3 establish tunnel and verify – Asus SL1000 User Manual

Chapter 10. Configuring VPN

Internet Security Router User

’s Manual

100

Field

Value

Mask

255.255.255.0

NAT

None

Action

Allow

VPN

Enable

Note: The outbound Un-translated Firewall rule has to be added the existing rule ID 1001.

Table 10.9. Inbound Un-translated Firewall Rule for VPN Packets on ISR1

Field

Value

Type

Subnet

Address

192.168.1.0

Source IP

Mask

255.255.255.0

Type

Subnet

Address

192.168.2.0

Destination IP

Mask

255.255.255.0

NAT

None

Action

Allow

VPN

Enable

10.6.1.3 Establish Tunnel and Verify

„ Ping continuously from a host in the LAN behind ISR1 to a host in the LAN behind ISR2. The first few

pings might fail. After a few seconds, the host in the LAN behind ISR1 should start getting ping
response.

10.6.2 Extranet Scenario

– firewall + static NAT + VPN for VPN traffic

In case of the extranet scenario, the networks protected by the Internet Security Routers could be under
different administrative authorities. Hence, there is a possibility that the IP addresses of both networks are in
the same subnet. The typical extranet set up is shown in Figure 10.7.