Main Mode: Using Fixed IP from Gateway to Gateway
Topology
Settings
1. Confirm QVM2050 WAN IP and its network segment in the Intranet, such as 192.168.111.0/24;
2. Confirm the public network IP and its network segment in the Intranet, such as 192.168.20.0/24, but pay attention that the two segment should be different;
3. VPN demands UDP500/4500 port,and Firewall allow ESP to pass;
4. QVM2050 and MSR20x settings
QVM2050: Select [VPN] in Router UI
MSR20xx: VPN -> IPsec VPN
Please send syslogs for failures:
QVM2050: Log -> View System Log (specially save texts for us)
MSR20xx: Other -> Log
Settings on QVM2050【1】:Name this tunnel in [Tunnel(s) Name].
【2】:Select WAN port in [Interface].
【3】:QVM2050 will fill in [Local Group VPN Set] automatically.
【4】:Enter into MSR20x's public IP.
【5】:Enter into MSR20x's network segment in the Intranet. For improper setting, VPN connection may not go on Ping.
【1】:Set the same IKE with QVM2050 in Phase's encryption IKE settings.
【2】:Keep the same with MSR20 in Phase II's encryption setting.
【3】:Click [Apply] after settings.
【1】:Edit this tunnel in [VPN Tunnel Status]
【2】:Click this icon to delete.
Settings on MSR2020【1】:Give it a name here for maintenance.
【2】:Select public network's interface, responding to the settings in [Interface Setup].
【3】:Select "Site-to-Site" in [Network Type].
【4】:Enter into QVM2050 public IP here.
【5】:Enter into local network address here.
【6】:Enter into the pre-shared-key responding to QVM2050.
【7】:No modification here. 【8】:Choose "Designated by Remote Gateway" in [Selector Type].
【1】:Choose Main Mode in [Exchange Mode].
【2】:Set the same IKE with QVM2050 in Phase's encryption IKE settings.
【3】:Keep the same with MSR20 in Phase II's encryption setting.
【4】:Click [Apply] after settings.
【1】:Exhibit a tunnel name in [Connection Name].
【2】:Edit this tunnel by click this icon.
【3】:Delete this tunnel.
【1】:Click [Monitoring Information] to check the tunnel's status; remember to click [Tunnel].
Main points1. Select [site to site] and QVM2050 is Gateway to Gateway;
2. Usually the interface is Ethernet0/1 matching to Local Gateway Address; and if you are not sure then make it in [Interface Setup];
3. Select “Designated by Remote Gateway” directly and no effort to choose gateway;
4. Gateway ID shows a default IP address;
5. Select [Main mode] in Phase 1 and encrypt as SHA1/DES/G1; leave "SA lifetime" as the default value;
6. Select [ESP/MD5/3DES] in Phase 2 and [Tunnel]; cancel "PFS"; the rekey time is defaulted as 3600.
Aggressive Mode: Using Dynamic IP from Gateway to Gateway
Topology
Settings
1. Confirm QVM2050 WAN IP and its network segment in the Intranet, such as 192.168.2.0/24;
2. Confirm the public network IP and its network segment in the Intranet, such as 192.168.25.0/24, but remember that the two segment should be different;
3. VPN demands UDP500/4500 port,and Firewall allow ESP to pass;
4. QVM2050 and MSR20x settings
QVM2050: Select [VPN] in Router UI,
MSR20xx: VPN -> IPsec VPN, click [Add]
Please send syslogs for failures:
QVM2050: Log -> View System Log (specially save texts for us)
MSR20xx: Other -> Log
Settings on QVM2050【1】:Name this tunnel in [Tunnel(s) Name].
【2】:Select WAN port in [Interface].
【3】:QVM2050 will fill in [Local Group VPN Set] automatically.
【4】:Select FQDN Authentication in [Remote Security Gateway Type]
【5】:Enter into MSR20x's network segment in the Intranet. For improper setting, VPN connection may not go on Ping.
【1】:Set the same IKE with QVM2050 in Phase's encryption IKE settings.
【2】:Keep the same with MSR20 in Phase II's encryption setting.
【3】:Click [Apply] after settings.
【1】:Edit this tunnel in [VPN Tunnel Status]
【2】:Click this icon to delete.
Settings on QVM2050
【1】:Name the tunnel here for maintenance.
【2】:Select public network's interface, responding to Interface Setup.
【3】:Enter into QVM2050's public IP address.
【4】:Enter into the pre-shared-key responding to QVM2050.
【5】:No modification here.
【6】:Select Gateway Name and enter into MSR20 FQDN.
【7】:Enter into MSR20x's network segment in the Intranet.
【8】:Enter into QVM2050's network segment in the Intranet.
【1】:Select "Aggressive Mode" in [Exchange Mode].
【2】:Set the same IKE with QVM2050 in Phase's encryption IKE settings.
【3】:Keep the same with MSR20 in Phase II's encryption setting.
【4】:Click [Apply] after settings.
【1】:Exhibit the tunnel name in [Connection Name].
【2】:Edit this tunnel by click this icon.
【3】:Delete this tunnel. 【1】:Click [Monitoring Information] to check the tunnel's status; remember to click [Tunnel].
Main Points1. Select [site to site] and QVM2050 is Gateway to Gateway;
2. Usually the interface of MSR2020 is Ethernet0/1; don't fill in [Local Gateway Address];and if you are not sure then make it in [Interface Setup];
3. Specify the network segment in [Selector]; MSR2020 has no button to connect directly, so if it is wrong VPN may be not connected. Select “Characteristics of Traffic” and enter into the network segment of the two ends; remember the mask is 0.0.0.255(not 255.255.255.0);
4. Select "Gateway Name" in [Gateway ID] and enter into the FQDN of QVM2050 in [Local Gateway ID];
5. Select [Aggressive Mode] in Phase 1 and encrypt as SHA1/DES/G1; leave "SA lifetime" as the default value;
6. Select [ESP/MD5/3DES] in Phase 2 and [Tunnel]; cancel "PFS"; the rekey time is defaulted as 3600;
7. After above settings, QVM2050 will wait for connection; while for MSR2020, administrators need to Ping QVM2050's Intranet IP to finish connection.
小伙伴们,你看明白了么?
| 
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
