Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Size: px
Start display at page:

Download "Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation"

Transcription

1 Basic ViPNet VPN Deployment Schemes Supplement to ViPNet Documentation

2 Infotecs Americas. All rights reserved. Version: ENU This document is included in the software distribution kit and is subject to the same terms and conditions as the software itself. No part of this publication may be reproduced, published, stored in an electronic database, or transmitted, in any form or by any means electronic, mechanical, recording, or otherwise for any purpose, without the prior written consent of Infotecs Americas Inc. ViPNet is a registered trademark of Infotecs Americas Inc., New York, USA. All brands and product names that are trademarks or registered trademarks are the property of their owners. Global contacts page

3 Contents Introduction... 5 About This Document... 6 Audience... 6 Document Conventions... 6 Feedback... 8 Guidelines... 9 Basic ViPNet VPN Deployment Schemes Before You Begin Chapter 1. Connection between a Remote Client and an Office Overview Configuring Network Structure in ViPNet Network Manager Creating a ViPNet Network Configuring a ViPNet Network Checking Settings on a Firewall Checking Settings on a Coordinator Checking Settings on Clients in the Office Checking Settings on a Remote Client Chapter 2. Remote Client to Remote Client Overview Configuring Network Structure in ViPNet Network Manager Checking Settings on a Firewall and a Coordinator Checking Settings on a Remote Client Chapter 3. Office to Office Connection Overview Configuring Network Structure in ViPNet Network Manager Checking Settings on Firewalls and Coordinators in Both Offices Checking Settings on Clients in Both Offices Chapter 4. Office to Office Connection with Tunneling Overview Configuring Network Structure in ViPNet Network Manager Checking Settings on Firewalls and Coordinators in Both Offices Checking Routing Settings on Tunneled Hosts... 42

4 Checking Settings on a Remote Client Chapter 5. Mobile Device to Office Connection Overview Configuring a Network in ViPNet Network Manager Configuring a Coordinator for Windows Verifying Settings on an External Firewall Configuring Mobile Devices Configuring an Apple Mobile Device Configuring an Android Mobile Device Chapter 6. Office to Office Connection Both with the ViPNet and IPsec Technologies Overview Configuring Network in ViPNet Network Manager Settings Check on a Remote Gateway... 60

5 Introduction About This Document 6 Feedback 8 Guidelines 9 Basic ViPNet VPN Deployment Schemes 10 Before You Begin 11 Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 5

6 About This Document This document is a supplement to ViPNet VPN. User s Guide. It contains 6 basic schemes of deploying a protected ViPNet VPN network. Each scheme is attended with step-by-step instructions helping you to create and configure a network in ViPNet Network Manager and then, on your ViPNet hosts, check whether the settings you made in ViPNet Network Manager are correct. Audience This document is intended for the network administrators intending to deploy and configure ViPNet VPN virtual private networks in their organizations. You don't have to be an IT professional to read and understand this document. However, you should have a general idea of computer networks, IP protocols, firewalls, tunneling, and cryptography. Document Conventions This document uses the following conventions: Table 1. Document conventions Icon Description Warning: Indicates an obligatory action or information that may be critical for continuing user operations. Note: Indicates a non-obligatory, but desirable action or information that may be helpful for users. Tip: Contains additional information. Table 2. Conventions for highlighted information Icon Name Key+Key Menu > Submenu > Command Description The name of an interface element. For instance, the name of a window, a box, a button, or a key. Shortcut keys. To use the shortcut keys, press and hold the first key and press other keys. A hierarchical sequence of elements. For instance, menu items or sections in the navigation pane. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 6

7 Icon Code Description A file name, path, text file (code) fragment or a command executed from the command line. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 7

8 Feedback Finding Additional Information For more information about Infotecs products and technologies, see the following resources: ViPNet documentation web portal Information about current Infotecs products Information about Infotecs solutions Contacting Infotecs We value any feedback from you. If you have any questions concerning Infotecs products and solutions, any suggestions, complains or other feedback, feel free to contact us by means of the following: Global contacts page Telephone (Germany): +49 (0) Telephone (USA): +1 (646) Errata Infotecs makes every effort to ensure that there are no errors or misprints in the text of all documents supplied with ViPNet software. However, no one is perfect, and mistakes do occur. If you find an error in one of our documents, like a spelling mistake or some inaccuracy in describing user scenarios or system features, we would be very grateful for your feedback. By sending in errata you may save other reader hours of frustration, and at the same time you will be helping us provide documentation of even higher quality. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 8

9 Guidelines Here are the guidelines of working with the document: 1 Choose a scheme that fits the required logical network structure (see Basic ViPNet VPN Deployment Schemes on page 10). If you want to connect two offices of your organization through a protected network, we recommend you to create a single corporate ViPNet network including computers of both offices. If you need to establish secure connection between two different organizations, we recommend you to create two different ViPNet networks and establish partner network connection between them (see ViPNet VPN. User's Guide, chapter 6). Warning: In this document, we will consider communication between head and branch offices hosts via a single corporate ViPNet network. 2 On a ViPNet administrator's workstation, you should first install ViPNet Network Manager and then ViPNet Client or ViPNet Coordinator (see ViPNet VPN. User's Guide, chapter 2, Deploying the ViPNet Network Administrator's Workstation ). 3 In ViPNet Network Manager, create logical network structure according to the recommendations in this document, and then create key sets for ViPNet hosts. 4 On the hosts that will function as coordinators, install the ViPNet Coordinator software (see ViPNet VPN. User's Guide, chapter 2, Installing ViPNet Coordinator on ViPNet Network Servers ) and install the key sets created in ViPNet Network Manager. 5 On ViPNet users' computers, including remote ones, install the ViPNet Client software (see ViPNet VPN. User's Guide, chapter 2, Deploying the ViPNet Network User's Workstations ) and install the key sets created in ViPNet Network Manager. 6 Check connection between coordinators and remote clients, between different remote users, between coordinators from different networks. 7 If connection has not been established, follow the recommendations in this document to check ViPNet Coordinator and ViPNet Client program settings on ViPNet hosts. Note: To change any settings for a coordinator or a client, in ViPNet Network Manager: In the navigation pane, choose a ViPNet host, whose settings you are going to change. Go through the tabs in the view pane and make the required settings. Create key sets, copy them to a removable drive, and manually update keys on ViPNet hosts. 8 Check connection again. If the connection is still not established, the failure may be caused by wrong firewall configuration or incompatible software. Contact Infotecs technical support. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 9

10 Basic ViPNet VPN Deployment Schemes Below, we describe six typical network schemes you can deploy with ViPNet VPN: 1 Connection between a remote client and an office (on page 13) Follow these steps to deploy a ViPNet network and establish a protected connection between a remote user and an office. A remote user is a laptop user connecting to the Internet from different locations: home, workplace, a Wi-Fi cafe, and so on. It could also be a desktop PC in a branch office or at home (or in some other place from where a coordinator is not accessible directly). 2 Remote client to remote client (on page 24) Follow these steps to deploy a ViPNet network with two remote clients and establish a direct clientto-client connection between them. 3 Office to office connection (on page 29) Follow these steps to deploy a ViPNet network and establish a protected point-to-point connection between two ViPNet hosts located in two different offices of an organization. 4 Office to office connection with tunneling (on page 35) Follow these steps to deploy a ViPNet network and establish a protected connection between such network devices located in two different offices of an organization, where you can't install the ViPNet software for some reasons. These hosts can be computers with Apple Mac OS, network devices like printers, VoIP appliances, NAS, surveillance cameras, and other. 5 Mobile Device to Office Connection (on page 45) Follow these steps to deploy a ViPNet network and establish connection between Apple or Android mobile users and an office. 6 Office to office connection both with the ViPNet and IPsec technologies (on page 55) Follow these steps to deploy a ViPNet network and establish connection with another ViPNet network. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 10

