Application Note 10. IPSec Over Cellular using Digi Transport Routers Pre-shared keys. UK Support February 2010
|
|
- Homer Ellis
- 8 years ago
- Views:
Transcription
1 Application Note 10 IPSec Over Cellular using Digi Transport Routers Pre-shared keys UK Support February 2010
2 Contents 1 Introduction Outline Assumptions Corrections Version Digi WR41 VPN INItiator Configuration Inside Ethernet Interface Outside Cellular PPP Interface WR41 Wireless WAN (W-WAN) Module WR41 Phase 1 IKE WR41 Phase 2 IPSec WR41 Initiator Pre-shared Key WR41 Configure Packet Analyser for Debugging DR6410 VPN Responder Configuration Inside LAN Ethernet Interface Outside ADSL PPP Interface DR6410 Phase 1 IKE DR6410 Phase 2 IPSEC DR6410 Initiator Pre-shared Key TESTING Successful connection from the initiator point of view: Eventlog IPSEC Security Associations Debugging Debug Failed Connection: Phase 2 - No Matching Eroute Debug Failed Connection: Phase 1 - Aggressive mode off Debug Failed Connection: Phase 1 - Preshared Key Incorrect Debug Failed Connection: Phase 1 - Algorithm unsupported... 25
3 5.5 IPSec Debug for Successful Connection Configuration Files Sarian DR6410 Responder Configuration Sarian WR41 Initiator Configuration Sarian Firmware Versions Figures Figure 1-1: Overview Diagram... 4 Figure 2-1: WR41 Ethernet 0 configuration... 6 Figure 2-2: WR41 PPP 1 Configuration... 7 Figure 2-3: WR41 W-WAN Module configuration... 8 Figure 2-4: WR41 Phase 1 IKE... 9 Figure 2-5: WR41 Phase 2 IPSec Figure 2-6: WR41 Initiator Pre-shared Key Figure 2-7: WR41 Packet Analyser for Debugging Figure 3-1: DR6410 Ethernet 0 configuration Figure 3-2: DR6410 ADSL Interface Figure 3-3: DR6410 Phase 1 IKE Figure 3-4: DR6410 Phase 2 IPSEC Figure 3-5: DR6410 Pre-Shared Key Figure 3-6: WR41 Packet Analyser for Debugging Figure 4-1: WR41 Eventlog Figure 4-2: DR6410 IPSec SA s Figure 4-3: WR41 IPSec SA s... 21
4 1 INTRODUCTION 1.1 Outline This application note aims to enable the reader to easily configure an IPSec VPN tunnel between two local area networks using a Sarian at both ends of the tunnel. The diagram below details the IP number scheme and architecture of this example configuration. Figure 1-1: Overview Diagram Page 4
5 1.2 Assumptions This guide has been written for use by technically competent personnel with a good understanding of the communications technologies used in the product, and of the requirements for their specific application. Configuration: This application note assumes that the WR41 will be connecting to a cellular network (i.e. GPRS, EDGE, 3G, HSDPA or HSUPA). Routers connecting to cellular networks are usually allocated a private IP address which would translate to a routable internet external IP at the border of the mobile internet network. In this case, the mode of IPSec needs to be aggressive mode with NAT-Traversal. The IPSec responders IP address needs to be in the public address range and is either fixed or dynamic. In the case of the latter, a type of dynamic DNS hostname will be required because the IPSec initiator always needs to know where to connect. This application note applies to; Models shown: Digi Transport WR41 and DR6410 Mk2 Other Compatible Models: Digi Transport VC7400 VPN Concentrator, WR, SR or DR. Firmware versions: All Versions Configuration: This Application Note assumes the devices are set to their factory default configurations. Most configuration commands are only shown if they differ from the factory default. For the purpose of this application note the following applies: The IPSec responder router s IP address must be in the public address range and fully routable. 1.3 Corrections Requests for corrections or amendments to this application note are welcome and should be addressed to: uksupport@digi.com Requests for new application notes can be sent to the same address. 1.4 Version Version Number: 3.0 Status: Published Page 5
6 2 DIGI WR41 VPN INITIATOR CONFIGURATION As with all Digi Transport routers you have the option of configuring the IPSec parameters either via the web interface or by writing a new configuration file. We will show the web configuration in this application note. Only the parts of the configuration files that specifically relate to the configuration of this example will be explained in detail. (The configuration files used for this application note can be found in their entirety at the end of this document). 2.1 Inside Ethernet Interface CONFIGURATION INTERFACES ETHERNET ETH 0 CONFIGURE First, configure the Ethernet interface with an IP and set up monitoring: Parameter Setting Description IP analysis: On Turn on analysis for this interface so we can troubleshoot if there are problems with the setup IP address: Enter the IP address of the LAN interface for the router Figure 2-1: WR41 Ethernet 0 configuration 2.2 Outside Cellular PPP Interface CONFIGURATION INTERFACES PPP PPP 0-4 PPP 1 STANDARD Page 6
7 IPSec is enabled on the outgoing interface; in this example the outgoing interface is the cellular interface PPP 1. IP analysis is also enabled on this interface for use during the testing phase. Parameter Setting Description IP analysis: On Turn on analysis for this interface so we can troubleshoot if there are problems with the setup IPSec: On-Remove SAs when link down Turn on IPSec on the interface Figure 2-2: WR41 PPP 1 Configuration 2.3 WR41 Wireless WAN (W-WAN) Module CONFIGURATION INTERFACES MOBILE W-WAN MODULE SIM n Parameter Setting Description APN Your APN Enter the APN of your mobile provider PIN/Confirm PIN Your PIN code Enter the SIM PIN if required Page 7
8 Figure 2-3: WR41 W-WAN Module configuration 2.4 WR41 Phase 1 IKE IKE is the first stage in establishing a secure link between two endpoints and has to be configured to match the settings on the VPN host Sarian. In this example 3Des and MD5 are used to encrypt and authenticate. Aggressive mode is enabled. MODP group 2 is used, meaning we use a 1024 bit key for the IKE Diffie-Hellman exchange. Set the IKE SAs to be removed when the IPSec SAs are removed. Set debug to very high as this will help to see that everything has completed correctly when the two units build the VPN tunnel. CONFIGURATION VPN IPSEC IKE IKE 0 Parameter Setting Description Encryption algorithm: 3DES The encryption algorithm to be used for IKE exchanges over the IP connection Authentication algorithm: MD5 The algorithm used to authenticate the IKE session Aggressive mode: ON Aggressive mode is used in this example IKE MODP group: 2(1024) The key length used in the IKE Diffie-Hellman exchange SA removal mode: Choose option Remove IKE SA when last IPSEC SA removed Debug Level: Very High This will allow for detailed debugging and can be turned off once you are happy that this is working Page 8
9 2.5 WR41 Phase 2 IPSec Figure 2-4: WR41 Phase 1 IKE Next configure the eroute (encrypted route). This will determine what traffic is routed to the remote network over the VPN. Most of the phase two IPSec configuration is done within this area. NB: In Aggressive mode the Peer ID and the Our ID can be any alpha-numeric value as long as they correspond with the remote VPN router. They are also case sensitive. CONFIGURATION VPN IPSEC IPSEC EROUTES EROUTE 0 Parameter Setting Description Peer IP/hostname: IP address of the vpn host machine Peer ID: Hostsarian The ID of the VPN responder router (remote router) Our ID: Clientsarian The ID of the VPN initiator router (this router) Local subnet IP address: Packets will be directed through this tunnel if the source and destination IP matches Local subnet mask: Subnet mask for the network Remote subnet IP Packets will be directed through this tunnel if the address: source and destination IP matches: Remote subnet mask: Subnet mask for the network ESP authentication MD5 The IPSEC ESP authentication algorithm is MD5: Page 9
