gw-world:/> add IPRule Action=Allow
Service=all_services
SourceInterface=lan
SourceNetwork=172.16.1.0/24
DestinationInterface=ipsec_hq_to_branch
DestinationNetwork=192.168.11.0/24
Name=hq_to_branch
ii. Add an IP rule to allow traffic to flow from remote to local network:
gw-world:/> add IPRule Action=Allow
Service=all_services
SourceInterface=ipsec_hq_to_branch
SourceNetwork=192.168.11.0/24
DestinationInterface=lan
DestinationNetwork=172.16.1.0/24
Name=branch_to_hq
D. Add a route that routes the remote network on the tunnel:
Change the context to be the routing table:
gw-world:/> cc RoutingTable main
Add the route:
gw-world:/main> add Route
Interface=ipsec_hq_to_branch
Network=192.168.11.0/24
Return to the default CLI context:
gw-world:/main> cc
gw-world:/>
Web Interface
A. Create a pre-shared key for IPsec authentication:
1. Go to: Objects > Key Ring > Add > Pre-Shared Key
2. Now enter:
• Name: my_secret_key
• Shared Secret: Enter a secret passphrase
• Confirm Secret: Enter the secret passphrase again
3. Click OK
B. Configure the IPsec tunnel:
1. Go to: Network > Interfaces and VPN > IPsec > Add > IPsec Tunnel
2. Now enter:
• Name: ipsec_hq_to_branch
Chapter 9: VPN
706
To Next Page
Loading...
