Application introduction
IPSec VPN can be used to establish a secure tunnel between two sites and is often used for network interconnection between enterprise headquarters and branches. This paper takes a company in Beijing headquarters and Guangzhou Branch need to build a security tunnel for example, introduces the use of TL-ER7520G to build IPSec VPN settings.
Note:The preceding parameters are for example only. The actual network parameters shall prevail during configuration.
Setting method
Based on the vrouters and networking modes used by the site, we will introduce the configuration methods in various situations according to the following categories:
Type 1. Both headquarters and divisions use TL-ER7520G
In this type, make sure that both the headquarters and branch routers are connected to the normal broadband network, configure the VPN tunnel as follows:
1
, Set the headquarters router
IPSec
Security Policy
Enter
VPN> IPSec
Security Policy, Click, set as follows:
Binding interface: that is, the interface used by the headquarters to connect to the branch. Select the interface for connecting to the broadband.
Keep other settings by default. Save the settings and click the upper-right corner of the page.
Save configuration.
2
, Set the branch router
IPSec
Security Policy
The branch IPSec security policy exactly corresponds to the headquarters policy and is set as follows:
Save Settings and click the upper-right corner
Save configuration.
Note:We recommend that you keep the advanced settings of the headquarters and divisions as the default settings. The optimal encryption level is automatically negotiated.
3
,
IPSec
Tunnel created
In
IPSec> IPSec
Security policy,The security alliance has a corresponding tunnel entry, indicating that the IPSec tunnel is successfully established, as shown in the following figure:
So far, the IPSec security tunnel between the headquarters and the branch has been established successfully, and the intranet at both ends can access peer resources. If multiple branches need to establish an IPSec tunnel with the headquarters, configure the corresponding security policies at the headquarters and the headquarters according to the above method.
Type 2. Headquarters use TL-ER7520G, branch use other models of VPN Router
1
, Set the headquarters router
IPSec
Security Policy
Enter
VPN> IPSec
Security Policy, Click, set as follows:
Save the settings.
2Record advanced settings parameters
A tunnel must be established between the headquarters and the branch, and the same security authentication protocol and parameters must be configured. Because TL-ER7520G preset related security parameters, you only need to click
Advanced SettingsTo view the default security proposal and parameters, which can be conveniently configured on the peer router. Click Advanced Settings and record the corresponding parameters as follows:
3
, Set the branch router
IPSec
Security Policy
The vro of a branch needs to set the security policy corresponding to the headquarters. The parameters of phase 1 (IKE) and Phase 2 (IPSec) must be consistent, and the network parameters in the IPSec security policy correspond.
Because the router setting methods vary from manufacturer to manufacturer, please refer to the actual configuration interface, which is not described here. If you are using our VPN router
Type 3. The headquarters or branch router is used as a secondary router.
If the headquarters or branch router is used as a secondary router, that is, there is a router at the front end of the router, you need to note when setting the IPSec VPN. Set some parameters:
Exchange mode-brutal mode
Local/peer ID type: NAME
The vro under NAT is in the initiator mode, and the peer is in the responder mode.
Peer Gateway: The peer gateway is the WAN port IP address of the front-end router of the secondary router.