SSG routed based dialup VPN
1. Create IKE user
2. Create IKE user group, add above IKE user to the group:
3. Create XAuth users, Select XAuth User, set password.
4. Create the VPN user IP pool, Objects > IP Pools
5. Create an unnumbered tunnel interface:
6. Set default XAuth setting: VPNs > AutoKey Advanced > XAuth Setting
7.1 Create a VPN Gateway
7.2 Set gateway XAuth: VPNs > AutoKey Advanced > Gateway, click XAuth
Check XAuth Server, check Use Default Xauth Settings
8.1 Set Phase2 Parameters: Choose predefined gateway
8.2 Click Advanced, check Bind to Tunnel Interface, check Proxy-ID Check
8.3 Set Proxy-id: VPNs > AutoKey IKE, click Proxy-ID, the Remote should set to 255.255.255.255/32, command line is:
set vpn "Dialip VPN" proxy-id local-ip 192.168.3.0/24 remote-ip 255.255.255.255/32 any
9. Create static route to VPN user IP 172.16.0.0/24, next-hop is the tunnel interface
10. Create security policy
v
v
v
v
Comments
Post a Comment