e-business Networking DivisionCommunication Server BUCustomer Operations / Supply Chain & Support

TESTS on VPN Lan to Lan for Mexico

Date: 30/05/02

Aim of the tests:

Tunneling IPSEC LAN to LAN test between 2 Omni Pcx Office in release 1.1 connected on the same LAN via WAN for training purposes

Author: JL FRITZ

This paper is made only for an internal use. Any reproduction is forbidden without authorization.

Reference: Page: 1/4 Date: 03/05/23

1. DESCRIPTION

2. SETTING UP OF ISP PROFILE

System A: - create a new ISP profile using "Internet Wizard" in Web base management

- enter a name of your choice- select "Ethernet to router" connection- enter "external router IP address" 128.251.192.217- enter "mask" 255.255.255.0- enter "system IP address" 128.251.192.216 and the same for

DNS- activate this ISP and do not test

System B: - create a new ISP profile using "Internet Wizard" in Web base management

- enter a name of your choice- select "Ethernet to router" connection- enter "external router IP address" 128.251.192.216- enter "mask" 255.255.255.0- enter "system IP address" 128.251.192.217 and the same for

DNS- activate this ISP and do not test

Reference: Page: 2/4 Date: 03/05/23

Switch

Oxo System A

Oxo System B

WAN WAN

128.251.192.216 128.251.192.217

LAN B 192.168.93.0LAN A 192.168.92.0

3. SETTING UP OF VPN IPSEC LAN TO LAN

Using WBM under "Getting started", "VPN Wizard" .

System A: -VPN type, select "LAN to LAN IPSEC", then click on "next".-Identification, enter a name of your choice "test lan to lan" then click on "next"-Authentification, select "preshared secret key" (PSK) then click

on "next".-PSK choice, select "Import a new key" then click on "next"-PSK name, enter a name of your choice as "toto" for instance-PSK key value, choose "character string" and enter a name of your choice as "alcatel" for instance-Distant VPN gateway, enter Gateway IP address 128.251.192.217.-Distant subnet, enter subnet IP address 192.168.93.0 and subnet mask 255.255.255.0, then click on "Apply"- In "management" , "management VPN Ipsec", delete all VPN keys and all VPN Tunnels except the one we just created.

System B: -VPN type, select "LAN to LAN IPSEC", then click on "next".-Identification, enter a name of your choice "test lan to lan" then click on "next"-Authentification, select "preshared secret key" (PSK) then click

on "next".-PSK choice, select "Import a new key" then click on "next"-PSK name, enter a name of your choice as "toto" for instance-PSK key value, choose "character string" and enter a name of your choice as "alcatel" for instance-Distant VPN gateway, enter Gateway IP address 128.251.192.216.-Distant subnet, enter subnet IP address 192.168.92.0 and subnet mask 255.255.255.0, then click on "Apply"- In "management" , "management VPN Ipsec", delete all VPN keys and all VPN Tunnels except the one we just created.

IN WBM under "Settings", "VPN",

System A and B: - select "LAN to LAN", "IPSEC state" in "Deactivate" state, then click on "apply " and wait 1 or 2 minutes

System A and B: - select "LAN to LAN", "IPSEC state" in "Activate" state, then click on "apply " and wait 1 or 2 minutes

Reference: Page: 3/4 Date: 03/05/23

CAUTION: operations described previously has to be performed in this specific order

If the connection does not succeed, deactivate both tunnels, and reactivate ISP via WBM, then re-activate on both systems LAN to LAN IPSEC.

3. TESTING THE VPN IPSEC LAN TO LAN CONNECTION

Do not perform the test available in WBM (only when using this specific configuration)

To test this connection, just perform "ping" commands under Dos windows ,from a PC on LAN behind system A , to a PC on LAN behind system B.

- End of document -

Reference: Page: 4/4 Date: 03/05/23