Interconnection between QNO QVM2050 and H3C MSR20x

来自Qno Wiki
跳转到: 导航搜索

目录


Main Mode: Using Fixed IP from Gateway to Gateway

Topology

   VPN G2GIPSec 2050-2020hl 21.jpg

Settings


1. Confirm QVM2050 WAN IP and its network segment in the Intranet, such as 192.168.111.0/24;
2. Confirm the public network IP and its network segment in the Intranet, such as 192.168.20.0/24, but pay attention that the two segment should be different;
3. VPN demands UDP500/4500 port,and Firewall allow ESP to pass;
4. QVM2050 and MSR20x settings
QVM2050: Select [VPN] in Router UI
MSR20xx: VPN -> IPsec VPN
Please send syslogs for failures:
QVM2050: Log -> View System Log (specially save texts for us)
MSR20xx: Other -> Log


Settings on QVM2050

VPN G2GIPSec 2050-2020hl 22.jpg

【1】:Name this tunnel in [Tunnel(s) Name].
【2】:Select WAN port in [Interface].
【3】:QVM2050 will fill in [Local Group VPN Set] automatically.
【4】:Enter into MSR20x's public IP.
【5】:Enter into MSR20x's network segment in the Intranet. For improper setting, VPN connection may not go on Ping.
VPN G2GIPSec 2050-2020hl 23.jpg

【1】:Set the same IKE with QVM2050 in Phase's encryption IKE settings.
【2】:Keep the same with MSR20 in Phase II's encryption setting.
【3】:Click [Apply] after settings.
VPN G2GIPSec 2050-2020hl 24.jpg

【1】:Edit this tunnel in [VPN Tunnel Status]
【2】:Click this icon to delete.
 

Settings on MSR2020

VPN G2GIPSec 2050-2020hl 25.jpg

【1】:Give it a name here for maintenance.
【2】:Select public network's interface, responding to the settings in [Interface Setup].
【3】:Select "Site-to-Site" in [Network Type].
【4】:Enter into QVM2050 public IP here.
【5】:Enter into local network address here.
【6】:Enter into the pre-shared-key responding to QVM2050.
【7】:No modification here.

【8】:Choose "Designated by Remote Gateway" in [Selector Type].
VPN G2GIPSec 2050-2020hl 26.jpg

【1】:Choose Main Mode in [Exchange Mode].
【2】:Set the same IKE with QVM2050 in Phase's encryption IKE settings.
【3】:Keep the same with MSR20 in Phase II's encryption setting.
【4】:Click [Apply] after settings.
VPN G2GIPSec 2050-2020hl 27.jpg

【1】:Exhibit a tunnel name in [Connection Name].
【2】:Edit this tunnel by click this icon.
【3】:Delete this tunnel.
VPN G2GIPSec 2050-2020hl 28.jpg

【1】:Click [Monitoring Information] to check the tunnel's status; remember to click [Tunnel].


Main points

1. Select [site to site] and QVM2050 is Gateway to Gateway;
2. Usually the interface is Ethernet0/1 matching to Local Gateway Address; and if you are not sure then make it in [Interface Setup];
3. Select “Designated by Remote Gateway” directly and no effort to choose gateway;
4. Gateway ID shows a default IP address;
5. Select [Main mode] in Phase 1 and encrypt as SHA1/DES/G1; leave "SA lifetime" as the default value;
6. Select [ESP/MD5/3DES] in Phase 2 and [Tunnel]; cancel "PFS"; the rekey time is defaulted as 3600.
 

Aggressive Mode: Using Dynamic IP from Gateway to Gateway

Topology

VPN G2GIPSec 2050-2020hl 19.jpg

Settings


1. Confirm QVM2050 WAN IP and its network segment in the Intranet, such as 192.168.2.0/24;
2. Confirm the public network IP and its network segment in the Intranet, such as 192.168.25.0/24, but remember that the two segment should be different;
3. VPN demands UDP500/4500 port,and Firewall allow ESP to pass;
4. QVM2050 and MSR20x settings
QVM2050: Select [VPN] in Router UI,
MSR20xx: VPN -> IPsec VPN, click [Add]
Please send syslogs for failures:
QVM2050: Log -> View System Log (specially save texts for us)
MSR20xx: Other -> Log

Settings on QVM2050

VPN G2GIPSec 2050-2020hl 29.jpg

【1】:Name this tunnel in [Tunnel(s) Name].
【2】:Select WAN port in [Interface].
【3】:QVM2050 will fill in [Local Group VPN Set] automatically.
【4】:Select FQDN Authentication in [Remote Security Gateway Type]
【5】:Enter into MSR20x's network segment in the Intranet. For improper setting, VPN connection may not go on Ping.
VPN G2GIPSec 2050-2020hl 30.jpg

【1】:Set the same IKE with QVM2050 in Phase's encryption IKE settings.
【2】:Keep the same with MSR20 in Phase II's encryption setting.
【3】:Click [Apply] after settings.
VPN G2GIPSec 2050-2020hl 31.jpg

【1】:Edit this tunnel in [VPN Tunnel Status]
【2】:Click this icon to delete.


 Settings on QVM2050

 VPN G2GIPSec 2050-2020hl 32.jpg

 

【1】:Name the tunnel here for maintenance.
【2】:Select public network's interface, responding to Interface Setup.
【3】:Enter into QVM2050's public IP address.
【4】:Enter into the pre-shared-key responding to QVM2050.
【5】:No modification here.
【6】:Select Gateway Name and enter into MSR20 FQDN.
【7】:Enter into MSR20x's network segment in the Intranet.
【8】:Enter into QVM2050's network segment in the Intranet.
VPN G2GIPSec 2050-2020hl 33.jpg

【1】:Select "Aggressive Mode" in [Exchange Mode].
【2】:Set the same IKE with QVM2050 in Phase's encryption IKE settings.
【3】:Keep the same with MSR20 in Phase II's encryption setting.
【4】:Click [Apply] after settings.
VPN G2GIPSec 2050-2020hl 34.jpg

【1】:Exhibit the tunnel name in [Connection Name].
【2】:Edit this tunnel by click this icon.
【3】:Delete this tunnel.

VPN G2GIPSec 2050-2020hl 35.jpg

【1】:Click [Monitoring Information] to check the tunnel's status; remember to click [Tunnel].

Main Points

1. Select [site to site] and QVM2050 is Gateway to Gateway;
2. Usually the interface of MSR2020 is Ethernet0/1; don't fill in [Local Gateway Address];and if you are not sure then make it in [Interface Setup];
3. Specify the network segment in [Selector]; MSR2020 has no button to connect directly, so if it is wrong VPN may be not connected. Select “Characteristics of Traffic” and enter into the network segment of the two ends; remember the mask is 0.0.0.255(not 255.255.255.0);
4. Select "Gateway Name" in [Gateway ID] and enter into the FQDN of QVM2050 in [Local Gateway ID];
5. Select [Aggressive Mode] in Phase 1 and encrypt as SHA1/DES/G1; leave "SA lifetime" as the default value;
6. Select [ESP/MD5/3DES] in Phase 2 and [Tunnel]; cancel "PFS"; the rekey time is defaulted as 3600;
7. After above settings, QVM2050 will wait for connection; while for MSR2020, administrators need to Ping QVM2050's Intranet IP to finish connection.

个人工具
名字空间
操作
导航
分类
[×] AP/AC
[×] DHCP
[×] GRE
Log
[×] NetBase
QoS
[×] QTV
[×] QWH
[×] Switch
USB
VPN
工具箱