Table of Contents
Advertisement
6. VPN
6.1. GRE Tunnel (with SA Encrypt.), NAT, and
Internet
(Preferred example uses L2TP with firewall. Refer example 6.2)
Site A
CentreCOM AR300
A cc e ss R o u te r
L A N
W AN
200.200.200.1
192.168.10.0
Note: Be aware that with many Internet Providers it may be more suitable to turn LQR (link quality reporting) off on PPP
links, and instead use LCP Echo Request and Echo Reply messages to determine link quality (echo=on). Simply add
'lqr=off echo=on' to the PPP creation command.
Router A (Router B, reverse IP addresses as per diagram above)
# ppp configuration
#
create ppp=0 over=syn0
# SA configuration
#Note: Use Section 1.5 to enable system security and generate an Encryption Key of type DES on router
#A and B
create sa=1 spi=999 enckey1=1
add sa=1 member=local ip=200.200.200.1 mask=255.255.255.255
add sa=1 member=remote ip=222.222.222.1 mask=255.255.255.255
#
# GRE
#
enable gre
add gre=1 sour=192.168.10.0 smask=255.255.255.0 dest=192.168.20.0 dmask=255.255.255.0
target=222.222.222.1
#
# IP
#Note: NAT must be on for this configuration to work correctly
enable ip
Add ip int=eth0 ip=192.168.10.1 mask=255.255.255.0
Add ip int=ppp0 ip=200.200.200.1
add ip rou=0.0.0.0 next=0.0.0.0 int=ppp0
set ip int=eth0 gre=1
add ip sa=1 int=ppp0
enable ip nat
enable ip nat log=all
add ip nat ip=192.168.10.0 mask=255.255.255.0 gblip=200.200.200.1
Helpful Scripts
Revision 5.8.7; 5 April 2001
S YS T E M
Internet
Access
Virtual Tunnel
Site B
CentreCOM AR300
A cc e ss R o u te r
222.222.222.1
192.168.20.0
Helpful Scripts
L A N
W AN
S Y S T E M
Page
29
Advertisement
Table of Contents
