Есть на английском, мы пока не перевели.
Win2000 Client to DI-804HV
Windows 2000 IPSec Policy:
Step 1 Go to Start>Programs>Administrative Tools>Local Security Policy. You can also go to Start>Run and
Step 1 Go to Start>type secpol.msc and then click OK.
Step 2 Right-click IP Security Policies on Local Computer and then click Create IP security Policy.
Step 3 Click the Next button and name your policy. Ex. VPN to DI-804HV. Click Next.
Step 4 Uncheck Activate the default response rule and then click Next.
Step 5 Make sure the Edit properties box is checked and click Finish.
Build Filter Lists
Step 1 In the policy properties dialog box uncheck Use Add Wizard and click Add.
Step 2 From the IP Filter List tab, click Add.
Step 3 Type the name for the filter list “WinXP to DI-804HV”, uncheck the Use Add Wizard and click Add.
Step 4 In the Source Address field select My IP Address.
Step 5 In the Destination Address field select A Specified IP Subnet. In the IP address field enter the network identifier
for the internal subnet of the DI-804HV, in the Subnet Mask field enter the subnet mask of the internal subnet of the
DI-804HV, and then click OK (192.168.0.0/255.255.255.0 being the IP address and Subnet Mask on the internal interface of the
DI-804HV).
Step 6 Click OK on the IP Filter List window.
Step 7 On the IP Filter List tab click Add.
Step 8 Name the filter list. Ex. “DI-804HV to WinXP”. Uncheck Use Add Wizard and click Add.
Step 9 In the Source Address field select A Specific IP Subnet. In the IP address field enter the network identifier for
the internal subnet of the DI-804HV, in the Subnet Mask field enter the subnet mask of the internal subnet of the DI-804HV,
and then click OK (192.168.0.0/255.255.255.0 being the IP address and Subnet Mask on the internal interface of the
DI-804HV).
Step 10 In the Destination Address field select My IP Address and then click OK. Configure Individual Rules
Rule 1:
Step 1 From the IP Filter List tab select WinXP to DI-804HV.
Step 2 Click on the Filter Action tab and select Require Security and then click Edit.
Step 3 Select Negotiate Security, uncheck Accept unsecured communication but always respond using IPSec. Click OK.
Step 4 Click on the Authentication Method tab and click Edit.
Step 5 Change the authentication method to Use this string (preshared key), enter the string 123456 and click OK. The
preshared key will be displayed in the Authentication Methods tab.
Step 6 Click the Tunnel Settings tab and select The tunnel endpoint is specified by this IP address and enter the WAN IP
address of your DI-804HV.
Step 7 From the Connection Type tab select All network connections and click Apply. Click OK to save this rule.
Rule 2:
Step 1 In the VPN to DI-804HV policy properties (VPN to DI-804HV being the name of your new policy) uncheck Use Add Wizard
and click Add.
Step 2 From the IP Filter List tab select DI-804HV to WinXP.
Step 3 Click on the Filter Action tab and select Require Security. Step 4 Click on the Authentication Methods tab and click
Edit.
Step 5 Change the authentication method to Use this string (preshared key), enter the string 123456 and click OK. The
preshared key will be displayed in the Authentication Methods tab.
Step 6 Click the Tunnel Settings tab and select The tunnel endpoint is specified by this IP address and enter the IP
address of your Windows XP PC.
Step 7 From the Connection Type tab select All network connections and click Apply. Click OK to save this rule.
Step 8 Click Close to close the properties window of the VPN to DI-804HV policy. Assign IPSec Policy Step 1 In the Local
Security Settings window click on IP Security Policies on Local Computer then right-click the policy named VPN to DI-804HV
and click on Assign. You should see a green arrow on the folder icon for VPN to DI-804HV and Policy Assigned should now say
Yes.
Configuring the DI-804HV:
Step 1 Log into the web based configuration of the router by typing in the IP address of the router (default: 192.168.0.1)
in your web browser. By default the username is admin and there is no password.
Step 2 Click the VPN button on the left column, select the checkbox to Enable the VPN, and then in the box next to Max.
number of tunnels, enter the maximum numbers of VPN tunnels that you would like to have connected.
Step 3 In the space provided, enter the Tunnel Name for ID number 1, select IKE, and then click More.
Step 4 In the Local Subnet and Local Netmask fields enter the network identifier for DI-804HVґs LAN and the corresponding
subnet mask.
Step 5 In the Remote Subnet and Remote Netmask fields enter the IP address of the Client and a Subnet Mask of
255.255.255.255.
Step 6 In the Remote Gateway field enter the IP address of the Client and in the Preshared Key field, enter a key which
must be exactly the same as the Preshared Key that is configured on the Client.
Step 7 Click Apply and then click on Select IKE Proposal...
Step 8 Enter a name for proposal ID number 1 and select Group 2 from the DH Group dropdown menu.
Step 9 Select 3DES as the Encryption Algorithm and SHA-1 as the Authentication Algorithm.
Step 10 Enter a Lifetime value of 28800 and then select Sec. as the unit for the lifetime value.
Step 11 Select 1 out of the Proposal ID dropdown menu and click Add To, which will add the proposal that was just
configured to the IKE Proposal Index. Click Apply and then click Back.
Step 12 Click on Select IPSec Proposal...
Step 13 Enter a name for proposal ID number 1 and select None from the DH Group dropdown menu.
Step 14 Select ESP as the Encapsulation Protocol.
Step 15 Select 3DES as the Encryption Algorithm and MD5 as the Authentication Algorithm.
Step 16 Enter a Lifetime value of 28800 and then select Sec. as the unit for the lifetime value.
Step 17 Select 1 out of the Proposal ID dropdown menu and click Add To, which will add the proposal that was just
configured to the IPSec Proposal Index. Click Apply and then click Restart.
Establishing the Connection:
Step 1 On the client computer, go to Start>Run, type CMD, and then click OK.
Step 2 At the command prompt, type ping x.x.x.x, where x.x.x.x represents an IP address of a computer behind the DI-804HV,
and then press Enter on your keyboard.
Step 3 You should receive Negotiating IP Security messages and then eventually you will receive Replies. Once you receive
replies, the VPN connection has been established.
|