You are on page 1of 31

How to create IPSec tunnels by Windows XP built in VPN client?

(not using DrayTek SmartVPN)


Topology
In this example, a PC with Windows XP system dials up an IPSEC VPN connection to Vigor router. The IP address of the PC is 172.17.1.190. The IP address of Vigors WAN is 172.17.1.121, the VPN subnet is 192.168.1.0/24. The network topology is shown below:

VPN settings in Vigor2950


Please follow the steps below to set VPN Settings for Vigor device. 1. Add a VPN profile in the "VPN and Remote Access >>Remote Dial-in User page as shown below:

-1-

2.

Press the IKE Pre-Shared Key button, then in the pop-up window enter the pre-shared key 123.

3.

When the VPN is connected, you may check the connection status from VPN and Remote Access >>connection management page:

VPN settings in Windows XP


In Windows XP, we need to configure the IP Security Policy. Please follow the steps listed below: 1. Execute mmc.exe to manage IP security policy.

-2-

2.

Add IP Security Policy Management by choosing Add/Remove Snap-in.

3.

From the Standalone tab, please click Add.

-3-

4. Choose IP Security Policy Management and click Add.

5. When the following screen appears, please choose Local computer and click Finish.

6. The IP Security Policy Management is added.

-4-

7. Select Create IP Security Policy to create a policy for IPSEC-VPN.

8. When the IP Security Policy Wizard appears, please click Next.

-5-

9. Type a suitable name in the name filed, such as ipsec.

10. Uncheck Activate the default response rule and Click Next.

-6-

11. When the following window appears, please check Edit properties and click Finish.

Add a rule for outgoing IPSec traffic


Below we will create two rules for Vigor2950 manually. One is for outgoing traffic, and the other is for incoming traffic. 1. Open IPSec Properties window, there is a default rule <Dynamic>. Please click Add.

-7-

2. From this page, please click Next.

3. Set the tunnel endpoint. Here enter remote VPN gateways IP address:

-8-

4. Select All network connections and click Next.

5. Select Use this string to protect . and type 123. Click Next.

-9-

6. Then add an IP Filter list for this rule by clicking Add.

7. Type ipsec out as the name and click Add.

- 10 -

8. When the following wizard appears, please click Next.

9. Choose A specific IP Address and click Next.

- 11 -

10. In the following page, type the IP address and click Next.

11. Next, choose destination address with A specific IP Subnet. Click Next.

- 12 -

12. Type IP address and Subnet mask.

13. Choose Any as the protocol type. Click Next.

- 13 -

14. Click OK to finish the settings.

15. Select ipsec out in the IP Filter list, then click Next.

- 14 -

16. Click Add to setup action for this rule.

17. The wizard will appear, then. Please click Next.

- 15 -

18. Type ipsec out as the name and click Next.

19. Select Negotiate security and click Next.

- 16 -

20. Select Encryption and Integrity and click Next..

21. Uncheck Edit properties and click Finish.

- 17 -

22. Select ipsec out for Filter Action, and click Next.

23. Uncheck Edit properties and click Finish.

- 18 -

Add the other rule for incoming traffic


1. Open IPSec Properties window and check ipsec out. Next, click Add.

2. When the following wizard appears, click Next.

- 19 -

3. Set the tunnel endpoint. Here please type IP address of clients PC. Click Next.

4. Select All network connections. Click Next.

- 20 -

5. Click Use this string to protect. and enter 123. Click Next.

6. Then click Add to add an IP Filter list for this rule.

- 21 -

7. Type ipsec in as the name and click OK.

8. Choose A specific IP Subnet and click Next.

- 22 -

9. Type IP address and Subnet mask, click Next.

10. Next, choose destination address with A specific IP Subnet. Click Next.

- 23 -

11. In the following page, type the IP address and click Next.

12. Choose Any as the protocol type. Click Next.

- 24 -

13. Uncheck Edit properties and click Finish.

14. Click OK to finish the settings.

- 25 -

15. Select ipsec in from IP Filter list, then click Next.

16. Click Add to setup the action for this rule.

- 26 -

17. When the following screen appears, click Next.

18. Type ipsec in as the name and click Next.

- 27 -

19. Select Negotiate security and click Next.

20. Select Encryption and Integrity and click Next.

- 28 -

21. Uncheck Edit properties and click Finish.

22. Select ipsec in for Filter Action, and click Next.

- 29 -

23. Uncheck Edit properties and click Finish.

Now we can see two rules for this IPSec policy. Select both of them and click Apply.

- 30 -

Choose ipsec>>Assign from the Console screen.

At last, we can use the command ping 192.168.1.1 from DOS prompt to initiate the VPN connection, then the IPSEC-VPN will be set up.

- 31 -