Note: Not all ZyXEL Prestige provide VPN functionality. Please check the User's Manual from the packaged CD-ROM.
This page guides us to setup a VPN connection between the Intel VPN client software and Prestige router. There will be several devices we need to setup for this case. They are Intel VPN software and Prestige router.
As the figure shown below, the tunnel between PC 1, with Intel VPN client installed, and Prestige ensures the packets flow between them are secure. Because the packets go through the IPSec tunnel are encrypted. To setup this VPN tunnel, the required settings for Intel VPN client and Prestige are explained in the following sections. As the red pipe shown in the following figure, the tunneling endpoints are Intel VPN client and Prestige.
The IP addresses we use in this example are as shown below.
PC 1 |
Prestige | PC2 |
172.21.1.232 | LAN: 192.168.1.1 WAN: 172.21.1.252 |
192.168.1.33 |
See the VPN rule screen shot
Set IKE Phase 1 and Phase 2 parameters.
If you use SMT management, the VPN configurations are as shown below.
Menu 27.1.1 - IPSec Setup Index #= 1 Name= to_ssh Active= Yes My IP Addr= 172.21.1.252 Secure Gateway Addr= 172.21.1.232 Protocol= 0 Local: Addr Type= SUBNET IP Addr Start= 192.168.1.0 End= 255.255.255.0 Port Start= 0 End= N/A Remote: Addr Type= SINGLE IP Addr Start= 172.21.1.232 End= N/A Port Start= 0 End= N/A Enable Replay Detection= No Key Management= IKE Edit Key Management Setup= No Press ENTER to Confirm or ESC to Cancel: |
1. Edit IKE settings by selecting 'Edit IKE
Setup' option in menu 27.1.1 to 'Yes' and then pressing 'Enter'.
2. There
are two phases for IKE:
In Phase 1, two IKE peers establish a secure
channel for key exchanging.
In Phase 2, two peers negotiate general purpose
SAs which are secure channels for data transmission.
Please note that any configuration in 'IKE Setup' should match the settings configured in SSH
Menu 27.1.1.1 - IKE Setup Phase 1 Negotiation Mode= Main Pre-Shared Key= 12345678 Encryption Algorithm= DES Authentication Algorithm= MD5 SA Life Time (Seconds)= 28800 Key Group= DH1 Phase 2 Active Protocol= ESP Encryption Algorithm= DES Authentication Algorithm= MD5 SA Life Time (Seconds)= 28800 Encapsulation= Tunnel Perfect Forward Secrecy (PFS)= None Press ENTER to Confirm or ESC to Cancel: |