Asus SL1000 User Manual

Chapter 10. Configuring VPN

Internet Security Router User

’s Manual

98

Figure 10.5. Intranet VPN Policy Configuration on ISR1

Step 1: Configure VPN connection rules

Refer to the section 10.3 Establish VPN Connection Using Automatic Keying to configure VPN policies on
ISR1 using automatic keying.

Step 2: Configure Firewall rules

1. Configure outbound Firewall rule to allow packets from 192.168.1.0/255.255.255.0 to

192.168.2.0/255.255.255.0 without any NAT

2. Configure inbound Firewall rule to allow packets from 192.168.2.0/255.255.255.0 to

192.168.1.0/255.255.255.0 without any NAT.

Table 10.6 and Table 10.7 provide the parameters to be configured for the outbound and inbound Firewall rule
fields. For a general description on configuring any inbound/outbound Firewall rule, please refer to sections 9.3
and 9.4.

Table 10.6. Outbound Un-translated Firewall Rule for VPN Packets on ISR1

Field

Value

Type

Subnet

Address

192.168.1.0

Source IP

Mask

255.255.255.0

Type

Subnet

Address

192.168.2.0

Destination IP

Mask

255.255.255.0

NAT

None

Action

Allow

VPN

Enable

Note: The outbound Un-translated Firewall rule has to be added the existing rule ID 1001.

Table 10.7. Inbound Un-translated Firewall Rule for VPN Packets on ISR1

Field

Value

Type

Subnet

Address

192.168.2.0

Source IP

Mask

255.255.255.0

Type

Subnet

Address

192.168.1.0

Destination IP

Mask

255.255.255.0

NAT

None

Action

Allow

VPN

Enable

10.6.1.2 Configure Rules on Internet Security Router 2 (ISR2)

Step 1: Configure VPN connection rules