<< Create IPsec Policy (4 of 4)

Create Static Routes >>

 

Example 3: IPsec VPN, Site-to-Site, to a Secure Router 7203dl

Create Firewall Access Policies for the VPN Traffic

 

Now you can create firewall access policies to permit the VPN traffic.

TMS zl Module

Secure Router 7203dl

  1. Select Firewall > Access Policies > Unicast.

  2. Click Add a Policy.

  3. Create an access policy to permit traffic from VLAN20 to VLAN77:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select INTERNAL.

  3. For To, select EXTERNAL.

  4. For Service, select Any Service.

  5. For Source, select VLAN20.

  6. For Destination, select VLAN77.

  7. Select the Enable logging on this Policy check box.

Because policy logging is processor-intensive, it is not recommended that you enable logging permanently. Use policy logging for troubleshooting and testing only.

  1. Click Apply.

  1. Create an access policy to permit traffic from VLAN77 toVLAN20:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select EXTERNAL.

  3. For To, select INTERNAL.

  4. For Service, select Any Service.

  5. For Source, select VLAN77.

  6. For Destination, select VLAN20.

  7. Click Apply.

  1. Create an access policy to permit IKE traffic from the module to the router:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select SELF.

  3. For To, select EXTERNAL.

  4. For Service, select isakmp.

  5. For Source, select localINT.

  6. For Destination, select remoteINT.

  7. Click Apply.

  1. Create an access policy to permit IKE traffic from the router to the module:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select EXTERNAL.

  3. For To, select SELF.

  4. For Service, select isakmp.

  5. For Source, select remoteINT.

  6. For Destination, select localINT.

  7. Click Apply.

  8. Click Close.

  1. The Confirm Settings page should read as follows:

  2. Name — 77to20

  3. Gateway Address — 172.16.99.99

  4. Remote Network — 172.16.20.0/255.255.255.0

  5. Local Network — 172.16.77.0/255.255.255.0

  6. Remote Id — IP: 172.16.99.99

  7. Local Id — IP: 172.16.99.1

  8. Authentication Type — Preshared Secret

  9. Ike Parameters — MD5, 3DES encryption, DH Group 1, 28800 seconds Lifetime, Initiate Main Mode, Respond Any Mode

  10. IPSec Parameters — ESP-3DES ESP-MD5-HMAC, No PFS, 28800 seconds Lifetime

  1. Click Finish.

  2. On the Wizard Complete page, click Exit.

 

<< Create IPsec Policy (4 of 4)

Create Static Routes >>