Soft-PK VPN to Prestige Tunneling

  1. Setup Soft-PK VPN
  2. Setup Prestige VPN

Note: Not all ZyXEL Prestige provide VPN functionality. Please check the User's Manual from the packaged CD-ROM.


This page guides us to setup a VPN connection between the VPN software and Prestige router. There will be several devices we need to setup for this case. They are VPN software and Prestige router.

As the figure shown below, the tunnel between PC 1 and Prestige ensures the packets flow between them are secure. Because the packets go through the IPSec tunnel are encrypted. To setup this VPN tunnel, the required settings for the software and Prestige are explained in the following sections. 

topology2.gif (12927 bytes)

The IP addresses we use in this example are as shown below.

PC 1 

Prestige  PC2
202.132.155.33 LAN: 202.132.171.1
WAN:  202.132.170.1

202.132.171.33


1. Setup Soft-PK VPN

1.  Open Soft-PK Security Policy Editor
2.  Add a new connection named 'Prestige' as shown below.
3.  Select Connection Security to Secure

PKaddnew.gif (17112 bytes)


Remote Party Identity and Addressing settings:

4. In ID Type option, please choose IP Address option, and enter the IP address of the remote PC (PC 2 in this case).
5. Check Connect using Secure Gateway Tunnel, please also select IP Address as ID Type, and enter Prestige's WAN
    IP address in the following field.

The detailed configuration is shown in the following figure.
PKremoteIP.gif (18611 bytes)

Pre-Share Key Settings:

6. Extend Prestige icon, you may see My Identity.
7. Click My Identity, click the Pre-Shared Key icon in the right side of the window.
8.  Enter a key you that later you will also need to configure in Prestige in the pop out windows. In this example, we enter
     12345678. See below. 

PKkey.gif (20012 bytes)

Security Policy Settings:

9. Click Security Policy option to choose Main Mode as Phase 1 Negotiation ModePKmode.gif (16300 bytes)

10. Extend Security Policy icon, you will see two icons, Authentication (Phase 1) and Key Exchange (Phase 2).
11. The settings shown in the following two figures for both Phases are our examples. You can choose any, but they should match whatever you enter in Prestige.

PKpro1.gif (17533 bytes)

PKpro2.gif (38079 bytes)

 


2. Setup Prestige VPN

  1. Using a web browser, login Prestige by giving the LAN IP address of Prestige in URL field. Default LAN IP is 192.168.1.1, default password to login web configurator is 1234.
  2. Click Advanced, and click VPN tab on the left.
  3. On the SUMMARY menu, Select a policy to edit by clicking Edit.
  4. On the CONFIGURE-IKE menu, check Active check box and give a name to this policy.
  5. Select IPSec Keying Mode to IKE and Negotiation Mode to Main, as we configured in Soft-PK.
  6. Source IP Address Start and Source IP Address End are PC 2 IP in this example. (the secure host behind Prestige)
  7. Destination IP Address Start and Destination IP Address End are PC 1 in this example. (the secure remote host) Note: You may assign a range of Source/Destination IP addresses for multiple VPN sessions.
  8. My IP Addr is the WAN IP of Prestige.
  9. Secure Gateway IP Addr is the remote secure gateway IP, that is PC 1 in this example.
  10. Select Encapsulation Mode to Tunnel.
  11. Check the ESP check box. (AH can not be used in SUA/NAT case)
  12. Select Encryption Algorithm to DES and Authentication Algorithm to SHA1, as we configured in Soft-PK.
  13. Enter the key string 12345678 in the Preshared Key text box, and click Apply.

Figure 8: See the VPN rule screen shot

 


If you use SMT management, the VPN configurations are as shown below.

1. Edit IKE settings by selecting 'Edit IKE Setup' option in menu27.1.1 to 'Yes' and then pressing 'Enter'.
2. There are two phases for IKE:

In Phase 1, two IKE peers establish a secure channel for key exchanging.
In Phase 2, two peers negotiate general purpose SAs which are secure channels for data transmission.

Please note that any configuration in 'IKE Setup' should match the settings in VPN software.