10 algorithm: ESP encryption algorithm: 3DES Duration (kb): 0 The IPSEC encryption algorithm to use is 3DES This can be used to exchange keys more quickly if a certain amount of data is exchanged No SA action: Use IKE We want to route matching packets over the VPN Create SAs Yes, route with The router will try to setup the VPN automatically automatically: matching interface Authentication Preshared Keys Preshared keys will be used for authentication method: Display IKE lookup This will provide Error message detail in the Yes debug info: analyser trace for debug and testing Page 10
11 Figure 2-5: WR41 Phase 2 IPSec Page 11
12 2.6 WR41 Initiator Pre-shared Key CONFIGURATION SECURITY USERS USERS User 10 In this section the preshared key is set up. The preshared key is enabled by creating a username with the name of the remote peer (Peer ID from the eroute) and the password is the preshared key. Parameter Setting Description Name: responder Name should match the Peer ID: value from Eroute 0 Password: Test Enter the password in a production environment you will want to choose a more secure shared key than this Confirm Password: Test Re-enter the password in a production environment you will want to choose a more secure shared key than this Access Level: None This user will not be granted any admin access as only used as a preshared key Figure 2-6: WR41 Initiator Pre-shared Key Page 12
13 2.7 WR41 Configure Packet Analyser for Debugging This is just to double check that the analyser is setup correctly. Remove any settings that do not match here. DIAGNOSTICS ANALYSER SETTINGS Parameter Setting Description Analyser ON Enable logging to the analyser trace IKE: IKE Debug When this is ticked we will see IKE debug in the analyser trace I-PAK: Max I-PAK size: 1500 We will then be able to collect most full sized packets IP Source: ETH 0 Enable logging for this interface IP source: PPP 1 Enable logging for this interface IP filters: Ports: ~500,4500 Restrict the ports logged to only show IKE and IPSec Figure 2-7: WR41 Packet Analyser for Debugging Page 13
14 3 DR6410 VPN RESPONDER CONFIGURATION 3.1 Inside LAN Ethernet Interface First, configure the Ethernet interface with an IP and set up monitoring: CONFIGURATION INTERFACES ETHERNET ETH 0 CONFIGURE Parameter Setting Description IP Analysis: On Turn on analysis for this interface so we can troubleshoot if there are problems with the setup IP Address Enter Interface IP Enter the IP address of the Lan interface for the router 3.2 Outside ADSL PPP Interface Figure 3-1: DR6410 Ethernet 0 configuration In this example a DSL link is used, this link provided a static IP for the host Sarian. IPSec is enabled on this interface. CONFIGURATION INTERFACES PPP PPP 0 4 PPP 1 STANDARD Parameter Setting Description IP Analysis: On Turn on analysis for this interface so we can troubleshoot if there are problems with the setup Username: Username ADSL access username Password (Assigned): Password ADSL access password Confirm Password Password Confirm ADSL access password. IPSec On-Keep SA s when link down Enable IPSec on the ADSL interface Page 14
15 Figure 3-2: DR6410 ADSL Interface 3.3 DR6410 Phase 1 IKE CONFIGURATION VPN IPSEC IKE RESPONDER Next configure the debug level and also check that the IKE 0 initiators config. I.e. By default the responder IKE values are not restricted and should cover the values assigned in the initiators IKE 0 config. Parameter Setting Description Debug Level: Very High This will allow for detailed debugging and can be turned off once you are happy that this is working Figure 3-3: DR6410 Phase 1 IKE Page 15
16 3.4 DR6410 Phase 2 IPSEC As this is the responder unit and the client doesn t have a static IP due to connecting over a Cellular network we do not initiate the IPSec tunnel from this end so there are 3 less items to configure here than on the initiator Sarian. CONFIGURATION IPSEC IPSEC EROUTES EROUTE 0 9 EROUTE 0 Parameter Setting Description Peer ID: Initiator Id of the VPN Client machine Our ID: responder ID of our machine Local subnet IP address: Local network address Packets will be directed through this tunnel if the source and destination IP matches Local subnet mask: Local subnet address Subnet mask for the network Remote subnet IP address: Remote network address Packets will be directed through this tunnel if the source and destination IP matches: Remote subnet Remote subnet mask: address Subnet mask for the network ESP authentication The IPSEC ESP authentication algorithm is MD5: MD5 algorithm: ESP encryption algorithm: 3DES The IPSEC encryption algorithm to use is 3DES Duration (kb): 0 This can be used to exchange keys more quickly if a certain amount of data is exchanged Authentication method: Preshared Keys Preshared keys will be used Display IKE lookup This will provide Error message detail in the Yes debug info: analyser trace for debug and testing Page 16
17 Figure 3-4: DR6410 Phase 2 IPSEC Page 17
18 3.5 DR6410 Initiator Pre-shared Key In this section the preshared key is set up, the preshared key is set up by creating a username with the name of the remote peer (responder) vpn id and the password is the preshared key. CONFIGURATION SECURITY USERS USER USER 10 Parameter Setting Description Name: initiator Name should match the Peer ID: value from Eroute 0 Password: Test Enter the password in a production environment you will want to choose a more secure shared key than this Re-enter the password in a production Confirm Password: Test environment you will want to choose a more secure shared key than this Access Level: None This user will not be granted any admin access as only used as a preshared key Figure 3-5: DR6410 Pre-Shared Key Page 18
19 Configure Analyser This is just to double check that the analyser is setup correctly. Remove any settings that do not match here. Parameter Setting Description Analyser ON Enable logging to the analyser trace IKE: IKE Debug When this is ticked we will see IKE debug in the analyser trace I-PAK: Max I-PAK We will then be able to collect most full sized 1500 size: packets IP Source: ETH 0 Enable logging for this interface IP source: PPP 1 Enable logging for this interface IP filters: Ports: ~4500,500 Restrict the ports logged to only show IKE and IPSec Figure 3-6: WR41 Packet Analyser for Debugging Page 19
20 4 TESTING 4.1 Successful connection from the initiator point of view: Eventlog The eventlog shows the events occuring within the operating system. Here you can see the cellular interface (PPP 1) establishing followed by the VPN. DIAGNOSTICS EVENTLOG Figure 4-1: WR41 Eventlog Page 20
21 4.1.2 IPSEC Security Associations On successful connection you will see the IPSec SAs in both the Initiator and the Responder IPSec SAs list. Here you can see the peer IP the remote and local networks, the authentication algorithm and time left until keys are again exchanged. DR6410: DIAGNOSTICS STATUS IPSEC IPSEC SAs EROUTE 0 9 EROUTE 0 WR41: Figure 4-2: DR6410 IPSec SA s DIAGNOSTICS STATUS IPSEC IPSEC SAs Figure 4-3: WR41 IPSec SA s Page 21
22 If the event log and the IPSec output show as above then you should be able to ping the LAN interface or a node on the remote network: C:\Documents and Settings\XP>ping t Pinging with 32 bytes of data: Reply from : bytes=32 time=2170ms TTL=249 Reply from : bytes=32 time=159ms TTL=249 Reply from : bytes=32 time=162ms TTL=249 Reply from : bytes=32 time=156ms TTL=249 Reply from : bytes=32 time=165ms TTL=249 Reply from : bytes=32 time=164ms TTL=249 Reply from : bytes=32 time=152ms TTL=249 Reply from : bytes=32 time=149ms TTL=249 Reply from : bytes=32 time=158ms TTL=249 Reply from : bytes=32 time=157ms TTL=249 Reply from : bytes=32 time=159ms TTL=249 Reply from : bytes=32 time=159ms TTL=249 Reply from : bytes=32 time=158ms TTL=249 Ping statistics for : Packets: Sent = 13, Received = 13, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 149ms, Maximum = 2170ms, Average = 312ms The first ping may result in a longer turn around time if you need to bring up the vpn when the first packet arrives. Page 22
