Table of Contents
Advertisement
MH-5001 User Manual
15.3 Methods
1. Configuring the IKE tunnels.
2. Configuring the WAN1-to-LAN1 Firewall Rule.
3. Configuring the VPN Hub for the Main Office.
4. Configuring the VPN spoke for the Branch Offices.
15.4 Steps
In the following, we will introduce you how to setup the Hub and Spoke VPN between main office and two branch offices.
Configuring the IPSec IKE tunnels
For the main office (the hub), we have to create the IKE tunnels, and then create VPN hub and add tunnels to it as members.
Use the information in the following Table 15-1 to configure IKE tunnels. After finishing the IPSec VPN setting, please remember
to add a WAN-to-LAN firewall rule.
Field Name
Active
IKE Rule Name
Local Address Type
IP Address
PrefixLen/Subnet Mask
Remote Address Type
IP Address
PrefixLen/Subnet Mask
Negotiation Mode
Encapsulation Mode
Outgoing Interface
Peer's IP Address
My Identifier
Peer's Identifier
ESP Algorithm
Main Office Information
Enable
IKEVpnA
Subnet Address
192.168.1.0
255.255.255.0
Subnet Address
192.168.40.0
255.255.255.0
Main
Tunnel
WAN1
210.2.1.1
IP Address
IP Address
Encrypt and
Authenticate (DES,
Virtual Private Network – Hub and Spoke VPN
Branch_1 Information
Status
Enable
IKEVpnB
Condition
Subnet Address
192.168.1.0
255.255.255.0
Subnet Address
192.168.88.0
255.255.255.0
Action
Main
Tunnel
WAN1
210.2.1.2
IP Address
IP Address
Encrypt and
Authenticate (DES,
124
Branch_2 Information
Enable
IKEMainVPN
Subnet Address
192.168.40.0
255.255.255.0
Subnet Address
192.168.1.0
255.255.255.0
Main
Tunnel
WAN1
61.2.1.1
IP Address
IP Address
Encrypt and
Authenticate (DES,
Chapter 15
Enable
IKEMainVPN
Subnet Address
192.168.88.0
255.255.255.0
Subnet Address
192.168.1.0
255.255.255.0
Main
Tunnel
WAN1
61.2.1.1
IP Address
IP Address
Encrypt and
Authenticate (DES,
Advertisement
Table of Contents
Troubleshooting