11 Before You Begin Decide beforehand, where your will install the ViPNet Coordinator software (those hosts will be ViPNet network servers) and the ViPNet Client software (one of those hosts will be the ViPNet network administrator's workstation). A coordinator must always be accessible to its clients. This means, a coordinator host must always be online with ViPNet Coordinator software running on it. Static port forwarding should be enabled on the firewall used by this coordinator to access public (Internet) resources. On the ViPNet network administrator's workstation, run the ViPNet VPN setup program and first install ViPNet Network Manager, then ViPNet Client or ViPNet Coordinator (see ViPNet VPN. User's Guide, chapter 2, Deploying the ViPNet Network Administrator's Workstation ). ViPNet Network Manager allows you to create, configure and maintain a protected ViPNet network that may include hosts located in the head office, branch offices, and remote computers. To establish connection between head office computers and branch office computers, partner company computers or remote users, there should be at least one coordinator in a ViPNet network which is always accessible from outside by either an external (public) static IP address or a DNS name. In the first two scenarios described in this document, there is only one coordinator on the network, while in the last two scenarios, the described functions are performed by a coordinator located in the head office. In the first two and the second two scenarios described in this document, there is only one coordinator on the network, while in the third and the fourth scenarios, the described functions are performed by a coordinator located in the head office. If your coordinator does not have a public static IP address, use the dynamic DNS service, which translates your firewall s public dynamic addresses to a specified DNS name (for example, you may use a service). Warning: Before configuring settings on ViPNet hosts, check network parameters, as described below. Check network parameters on the computers functioning as coordinators and on the firewalls: Make sure the coordinator's network interface connected to the firewall has a static local IP address. Make sure you know the public static IP address or the DNS name of the head office coordinator. Make sure the following filtering rules are configured on the firewalls behind which your coordinators are located: allow all traffic incoming to the UDP port specified in coordinator's options (55777 by default) and forward it to the coordinator's local IP address; To learn the number of your coordinators UDP packets encapsulation port: o In the ViPNet Coordinator Monitor main window, on the Service menu, click Options. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 11

12 Figure 1. Viewing the UDP packets encapsulation port number o In the Private Network section, in the UDP packets encapsulation port box, check the specified port number. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 12

13 1 Connection between a Remote Client and an Office Overview 14 Configuring Network Structure in ViPNet Network Manager 15 Checking Settings on a Firewall 18 Checking Settings on a Coordinator 19 Checking Settings on Clients in the Office 20 Checking Settings on a Remote Client 22 Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 13

14 Overview This chapter describes a scheme of establishing connection between a remote user and the head office using the ViPNet VPN software. A remote user is a laptop user connecting to the Internet from different locations (home, workplace, a Wi-Fi cafe, and so on), or a desktop PC user working at any place from where he or she can't connect to the coordinator directly. Figure 2. Connection between a remote client and an office Suppose there are a coordinator and several clients in the head office. The clients use the coordinator as a firewall. The coordinator is located behind a firewall with static NAT. Port forwarding rules (see Checking Settings on a Firewall on page 18) for the coordinator are configured on the firewall. A remote ViPNet user establishes connection to the office over the Internet (see. figure 2 on page 14). Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 14

15 Configuring Network Structure in ViPNet Network Manager Creating a ViPNet Network Create the initial ViPNet network structure using the ViPNet Network Creation Wizard (see ViPNet VPN. User s Guide, chapter 3, section Creating a ViPNet Network ): 1 Specify the required number of coordinators and clients. To implement the scheme of connecting a remote user to an office (see. figure 2 on page 14), you need one coordinator. 2 Choose how your ViPNet hosts will be linked with each other. 3 Edit the created network structure and links if necessary. 4 To configure access parameters for the coordinator, select the Using a firewall Internet connection type (see the Configuring Access to a Coordinator section, the Configuring Access to a Coordinator behind a Firewall topic) and specify the firewall's IP addresses or DNS name. If you want to configure the firewall parameters later, select the Configure in ViPNet Network Manager main window option. Note: With the ViPNet Network Creation Wizard, you may configure access parameters only for the first created coordinator (where the ViPNet administrator's workstation is registered by default). If you need to set up access parameters for another coordinator, use the main ViPNet Network Manager window. 5 Configure random password options. 6 On the last page of the Wizard, clear the Create key sets upon completing ViPNet Network Creation Wizard check box and click Close. Configuring a ViPNet Network To configure ViPNet hosts: 1 In the navigation pane of the main ViPNet Network Manager window, select the coordinator to be used for communication with external hosts. Click the Access IP addresses tab. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 15

16 Figure 3. Assigning an IP address for a coordinator If you have configured access options for the coordinator (see Creating a ViPNet Network on page 15) when creating a network, then the firewall is already configured. To add an IP address or DNS name, in the corresponding group, click Add. In the IP Address or DNS name window, add a new IP address or DNS name and click OK. Figure 4. Adding an IP address 2 Click the Firewall tab. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 16

17 Figure 5. Configuring firewall parameters If you have configured access options for the coordinator (see Creating a ViPNet Network on page 15) when creating a network, then the required firewall parameters are already specified. Otherwise, follow the steps below: o o Select the Use firewall check box. In the Firewall type list, select With static address translation. 3 In the navigation pane, choose the client. Open the Links tab and make sure that the list includes all ViPNet hosts this client should communicate with. 4 On the Tools menu, select Keys, and then click Save Key Sets. Copy the created key sets to a removable drive and use them to install the ViPNet keys on the coordinator and clients. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 17

18 Checking Settings on a Firewall We recommend that the firewall (or another NAT device) has a static public IP address. If the firewall does not have a public static IP address, use the dynamic DNS service, which translates your firewall s public dynamic addresses to a specified DNS name (for example, you may use a service). On the firewall, configure the following rules: 1 Specify the UDP access port to exchange protected traffic with any networks. Note: By default, the ViPNet software uses port number 55777, but you can change it if needed. 2 Create the following port forwarding rule for incoming and outgoing UDP traffic: allow any UDP traffic incoming to the specified port and forward it to the corresponding coordinator. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 18

19 Checking Settings on a Coordinator Make sure the coordinator has been configured correctly. To do this: 1 In the main window of the ViPNet Coordinator program, on the Service menu, click Options. The Options dialog box will be displayed. Figure 6. Checking settings on a coordinator 2 Make sure that, in the Private Network section, the Use external firewall check box is selected. 3 Make sure that, in the Firewall type list, With static NAT is selected. 4 Make sure that, in the UDP packets encapsulation port box, the same port number is specified as the one in port forwarding rules on the firewall. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 19

20 Checking Settings on Clients in the Office To check settings on clients located in the office: 1 In the ViPNet Client Monitor program, log on as an administrator. 2 On the Tools menu, click Options. The Options dialog box will be displayed. 3 In the Options dialog box, make sure that, in the Private Network section, a coordinator installed in the office is selected as the coordinator for connections. Figure 7. Private network settings 4 Click OK. 5 In the navigation pane of the main ViPNet Client window, select the Private Network section. 6 In the Private Network section, in the hosts list, double-click the coordinator chosen as this client's coordinator for connections. The ViPNet Host Properties dialog box will be displayed. 7 In the ViPNet Host Properties dialog box, click the IP Addresses tab. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 20