23 5 DEBUGGING 5.1 Debug Failed Connection: Phase 2 - No Matching Eroute When the Sarian attempts to bring up the eroute there can be a number of reasons for failure. Below you will see the IPSec debug for a successful connection here. We have changed the config given in this example with the following change on the initiator: eroute 0 locip " " The corresponding line from the responder is: eroute 0 remip " " When the connection fails the following error will be seen in the event log of both ends of the connection: 08:14:03, 22 Apr 2008,IKE SA Removed. Peer: responder,rx Delete Notification 08:14:03, 22 Apr 2008,IKE SA Removed. Peer: responder,rx Delete Notification 08:14:03, 22 Apr 2008,IKE Notification: No Proposal Chosen,RX 08:14:03, 22 Apr 2008,IKE Notification: Responder Lifetime,RX 08:14:03, 22 Apr 2008,New Phase 2 IKE Session ,Initiator 08:14:02, 22 Apr 2008,IKE Keys Negotiated. Peer: responder 08:14:02, 22 Apr 2008,New Phase 1 IKE Session ,Initiator 08:14:02, 22 Apr 2008,IKE Request Received From Eroute 0 Above is the connection from the initiators end and below is the event log from the responder: 08:14:10, 22 Apr 2008,IKE SA Removed. Peer: initiator,successful Negotiation 08:14:10, 22 Apr 2008,IKE Notification: No Proposal Chosen,TX 08:14:10, 22 Apr 2008,IKE Notification: Initial Contact,RX 08:14:10, 22 Apr 2008,New Phase 2 IKE Session ,Responder 08:14:09, 22 Apr 2008,IKE Keys Negotiated. Peer: initiator 08:14:09, 22 Apr 2008,New Phase 1 IKE Session ,Responder Note that in both you will see the message No Proposal Chosen, RX to indicate received and TX to indicate sent. In other words if you only see this line: 08:14:10, 22 Apr 2008,IKE Notification: No Proposal Chosen,TX It will be clear that you are looking at the responder. To find out why the responder rejected this communication the analyser trace needs to be set up. If you have followed the instructions above you will have the analyser trace already configured. Please note that the communication, in this example, fails at phase 2, the keys are clearly indicated as having been negotiated and this message can be seen in both event logs: Page 23
24 08:14:10, 22 Apr 2008,New Phase 2 IKE Session ,Initiator 08:14:03, 22 Apr 2008,New Phase 2 IKE Session ,Responder To find out why phase 2 is failing we will need to look at the analyser logs search for the line that includes the error code :ER <number>:. In this example we have the error: :14: IKE DEBUG (21016):ER 0: remote IP outside traffic selector range The line below this provides a better explanation of the error: :14: IKE DEBUG (21016):Unable to locate eroute matching this negotiation As can be seen from the config change there is now an eroute mismatch at the initiator and responder routers and the IPSec tunnel will not succeed until this is changed. Please note that the number in brackets after IKE DEBUG in this case (21016) will be found against all the logging entries for that particular event within the analyser trace, When there is more than one IPSec tunnel trying to start being able to isolate the conversation using this sequence number is very handy indeed. The relevant excerpt from the log is below showing the responder trying to match the eroute and then failing to do so: :14: IKE DEBUG (21016):Locating eroute matching this negotiation :14: IKE DEBUG (21016):ER 0: remote IP outside traffic selector range :14: IKE DEBUG (21016):Unable to locate eroute matching this negotiation :14: IKE DEBUG (21016):No proposal chosen :14: IKE DEBUG (21016):Sending IKE phase 2 notification :14: IKE DEBUG (21016):Notification type (14) No Proposal Chosen Page 24
25 5.2 Debug Failed Connection: Phase 1 - Aggressive mode off Because the responder cannot in this example initiate a tunnel due to the network limitations of the GPRS network being natted behind an internet gateway and thus preventing us from initiating communication to the initiator we have to use aggressive mode. When aggressive mode is off you will see an error as per below on the initiator: 08:56:06, 22 Apr 2008,IKE SA Removed. Peer:,Negotiation Failure 08:56:06, 22 Apr 2008,IKE Negotiation Failed. Peer:,No Password Available 08:56:06, 22 Apr 2008,IKE Request Received From Eroute Debug Failed Connection: Phase 1 - Preshared Key Incorrect Below is the event log from the initiator showing the response when the shared secret is wrong on one end: 09:11:42, 22 Apr 2008,IKE SA Removed. Peer: responder,negotiation Failure 09:11:42, 22 Apr 2008,IKE Negotiation Failed. Peer: responder,authorisation Failed 09:11:42, 22 Apr 2008,IKE Negotiation Failed. Peer:,Bad Packet 09:11:42, 22 Apr 2008,New Phase 1 IKE Session ,Initiator 09:11:42, 22 Apr 2008,IKE Request Received From Eroute 0 To rectify this problem ensure that the password is the same on both ends the responder needs a password for the initiators id in our example this is set up on user Debug Failed Connection: Phase 1 - Algorithm unsupported If any settings are removed from CONFIGURATION VPN IPSEC IKE RESPONDER then the initiator will need to use the right IKE encryption & authentication algorithm and IKE MODP group. For the purpose of this test the following change was made on the responder s config: ike 0 rencalgs "AES,DES" As the initiator is configured to use 3DES then the following will be seen in the initiator debug: 09:26:50, 22 Apr 2008,IKE Negotiation Failed. Peer:,Bad Packet 09:26:49, 22 Apr 2008,IKE Request Received From Eroute 0 In the responder analyser trace you will see the following after the initial IKE packet has been received: :28: IKE DEBUG (21842): Checking attribute 1: Encryption algorithm Enc Alg: 1: 3DES Requested Alg. not supported Page 25
26 To resolve this at the initiator end change the Ike encryption algorithm or at the responder end add the encryption algorithm. Please note that the settings in the responder CONFIGURATION VPN IPSEC IKE RESPONDER and the initiator CONFIGURATION VPN IPSEC IKE IKE 0 should match. If they do not you will see errors on Phase 1 negotiation as above. 5.5 IPSec Debug for Successful Connection Below is a successful negotiation between the two test Sarians. This log is taken from the responder. Key elements are outlined below in bold to make it easier to see the steps in the communication. IKE DEBUG: Handling IKE packet IKE DEBUG: Locating IKE context IKE DEBUG: Packet for new phase 1 session IKE DEBUG: Preparing for new Phase 1 negotiation IKE DEBUG (504):IKE context located. Local session ID: 0x504 IKE DEBUG (504):Checking packet IKE DEBUG (504):Validating payloads IKE DEBUG (504):Checking payload (1) SA IKE DEBUG (504):Checking payload (4) Key Ex IKE DEBUG (504):Checking payload (10) Nonce IKE DEBUG (504):Checking payload (5) ID IKE DEBUG (504):Checking payload (13) Vendor ID Page 26
27 IKE DEBUG (504):Checking payload (13) Vendor ID IKE DEBUG (504):Checking payload (13) Vendor ID IKE DEBUG (504):Checking payload (13) Vendor ID IKE DEBUG (504):Packet payloads check out OK IKE DEBUG (504):Packet type (4) Agressive mode IKE DEBUG (504):IKE role Responder IKE DEBUG (504):Handling aggressive mode packet and SA state is (0) IDLE IKE DEBUG (504):Processing SA message IKE DEBUG (504):Processing Vendor ID payloads af ca d a1 f1 c9 6b fc Peer supports our version of DPD IKE DEBUG (504): 7d a ca 6f 2c 17 9d d 56 Peer supports our version of NAT traversal IKE DEBUG (504): 90 cb e bb 69 6e b5 ec 42 7b 1f Peer supports our version of NAT traversal IKE DEBUG (504): 12 f5 f2 8c a9 70 2d 9f e2 74 cc IKE DEBUG (504):DH g_x length: 128 IKE DEBUG (504):Processing ID payload IKE DEBUG: Decoding ID type 11 Key ID IKE DEBUG: Decoded ID is initiator Page 27
28 IKE DEBUG (504):Checking next SA payload IKE DEBUG (504):Checking SA proposals IKE DEBUG (504):Checking proposal number 1 IKE DEBUG (504):Checking transform payloads. Expecting 1 transforms IKE DEBUG (504):Transforms payloads OK IKE DEBUG (504):Proposal payload OK IKE DEBUG (504):SA payload valid IKE DEBUG (504): Transform attributes Attribute 1: Encryption algorithm Enc Alg: 5: 3DES Attribute 2: Hash algorithm HASH alg: 1: MD5 Attribute 3: Authentication method Auth Method: 1: PRESHARED Attribute 4: DH group description Maths group: 2: DH group 2 Attribute 11: Life type Life type (1) secs. Expecting life duration attribute next Attribute 12: Life duration Life duration value 1260 IKE DEBUG (504):Selecting transform from proposal 1 Checking transform attributes IKE DEBUG (504): Checking attribute 1: Encryption algorithm Enc Alg: 5: 3DES Alg. is supported IKE DEBUG (504): Checking attribute 2: Hash algorithm HASH alg: 1: MD5 Alg. is supported Page 28
