Rien ne me fascine plus que le travail : je peux rester assis et le contempler pendant des heures. Jérôme K. Jérôme
Configuration VPN Ipsec entre un routeur NETOPIA R9100/IpCop1.3
Soumis par MasterSleepy le dim, 23/06/2013 - 21:09
Configuration d’une VPN Ipsec
entre un routeur NETOPIA R9100 (client)
et IpCop 1.3 (serveur)
Site B: LAN :10.4.0.0/24
Site A :
Ipcop 1.3
Ip fixe : 193.251.19.50
LAN: 10.1.0.0/24
Routeur R9100
Ip Dynamique1: Configuration du routeur R9100
Netopia R9100 v4.11.3
| Easy Setup... |
| WAN Configuration... |
| System Configuration... |
| Utilities & Diagnostics... |
| Statistics & Logs... |
| Quick Menus... |
| Quick View... |
Quick Menu
| Connection Profiles | Line Configuration | IP Setup |
| Add Connection Profiles | IP Address Serving Setup |
|
| Change Connection Profiles |
Filter Sets | |
| Delete Connection Profiles |
Backup Config | Static Routes |
| Network Address Translation | ||
| ATMP/PPTP Default Profile |
||
| IKE Phase 1 Configuration | ||
| Scheduled Connections | ||
| Add Scheduled Connection | ||
| Change Scheduled Connection |
||
| Delete Scheduled Connection |
||
| Console Configuration | TFTP | |
| SNMP |
Change IKE Phase 1 Profile
| Profile Name: | IKE Profile 1 |
| Mode... | Main Mode |
| Authentication Method... | Shared Secret |
| Shared Secret: | ******************** |
| Encryption Algorithm... | 3des |
| Hash Algorithm... | md5 |
| Diffie-Hellman Group... | Group 2 (1024 bits) |
| Advanced IKE Phase 1 Options... |
Advanced IKE Phase 1 Options
| Negotiation... | Normal |
| SA Use Policy... | Newest SAs Immediately |
| Allow Dangling Phase 2 SAs: |
Yes |
| Phase 1 SA Lifetime (seconds): |
|
| Phase 1 SA Lifetime (Kbytes): |
0 |
| Send Initial Contact Message: |
Yes |
| Include Vendor ID Payload: |
Yes |
| Independent Phase 2 Re-keys: |
Yes |
| Strict Port Policy: | No |
Add Connection Profile
| Profile Name: | VPNIPSEC |
| Profile Enabled: | yes |
| Encapsulation Type... | IPsec |
| Encapsulation Options... | |
| IP Profile Parameters... | |
| Interface Group... | Any Port |
| Superuser Accessible Only: |
No |
IPsec Tunnel Options
| Key Management... | IKE |
| IKE Phase 1 Profile... | IKE Profile 1 |
| Encapsulation... | ESP |
| ESP Encryption Transform... | 3DES |
| ESP Authentication Transform... |
HMAC-MD5-96 |
| Advanced IPsec Options... |
Advanced IPsec
Options
| SA Lifetime seconds: | 28800 |
| SA Lifetime Kbytes | |
| Perfect Forward Secrecy: | Yes |
| Dead Peer Detection: |
Yes |
IP Profile Parameters
| Remote Tunnel Endpoint: |
193.251.19.50 (Ip WAN Distant) |
| Remote Member Format... | Subnet |
| Remote Member Address: | 10.1.0.0 (IP LAN Distant) |
| Remote Member Mask: | 255.255.255.0 |
| Local Member Format... | Subnet |
| Local Member Address: | 10.4.0.0 (Ip LAN Local) |
| Local Member Mask: | 255.255.255.0 |
| Address Translation Enabled: |
No |
| Filter Set... | |
| Remove Filter Set | |
| NetBIOS Proxy Enabled | No |
| Advanced IP Profile Options... |
Advanced IP Profile
Options
| Local Tunnel Endpoint Address: |
0.0.0.0 |
| Next Hop Gateway: | 0.0.0.0 |
| Idle Timeout (seconds): | 300 |
2: Configuration
IpCop 1.3
Configurer une connexion
Red + Green + Création d’un compte chez www.dyndns.org
Créer un
service acces dns dynamique (car Ip dynamique sur site B):
height="272">
Créer une
connexion dans RPVs
height="209">
Documentations
réalisées par Laetitia VILAIN de
l’Association
Familiale des Papillons Blancs de DENAIN
avec
le soutien de Manuel FRANCISCO.
- Remerciements particuliers à ANTOLIEN -
Category:
Documentation VPN pour IPCOP