21 Figure 8. Viewing coordinator's IP addresses 8 Make sure that, in the IP Addresses list, in the Real IP addresses column, the correct coordinator's address is specified. If DNS names are used, make sure that the Use DNS name check box is selected and, in the DNS name list, the correct coordinator's DNS name is specified. 9 Check connection to the coordinator. To do this, in the Private Network section, select the coordinator and, on the toolbar, click Connection or press F5. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 21

22 Checking Settings on a Remote Client To check settings on a remote client: 1 In the ViPNet Client Monitor program, log on as an administrator. 2 On the Tools menu, click Options. The Options dialog box will be displayed. 3 In the Options dialog box, make sure that, in the Private Network section, a coordinator installed in the office is selected as the coordinator for connections. 4 Click OK. 5 In the navigation pane of the main ViPNet Client window, select the Private Network section. 6 In the Private Network section, in the hosts list, double-click the coordinator chosen as this client's coordinator for connections. The ViPNet Host Properties dialog box will be displayed. 7 In the ViPNet Host Properties dialog box, click the Firewall tab. Figure 9. Access IP addresses 8 In the Access IP addresses list, a public IP address of the firewall behind which the coordinator is installed must be specified. If the firewall has no static public IP address, verify its DNS name (step 12). Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 22

23 9 In the ViPNet Host Properties dialog box, click the IP Addresses tab (see. figure 8 on page 21). 10 Make sure that, in the IP Addresses list, in the Real IP addresses column, the correct coordinator's address is specified. If DNS names are used, make sure that the Use DNS name check box is selected and, in the DNS name list, the correct DNS name of the firewall behind which the coordinator is installed is specified. 11 Check connection to the coordinator. To do this, in the Private Network section, select the coordinator and, on the toolbar, click Connection or press F5. If all the settings have been configured correctly, connection between a remote client and the head office will be established. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 23

24 2 Remote Client to Remote Client Overview 25 Configuring Network Structure in ViPNet Network Manager 26 Checking Settings on a Firewall and a Coordinator 27 Checking Settings on a Remote Client 28 Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 24

25 Overview This chapter describes a scheme of establishing connection between two remote users using the ViPNet VPN software. Figure 10. Remote client to remote client connection This scheme has much in common with the previous one (see Connection between a Remote Client and an Office on page 13). Suppose there are a coordinator and several clients in the head office. The coordinator is installed behind a firewall with static NAT. Port forwarding rules (see Checking Settings on a Firewall on page 18) for the coordinator are configured on the firewall. A remote ViPNet user and a home ViPNet user establish connection with each other and with the office over the Internet. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 25

26 Configuring Network Structure in ViPNet Network Manager First, create the required ViPNet network structure, as described in Creating a ViPNet Network (on page 15). To implement the above-described scheme (see figure on page 25), create one coordinator, the required number of clients that will work in the office, and two more clients that will work remotely. To configure the created network structure, in ViPNet Network Manager: 1 In the navigation pane of the main ViPNet Manager window, select the coordinator to be used for communication with external hosts. Open the Access IP addresses (see figure on page 16) tab. If you have configured access options for the coordinator (see Creating a ViPNet Network on page 15) when creating a network, the IP address of the coordinator is already specified. If you didn't specify the IP address in the IP addresses group, click Add. In the IP Address window, add the coordinator's address and click OK. If the firewall is accessible from the Internet by a DNS name (for example, the dyndns service is used), in the DNS names group, click Add and type the DNS name of the firewall. 2 Click the Firewall tab (see figure on page 17). If you have configured access options for the coordinator (see Creating a ViPNet Network on page 15) when creating a network, the firewall parameters are already specified. Otherwise, follow the steps below: o o Select the Use firewall check box. In the Firewall type list, select With static address translation. 3 In the navigation pane, choose the client. Open the Links tab and make sure that the list includes all ViPNet hosts this client should communicate with. 4 Repeat steps 3 and 4 to configure the other remote client. 5 On the Tools menu, select Keys, and then click Save Key Sets. Copy the created key sets to a removable drive and use them to install the ViPNet keys on the coordinator and clients. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 26

27 Checking Settings on a Firewall and a Coordinator Make sure that the firewall has a static public IP address or a DNS name provided by a dynamic DNS service. Port forwarding rules (see Checking Settings on a Firewall on page 18) must be configured on the firewall. On the computer that functions as the coordinator, check the ViPNet Monitor settings (see Checking Settings on a Coordinator on page 19). Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 27

28 Checking Settings on a Remote Client Note: All remote clients of the ViPNet network should be configured as follows. To check settings on a remote client: 1 In the ViPNet Client Monitor program, log on as an administrator. 2 On the Service menu, click Options. The Options dialog box will be displayed. 3 In the Options dialog box, make sure that, in the Private Network section (see figure on page 20), a coordinator installed in the office is selected as the coordinator for connections. 4 Click OK. 5 In the navigation pane of the main ViPNet Client window, select the Private Network section. 6 In the Private Network section, in the hosts list, double-click the coordinator chosen as this client's coordinator for connections. The ViPNet Host Properties dialog box will be displayed. 7 In the ViPNet Host Properties dialog box, click the Firewall tab (see figure on page 22). 8 In the Access IP addresses table, check that a public IP address of the firewall, behind which the coordinator is located, is specified. If the firewall has no static public IP address, verify its DNS name (step 12). 9 In the ViPNet Host Properties dialog box, click the IP Addresses tab (see figure on page 21). 10 Make sure that, in the IP Addresses list, in the Real IP addresses column, the correct coordinator's address is specified. If DNS names are used, make sure that the Use DNS name check box is selected and, in the DNS name list, the correct DNS name of the firewall behind which coordinator A is installed is specified. 11 Make sure that, in the Private Network section, the other remote user and other ViPNet hosts your client should communicate with are included in the hosts list. 12 Check connection to the office coordinator and the other remote client. To do this, in the Private Network section, select the required ViPNet host and, on the toolbar, click Connection or press F5. If all the settings have been configured correctly, connection between remote clients with each other and between remote clients and the head office will be established. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 28

29 3 Office to Office Connection Overview 30 Configuring Network Structure in ViPNet Network Manager 31 Checking Settings on Firewalls and Coordinators in Both Offices 33 Checking Settings on Clients in Both Offices 34 Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 29

30 Overview This chapter describes a scheme of establishing protected connection between the head office and the branch office using the ViPNet VPN software. Figure 11. Office to office connection Suppose there are two offices in an organization: head and branch. A corporate ViPNet network includes hosts in both offices. Coordinator A located in the head office and Coordinator B located in the branch office establish a protected connection to each other over the Internet. Coordinator A is located behind a firewall on which a static port forwarding rule is configured for protected traffic exchange. Coordinator B is located behind a firewall with no specially configured settings for protected traffic exchange. Clients in the head office (one of them functions as a ViPNet network administrator's workstation) use coordinator A as a firewall. Clients in the branch office use coordinator B as a firewall. Only one office (in our example, the head office) should be accessible from the outside either by a public static IP address or by a DNS name (see Before You Begin on page 11). Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 30