29 IKE DEBUG (504): Checking attribute 3: Authentication method Auth Method: 1: PRESHARED Method is supported IKE DEBUG (504): Checking attribute 4: DH group description Maths group: 2: DH group 2 Group is supported IKE DEBUG (504): Checking attribute 11: Life type Life type (1) secs. Expecting life duration attribute next IKE DEBUG (504): Checking attribute 12: Life duration Life duration value 1260 IKE DEBUG (504):Transform 1 has all required attributes IKE DEBUG (504):Selected transform IKE DEBUG (504):Retrieving password IKE DEBUG: Decoding ID type 11 Key ID IKE DEBUG: Decoded ID is initiator IKE DEBUG (504):Password retrieved for ID initiator IKE DEBUG (504):Requesting DH KE data from DH task IKE DEBUG (504):Waiting on data from DH task IKE DEBUG (504):IKE aggressive mode result 1 IKE DEBUG: IKE got data from DH task IKE DEBUG (504):DH data for IKE ctx 0 in state IDLE Page 29
30 IKE DEBUG (504):Requesting DH shared secret from DH task IKE DEBUG (504):Changing IKE SA state from IDLE to Awaiting DH data :51: IKE DEBUG: IKE got data from DH task :51: IKE DEBUG (504):DH data for IKE ctx 0 in state Awaiting DH data :51: IKE DEBUG (504):Generating SKEYID :51: IKE DEBUG (504):Generating SKEYID_d :51: IKE DEBUG (504):Generating SKEYID_a :51: IKE DEBUG (504):Generating SKEYID_e :51: IKE DEBUG (504):Generating key material :51: IKE DEBUG (504):IKE key material generated :51: IKE DEBUG (504):Sending aggressive mode SA message :51: IKE DEBUG: Adding proposal nb: 1, protocol ID: 1, spi size: 0, nb_transforms: :51: IKE DEBUG (504): Transform attributes Attribute 1: Encryption algorithm Enc Alg: 5: 3DES Attribute 2: Hash algorithm HASH alg: 1: MD5 Attribute 3: Authentication method Auth Method: 1: PRESHARED Attribute 4: DH group description Maths group: 2: DH group 2 Attribute 11: Life type Life type (1) secs. Expecting life duration attribute next Attribute 12: Life duration Life duration value :51: Page 30
31 IKE DEBUG: Adding SA payload header doi: 1, situation :51: IKE DEBUG (504):ID generated :51: IKE DEBUG (504):Create HASH using password :51: IKE DEBUG: Adding Vendor ID payloads for use with DPD :51: IKE DEBUG: Adding Vendor ID payloads for use with NAT traversal :51: IKE DEBUG (504):Adding NATD payloads :51: IKE DEBUG: Adding CISCO UNITY Vendor ID payload :51: IKE DEBUG (504):Transmit IKE packet :51: IKE DEBUG (504):Transmit to peer :51: A1 01 D FA D7 F6 E...Õ...2.X. ö D4 B F4 A D 77 F8 DA 9B D0 78 Ô. B.ô..wøÚ Ðx EF 42 F6 85 F0 2F F2 B4 A6 23 F6 1F Bö..ò..ö B C 04 EC 0A BE 3B F 66 9A 29 3C E4 84 E9 3B 8C BB 31.. Ofš..ä é.œ.1 DB CA 7D F F 68 FE 3A Û..S7..ñ1.u5.hþ. AC A 8C 40 D B5 94 FD BF. F.Œ..QFµ ý.b. 8A CA 8F D6 CF E D 73 EB 35 Š.H.T.ÖÏé. msë5 C0 A8 3A 5E 79 FD 84 DE 14 F8 B5 0C EF 75 CA 54...yý Þ.øµ..u.T DE D8 C4 D1 A1 41 C EB 7B CD ÞØ.Ñ.A.s3uë.tR F 77 D9 BB 6E 8A B3 50 E4 9E 60 1F EC E5 A5 p.wù.nš³päž...å 19 DA BA B 5F C6 BB A D8 64.Ú....Æ...QØd B CA 4B F2 D4 DD KòÔÝ B2 C B F ôresp 6F 6E D D B A6 38 D0 onder... k.8ð 5B C F9 C7 F4 DF 05 0D AF CA D7..g.ù.ôß A1 F1 C9 6B FC D h.ñ.k üww D A CA 6F 2C 17 9D D....S..o...R CB E BB 69 6E V......in.c B5 EC 42 7B 1F DB F7 B DA 92 µ.b...û ±h.ú 2B F8 CC 88 7C FD D9 4F 15 0D DD D3.ø.ˆ.ýÙO... ÝÓ 6F 09 D1 32 8C 57 DB 16 CB C9 FD FA D o.ñ2œwû...ý.ó F5 F2 8C A9 70 2D 9F E2 74 CC 01...òŒEqh.p..ât Page 31
32 IP (Final) From LOC TO REM IFACE: PPP 1 45 IP Ver: 4 Hdr Len: TOS: Routine Delay: Normal Throughput: Normal Reliability: Normal 01 A1 Length: D5 ID: Frag Offset: 0 Congestion: Normal May Fragment Last Fragment FA TTL: Proto: UDP Checksum: D7 F6 Src IP: D4 B Dst IP: UDP: 01 F4 SRC Port: IKE (500) A8 89 DST Port:??? (43145) 01 8D Length: F8 Checksum: IKE: DA 9B D0 78 EF 42 F6 85 I_CKY F0 2F F2 B4 A6 23 F6 1F R_CKY 01 Next Payload: SA (1) 10 Ver: Type: 4 00 Flags: ID: Len: Next Header: Key Ex (4) 0A Next Header: Nonce (10) 05 Next Header: ID (5) 08 Next Header: Hash (8) 0D Next Header: Vendor ID (13) 0D Next Header: Vendor ID (13) 0D Next Header: Vendor ID (13) 82 Next Header: NATD (130) 82 Next Header: NATD (130) 0D Next Header: Vendor ID (13) 00 Next Header: None (0) :51: IKE DEBUG (504):Changing IKE SA state from Awaiting DH data to PH1 sent KE C 00 D E D4 B E...Ð..è.FPÔ. B D7 F6 A X. ö.p..h... DA 9B D0 78 EF 42 F6 85 F0 2F F2 B4 A6 23 F6 1F Ú Ðx.Bö..ò..ö C C7 A8 A1 CC... D6 C4 CA E0 56 F0 1C 39 A C8 21 3D 6C 36 Ö..àV l6 Page 32
33 1A E5 A E CE BE B3 48 1B A FB A0 F9 1A 6D FA 16 C7 D3 CB 34 AA 60 2B 89 B6 3F F8 C5 6C 6E A4 27.å..pt.ãg.Î..p³H... û.ù.m...ó.4....ø.ln.. IP (In) From REM TO LOC IFACE: PPP 1 45 IP Ver: 4 Hdr Len: TOS: Routine Delay: Normal Throughput: Normal Reliability: Normal 00 7C Length: D0 ID: Frag Offset: 0 Congestion: Normal May Fragment Last Fragment E8 TTL: Proto: UDP Checksum: D4 B Src IP: D7 F6 Dst IP: UDP: A9 50 SRC Port:??? (43344) DST Port: IKE FLOAT (4500) Length: Checksum: 0 IKE DEBUG: Handling IKE packet IKE DEBUG: Locating IKE context IKE DEBUG: Packet for existing negotiation IKE DEBUG (504):Located SA for existing phase 1 negotiation IKE DEBUG (504):IKE context located. Local session ID: 0x504 IKE DEBUG (504):Checking packet IKE DEBUG (504):IKE decrypting packet IKE DEBUG (504):Validating payloads IKE DEBUG (504):Checking payload (8) Hash Page 33
34 IKE DEBUG (504):Checking payload (130) NATD IKE DEBUG (504):Checking payload (130) NATD IKE DEBUG (504):Packet payloads check out OK IKE DEBUG (504):Packet type (4) Agressive mode IKE DEBUG (504):IKE role Responder IKE DEBUG (504):Handling aggressive mode packet and SA state is (3) PH1 sent KE IKE DEBUG (504):Processing agressive mode HASH message IKE DEBUG (504):Processing NATD payloads IKE DEBUG (504):HASH's same, we are not behind a NAT box IKE DEBUG (504):Remote is behind a NAT box IKE DEBUG (504):Verifying phase 1 HASH payload IKE DEBUG (504):Phase 1 agressive mode negotiation completed successfully IKE DEBUG (504):Changing IKE SA state from PH1 sent KE to PH1 complete IKE DEBUG (504):Saving completed phase 1 negotiation local ID: 0x1f8 IKE DEBUG (504):Send IKE lifetime (1200) notification to peer IKE DEBUG (504):IKE aggressive mode result 0 IKE DEBUG (504):Resetting IKE context 0 Page 34
35 IKE DEBUG (504):Retaining completed phase 1 SA local ID: 0x1f8 IKE DEBUG: IKE request to send LIFETIME notification IKE DEBUG (504):Prepare for new Phase 2 negotiation IKE DEBUG (505):New phase 2 session IKE DEBUG: Got new phase 2 session ID: 0xb IKE DEBUG (505):Changing IKE SA state from PH1 complete to PH2 Initial IKE DEBUG (505):Encrypting IKE packet :51: IKE DEBUG: send LIFETIME notification lifetime :51: IKE DEBUG (505):Transmit IKE packet :51: IKE DEBUG (505):Transmit to peer :51: D FA D7 F6 E..t.Ö...3RX. ö D4 B A Ô. B..P... DA 9B D0 78 EF 42 F6 85 F0 2F F2 B4 A6 23 F6 1F Ú Ðx.Bö..ò..ö B C9 3F 4C 5B......T..L CE 00 C BA C Î..ppiSA...e 55 2E AA 17 A7 73 EC A6 E3 05 5D 97 B9 7E C7 E3 U...s..ã.....ã 1C 74 F B BF 7E F D 1B 2B 9A 1B.tóD.k...G...š. A F IP (Final) From LOC TO REM IFACE: PPP 1 45 IP Ver: 4 Hdr Len: TOS: Routine Delay: Normal Throughput: Normal Reliability: Normal Length: D6 ID: Frag Offset: 0 Congestion: FA TTL: Proto: UDP Normal May Fragment Last Fragment Page 35
