Chapter 10. Configuring VPN
Internet Security Router User
’s Manual
100
Field
Value
Mask
255.255.255.0
NAT
None
Action
Allow
VPN
Enable
Note: The outbound Un-translated Firewall rule has to be added the existing rule ID 1001.
Table 10.9. Inbound Un-translated Firewall Rule for VPN Packets on ISR1
Field
Value
Type
Subnet
Address
192.168.1.0
Source IP
Mask
255.255.255.0
Type
Subnet
Address
192.168.2.0
Destination IP
Mask
255.255.255.0
NAT
None
Action
Allow
VPN
Enable
10.6.1.3 Establish Tunnel and Verify
„ Ping continuously from a host in the LAN behind ISR1 to a host in the LAN behind ISR2. The first few
pings might fail. After a few seconds, the host in the LAN behind ISR1 should start getting ping
response.
10.6.2 Extranet Scenario
– firewall + static NAT + VPN for VPN traffic
In case of the extranet scenario, the networks protected by the Internet Security Routers could be under
different administrative authorities. Hence, there is a possibility that the IP addresses of both networks are in
the same subnet. The typical extranet set up is shown in Figure 10.7.