I/INSTALL
you need install pfsense with info:
Site 1: Outside IP: 192.168.20.203/24
Outside Gateway: 192.168.20.254
Inside IP: 172.16.1.0/16
Site 2: Outside IP: 192.168.20.83/24
Outside Gateway: 192.168.20.254
Inside IP: 172.16.10.0/24
Step 1: Install pfsense and set local IP’s on both firewalls.
Step 2: Logon to the web interface for pfsense on each box and assign the WAN addresses.
Step 3: Enable IPSEC (VPN->IPSEC->Enable IPSec). Do this on both firewalls.
Step 4: Add a tunnel on Site 1’s firewall to Site 2 by adding a tunnel and changing only the following items:
* Remote Subnet: 172.16.10.0/24
* Remote Gateway: 192.168.20.83
* Phase 1 Lifetime: 28800
* PreShared Key: conheotiensinh
* PFS Key Group: 2
* Phase 2 Lifetime: 3600
Step 5: Add a tunnel on Site 2’s firewall to Site 1 by adding a tunnel and changing only the following items:
* Remote Subnet: 172.16.1.0/16
* Remote Gateway: 192.168.20.203
* Phase 1 Lifetime: 28800
* PreShared Key: conheotiensinh
* PFS Key Group: 2
* Phase 2 Lifetime: 3600
Step 6: "Apply Changes”
Step 7: Allow Authenticated Headers (TCP/51) and ISAKMP (UPD/500) with Firewall rules so that IPSEC can pass. Firewall->Rules: WAN Tab.
Rule 1
* Source IP: Any
* Destination IP: WAN Address
* Protocol: TCP
* Port: 51
Rule 2
* Source IP: Any
* Destination IP: WAN Address
* Protocol: UDP
* Port:500
Do this on both firewalls and Apply Changes when prompted
Step 8: Allow all traffic to pass through the IPSEC tunnel. Firewall->Rules : IPSEC Tab
Rule
* Source IP: Any
* Destination IP: Any
* Protocol: Any
* Port Range: Any
II/TEST
ping test connection from local in site 1 to site 2 and site 2 to site 1
No comments:
Post a Comment