36 33 52 Checksum: D7 F6 Src IP: D4 B Dst IP: UDP: SRC Port: IKE FLOAT (4500) A9 50 DST Port:??? (43344) Length: Checksum: :51: IKE DEBUG (505):Resetting IKE context :51: IKE DEBUG (505):Removing IKE SA :51: D4 00 D E F7 D4 B E..Ô.Ñ..è.E Ô. B D7 F6 A C X. ö.p.... DA 9B D0 78 EF 42 F6 85 F0 2F F2 B4 A6 23 F6 1F Ú Ðx.Bö..ò..ö EE 6C B4 FF 41 AC 5B...îl....A.. BA A 60 D0 E3 E9 4D F9 F2 53 B8 D6. IP.š.ÐãéMùòS.Ö 71 A3 F3 A D5 CA 7B 74 6B 4E DE CF D3 C5 q.ó..dõ..tknþïó. 9D BF B6 6F F1 48 5B FB 9A DA. oñh.ûš.tsú 4B 8D 09 A2 20 D0 DD EB 1C E7 1C AE K...ÐÝ6..dë.ç.. 2B D8 B1 E5 EB E9 DD 6F 6C DA BA 0E AD AE.3iرåëéÝolÚ B8 F5 B AC FE F6 C µ.2.t.þö.GI8 9C A6 28 B4 40 2F F B1 16 AC 51 8C E8 46 œ.....7±..qœèf A3 7E 98 0A B9 C0 AE 2E 0F 1F 86 8A E3 36 yq..... Šã6 54 F4 82 EF EE 16 F0 42 E B CC Tô..î..Bå..±sS9. C5 EB 65 1C.ëe. IP (In) From REM TO LOC IFACE: PPP 1 45 IP Ver: 4 Hdr Len: TOS: Routine Delay: Normal Throughput: Normal Reliability: Normal 00 D4 Length: D1 ID: Frag Offset: 0 Congestion: Normal May Fragment Last Fragment E8 TTL: Proto: UDP 45 F7 Checksum: D4 B Src IP: D7 F6 Dst IP: UDP: A9 50 SRC Port:??? (43344) DST Port: IKE FLOAT (4500) 00 C0 Length: Checksum: 0 Page 36
37 :51: IKE DEBUG: Handling IKE packet :51: IKE DEBUG: Locating IKE context :51: IKE DEBUG: Packet for existing negotiation :51: IKE DEBUG: Packet for unknown phase 2 negotiation :51: IKE DEBUG: Packet for new phase 2 negotiation :51: IKE DEBUG (504):Prepare for new Phase 2 negotiation :51: IKE DEBUG (506):New phase 2 session :51: IKE DEBUG (506):Changing IKE SA state from PH1 complete to PH2 Initial :51: IKE DEBUG (506):IKE context located. Local session ID: 0x :51: IKE DEBUG (506):Checking packet :51: IKE DEBUG (506):IKE decrypting packet IKE DEBUG (506):Validating payloads IKE DEBUG (506):Checking payload (8) Hash IKE DEBUG (506):Checking payload (1) SA IKE DEBUG (506):Checking payload (10) Nonce IKE DEBUG (506):Checking payload (5) ID IKE DEBUG (506):Checking payload (5) ID IKE DEBUG (506):Checking payload (11) Notify Page 37
38 IKE DEBUG (506):Packet payloads check out OK IKE DEBUG (506):Packet type (32) Quick mode IKE DEBUG (506):IKE role Responder IKE DEBUG (506):Handling quick mode packet and SA state is (6) PH2 Initial IKE DEBUG (506):Process phase 2 SA message IKE DEBUG (506):Checking phase 2 HASH payload IKE DEBUG (506):HASH payload valid IKE DEBUG (506):Handling NOTIFY payload with message type IKE DEBUG (506):Checking next SA payload IKE DEBUG (506):Checking SA proposals IKE DEBUG (506):Checking proposal number 1 IKE DEBUG (506):Checking transform payloads. Expecting 1 transforms IKE DEBUG (506):Transforms payloads OK IKE DEBUG (506):Proposal payload OK IKE DEBUG (506):SA payload valid IKE DEBUG (506): Phase 2 proposal 1 Proposal has 1 transforms IPSec Protocol ID 3: ESP ESP Alg: 3: 3DES Attribute (4) Mode Mode: 61443:??? Page 38
39 Attribute (5) Authentication Algorithm Auth Alg: 1 MD5 Attribute (1) Life type Life type (1) secs. Expecting life duration attribute next Attribute (2) Life duration Life duration value 1200 IKE DEBUG (506):Selecting transform from proposal 1 Select from 1 tranforms IKE DEBUG (506):IPSec Protocol ID 3: ESP ESP Alg: 3: 3DES Alg. is supported IKE DEBUG (506):Checking attribute (4) Mode Mode: 61443: UDP Tunnel IKE DEBUG (506):Checking attribute (5) Authentication Algorithm Auth Alg: 1 MD5 Alg. is supported IKE DEBUG (506):Checking attribute (1) Life type Life type (1) secs. Expecting life duration attribute next IKE DEBUG (506):Checking attribute (2) Life duration Life duration value 1200 IKE DEBUG (506):Transform 1 has all required transform attributes IKE DEBUG (506):Getting remote subnet details ID type 4 len 8 Subnet mask is Subnet IP is IKE DEBUG (506):Getting local subnet details ID type 4 len 8 Subnet mask is Subnet IP is IKE DEBUG (506):Locating eroute matching this negotiation IKE DEBUG (506):Located eroute 0 our ID: responder Page 39
40 IKE DEBUG (506):Sending phase 2 SA reply IKE DEBUG: Got IPSec spi 0xcd IKE DEBUG: Adding proposal nb: 1, protocol ID: 3, spi size: 4, nb_transforms: 1 IKE DEBUG (506): Phase 2 proposal 1 Proposal has 1 transforms IPSec Protocol ID 3: ESP ESP Alg: 3: 3DES Attribute (4) Mode Mode: 61443:??? Attribute (5) Authentication Algorithm Auth Alg: 1 MD5 Attribute (1) Life type Life type (1) secs. Expecting life duration attribute next Attribute (2) Life duration Life duration value 1200 IKE DEBUG (506):Sending phase 2 SA message IKE DEBUG: Adding SA payload header doi: 1, situation 1 IKE DEBUG (506):Not doing PFS. KE payload not required IKE DEBUG (506):Adding remote subnet details IKE DEBUG (506):Adding subnet ID IP: MASK: IKE DEBUG (506):Adding local subnet details IKE DEBUG (506):Adding subnet ID IP: MASK: IKE DEBUG (506):Encrypting IKE packet :51: IKE DEBUG (506):Transmit IKE packet :51: IKE DEBUG (506):Transmit to peer Page 40
41 :51: D4 01 D FA F D7 F6 E..Ô....2ñX. ö D4 B A C Ô. B..P... DA 9B D0 78 EF 42 F6 85 F0 2F F2 B4 A6 23 F6 1F Ú Ðx.Bö..ò..ö EE 6C B îl... 8He9 5C C 4E B3 D0 FF 77 9F F 13.YQLNI.³Ð.w.r... C1 33 C B 6B AD E4 57 BB 0C 8C CD.3.qƒ.k.äW..Œ... B F FC C8 7D E5 2A D4 AB 32 9.Oü...2. å.ô.2 F1 89 EB 1F B B9 07 E5 ñ ë å 4E A BA A8 56 A3 29 AB 7C 94 DA N. XŠ..V... Ú. D1 8C 62 0F 42 E4 6E 3B 5F 7F C 6B EF ÑŒb.Bän...C.k. F2 A C0 B1 5C 79 4E C9 0B 48 ò....±.yn Au..H 9F 2C 65 CC 17 5C 36 F B2 26 F5 67..e...6ñAVˆ...g AA C0 25 D7 97 1C B6 5E F9 E0 3C 8E C6 B1 13 9E.....ùà.ŽÆ±.ž 6C 31 0A F4 l1.ô IP (Final) From LOC TO REM IFACE: PPP 1 45 IP Ver: 4 Hdr Len: TOS: Routine Delay: Normal Throughput: Normal Reliability: Normal 00 D4 Length: D7 ID: Frag Offset: 0 Congestion: Normal May Fragment Last Fragment FA TTL: Proto: UDP 32 F1 Checksum: D7 F6 Src IP: D4 B Dst IP: UDP: SRC Port: IKE FLOAT (4500) A9 50 DST Port:??? (43344) 00 C0 Length: Checksum: :51: IKE DEBUG (506):Changing IKE SA state from PH2 Initial to PH2 sent SA :51: IKE DEBUG (506):IKE quick mode result :51: D E D4 B E..T.Ò..è.FvÔ. B D7 F6 A X. ö.p.... DA 9B D0 78 EF 42 F6 85 F0 2F F2 B4 A6 23 F6 1F Ú Ðx.Bö..ò..ö EE 6C A 5B 2B A5...îl...4j.. E7 F A4 06 8D D D9 31 FA BC ç. 4...Ù C 94 A4 U.. Page 41
42 IP (In) From REM TO LOC IFACE: PPP 1 45 IP Ver: 4 Hdr Len: TOS: Routine Delay: Normal Throughput: Normal Reliability: Normal Length: D2 ID: Frag Offset: 0 Congestion: Normal May Fragment Last Fragment E8 TTL: Proto: UDP Checksum: D4 B Src IP: D7 F6 Dst IP: UDP: A9 50 SRC Port:??? (43344) DST Port: IKE FLOAT (4500) Length: Checksum: :51: IKE DEBUG: Handling IKE packet :51: IKE DEBUG: Locating IKE context :51: IKE DEBUG: Packet for existing negotiation :51: IKE DEBUG (506):Located SA for existing phase 2 negotiation :51: IKE DEBUG (506):IKE context located. Local session ID: 0x :51: IKE DEBUG (506):Checking packet :51: IKE DEBUG (506):IKE decrypting packet :51: IKE DEBUG (506):Validating payloads :51: IKE DEBUG (506):Checking payload (8) Hash :51: IKE DEBUG (506):Packet payloads check out OK Page 42
43 :51: IKE DEBUG (506):Packet type (32) Quick mode :51: IKE DEBUG (506):IKE role Responder :51: IKE DEBUG (506):Handling quick mode packet and SA state is (7) PH2 sent SA :51: IKE DEBUG (506):Processing HASH reply message :51: IKE DEBUG (506):Phase 2 negotiation completed successfully :51: IKE DEBUG (506):Preparing to create IPSec SA's :51: IKE DEBUG (506):Generating IPSec key material :51: IKE DEBUG (506):40 bytes of key material required :51: IKE DEBUG (506):Changing IKE SA state from PH2 sent SA to PH2 complete :51: IKE DEBUG (506):IKE quick mode result :51: IKE DEBUG (506):IKE SA timed out :51: IKE DEBUG: Resetting IKE context :51: IKE DEBUG (506):Removing IKE SA Page 43
44 6 CONFIGURATION FILES 6.1 Sarian DR6410 Responder Configuration This is the configuration file from VPN Responder DR6410: eth 0 IPaddr " " eth 0 bridge ON eth 0 ipanon ON lapb 0 ans OFF lapb 0 tinact 120 lapb 1 tinact 120 lapb 3 dtemode 0 lapb 4 dtemode 0 lapb 5 dtemode 0 lapb 6 dtemode 0 def_route 0 ll_ent "ppp" def_route 0 ll_add 1 def_route 1 ll_ent "PPP" def_route 1 ll_add 3 def_route 2 ll_ent "PPP" def_route 2 ll_add 4 eroute 0 peerid "initiator" eroute 0 ourid "responder" eroute 0 locip " " eroute 0 locmsk " " eroute 0 remip " " eroute 0 remmsk " " eroute 0 ESPauth "MD5" eroute 0 ESPenc "3DES" eroute 0 lkbytes 0 eroute 0 authmeth "PRESHARED" eroute 0 debug ON dhcp 0 IPmin " " dhcp 0 mask " " dhcp 0 gateway " " dhcp 0 DNS " " dhcp 0 wifionly ON ppp 0 timeout 300 ppp 1 IPaddr " " ppp 1 username "your ADSL username" ppp 1 epassword "PTJ5WU1NRFM=" ppp 1 timeout 0 ppp 1 aodion 1 ppp 1 immoos ON ppp 1 autoassert 1 ppp 1 ipsec 2 ppp 1 echo 10 ppp 1 echodropcnt 5 ppp 1 l1iface "AAL" ppp 1 ipanon ON ppp 3 l_pap OFF ppp 3 l_chap OFF Page 44