31 Configuring Network Structure in ViPNet Network Manager First, create the required ViPNet network structure, as described in Creating a ViPNet Network (on page 15). To implement the above-described scheme (see figure on page 30), create two coordinators. On coordinator A, register the clients intended to be installed in the head office. On coordinator B, register the clients intended to be installed in the branch office. In ViPNet Network Manager, configure each coordinator: 1 In the main ViPNet Network Manager window, in the navigation pane, select coordinator A and click the Access IP addresses tab. Figure 12. Assigning an IP address for a coordinator If you have configured access options for the coordinator (see Creating a ViPNet Network on page 15) when creating a network, the IP address of the coordinator is already specified. If you didn't specify the IP address in the IP addresses group, click Add. In the IP Address window, type the IP address of the coordinator A (in this example, it is ) and click OK. If Coordinator A is accessed from the Internet by its DNS name (for example, the dyndns service is used), in the DNS names group, click Add and type the DNS name of the coordinator. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 31

32 2 Click the Firewall tab. If you have configured access options for the coordinator A (see Creating a ViPNet Network on page 15) when creating a network, the firewall parameters are already specified. Otherwise, follow the steps below: o o Select the Use firewall check box. In the Firewall type list, select With static address translation. 3 In the navigation pane of the main ViPNet Network Manager window, select coordinator B, open the Access IP addresses tab and, in the IP addresses group, click Add. In the IP Address window, type the local IP address of the coordinator B (in this example, it is ) and click OK. 4 Click the Firewall tab: o o Select the Use firewall check box. In the Firewall type list, select With dynamic address translation. o In the Coordinator to manage connections with external hosts list, select coordinator A. o Make sure that the Direct all VPN traffic with external hosts through the coordinator check box is cleared. 5 On the Tools menu, select Keys, and then click Save Key Sets. Copy the created key sets to a removable drive and use them to install the ViPNet keys on the coordinator and clients. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 32

33 Checking Settings on Firewalls and Coordinators in Both Offices Make sure that the head office firewall is accessible by a static public IP address or a DNS name provided by a dynamic DNS service. On this firewall, a port forwarding rule (see Checking Settings on a Firewall on page 18) must be configured for the local IP address of coordinator A (UDP, 55777). On the branch office firewall, no additional settings are required. To make sure both coordinators are configured correctly, on each coordinator: 1 In the ViPNet Coordinator main window, on the Service menu, click Options. 2 Make sure that, in the Private Network section, the Use external firewall check box is selected. 3 Make sure that, in the Firewall type list, on coordinator A, With static address translation is selected, while on coordinator B, the With dynamic address translation firewall type is selected. 4 Make sure that, on coordinator A, in the UDP packets encapsulation port box, the same port number is specified as the one in port forwarding rules on the firewall. 5 Make sure that, on coordinator B, in the Connection server list, coordinator A is selected. 6 On coordinator B, in the navigation pane of the main ViPNet Coordinator window, select Private Network. 7 In the view pane of the Private Network section, double-click coordinator A. The ViPNet Host Properties dialog box will be displayed. 8 If coordinator A is accessible by a static public IP address: 8.1 In the ViPNet Host Properties dialog box, click the Firewall tab (see figure on page 22). 8.2 In the Access IP addresses list, a static public IP address must be specified for the firewall behind which the coordinator of the other office is installed (in this example, it is ). 9 If the head office firewall does not have a static public IP address, make sure that the firewall's DNS name is specified. In the ViPNet Host Properties dialog box, click the IP Addresses tab (see figure on page 21). Make sure that the Use DNS name check box is selected and, in the DNS name list, the correct DNS name of the firewall behind which the coordinator of the other office is installed is specified. 10 On coordinator B, check connection to coordinator A. To do this, in the Private Network section, select coordinator A and, on the toolbar, click Connection or press F5. If all the settings have been configured correctly, connection between the coordinators of the head and branch offices will be established. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 33

34 Checking Settings on Clients in Both Offices Note: You should check the settings on every client in the head and branch offices as follows. To check the settings on a client: 1 In the ViPNet Client Monitor program, log on as an administrator. 2 On the Tools menu, click Options. The Options dialog box will be displayed. 3 In the Options dialog box, make sure that, in the Private Network (see figure on page 20) section, a coordinator installed in the office is selected as the coordinator for connections. 4 Click OK. 5 In the navigation pane of the main ViPNet Client window, select the Private Network section. 6 In the Private Network section, in the hosts list, double-click the coordinator chosen as this client's coordinator for connections. The ViPNet Host Properties dialog box will be displayed. 7 In the ViPNet Host Properties dialog box, click the IP Addresses tab (see figure on page 21). 8 Make sure that, in the IP Addresses list, in the Real IP addresses column, the correct coordinator's address is specified (in the head office: , in the branch office: ). 9 Check connection to the coordinator of the office where this client is installed. To do this, in the Private Network section, select the coordinator and, on the toolbar, click Connection or press F5. 10 Check connection to any ViPNet host in the other office. If all the settings have been configured correctly, connection between the head office and the branch office will be established. If there is no connection, the problem may be in the firewall or some incompatible software. Contact Infotecs technical support. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 34

35 4 Office to Office Connection with Tunneling Overview 36 Configuring Network Structure in ViPNet Network Manager 37 Checking Settings on Firewalls and Coordinators in Both Offices 40 Checking Routing Settings on Tunneled Hosts 42 Checking Settings on a Remote Client 44 Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 35

36 Overview This chapter describes a scheme of establishing protected connection between the head office and the branch office using the ViPNet VPN software and the tunneling technology. Tunneling is a method of protecting traffic passing through unprotected communications channels. IP packets go unencrypted between a tunneled host and a coordinator, and encrypted between a coordinator and other ViPNet hosts. A tunneled host is a network host without ViPNet software installed that should be accessible from an external network through a coordinator via a protected communications channel. It may be any device connected to the network that has an IP address: an Apple PC, a network printer, a Network Attached Storage (NAS), a VoIP device, IP-based manufacturing equipment, and so on. Figure 13. Office to office connection with tunneling Suppose there are two offices in an organization: head and branch. The corporate ViPNet network includes two coordinators, a network control center (ViPNet Network Manager host), and a remote ViPNet host. Coordinator A located in the head office and coordinator B located in the branch office establish a protected connection to each other over the Internet. Coordinator A is located behind a firewall on which a static port forwarding rule is configured for protected traffic exchange. Coordinator B is located behind a firewall where no special settings for protected traffic exchange have been made. Coordinator A tunnels several unprotected (without ViPNet software installed) computers and network devices located in the head office. Coordinator B tunnels several unprotected computers and network devices in the branch office. The remote client establishes connection to tunneled hosts in both offices. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 36

37 Configuring Network Structure in ViPNet Network Manager First, create the required ViPNet network structure as described in chapter 1 (see Creating a ViPNet Network on page 15). To implement the above-described scheme (see figure on page 36), create two coordinators and two clients (a ViPNet network administrator's workstation and a remote ViPNet host). Note: You may create more clients if you need more protected hosts to be used in offices or remotely. In ViPNet Network Manager, configure each coordinator: 1 In the main ViPNet Network Manager window, in the navigation pane, select the coordinator A and click the Access IP addresses tab (see figure on page 31). If you have configured access options for the coordinator A (see Creating a ViPNet Network on page 15) when creating a network, the IP address of the network adapter directly connected to the firewall is already specified. To assign an IP address, under IP addresses click Add. In the IP Address window, type the local IP address of the coordinator and click OK. If the coordinator is accessible from the Internet by a DNS name (for example, the dyndns service is used), under DNS names, click Add. Then, specify the coordinator's DNS name. 2 Click the Firewall tab (see figure on page 17). If you have configured access options for the coordinator A (see Creating a ViPNet Network on page 15) when creating a network, the firewall parameters are already specified. Otherwise, follow the steps below: o o Select the Use firewall check box. In the Firewall type list, select With static address translation. 3 In the navigation pane of the main ViPNet Network Manager window, select the coordinator B. Then, click the Access IP addresses tab and click Add. In the IP Address window, type a local IP address of the coordinator and click OK. 4 Click the Firewall tab: o o Select the Use firewall check box. In the Firewall type list, select With dynamic address translation. o In the Coordinator for incoming traffic list, select coordinator A. o Make sure that the Direct all VPN traffic with external hosts through the coordinator check box is cleared. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 37

