7/31/2019 Win XP to Vigor via IPSec

1/31

- 1 -

HHooww ttoo ccrreeaattee IIPPSSeecc ttuunnnneellss bbyy WWiinnddoowwss XXPP

bbuuiilltt iinn VVPPNN cclliieenntt??

((nnoott uussiinngg DDrraayyTTeekk SSmmaarrttVVPPNN))

Topology

In this example, a PC with Windows XP system dials up an IPSEC VPN connection to Vigor

router. The IP address of the PC is 172.17.1.190. The IP address of Vigors WAN is

172.17.1.121, the VPN subnet is 192.168.1.0/24. The network topology is shown below:

VPN settings in Vigor2950

Please follow the steps below to set VPN Settings for Vigor device.

1. Add a VPN profile in the "VPN and Remote Access >>Remote Dial-in User pageas shown below:

7/31/2019 Win XP to Vigor via IPSec

2/31

- 2 -

2. Press the IKE Pre-Shared Key button, then in the pop-up window enter thepre-shared key 123.

3. When the VPN is connected, you may check the connection status from VPN andRemote Access >>connection management page:

VPN settings in Windows XP

In Windows XP, we need to configure the IP Security Policy. Please follow the steps listed

below:

1. Execute mmc.exe to manage IP security policy.

7/31/2019 Win XP to Vigor via IPSec

3/31

- 3 -

2. Add IP Security Policy Management by choosing Add/Remove Snap-in.

3. From the Standalone tab, please clickAdd.

7/31/2019 Win XP to Vigor via IPSec

4/31

- 4 -

4. Choose IP Security Policy Management and clickAdd.

5. When the following screen appears, please choose Local computer and clickFinish.

6. The IP Security Policy Management is added.

7/31/2019 Win XP to Vigor via IPSec

5/31

- 5 -

7. Select Create IP Security Policy to create a policy for IPSEC-VPN.

8. When the IP Security Policy Wizard appears, please clickNext.

7/31/2019 Win XP to Vigor via IPSec

6/31

- 6 -

9. Type a suitable name in the name filed, such as ipsec.

10.UncheckActivate the default response rule and ClickNext.

7/31/2019 Win XP to Vigor via IPSec

7/31

- 7 -

11.When the following window appears, please checkEdit properties and clickFinish.

Add a rule for outgoing IPSec traffic

Below we will create two rules for Vigor2950 manually. One is for outgoing traffic, and theother is for incoming traffic.

1. Open IPSec Properties window, there is a default rule . Please clickAdd.

7/31/2019 Win XP to Vigor via IPSec

8/31

- 8 -

2. From this page, please clickNext.

3. Set the tunnel endpoint. Here enter remote VPN gateways IP address:

7/31/2019 Win XP to Vigor via IPSec

9/31

- 9 -

4. Select All network connections and clickNext.

5. Select Use this string to protect . and type 123. ClickNext.

7/31/2019 Win XP to Vigor via IPSec

10/31

- 10 -

6. Then add an IP Filter list for this rule by clicking Add.

7. Type ipsec out as the name and clickAdd.

7/31/2019 Win XP to Vigor via IPSec

11/31

- 11 -

8. When the following wizard appears, please clickNext.

9. Choose A specific IP Address and clickNext.

7/31/2019 Win XP to Vigor via IPSec

12/31

- 12 -

10.In the following page, type the IP address and clickNext.

11.Next, choose destination address with A specific IP Subnet. ClickNext.

7/31/2019 Win XP to Vigor via IPSec

13/31

- 13 -

12.Type IP address and Subnet mask.

13.Choose Any as the protocol type. ClickNext.

7/31/2019 Win XP to Vigor via IPSec

14/31

- 14 -

14.ClickOK to finish the settings.

15.Select ipsec out in the IP Filter list, then clickNext.

7/31/2019 Win XP to Vigor via IPSec

15/31

- 15 -

16.ClickAdd to setup action for this rule.

17.The wizard will appear, then. Please clickNext.

7/31/2019 Win XP to Vigor via IPSec

16/31

- 16 -

18.Type ipsec out as the name and clickNext.

19.Select Negotiate security and clickNext.

7/31/2019 Win XP to Vigor via IPSec

17/31

- 17 -

20.Select Encryption and Integrity and clickNext..

21.UncheckEdit properties and clickFinish.

7/31/2019 Win XP to Vigor via IPSec

18/31

- 18 -

22.Select ipsec out for Filter Action, and clickNext.

23.UncheckEdit properties and clickFinish.

7/31/2019 Win XP to Vigor via IPSec

19/31

- 19 -

Add the other rule for incoming traffic

1. Open IPSec Properties window and checkipsec out. Next, clickAdd.

2. When the following wizard appears, clickNext.

7/31/2019 Win XP to Vigor via IPSec

20/31

- 20 -

3. Set the tunnel endpoint. Here please type IP address of clients PC. ClickNext.

4. Select All network connections. ClickNext.

7/31/2019 Win XP to Vigor via IPSec

21/31

- 21 -

5. ClickUse this string to protect. and enter 123. ClickNext.

6. Then clickAdd to add an IP Filter list for this rule.

7/31/2019 Win XP to Vigor via IPSec

22/31

- 22 -

7. Type ipsec in as the name and clickOK.

8. Choose A specific IP Subnet and clickNext.

7/31/2019 Win XP to Vigor via IPSec

23/31

- 23 -

9. Type IP address and Subnet mask, clickNext.

10.Next, choose destination address with A specific IP Subnet. ClickNext.

7/31/2019 Win XP to Vigor via IPSec

24/31

- 24 -

11.In the following page, type the IP address and clickNext.

12.Choose Any as the protocol type. ClickNext.

7/31/2019 Win XP to Vigor via IPSec

25/31

- 25 -

13.UncheckEdit properties and clickFinish.

14.ClickOK to finish the settings.

7/31/2019 Win XP to Vigor via IPSec

26/31

- 26 -

15.Select ipsec in from IP Filter list, then clickNext.

16.ClickAdd to setup the action for this rule.

7/31/2019 Win XP to Vigor via IPSec

27/31

- 27 -

17.When the following screen appears, clickNext.

18.Type ipsec in as the name and clickNext.

7/31/2019 Win XP to Vigor via IPSec

28/31

- 28 -

19.Select Negotiate security and clickNext.

20.Select Encryption and Integrity and click Next.

7/31/2019 Win XP to Vigor via IPSec

29/31

- 29 -

21.UncheckEdit properties and clickFinish.

22.Select ipsec in for Filter Action, and clickNext.

7/31/2019 Win XP to Vigor via IPSec

30/31

- 30 -

23.UncheckEdit properties and clickFinish.

Now we can see two rules for this IPSec policy. Select both of them and clickApply.

7/31/2019 Win XP to Vigor via IPSec

31/31

Choose ipsec>>Assign from the Console screen.

At last, we can use the command ping 192.168.1.1 from DOS prompt to initiate the VPN

connection, then the IPSEC-VPN will be set up.