45 ppp 3 l_addr ON ppp 3 r_chap OFF ppp 3 r_addr OFF ppp 3 IPaddr " " ppp 3 username "ENTER WWAN Username" ppp 3 epassword "KD5lSVJDVVg=" ppp 3 phonenum "*98*1#" ppp 3 timeout 0 ppp 3 use_modem 1 ppp 3 aodion 1 ppp 3 immoos ON ppp 3 autoassert 1 ppp 3 defpak 16 ppp 4 l_acfc ON ppp 4 l_pfc ON ppp 4 IPaddr " " ppp 4 IPmin " " ppp 4 username "Enter PSTN Username" ppp 4 timeout 60 ppp 4 use_modem 3 ppp 4 defpak 16 ike 0 deblevel 4 modemcc 0 info_asy_add 9 modemcc 0 init_str "+CGQREQ=1" modemcc 0 init_str1 "+CGQMIN=1" modemcc 0 apn "Your.APN.Goes.Here" modemcc 0 link_retries 10 modemcc 0 stat_retries 30 modemcc 0 sms_interval 1 modemcc 0 init_str_2 "+CGQREQ=1" modemcc 0 init_str1_2 "+CGQMIN=1" modemcc 0 apn_2 "Your.APN.Goes.Here" modemcc 0 link_retries_2 10 modemcc 0 stat_retries_2 30 modemcc 0 sms_interval_2 1 ana 0 anon ON ana 0 l1on ON ana 0 lapdon 0 ana 0 asyon 1 ana 0 ipfilt "~500,4500" ana 0 ikeon ON ana 0 maxdata 1500 ana 0 logsize 45 cmd 0 unitid "ss%s>" cmd 0 cmdnua "99" cmd 0 hostname "sarian.router" cmd 0 tremto 1200 cmd 0 web_suffix ".wb2" user 1 name "jules" user 1 epassword "Mip6CVY=" user 1 access 0 user 2 access 0 user 3 access 0 user 4 access 0 Page 45
46 user 5 access 0 user 6 access 0 user 7 access 0 user 8 access 0 user 9 access 0 user 10 name "initiator" user 10 epassword "LDplTg==" user 10 access 4 local 0 transaccess 2 sslsvr 0 certfile "cert01.pem" sslsvr 0 keyfile "privrsa.pem" ssh 0 hostkey1 "privssh.pem" ssh 0 nb_listen 5 ssh 0 v1 OFF wifi 0 enabled OFF wifi 0 ssid "sarian.router.sn:%s" wifi 1 enabled OFF 6.2 Sarian WR41 Initiator Configuration This is the configuration file from VPN Client HR4110: eth 0 IPaddr " " eth 0 ipanon ON lapb 0 ans OFF lapb 0 tinact 120 lapb 1 tinact 120 lapb 3 dtemode 0 lapb 4 dtemode 0 lapb 5 dtemode 0 lapb 6 dtemode 0 def_route 0 ll_ent "ppp" def_route 0 ll_add 1 eroute 0 peerip " " eroute 0 peerid "responder" eroute 0 ourid "initiator" eroute 0 locip " " eroute 0 locmsk " " eroute 0 remip " " eroute 0 remmsk " " eroute 0 ESPauth "MD5" eroute 0 ESPenc "3DES" eroute 0 lkbytes 0 eroute 0 authmeth "PRESHARED" eroute 0 nosa "TRY" eroute 0 autosa 1 eroute 0 debug ON dhcp 0 IPmin " " dhcp 0 mask " " dhcp 0 gateway " " dhcp 0 DNS " " dhcp 0 respdelms 500 ppp 0 timeout 300 ppp 1 r_chap OFF Page 46
47 ppp 1 IPaddr " " ppp 1 phonenum "*98*1#" ppp 1 timeout 0 ppp 1 use_modem 1 ppp 1 aodion 1 ppp 1 autoassert 1 ppp 1 ipsec 1 ppp 1 ipanon ON ppp 3 defpak 16 ppp 4 defpak 16 ike 0 encalg "3DES" ike 0 aggressive ON ike 0 ikegroup 2 ike 0 deblevel 4 ike 0 delmode 1 modemcc 0 info_asy_add 7 modemcc 0 init_str "+CGQREQ=1" modemcc 0 init_str1 "+CGQMIN=1" modemcc 0 apn "internet" modemcc 0 link_retries 10 modemcc 0 stat_retries 30 modemcc 0 sms_interval 1 modemcc 0 sms_access 1 modemcc 0 sms_concat 0 modemcc 0 init_str_2 "+CGQREQ=1" modemcc 0 init_str1_2 "+CGQMIN=1" modemcc 0 apn_2 "Your.APN.goes.here" modemcc 0 link_retries_2 10 modemcc 0 stat_retries_2 30 ana 0 anon ON ana 0 l1on ON ana 0 lapdon 0 ana 0 asyon 1 ana 0 ipfilt "~500,4500" ana 0 ikeon ON ana 0 maxdata 1500 ana 0 logsize 45 cmd 0 unitid "ss%s>" cmd 0 cmdnua "99" cmd 0 hostname "digi.router" cmd 0 asyled_mode 2 cmd 0 tremto 1200 cmd 0 web_suffix ".wb2" user 0 access 0 user 1 name "username" user 1 epassword "KD5lSVJDVVg=" user 1 access 0 user 2 access 0 user 3 access 0 user 4 access 0 user 5 access 0 user 6 access 0 user 7 access 0 user 8 access 0 Page 47
48 user 9 access 0 user 10 name "responder" user 10 epassword "LDplTg==" user 10 access 4 local 0 transaccess 2 sslsvr 0 certfile "cert01.pem" sslsvr 0 keyfile "privrsa.pem" ssh 0 hostkey1 "privssh.pem" ssh 0 nb_listen 5 ssh 0 v1 OFF 6.3 Sarian Firmware Versions This is the firmware \ hardware information from VPN Host DR6410: Sarian Systems. Sarian DR6410-HPA Mk.II DSL2/2+ Router Ser#:92903 HW Revision: 7502a Software Build Ver5076. Oct :59:48 9W ARM Sarian Bios Ver 5.70 v35 197MHz B128-M128-F300-O100001,0 MAC:00042d016ae7 Power Up Profile: 0 Async Driver Revision: 1.19 Int clk Ethernet Hub Driver Revision: 1.11 Firewall Revision: 1.0 EventEdit Revision: 1.0 Timer Module Revision: 1.1 AAL Revision: 1.0 ADSL Revision: 1.0 (B)USBHOST Revision: 1.0 L2TP Revision: 1.10 PPTP Revision: 1.00 TACPLUS Revision: 1.00 MySQL Revision: 0.01 LAPB Revision: 1.12 X25 Layer Revision: 1.19 MACRO Revision: 1.0 PAD Revision: 1.4 X25 Switch Revision: 1.7 V120 Revision: 1.16 TPAD Interface Revision: 1.12 SCRIBATSK Revision: 1.0 BASTSK Revision: 1.0 ARM Sync Driver Revision: 1.18 TCP (HASH mode) Revision: 1.14 TCP Utils Revision: 1.13 PPP Revision: 1.19 WEB Revision: 1.5 SMTP Revision: 1.1 FTP Client Revision: 1.5 FTP Revision: 1.4 IKE Revision: 1.0 PollANS Revision: 1.2 PPPOE Revision: 1.0 BRIDGE Revision: 1.1 MODEM CC (Option 3G) Revision: 1.4 Page 48
Quick Note 15. Quality of Service (QoS) on a TransPort router
Quick Note 15 Quality of Service (QoS) on a TransPort router UK Support August 2012 Contents 1 Introduction... 4 1.1 Outline... 4 1.2 Assumptions... 4 1.3 Version... 4 2 Scenario... 5 3 Configuration...
More informationApplication Note 53. Configure a Digi TransPort Router to use DMNR (Dynamic Mobile Network Routing)
Application Note 53 Configure a Digi TransPort Router to use DMNR (Dynamic Mobile Network Routing) Digi Technical Support November 2015 1 Contents 1 Introduction... 3 1.1 Outline... 3 1.2 Assumptions...
More informationUK Support August 2012
Application Note 15 Configure a Dual SIM cellular router to automatically failover to the second SIM card and remain on SIM 2 until a failure is detected, then revert to SIM 1. UK Support August 2012 Contents
More informationMR-200/250 and DR-250
MR-200/250 and DR-250 The IPsec VPN Configuration Technical Support If you require assistance with any of the instructions in this application note you can contact Westermo as follows: Sweden support@westermo.se
More informationApplication Note 45. Main Mode IPSec VPN from Digi WR44 to a Cisco 3745. Using GRE over IPSec with the Cisco configured for VTI. UK Support June 2011
Application Note 45 Main Mode IPSec VPN from Digi WR44 to a Cisco 3745. Using GRE over IPSec with the Cisco configured for VTI UK Support June 2011 1 Contents 1 Introduction... 3 1.1 Outline... 3 1.2 Assumptions...
More informationQuick Note 34. Configuring Syslog alerting on a TransPort router. TransPort Support March 2013
Quick Note 34 Configuring Syslog alerting on a TransPort router TransPort Support March 2013 1 Contents 1 Introduction... 3 1.1 Outline... 3 1.2 Assumptions... 3 1.3 Corrections... 3 1.4 Version & Revision
More informationQuick Note 017. MIB file creation and basic usage with SNMP clients. June 2015
Quick Note 017 MIB file creation and basic usage with SNMP clients June 2015 Contents 1 Introduction... 3 2 Version... 3 2.1 Corrections... 3 3 Supported MIBs... 4 4 SNMP Configuration... 5 4.1 Setting
More informationApplication Note 48. WPA Enterprise Wi-Fi Client to Digi TransPort. UK Support August 2012
Application Note 48 WPA Enterprise Wi-Fi Client to Digi TransPort UK Support August 2012 Contents 1 Introduction... 4 1.1 Outline... 4 1.2 Assumptions... 5 1.3 Corrections... 5 1.4 Version... 5 2 Digi
More informationQuick Note 36. Configuring SNMP Trap alerting on a TransPort router. TransPort Support March 2013
Quick Note 36 Configuring SNMP Trap alerting on a TransPort router TransPort Support March 2013 1 Contents 1 Introduction... 3 1.1 Outline... 3 1.2 Assumptions... 3 1.3 Corrections... 3 1.4 Version & Revision
More informationQuick Note 051. Common Passwords/ID errors in IPsec VPN negotiation for TransPort routers. DRAFT July 2015
Quick Note 051 Common Passwords/ID errors in IPsec VPN negotiation for TransPort routers DRAFT July 2015 Contents 1 Introduction... 4 1.1 Outline... 4 1.2 Assumptions... 4 1.3 Corrections... 4 1.4 Version...
More informationQuick Note 055. Configure a Digi TransPort Router with NAT to a Passive FTP Server.