38 For each coordinator: 5 Click the Tunnel tab. Figure 14. Specifying IP addresses of tunneled hosts o On the Tunnel tab, specify the IP addresses of the computers and network devices to be tunneled by this coordinator. We recommend that a coordinator and its tunneled hosts are located in the same network segment. Note: For our recommendations on the case when a coordinator and its tunneled hosts are placed in different network segments, see the document Common Scenarios of ViPNet VPN Administering. Supplement to ViPNet Documentation. To specify an IP address: Click Add. The IP Address or Range window will be displayed. If you want to add a single tunneled IP address, select IP address and type the required IP address in the box. If you want to add a range of tunneled IP addresses, select Range and type the starting and the ending IP addresses of the range in the boxes. Click OK. To configure a remote client: 1 In the navigation pane, select the client that is intended to be used remotely. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 38

39 2 Open the Links tab and make sure that the list includes all ViPNet hosts this client should communicate with. Links with tunneled hosts are always allowed. These hosts are not listed. On the Tools menu, select Keys, and then click Save Key Sets. Copy the created key sets to a removable drive and use them to install the ViPNet keys on the coordinator and clients. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 39

40 Checking Settings on Firewalls and Coordinators in Both Offices Make sure that the head office firewall is accessible by a static public IP address or a DNS name provided by a dynamic DNS service. On this firewall, a port forwarding rule (see Checking Settings on a Firewall on page 18) must be configured for the local IP address of coordinator A (UDP, 55777). On the branch office firewall, no additional settings are required. To make sure both coordinators are configured correctly, on each coordinator: 1 In the main window of the ViPNet Coordinator program, on the Service menu, click Options. 2 Make sure that, in the Private Network section, the Use external firewall check box is selected. 3 Make sure that, in the Firewall type list, on coordinator A, With static address translation is selected, while on coordinator B, the With dynamic address translation firewall type is selected. 4 Make sure that, on coordinator A, in the UDP packets encapsulation port box, the same port number is specified as the one in port forwarding rules on the firewall. 5 Make sure that, on coordinator B, in the Connection server list, coordinator A is selected. 6 For each coordinator: In the Options dialog box, select Tunneling. Figure 15. Checking tunneled IP addresses Check tunneled hosts' IP addresses. A coordinator and its tunneled hosts must be located in the same subnetwork. 7 On coordinator B, in the navigation pane of the main ViPNet Coordinator window, select Private Network. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 40

41 8 In the view pane of the Private Network section, double-click coordinator A. The ViPNet Host Properties dialog box will be displayed. 9 If coordinator A is accessible by a static public IP address: o In the ViPNet Host Properties dialog box, click the Firewall tab (see figure on page 22). o In the Access IP addresses list, the firewall's static public IP address must be specified. 10 If the head office firewall does not have a static public IP address, make sure that the firewall's DNS name is specified. In the ViPNet Host Properties dialog box, click the IP Addresses tab (see figure on page 21). Make sure that the Use DNS name check box is selected and, in the DNS name list, the correct DNS name of the firewall behind which the coordinator of the other office is installed is specified. 11 In the ViPNet Host Properties dialog box, click the Tunnel tab. Figure 16. Checking IP addresses tunneled by the other coordinator Make sure that, on the Tunnel tab, the Use IP addresses for tunneling check box is selected and IP addresses tunneled by the other coordinator are specified. If similar IP addresses are used in the head and branch offices, select the Use virtual IP addresses check box. This allows avoiding a conflict of IP addresses. 12 On coordinator B, check connection to coordinator A. To do this, in the Private Network section, select coordinator A and, on the toolbar, click Connection or press F5. If all the settings have been configured correctly, connection between the coordinators of the head and branch offices will be established. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 41

42 Checking Routing Settings on Tunneled Hosts We recommend you that each tunneled host should use its tunneling coordinator as its default gateway. In this case, no additional routing settings are required. On the hosts where you can't set the coordinator as the default gateway, add static routes to forward all traffic to be tunneled to the branch office through the coordinator. Figure 17. Viewing a virtual address To add a static route, in Windows Command Prompt, enter the following command: route add <destination IP address> mask <subnet mask> <gateway> -p, where: <destination IP address> is the virtual IP address of the destination subnetwork. <subnet mask> is a destination subnet mask value. <gateway> is the coordinator's local IP address. -p identifies that the route is static and will be the saved after each reboot. To learn the destination subnetwork IP address: 1 On the coordinator installed in the tunneled host's LAN, in the main ViPNet Coordinator Monitor window, click Private Network. 2 In the list of ViPNet hosts, double-click the coordinator of the other office. The ViPNet Host Properties dialog box will be displayed. 3 Click the Tunnel tab and make sure that the Use virtual IP addresses check box is selected. Use the network addresses displayed in the Virtual IP addresses column to set a static route (in our example, network 11). Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 42

43 For example, a tunneled host in the branch office should connect to tunneled hosts in the head office. Tunneled hosts of the head office are accessible by virtual IP addresses that belong to the network (see figure on page 42). The local IP address of the branch office coordinator is To set a static route on the branch office host, use the following command: route add mask p Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 43

44 Checking Settings on a Remote Client To check the settings on a remote client: 1 In the ViPNet Client Monitor program, log on as an administrator. 2 On the Tools menu, click Options. The Options dialog box will be displayed. 3 In the Options dialog box, make sure that, in the Private Network (see figure on page 20) section, a coordinator installed in the office is selected as the coordinator for connections. 4 Click OK. 5 In the navigation pane of the main ViPNet Client window, select the Private Network section. 6 In the view pane of the Private Network section, double-click coordinator A. The ViPNet Host Properties dialog box will be displayed. 7 In the ViPNet Host Properties dialog box, click the Firewall tab (see figure on page 22). 8 In the Access IP addresses list, a static public IP address of the firewall behind which coordinator A is installed must be specified. If the firewall has no static public IP address, verify its DNS name (step 10). 9 In the ViPNet Host Properties dialog box, click the IP Addresses tab (see figure on page 21). 10 Make sure that, in the IP addresses list, in the Real IP addresses column, the correct local address of coordinator A is specified. If DNS names are used, make sure that the Use DNS name check box is selected and, in the DNS name list, the correct DNS name of the firewall behind which coordinator A is installed is specified. 11 In the ViPNet Host Properties dialog box, click the Tunnel tab (see figure on page 41). Make sure that the Use IP addresses for tunneling check box is selected and the IP addresses tunneled by coordinator A are specified. 12 In the view pane of the Private Network section, double-click coordinator B. In the ViPNet Host Properties dialog box, click the Tunnel tab. Make sure that the Use IP addresses for tunneling check box is selected and the IP addresses tunneled by this coordinator are specified. 13 Check connection to each coordinator. To do this, in the Private Network section, select the coordinator and, on the toolbar, click Check connection or press F5. 14 Try to connect to some tunneled host using its IP address (for example, by executing the ping command). If all the settings have been configured correctly, connection between remote clients and tunneled hosts will be established. If there is no connection, the problem may be in the firewall or some incompatible software. Contact Infotecs technical support. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 44

