Planet Networking & Communication MH-5001 User Manual page 131

MH-5001 User Manual
Configuring the VPN Spoke for the Branch_2
Step 16. Add a Firewall rule
Suppose Brach_2 Office has already added a
VPN tunnel to communicate with the Main Office.
Now, the Branch_2 has to add a firewall rule to
allow IPSec packets to come from Main office and
Branch_1. Before adding a firewall rule, please
make sure to add the addresses first.
Please make sure that the Firewall is enabled.
Select WAN1-to-LAN1 to display the rules of this
direction. The default action of this direction is
Block with Logs. We have to allow the VPN
traffic from the WAN1 side to enter our LAN1
side. So we click the Insert button to add a
Firewall rule before the default rule.
Step 17. Customize a Firewall rule
Enter the Rule Name as AllowVPN, Source IP as
Hub-Spoke1 [Hub (192.168.1.0), Spoke_1
(192.168.40.0)], and Dest. IP as Spoke_2
(192.168.88.0). Click Apply to store this rule.
Step 18. Add a VPN Spoke in Branch_2
Select Add to add a VPN Spoke. Enter a name in
the Spoke Name field. Enter the Local IP
Address/Subnet Mask and Remote Address IP
Address/Subnet Mask. Select the VPN tunnel
which is established to connect Branch_2 and
Main Office.
Note the Tunnel of Action is the IPSec tunnel
which you have finished setting before. Please
refer the Table 15-1 IPSec tunnel information.
ADVANCED SETTINGS > Firewall > Edit Rules
ADVANCED SETTINGS > Firewall > Edit Rules > Insert
ADVANCED SETTINGS > VPN Settings > VPN Spoke > Add
128
Virtual Private Network – Hub and Spoke VPN
Chapter 15