Quick Note 055 Configure a Digi TransPort Router with NAT to a Passive FTP Server. Digi Support March 2015 1 Contents 1 Introduction... 3 1.1 Introduction... 3 1.2 Assumptions... 3 1.3 Corrections... 3
More informationApplication Note 21. L2TP over IPSEC VPN server. Uksupport June 2011
Application Note 21 L2TP over IPSEC VPN server Uksupport June 2011 1 Contents 1 Introduction... 3 1.1 Outline... 3 1.2 Assumptions... 4 1.3 Corrections... 4 1.4 Version... 4 2 Configuration... 5 2.1 ADSL
More informationQuick Note 011. Configuring a Digi TransPort as a PPTP server for Windows Clients. UK Support August 2011
Quick Note 011 Configuring a Digi TransPort as a PPTP server for Windows Clients UK Support August 2011 Contents 1 Version... 4 2 Scenario & prerequisites... 4 3 Configuring a PPP instance... 4 3.1 Configure
More informationQuick Note 041. Digi TransPort to Digi TransPort VPN Tunnel using OpenSSL certificates.
Quick Note 041 Digi TransPort to Digi TransPort VPN Tunnel using OpenSSL certificates. Digi Support January 2014 1 Contents 1 Introduction... 2 1.1 Outline... 2 1.2 Assumptions... 2 1.3 Corrections...
More informationConfiguring IPSec VPN Tunnel between NetScreen Remote Client and RN300
Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300 This example explains how to configure pre-shared key based simple IPSec tunnel between NetScreen Remote Client and RN300 VPN Gateway.
More informationZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004
ZyWALL 5 Internet Security Appliance Quick Start Guide Version 3.62 (XD.0) May 2004 Introducing the ZyWALL The ZyWALL 5 is the ideal secure gateway for all data passing between the Internet and the LAN.
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationQuick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.
Quick Note 53 Ethernet to W-WAN failover with logical Ethernet interface. Digi Support August 2015 1 Contents 1 Introduction... 2 1.1 Introduction... 2 1.2 Assumptions... 3 1.3 Corrections... 3 2 Version...
More informationFirewall Troubleshooting
Firewall Troubleshooting (Checkpoint Specific) For typical connectivity issues where a firewall is in question follow these steps to eliminate any issues relating to the firewall. Firewall 1. From the
More informationQuick Note 20. Configuring a GRE tunnel over an IPSec tunnel and using BGP to propagate routing information. (GRE over IPSec with BGP)
Quick Note 20 Configuring a GRE tunnel over an IPSec tunnel and using BGP to propagate routing information. (GRE over IPSec with BGP) Appendix A GRE over IPSec with Static routes UK Support August 2012
More informationVPN. VPN For BIPAC 741/743GE
VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,
More informationQuick Note 14. Secure File Upload Using PSCP. UK Support August 2011
Quick Note 14 Secure File Upload Using PSCP UK Support August 2011 1 Contents 1 Introduction... 2 1.1 Outline... 2 1.2 Assumptions... 2 1.3 Version... 3 2 Configuration... 3 2.1 Ethernet 0 LAN configuration...
More informationNetopia 3346. TheGreenBow IPSec VPN Client. Configuration Guide. http://www.thegreenbow.com. support@thegreenbow.com
TheGreenBow IPSec VPN Client Configuration Guide Netopia 3346 WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com IPSec VPN Router Configuration Property of TheGreenBow Sistech SA - Sistech
More informationConfiguring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products
Application Note Configuring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products Version 1.0 January 2008 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089
More informationChapter 8 Virtual Private Networking
Chapter 8 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FWG114P v2 Wireless Firewall/Print Server. VPN tunnels provide secure, encrypted
More informationCisco RV 120W Wireless-N VPN Firewall
TheGreenBow IPSec VPN Client Configuration Guide Cisco RV 120W Wireless-N VPN Firewall WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com IPSec VPN Router Configuration Property of TheGreenBow
More informationChapter 4 Virtual Private Networking
Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between
More informationTheGreenBow IPsec VPN Client. Configuration Guide Cisco RV325 v1. Website: www.thegreenbow.com Contact: support@thegreenbow.com
TheGreenBow IPsec VPN Client Configuration Guide Cisco RV325 v1 Website: www.thegreenbow.com Contact: support@thegreenbow.com Table of Contents 1 Introduction... 3 1.1 Goal of this document... 3 1.2 VPN
More informationVirtual Private Network and Remote Access Setup
CHAPTER 10 Virtual Private Network and Remote Access Setup 10.1 Introduction A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks
More informationGuideline for setting up a functional VPN
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
More informationThe BANDIT Products in Virtual Private Networks
encor! enetworks TM Version A.1, March 2010 2010 Encore Networks, Inc. All rights reserved. The BANDIT Products in Virtual Private Networks One of the principal features of the BANDIT products is their
More informationIngate Firewall. TheGreenBow IPSec VPN Client Configuration Guide. http://www.thegreenbow.com support@thegreenbow.com
TheGreenBow IPSec VPN Client Configuration Guide Ingate Firewall WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com IPSec VPN Router Configuration Property of TheGreenBow Sistech SA -
More informationZyXEL ZyWALL P1 firmware V3.64
TheGreenBow IPSec VPN Client Configuration Guide ZyXEL ZyWALL P1 firmware V3.64 WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com IPSec VPN Router Configuration Property of TheGreenBow
More informationLinksys RV042. TheGreenBow IPSec VPN Client. Configuration Guide. http://www.thegreenbow.com support@thegreenbow.com
TheGreenBow IPSec VPN Client Configuration Guide Linksys RV042 WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com Configuration Guide written by: Writer: TheGreenBow Support Team Company:
More informationConfigure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1
Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel between a WatchGuard Firebox Vclass appliance (Vcontroller version
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationOvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6
WL/IP-8000VPN VPN Setup Guide Version 0.6 Document Revision Version Date Note 0.1 11/10/2005 First version with four VPN examples 0.2 11/15/2005 1. Added example 5: dynamic VPN using TheGreenBow VPN client
More informationApplication Note 45. Main Mode IPSec VPN from Digi WR44 to a Cisco 3745. Using GRE over IPSec with the Cisco configured for VTI
Application Note 45 Main Mode IPSec VPN from Digi WR44 to a Cisco 3745. Using GRE over IPSec with the Cisco configured for VTI UK Support June 2011 1 Contents 1 Introduction... 3 1.1 Outline... 3 1.2 Assumptions...
More informationChapter 5 Virtual Private Networking Using IPsec
Chapter 5 Virtual Private Networking Using IPsec This chapter describes how to use the IPsec virtual private networking (VPN) features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to provide
More informationHow To Industrial Networking
How To Industrial Networking Prepared by: Matt Crites Product: Date: April 2014 Any RAM or SN 6xxx series router Legacy firmware 3.14/4.14 or lower Subject: This document provides a step by step procedure
More informationChapter 6 Basic Virtual Private Networking
Chapter 6 Basic Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVG318 wireless VPN firewall. VPN communications paths are called tunnels.
More informationSTONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE
STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE V IRTUAL PRIVATE NETWORKS C ONTENTS Introduction to the Scenarios... 3 Scenario 1: Gateway-to-Gateway With Pre-Shared Secrets... 3 Configuring
More informationTechnical Notes TN 1 - ETG 3000. FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?
FactoryCast Gateway TSX ETG 3021 / 3022 modules How to Setup a GPRS Connection? 1 2 Table of Contents 1- GPRS Overview... 4 Introduction... 4 GPRS overview... 4 GPRS communications... 4 GPRS connections...
More informationViewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355
VPN This chapter describes how to configure Virtual Private Networks (VPNs) that allow other sites and remote workers to access your network resources. It includes the following sections: About VPNs, page
More informationUTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...
Page 1 of 10 Question/Topic UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) in SonicOS Enhanced Answer/Article Article Applies To: SonicWALL Security
More informationMicronet SP881. TheGreenBow IPSec VPN Client Configuration Guide. http://www.thegreenbow.com support@thegreenbow.com
TheGreenBow IPSec VPN Client Configuration Guide Micronet SP881 WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com IPSec VPN Router Configuration Property of TheGreenBow Sistech SA -
More informationHow to configure VPN function on TP-LINK Routers
How to configure VPN function on TP-LINK Routers 1. VPN Overview... 2 2. How to configure LAN-to-LAN IPsec VPN on TP-LINK Router... 3 3. How to configure GreenBow IPsec VPN Client with a TP-LINK VPN Router...
More informationFireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway
Fireware How To VPN How do I set up a manual branch office VPN tunnel? Introduction You use Branch Office VPN (BOVPN) with manual IPSec to make encrypted tunnels between a Firebox and a second IPSec-compliant
More informationConfiguring an IPSec Tunnel between a Firebox & a Check Point FireWall-1
Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel with a WatchGuard Firebox II or Firebox III (software version 4.5 or later)
More informationApliware firewall. TheGreenBow IPSec VPN Client. Configuration Guide. http://www.thegreenbow.com support@thegreenbow.com
TheGreenBow IPSec VPN Client Configuration Guide Apliware firewall WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com Table of contents 1 Introduction... 0 1.1 Goal of this document...