45 5 Mobile Device to Office Connection Overview 46 Configuring a Network in ViPNet Network Manager 48 Configuring a Coordinator for Windows 50 Verifying Settings on an External Firewall 52 Configuring Mobile Devices 53 Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 45

46 Overview This chapter describes a connection scheme within a ViPNet VPN network, where Apple and Android device users establish connection to the office. Figure 18. Connection between office and mobile devices Your mobile device connects to a protected ViPNet host through a coordinator functioning as an IPsec- ViPNet gateway. The mobile device establishes connection to the coordinator over the IPsec protocol. Thus, there is a protected tunnel from this device to the coordinator. On the coordinator, an IP address from the specified range (in the scheme, it is ) is assigned to the mobile device. The coordinator is configured to tunnel the range of the IP addresses assigned to IPsec hosts (mobile devices) using the ViPNet technology. Thus, an IPsec host is accessible for ViPNet hosts either by the address the coordinator has assigned for it ( in the scheme), or by the corresponding virtual IP address of the tunneled host. ViPNet hosts will be accessible to the IPsec host by their visibility addresses on the coordinator (in the scheme, the visibility address is ). When IPsec and ViPNet hosts communicate as described in the scheme, no advanced route setup is required. The IP packets are transferred as follows. IP packets from mobile devices are sent over the IPsec protocol. On the coordinator, the packets are decrypted. Then, the ViPNet driver encrypts the packets again. The coordinator forwards the packets to the destination host in the ViPNet network. Response IP packets are transferred in the same way. The coordinator functioning as an IPsec server should meet the following requirements: Use a coordinator of one of the two following types: o o ViPNet Coordinator HW/VA coordinator. ViPNet Coordinator for Windows deployed on a computer with the operating system Windows Server 2008 R2. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 46

47 Note: The feature of an IPsec gateway can be also implemented by a computer working under Windows Server 2003 operating system. However, in this document, we cover configuration of an IPsec gateway only for Windows Server 2008 R2. For help on configuring an IPsec gateway for Windows Server 2003, contact Infotecs technical support (see Feedback on page 8). The coordinator must be accessible on the Internet by its IP address or DNS name (the name can be registered in the dynamic DNS service). Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 47

48 Configuring a Network in ViPNet Network Manager First, create the required ViPNet network structure, as described in Creating a ViPNet Network (on page 15). To implement this scheme, you need a network with a coordinator, clients, and mobile clients. This section describes a general workflow on configuring an IPsec gateway deployed on a coordinator running Windows OS or on a ViPNet Coordinator HW/VA coordinator. We recommend you to use a ViPNet Coordinator HW/VA coordinator because it requires few settings. You can configure a ViPNet Coordinator HW/VA host in ViPNet Network Manager only if your ViPNet Network Manager license allows it. In ViPNet Network Manager, make the following settings (for more information, see the document ViPNet VPN. User's Guide, the chapter Configuring IPsec Connection to Mobile Devices and Other Networks ): 1 Choose or create a coordinator (ViPNet Coordinator Windows or ViPNet Coordinator HW/VA) that will function as an IPsec gateway. 2 On the IPsec connection tab, configure IPsec connection to the coordinator. Figure 19. Configuring IPsec connection parameters 3 If you want to provide access for mobile devices to ViPNet hosts, specify the range of tunneled IP addresses for the mobile clients. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 48

49 4 Add a mobile client to the coordinator and, on the Profile tab, configure an IPsec profile for the mobile client. Though only the ios option is available on the Mobile client type list, you should make other settings even if the mobile device you are connecting runs Android. This is required because the IPsec gateway coordinator also uses these settings. Figure 20. Mobile client parameters 5 If the mobile client is an Apple device, send the configured profile to the mobile device. 6 If a coordinator for Windows is chosen as an IPsec gateway, save the profile configured on the IPsec connection tab of the coordinator. 7 If you choose a ViPNet Coordinator HW/VA coordinator as an IPsec gateway, send the keys to the ViPNet Coordinator HW/VA coordinator. If no key set has been installed on the coordinator, create a key set for it and give it to the coordinator host's administrator together with the hwinit_set.xml file. Next, if you use a ViPNet Coordinator HW/VA coordinator, start configuring the mobile device (see Configuring Mobile Devices on page 53). If you use a coordinator for Windows, first configure the coordinator (see Configuring a Coordinator for Windows on page 50), then start configuring the mobile device. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 49

50 Configuring a Coordinator for Windows On a coordinator running Windows Server 2008 R2, do the following: 1 In the Server Manager snap-in, run the Add Roles Wizard and set the Network Policy and Access Services role, selecting the Routing and Remote Access Services component. Figure 21. Selecting services to be installed 2 In the Server Manager snap-in, enable the Routing and Remote Access service by choosing the Remote access (dial-up or VPN) configuration in the wizard. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 50

51 Figure 22. Choosing a configuration 3 On the coordinator, apply the IPsec profile you created for it in ViPNet Network Manager. To do this, run the run.bat file on it. 4 In ViPNet Coordinator, configure a public network local filter, allowing you to connect mobile devices over the IPsec technology. Also: o as a destination, specify My ViPNet host and the coordinator's network interface connected to the Internet; o add the 50-ESP IP protocol and the UDP protocols 500-isakmp and If you need to ensure access of mobile devices to application servers and information resources located right on the coordinator, you should configure a local network filter for a public network, so that the traffic transferred over certain protocols and ports was allowed. Also: o o o as sources, specify the IP addresses range, from which addresses are distributed for mobile devices when they connect to the coordinator and which you specified in ViPNet Network Manager when configuring the IPsec gateway's profile; as a destination, specify My ViPNet host; add the TCP protocol 80-http. 6 After you configure the filters, in ViPNet Coordinator, in the Local Public Network Filters section, click Apply all. 7 To provide access to ViPNet hosts for mobile devices by DNS names, install and configure a DNS server on the coordinator and register DNS names of ViPNet hosts on it (see the document ViPNet VPN. User's Guide, the chapter Configuring and Using DNS and WINS Services in ViPNet Networks ). Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 51

52 Verifying Settings on an External Firewall If the coordinator is connected to the Internet via an external firewall, on this firewall (or a DSL router), you need to configure a rule for UDP packets transferred when the connection is established over the IPsec or L2TP technology. Do one of the following: Make sure that, on the device functioning as a firewall, the L2TP Passthrough and IPsec Passthrough modes are enabled (if such parameters are available on your device). No additional configuring is required after that. Figure 23. Router settings If the L2TP Passthrough and IPsec Passthrough parameters are not available on your device, configure the rule manually specifying the following parameter values: o o The IP address of the server with the ViPNet Coordinator software installed to which ports will be redirected. Protocol: UDP. o Ports: 500 and Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 52

