路由器的VPN配置方法简要介绍

1. 使用环境及配置方法介绍
a) Basic VPN
Topology 1
PC1 --- DUT1 --- INTERNET --- DUT2 --- PC2
DUT1: Site2Site + Auto ID;
DUT2: Site2Site + Auto ID;

Topology 2
PC1 --- DUT1 --- INTERNET --- DUT2 --- PC2
DUT1: PC2Site + Auto ID;
DUT2: Site2PC + Auto ID;

Topology 3
PC1 --- DUT1 --- INTERNET --- DUT2 --- PC2
DUT1: PC2PC + Auto ID;
DUT2: PC2PC + Auto ID;

Topology 4
PC1 --- DUT1 --- INTERNET --- Cisco2800 --- PC2
DUT1: Site2Site + Auto ID

b) NAT-T Support
Topology 1
PC1 --- DUT1 --- INTERNET --- NAT --- DUT2 --- PC2
-----------------------Method 1----------------------
DUT1: Site2Site + Auto local ID + manual remote ID(DUT2 IP)
DUT2: Site2Site + Auto ID;
------------------------Method 2---------------------
DUT1: Site2Site + Auto ID;
DUT2: Site2Site + Auto remote ID + manual local ID(NAT WAN IP);
-------------------------Method 3--------------------
DUT1: Site2Site + Auto local ID + manual remote ID(User-defined string)
DUT2: Site2Site + manual local ID(User-defined string) + Auto ID;

Topology 2
PC1 --- DUT1 --- INTERNET --- NAT --- Cisco2800 --- PC2
DUT1: Site2Site + Auto local ID + manual remote ID(Cisco2800 WAN IP)

c) Basic VPN Redundancy
Topology 1
PC1 --- DUT1 --- INTERNET ------------------ DUT2 --- PC2
|--------------------- DUT3 --- PC3
DUT1: Site2Site + Auto ID; Enable Redundancy; Redundancy EndPoint DUT3
DUT2: Site2Site + Auto ID;
DUT3: Site2Site + Auto ID;

Topology 2
PC1 --- DUT1 --- INTERNET ------------------ Cisco2800-1-- PC2
|--------------------- Cisco2800 -2- PC3
DUT1: Site2Site + Auto ID; Enable Redundancy; Redundancy EndPoint Cisco2800-2

d) NAT-T & Redundancy
Topology 1
PC1 --- DUT1 --- INTERNET ------------------- NAT --- DUT2 --- PC2
|------------------------- NAT --- DUT3 --- PC3
-----------------------Method 1----------------------
DUT1: Site2Site + Autol ocal ID + manual remote ID(User-defined string);Enable Redundancy; Redundancy EndPoint DUT3
DUT2: Site2Site + Auto remote ID + manual local ID(User-defined string);
DUT3: Site2Site + Auto remote ID + manual local ID(User-defined string);
-----------------------Method 2----------------------
DUT1: Site2Site + Auto ID;Enable Redundancy; Redundancy EndPoint DUT3
DUT2: Site2Site + Auto remote ID + manual local ID(NAT ID);
DUT3: Site2Site + Auto remote ID + manual local ID(NAT ID);

Topology 2
PC1 --- DUT1 --- INTERNET ------------------ NAT --- DUT2 --- PC2
|------------------------------- DUT3 --- PC3
-----------------------Method 1----------------------
DUT1: Site2Site + Auto ID;Enable Redundancy; Redundancy EndPoint DUT3
DUT2: Site2Site + Auto remote ID + manual local ID(NAT ID);
DUT3: Site2Site + Auto ID;
-----------------------Method 2----------------------
DUT1: Site2Site + Auto local ID + manual remote ID(User-defined string);Enable Redundancy; Redundancy EndPoint DUT3
DUT2: Site2Site + Auto remote ID + manual local ID(User-defined string);
DUT3: Site2Site + Auto remote ID + manual local ID(User-defined string);

e) Other PC tool (Shrew VPN tool)
Topology 1
PC1 --- DUT1 --- INTERNET --- PC2(Shrew VPN tool)
DUT1: Site2PC + Auto ID + DPD disabled + PFS disabled

Topology 2
PC1 --- DUT1 --- INTERNET --- NAT --- PC2(Shrew VPN tool)
DUT1: Site2PC + Auto ID + manual remote ID(PC2 IP) + DPD disabled + PFS disabled
-----------------------Method 1----------------------
DUT1: Site2PC + Auto ID + manual remote ID(@User-defined string) + DPD disabled + PFS disabled
Shrew Tool: Authentication->Local Identity->Type(Fully Qualified Domain Name)->FQDN string(User-defined string)
-----------------------Method 2----------------------
DUT1: Site2PC + Auto ID + manual remote ID(User-defined @string) + DPD disabled + PFS disabled
Shrew Tool: Authentication->Local Identity->Type(User Fully Qualified Domain Name)->UFQDN string(User-defined @string)

2. ID及GUI简介
a) ID的简要介绍
1. 分Local ID和Remote ID
2. 分IP, FQDN和Custom三类,其中IP为点分十进制的标准IP地址;FQDN为可以解释的域名,诸如DDNS;Custom自定义可细分为两类,第一类为首字母为’@’的自定义串,第二类为中间或结尾为’@’的自定义串。
111

 

 

 

 

 

 

 

 

b) GUI简介
1. Site or PC, Local or Remote
本地和远端都可以配置为保护单主机或一个子网。本地为单主机,远程为子网,则称为PC2Size,反之为Site2PC。
222

 

 

 

 

 

 

 

2. Redundancy VPN
需要两个Remote Endpoint,一个主Endpoint:远端节点,一个冗余Endpoint:冗余节点。
333

标签: router vpn, vpn

添加新评论