Configuring the VPN concentrator
On the VPN concentrator network, you must create one VPN tunnel for each of the prospective VPN
concentrator members and then add these tunnels to a VPN concentrator. You can add both AutoIKE and
manual key VPN tunnels to a VPN concentrator.
Encrypt policies control the direction of traffic through the VPN concentrator. You must create a separate
encrypt policy for each VPN added to the concentrator. These policies allow inbound and outbound VPN
connections between the concentrator and the member VPN tunnels. The encrypt policy for each member
VPN tunnel must include the member VPN tunnel name.
To configure the VPN concentrator:
•
Add the required number of remote gateways.
Each AutoIKE key tunnel requires a remote gateway.
See
Adding a remote
•
Add the required number of AutoIKE key VPN tunnels and include the remote gateways added in
step 1.
See
Adding an AutoIKE key VPN
•
Add the required number of manual key VPN tunnels.
See
Adding a manual key VPN
•
Add a VPN concentrator that includes the tunnels added in steps 2 and 3.
See
Adding a VPN
•
Add one encrypt policy for each member VPN. Use the following configuration for each policy:
Source
Destination
Action
VPN Tunnel
Allow inbound
Allow outbound Select allow outbound
Inbound NAT
Outbound NAT
See
Adding an encrypt
Configuring the member VPNs
For each member VPN, you must create a VPN tunnel to the VPN concentrator network. This tunnel can be
an AutoIKE key or manual key tunnel.
You must create an encrypt policy that allows inbound and outbound VPN connections between the member
VPN and the concentrator.
You must create additional encrypt policies that allow inbound and outbound VPN connections between each
of the member VPNs.
The policy between the member VPN and the concentrator must be arranged in the policy list above the
policies between member VPNs. Each encrypt policy must include the same tunnel name.
To configure each member VPN:
•
Add a remote gateway if you are adding AutoIKE key tunnels.
See
Adding a remote
•
Add an AutoIKE key VPN tunnel and include the remote gateway added in step 1.
DFL-500 User Manual
gateway.
tunnel.
tunnel.
concentrator.
VPN concentrator address.
Member VPN address.
ENCRYPT
The member VPN tunnel name.
Select allow inbound.
Select inbound NAT if required.
Select outbound NAT if required.
policy.
gateway.
51