On
SHA2-256: Off SHA2-384: Off
SHA2-512: Off
Authentication Method: Pre-Shared Key
Pre-Shared Key: sharedkey
Diffie-Hellman (DH) Group: Group: Group 2 (1024 bit)
SA-Lifetime: 28800
Enable Dead Peer Detection: Off
Extended Authentication: None
Phase2 – (Auto Policy Parameters)
SA Lifetime: 3600 Seconds
Encryption Algorithm
DES: On None: Off
3DES: On AES-128: On
AES-192: On AES-256: On
TWOFISH (128): Off TWOFISH (192): Off
TWOFISH (256): Off
BLOWFISH: Off
CAST128: Off
Integrity Algorithm
MD5: On SHA1: On
SHA2-224: Off SHA2-256: Off
SHA2-384: Off SHA2-512: Off
PFS Key Group: Off
Click “Save”
Step 12 – To view if the VPN connection has been established
STATUS > Active VPNs
Step 13 – If you see “IPsec SA Not Established”, Right-Click on a record then click “Connect”