53 Configuring Mobile Devices Configuring an Apple Mobile Device After you create an IPsec profile for a mobile client in ViPNet Network Manager, you should install it on your Apple device. To do this: 1 On your ipad or iphone, open the message with the attached IPsec profile (a file with the.mobileconfig extension). 2 Choose the attached file. The profile setup window will be displayed. 3 Click Install. When you are warned that the profile is not signed, click Install once again. 4 Type the user password specified for the mobile client in ViPNet Network Manager. This password should be received from the ViPNet network administrator. 5 The profile installation is finished. Click Finish. 6 To configure the parameters of the installed profile, open the Settings program and, in the navigation pane, choose VPN. 7 In the view pane, select the installed IPsec profile. 8 In the profile properties window, in the Proxy section, choose Off. 9 Click Save. The profile is installed and configured. To connect to the ViPNet network, on your device go to Settings > > General > Network > VPN. Then switch VPN to. To get access to hosts in the protected network, in your browser or other application, type the IP address or DNS name of the protected ViPNet host. Configuring an Android Mobile Device To connect an Android device to protected corporate resources: 1 On your Android device, add an IPsec profile: 1.1 Open the Settings application and tap Wireless & Networking > VPN. 1.2 Add a new VPN profile. 1.3 Specify the connection type L2TP/IPSec PSK. 1.4 To specify the server address, type the IP address or DNS name of the ViPNet Coordinator HW/VA host you specified in ViPNet Network Manager, on the IPsec connection tab. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 53

54 1.5 To specify the IPsec pre-shared key, type the pre-shared key you specified on the IPsec connection tab. 1.6 Save the VPN profile. 2 Tap the created VPN profile. User credentials will be requested: 2.1 Type the user name you specified in ViPNet Network Manager, on the mobile client's properties tab. 2.2 Type the password you specified on the mobile client's properties tab. 2.3 Tap Connect. Note: On your Android device, the names and positions of the options described in this section may be different. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 54

55 6 Office to Office Connection Both with the ViPNet and IPsec Technologies Overview 56 Configuring Network in ViPNet Network Manager 57 Settings Check on a Remote Gateway 60 Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 55

56 Overview This chapter describes a workflow for configuring connection between a ViPNet VPN network and a network, where the ViPNet technology isn't used. Assume that your corporate network is protected with ViPNet software. You need to create a protected communication channel with your partner company, but they do not use the ViPNet technology. In this case, you may establish a tunnel between the two corporate networks over the IPsec protocol. An IPsec tunnel is an encrypted traffic channel established between the two IPsec gateways deployed in each of the two networks. There is a variety of IPsec gateway software servers and appliances (Cisco appliances, servers running Linux, FreeBSD, Windows Server, and others). You may use a ViPNet Coordinator HW host as your network's IPsec gateway. Note: You can't configure a coordinator for Windows as a ViPNet IPsec gateway in ViPNet Network Manager. You configure a ViPNet Coordinator HW/VA coordinator as an IPsec gateway in ViPNet Network Manager. You can do it only if your ViPNet Network Manager license allows it. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 56

57 Configuring Network in ViPNet Network Manager First, do the following: 1 Create the required ViPNet network structure as described in Creating a ViPNet Network (on page 15). 2 Make sure that your ViPNet Network Manager license allows you to use a ViPNet Coordinator HW/VA coordinator in the network. Otherwise, contact a representative of Infotecs and make a request for a new license. 3 Create keys for the ViPNet Coordinator HW/VA coordinator and install them. In the navigation pane of the ViPNet Network Manager main window, select the ViPNet Coordinator HW/VA coordinator and do the following: 1 In the view pane, click the IPsec connection tab. 2 In the Network interface name list, select the network interface of the ViPNet Coordinator HW/VA host, which is accessible from the Internet. 3 Select the Use coordinator to establish protected IPsec connection for other networks check box. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 57

58 Figure 24. Adding an IPsec channel to another network 4 To configure a new IPsec connection to a remote network, click Add. The IPsec Gateway New window will be displayed. 5 On the Connection tab, in the Remote gateway name box, specify a unique name for the remote network connection. Figure 25. Specifying remote IPsec gateway properties 6 In the Remote gateway IP address box, type the access IP address of the remote IPsec gateway. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 58

59 7 Click Add and then, in the Local and Remote Network Addresses window, specify the IP addresses of the two networks that will be connected over the IPsec channel. The network addresses should be specified in the CIDR notation, for example: /24. Figure 26. Specifying local and remote networks If necessary, repeat this step to add more pairs of local and remote networks. 8 Click the Encryption tab and specify the connection encryption parameters: o In the Pre-shared Key box, type a string (8 to 63 characters) that will be used as the password for connection authentication. Warning: The pre-shared key should not contain the following characters: the question mark (?), the backslash (\), and the single quote ('). o If necessary, in other boxes, specify encryption and hashing algorithms, the Diffie Hellman parameter value, and key lifetime. Figure 27. Specifying encryption parameters Warning: Inform the administrator of the remote network that the same encryption parameters should be specified on the remote gateway. 9 In the view pane, on the Keys tab, click Send Keys to transfer the IPsec connection settings to the ViPNet Coordinator HW/VA host. 10 Then send key set updates to the ViPNet Coordinator HW/VA host and configure a forward rule allowing traffic exchange between the ViPNet network and the remote network. Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation 59

ViPNet ThinClient 3.3. Deployment Guide

ViPNet ThinClient 3.3. Deployment Guide ViPNet ThinClient 3.3 Deployment Guide 1991 2014 Infotecs Americas. All rights reserved. Version: 00060-07 90 01 ENU This document is included in the software distribution kit and is subject to the same

More information

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN

More information

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1 Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel with a WatchGuard Firebox II or Firebox III (software version 4.5 or later)

More information

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC 1 Introduction Release date: 11/12/2003 This application note details the steps for creating an IKE IPSec VPN tunnel

More information

Guideline for setting up a functional VPN

Guideline for setting up a functional VPN Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the

More information

Pre-lab and In-class Laboratory Exercise 10 (L10)

Pre-lab and In-class Laboratory Exercise 10 (L10) ECE/CS 4984: Wireless Networks and Mobile Systems Pre-lab and In-class Laboratory Exercise 10 (L10) Part I Objectives and Lab Materials Objective The objectives of this lab are to: Familiarize students

More information

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210 VPN Configuration Guide Cisco Small Business (Linksys) WRV210 2010 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this configuration guide may not be copied, in whole or in

More information

If you have questions or find errors in the guide, please, contact us under the following e-mail address:

If you have questions or find errors in the guide, please, contact us under the following e-mail address: 1. Introduction... 2 2. Remote Access via PPTP... 2 2.1. Configuration of the Astaro Security Gateway... 3 2.2. Configuration of the Remote Client...10 2.2.1. Astaro User Portal: Getting Configuration

More information

Deploying Windows Streaming Media Servers NLB Cluster and metasan

Deploying Windows Streaming Media Servers NLB Cluster and metasan Deploying Windows Streaming Media Servers NLB Cluster and metasan Introduction...................................................... 2 Objectives.......................................................

More information

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM Objective Scenario Topology In this lab, the students will complete the following tasks: Prepare to configure Virtual Private Network (VPN)

More information

Global VPN Client Getting Started Guide

Global VPN Client Getting Started Guide Global VPN Client Getting Started Guide PROTECTION AT THE SPEED OF BUSINESS Introduction The SonicWALL Global VPN Client creates a Virtual Private Network (VPN) connection between your computer and the

More information

Chapter 4 Customizing Your Network Settings

Chapter 4 Customizing Your Network Settings . Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the Wireless-G Router Model WGR614v9, including LAN, WAN, and routing settings. It

More information

VPN Configuration Guide. Cisco Small Business (Linksys) RV016 / RV042 / RV082

VPN Configuration Guide. Cisco Small Business (Linksys) RV016 / RV042 / RV082 VPN Configuration Guide Cisco Small Business (Linksys) RV016 / RV042 / RV082 2010 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this configuration guide may not be copied,

More information

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000 VPN Configuration Guide Cisco Small Business (Linksys) WRVS4400N / RVS4000 2010 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this configuration guide may not be copied, in

More information

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel This document describes the procedures required to configure an IPSec VPN tunnel between a WatchGuard SOHO or SOHO tc and a Check Point FireWall-1.

