-
Select Firewall > Access Policies > Unicast.
-
Click Add a Policy.
-
Create an access policy to permit traffic from VLAN20 to VLAN77:
-
For Action, accept the default: Permit Traffic.
-
For From, select INTERNAL.
-
For To, select EXTERNAL.
-
For Service, select Any Service.
-
For Source, select VLAN20.
-
For Destination, select VLAN77.
-
Select the Enable logging on this Policy check box.

|
Because policy logging is processor-intensive, it is not recommended that you enable logging permanently. Use policy logging for troubleshooting and testing only.
|
-
Click Apply.
-
Create an access policy to permit traffic from VLAN77 toVLAN20:
-
For Action, accept the default: Permit Traffic.
-
For From, select EXTERNAL.
-
For To, select INTERNAL.
-
For Service, select Any Service.
-
For Source, select VLAN77.
-
For Destination, select VLAN20.
-
Click Apply.
-
Create an access policy to permit IKE traffic from the module to the router:
-
For Action, accept the default: Permit Traffic.
-
For From, select SELF.
-
For To, select EXTERNAL.
-
For Service, select isakmp.
-
For Source, select localINT.
-
For Destination, select remoteINT.
-
Click Apply.
-
Create an access policy to permit IKE traffic from the router to the module:
-
For Action, accept the default: Permit Traffic.
-
For From, select EXTERNAL.
-
For To, select SELF.
-
For Service, select isakmp.
-
For Source, select remoteINT.
-
For Destination, select localINT.
-
Click Apply.
-
Click Close.
|
-
The Confirm Settings page should read as follows:
-
Name — 77to20
-
Gateway Address — 172.16.99.99
-
Remote Network — 172.16.20.0/255.255.255.0
-
Local Network — 172.16.77.0/255.255.255.0
-
Remote Id — IP: 172.16.99.99
-
Local Id — IP: 172.16.99.1
-
Authentication Type — Preshared Secret
-
Ike Parameters — MD5, 3DES encryption, DH Group 1, 28800 seconds Lifetime, Initiate Main Mode, Respond Any Mode
-
IPSec Parameters — ESP-3DES ESP-MD5-HMAC, No PFS, 28800 seconds Lifetime
-
Click Finish.
-
On the Wizard Complete page, click Exit.
|