The first step is to create the local and end-to-end encryption methods, etc.
If it is not very well understood, it is recommended to use the default PRE-G1-DES-MD5, both ends of this.
If the end is already defined, you need to customize it here and then you can define it yourself.
The definition of the way VPNs-"AutoKey Advanced-" P1 Proposal "new" as needed to fill in the selection can
To the end definition way VPNs-"AutoKey Advanced-" P 2 Proposal "new" as needed to fill in the selection can
Step two, create gateway
VPNs-"AutoKey Advanced-" Gate Way "new"
Gateway name,
If the end is static IP, select static IP address, and then fill in the IP addresses. If it is not static, select the appropriate dialing method to fill in. This is assumed to be static.
The other default
Then click "Advanced"
Fill in the preshared key, this is encrypted ciphertext, both sides to fill out a write the same
Outgoing Interface Select the exit of the synchronized port, that is, the corresponding extranet entry for the remote IP that is filled out to the end
Security level Select Custom, and then select the appropriate encryption, the recommended use of the default is good, that is PRE-G1-DES-MD5
Enable nat-traversal selection After the use of the other IP Internet. Seems to be, the default is generally not selected, because the use of this end of the Internet
Other defaults, click "Return"
Then click "OK" again.
Now the gateway is created.
Step three, create a VPN
VPNs-"AutoKey IKE" new "
Name, and then remote gateway, select the predefined, which is just the new gateway,
Then click "Advanced",
The zone level also selects customizations and then selects the appropriate encryption method.
Bind to select the channel port to bind, if there is no empty channel mouth, go to network-"list inside Create tunnel mouth." No introduction here
Local intranet gateway, Ip/netmask, and mask address
Remote Ip/netmask to fill in the end of the intranet gateway, as well as the mask address
Service can customize VPN-allowed services, default is all, that is, any
Check VPN Monitor. View the status of the VPN in this way through vpns-monitor status
Other defaults, then click Return, then click OK to save.
To this end, all of our VPN creation is complete, but we find that the VPN is not connected, because the routing and policy has not been configured, the road is not.
Step fourth, establish routing
is to tell the firewall that if the destination address is the IP on the end, it passes through the channel just bound, not through the other gateway
Because the route is defined according to the destination address, we enter the destination routing table
network-, routing->destination "new"
If it is all the right side machine is to fill in the End-to-end Gateway and subnet mask.
If it is specified and the machine IP is filled in, mask fill 32
Then interface selects the tunnel that is bound above.
Other defaults. Then OK to save.
The last step defines a policy
Which is to create 2 new policies,
The first is trust-, Unstrust, source is the gateway and subnet mask on this side. The purpose is to end the gateway and subnet mask, service if it is all on the select any, and then other defaults, OK save
The second is unstrust-"Trust, is the above IP to fill in the opposite."
OK, all the above steps to complete the VPN configuration, as long as the end of this configuration on the OK,
Then we can go through the vpns-"moniter status to see whether the success, if it is up to represent success oh."
This article from the "Operation and maintenance work Struggle" blog, please be sure to retain this source http://yanghuawu.blog.51cto.com/2638960/662450