More informationUIP1868P User Interface Guide
UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting
More informationIPsec VPN Security between Aruba Remote Access Points and Mobility Controllers
IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers Application Note Revision 1.0 10 February 2011 Copyright 2011. Aruba Networks, Inc. All rights reserved. IPsec VPN Security
More informationWatchguard Firebox X Edge e-series
TheGreenBow IPSec VPN Client Configuration Guide Watchguard Firebox X Edge e-series WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com Configuration Guide written by: Writer: Anastassios
More informationVPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
VPNs Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationJuniper NetScreen 5GT
TheGreenBow IPSec VPN Client Configuration Guide Juniper NetScreen 5GT WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com Configuration Guide written by: Writer: Connected Team Company:
More informationVirtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance
Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance Johnnie Chen Project Manager of Network Security Group Network Benchmarking Lab Network Benchmarking Laboratory
More informationCisco SA 500 Series Security Appliance
TheGreenBow IPSec VPN Client Configuration Guide Cisco SA 500 Series Security Appliance This guide applies to the following models: Cisco SA 520 Cisco SA 520W Cisco SA 540 WebSite: Contact: http://www.thegreenbow.de
More informationLab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM
Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM Objective Scenario Topology In this lab, the students will complete the following tasks: Prepare to configure Virtual Private Network (VPN)
More informationHow To Establish IPSec VPN connection between Cyberoam and Mikrotik router
How To Establish IPSec VPN connection between Cyberoam and Mikrotik router Applicable Version: 10.00 onwards Scenario Establish IPSec VPN connection between Cyberoam and Mikrotik router using Preshared
More informationHow to configure VPN function on TP-LINK Routers
How to configure VPN function on TP-LINK Routers 1. VPN Overview... 2 2. How to configure LAN-to-LAN IPsec VPN on TP-LINK Router... 3 3. How to configure GreenBow IPsec VPN Client with a TP-LINK VPN Router...
More informationNetgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall
Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall This document is a step-by-step instruction for setting up VPN between Netgear ProSafe VPN firewall (FVS318 or FVM318) and Cisco PIX
More informationConfiguring TheGreenBow VPN Client with a TP-LINK VPN Router
Configuring TheGreenBow VPN Client with a TP-LINK VPN Router This chapter describes how to configure TheGreenBow VPN Client with a TP-LINK router. This chapter includes the following sections: Example
More informationConfiguring IPsec VPN with a FortiGate and a Cisco ASA
Configuring IPsec VPN with a FortiGate and a Cisco ASA The following recipe describes how to configure a site-to-site IPsec VPN tunnel. In this example, one site is behind a FortiGate and another site
More informationVPNC Interoperability Profile
StoneGate Firewall/VPN 4.2 and StoneGate Management Center 4.2 VPNC Interoperability Profile For VPN Consortium Example Scenario 1 Introduction This document describes how to configure a StoneGate Firewall/VPN
More informationOSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R
OSBRiDGE 5XLi Configuration Manual Firmware 3.10R 1. Initial setup and configuration. OSBRiDGE 5XLi devices are configurable via WWW interface. Each device uses following default settings: IP Address:
More informationConfiguring a BANDIT Product for Virtual Private Networks
encor! enetworks TM Version A, March 2008 2013 Encore Networks, Inc. All rights reserved. Configuring a BANDIT Product for Virtual Private Networks O ne of the principal features in the BANDIT family of
More informationUse Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W
Article ID: 5037 Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote resources by establishing
More informationUnderstanding the Cisco VPN Client
Understanding the Cisco VPN Client The Cisco VPN Client for Windows (referred to in this user guide as VPN Client) is a software program that runs on a Microsoft Windows -based PC. The VPN Client on a
More informationLAN-Cell to Cisco Tunneling
LAN-Cell to Cisco Tunneling Page 1 of 13 LAN-Cell to Cisco Tunneling This Tech Note guides you through setting up a VPN connection between a LAN-Cell and a Cisco router. As the figure below shows, the
More informationWindows XP VPN Client Example
Windows XP VPN Client Example Technote LCTN0007 Proxicast, LLC 312 Sunnyfield Drive Suite 200 Glenshaw, PA 15116 1-877-77PROXI 1-877-777-7694 1-412-213-2477 Fax: 1-412-492-9386 E-Mail: support@proxicast.com
More informationProtecting the Home Network (Firewall)
Protecting the Home Network (Firewall) Basic Tab Setup Tab DHCP Tab Advanced Tab Options Tab Port Forwarding Tab Port Triggers Tab DMZ Host Tab Firewall Tab Event Log Tab Status Tab Software Tab Connection
More informationSymantec Firewall/VPN 200
TheGreenBow IPSec VPN Client Configuration Guide Symantec Firewall/VPN 200 WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com Table of contents 1 Introduction... 0 1.1 Goal of this document...
More informationiguring an IPSec Tunnel Cisco Secure PIX Firewall to Checkp
iguring an IPSec Tunnel Cisco Secure PIX Firewall to Checkp Table of Contents Configuring an IPSec Tunnel Cisco Secure PIX Firewall to Checkpoint 4.1 Firewall...1 Introduction...1 Before You Begin...1
More informationBranch Office VPN Tunnels and Mobile VPN
WatchGuard Certified Training Branch Office VPN Tunnels and Mobile VPN Fireware XTM and WatchGuard System Manager v11.7 Revised: January 2013 Updated for: Fireware XTM v11.7 Notice to Users Information
More informationConfiguration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example
Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example Document ID: 113337 Contents Introduction Prerequisites Requirements Components Used Conventions Configuration
More informationPlanet CS-1000. TheGreenBow IPSec VPN Client. Configuration Guide. http://www.thegreenbow.com support@thegreenbow.com
TheGreenBow IPSec VPN Client Configuration Guide Planet CS-1000 WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com IPSec VPN Router Configuration Property of TheGreenBow Sistech SA -
More informationPrestige 623R-T. Quick Start Guide. ADSL Dual-link Router. Version 3.40
Prestige 623R-T ADSL Dual-link Router Quick Start Guide Version 3.40 February 2004 Introducing the Prestige The Prestige 623R-T ADSL Dual-link Router is the ideal all-in-one device for small networks connecting
More informationDeploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels
Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels This article provides a reference for deploying a Barracuda Link Balancer under the following conditions: 1. 2. In transparent (firewall-disabled)
More informationRelease Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues
NCP Secure Entry Mac Client Service Release 2.05 Build 14711 December 2013 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this release:
More informationApplication Note: Onsight Device VPN Configuration V1.1
Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1
More informationChapter 9 Monitoring System Performance
Chapter 9 Monitoring System Performance This chapter describes the full set of system monitoring features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. You can be alerted to important
More informationUnderstanding and Configuring NAT Tech Note PAN-OS 4.1
Understanding and Configuring NAT Tech Note PAN-OS 4.1 Revision C 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Scope... 3 Design Consideration... 3 Software requirement...
More informationRelease Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May 2011. 1. New Features and Enhancements. Tip of the Day
NCP Secure Entry Mac Client Major Release 2.01 Build 47 May 2011 1. New Features and Enhancements Tip of the Day A Tip of the Day field for configuration tips and application examples is incorporated in
More information3.1 RS-232/422/485 Pinout:PORT1-4(RJ-45) RJ-45 RS-232 RS-422 RS-485 PIN1 TXD PIN2 RXD PIN3 GND PIN4 PIN5 T+ 485+ PIN6 T- 485- PIN7 R+ PIN8 R-
MODEL ATC-2004 TCP/IP TO RS-232/422/485 CONVERTER User s Manual 1.1 Introduction The ATC-2004 is a 4 Port RS232/RS485 to TCP/IP converter integrated with a robust system and network management features
More informationDFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection
DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection This setup example uses the following network settings: In our example the IPSec VPN tunnel is established between two LANs: 192.168.0.x
More informationTechnical Support Information Belkin internal use only
The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.
More informationNote: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.
Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. CHAPTER 5 OBJECTIVES Configure a router with an initial configuration. Use the
More informationBroadband Phone Gateway BPG510 Technical Users Guide
Broadband Phone Gateway BPG510 Technical Users Guide (Firmware version 0.14.1 and later) Revision 1.0 2006, 8x8 Inc. Table of Contents About your Broadband Phone Gateway (BPG510)... 4 Opening the BPG510's
More informationSonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging
SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION:
More informationIPsec VPN Application Guide REV: 1.0.0 1910010876
IPsec VPN Application Guide REV: 1.0.0 1910010876 CONTENTS Chapter 1. Overview... 1 Chapter 2. Before Configuration... 2 Chapter 3. Configuration... 5 3.1 Configure IPsec VPN on TL-WR842ND (Router A)...
More informationThis chapter describes how to set up and manage VPN service in Mac OS X Server.
6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure
More informationDSL-2600U. User Manual V 1.0
DSL-2600U User Manual V 1.0 CONTENTS 1. OVERVIEW...3 1.1 ABOUT ADSL...3 1.2 ABOUT ADSL2/2+...3 1.3 FEATURES...3 2 SPECIFICATION...4 2.1 INDICATOR AND INTERFACE...4 2.2 HARDWARE CONNECTION...4 2.3 LED STATUS
More informationConfigure IPSec VPN Tunnels With the Wizard
Configure IPSec VPN Tunnels With the Wizard This quick start guide provides basic configuration information about setting up IPSec VPN tunnels by using the VPN Wizard on the ProSafe Wireless-N 8-Port Gigabit
More informationVPN Wizard Default Settings and General Information
1. ProSecure UTM Quick Start Guide This quick start guide describes how to use the IPSec VPN Wizard to configure IPSec VPN tunnels on the ProSecure Unified Threat Management (UTM) Appliance. The IP security
More informationLecture 17 - Network Security
Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat
More informationVPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050
VPN Configuration Guide ZyWALL USG Series / ZyWALL 1050 2011 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this configuration guide may not be copied, in whole or in part,
More informationVirtual Private Network and Remote Access
Virtual Private Network and Remote Access Introduction A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. A
More informationAlliedTelesis AT-AR700 Series
TheGreenBow IPSec VPN Client Configuration Guide AlliedTelesis AT-AR700 Series with Radius Server WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com Configuration Guide written by: Writer:
More informationCREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC
CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC 1 Introduction Release date: 11/12/2003 This application note details the steps for creating an IKE IPSec VPN tunnel
More information