More information

VMware vcloud Air Networking Guide

VMware vcloud Air Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,

More information

10.3.1.8 Lab - Configure a Windows 7 Firewall

10.3.1.8 Lab - Configure a Windows 7 Firewall 5.0 10.3.1.8 Lab - Configure a Windows 7 Firewall Print and complete this lab. In this lab, you will explore the Windows 7 Firewall and configure some advanced settings. Recommended Equipment Step 1 Two

More information

Chapter 9 Monitoring System Performance

Chapter 9 Monitoring System Performance Chapter 9 Monitoring System Performance This chapter describes the full set of system monitoring features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. You can be alerted to important

More information

This chapter describes how to set up and manage VPN service in Mac OS X Server.

This chapter describes how to set up and manage VPN service in Mac OS X Server. 6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure

More information

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050 VPN Configuration Guide ZyWALL USG Series / ZyWALL 1050 2011 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this configuration guide may not be copied, in whole or in part,

More information

VPN Quick Configuration Guide. Astaro Security Gateway V8

VPN Quick Configuration Guide. Astaro Security Gateway V8 VPN Quick Configuration Guide Astaro Security Gateway V8 2010 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this configuration guide may not be copied, in whole or in part,

More information

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning SonicOS Enhanced 2010 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this manual may not be copied,

More information

WatchGuard Mobile User VPN Guide

WatchGuard Mobile User VPN Guide WatchGuard Mobile User VPN Guide Mobile User VPN establishes a secure connection between an unsecured remote host and a protected network over an unsecured network using Internet Protocol Security (IPSec).

More information

UAG715 Support Note. Revision 1.00. August, 2012. Written by CSO

UAG715 Support Note. Revision 1.00. August, 2012. Written by CSO UAG715 Support Note Revision 1.00 August, 2012 Written by CSO Scenario 1 - Trunk Interface (Dual WAN) Application Scenario The Internet has become an integral part of our lives; therefore, a smooth Internet

More information

Protecting a Corporate Network with ViPNet. Best Practices in Configuring the Appropriate Security Level in Your ViPNet Network

Protecting a Corporate Network with ViPNet. Best Practices in Configuring the Appropriate Security Level in Your ViPNet Network Protecting a Corporate Network with ViPNet Best Practices in Configuring the Appropriate Security Level in Your ViPNet Network Introduction Scope ViPNet technology protects information systems by means

More information

HOWTO: How to configure IPSEC gateway (office) to gateway

HOWTO: How to configure IPSEC gateway (office) to gateway HOWTO: How to configure IPSEC gateway (office) to gateway How-to guides for configuring VPNs with GateDefender Integra Panda Security wants to ensure you get the most out of GateDefender Integra. For this

More information

Route Based Virtual Private Network

Route Based Virtual Private Network Route Based Virtual Private Network Document Scope This solutions document provides details about Route Based Virtual Private Network (VPN) Technology, its advantages, and procedures to configure a Route

More information

Allworx Installation Course

Allworx Installation Course VPN Hello and welcome. In the VPN section we will cover the steps for enabling the VPN feature on the Allworx server and how to set up a VPN connection to the Allworx System from your PC. Page 1 VPN The

More information

HOWTO: How to configure L2TP VPN tunnel roadwarrior (remote user) to gateway (office)

HOWTO: How to configure L2TP VPN tunnel roadwarrior (remote user) to gateway (office) HOWTO: How to configure L2TP VPN tunnel roadwarrior (remote user) to gateway (office) How-to guides for configuring VPNs with GateDefender Integra Panda Security wants to ensure you get the most out of

More information

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client Generally speaking, remote users need to use a VPN client software for establishing a VPN connection to their home/work router

More information

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client Sophos UTM Remote Access via PPTP Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without

More information

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003 Contents Introduction... 1 Network Load Balancing... 2 Example Environment... 5 Microsoft Network Load Balancing (Configuration)... 6 Validating your NLB configuration... 13 MailMarshal Specific Configuration...

More information

Configuring Global Protect SSL VPN with a user-defined port

Configuring Global Protect SSL VPN with a user-defined port Configuring Global Protect SSL VPN with a user-defined port Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be Global Protect SSL VPN Overview This document gives you an overview on how to configure

More information

Firewall Defaults and Some Basic Rules

Firewall Defaults and Some Basic Rules Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified

More information

Protecting the Home Network (Firewall)

Protecting the Home Network (Firewall) Protecting the Home Network (Firewall) Basic Tab Setup Tab DHCP Tab Advanced Tab Options Tab Port Forwarding Tab Port Triggers Tab DMZ Host Tab Firewall Tab Event Log Tab Status Tab Software Tab Connection

More information

Step-by-Step Configuration

Step-by-Step Configuration Step-by-Step Configuration Kerio Technologies Kerio Technologies. All Rights Reserved. Printing Date: August 15, 2007 This guide provides detailed description on configuration of the local network which

More information

Chapter 6 Basic Virtual Private Networking

Chapter 6 Basic Virtual Private Networking Chapter 6 Basic Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVG318 wireless VPN firewall. VPN communications paths are called tunnels.

More information

Global VPN Client Getting Started Guide

Global VPN Client Getting Started Guide Global VPN Client Getting Started Guide 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential

More information

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W Article ID: 5037 Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote resources by establishing

More information

Sophos UTM. Remote Access via PPTP Configuring Remote Client

Sophos UTM. Remote Access via PPTP Configuring Remote Client Sophos UTM Remote Access via PPTP Configuring Remote Client Product version: 9.300 Document date: Tuesday, October 14, 2014 The specifications and information in this document are subject to change without

More information

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning SonicOS Enhanced equinux AG and equinux USA, Inc. 2008 equinux USA, Inc. All rights reserved. Under the copyright laws, this

More information

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Configuring SSL VPN on the Cisco ISA500 Security Appliance Application Note Configuring SSL VPN on the Cisco ISA500 Security Appliance This application note describes how to configure SSL VPN on the Cisco ISA500 security appliance. This document includes these

More information

Network Setup Guide. 1 Glossary. 2 Operation. 1.1 Static IP. 1.2 Point-to-Point Protocol over Ethernet (PPPoE)

Network Setup Guide. 1 Glossary. 2 Operation. 1.1 Static IP. 1.2 Point-to-Point Protocol over Ethernet (PPPoE) Network Setup Guide 1 Glossary 1.1 Static IP Computers are communicated and recognized by their own unique IP addresses over the Internet. Static IP provided by your ISP (Internet Service Provider) means

More information

Chapter 7 Troubleshooting

Chapter 7 Troubleshooting Chapter 7 Troubleshooting This chapter provides troubleshooting tips and information for your ProSafe VPN Firewall 200. After each problem description, instructions are provided to help you diagnose and

More information

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab Microsoft Corporation Published: May, 2005 Author: Microsoft Corporation Abstract This guide describes how to create

More information

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client Astaro Security Gateway V8 Remote Access via L2TP over IPSec Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If

More information

APSCN VPN Instructions for VPN Setup on Windows and MAC OS

APSCN VPN Instructions for VPN Setup on Windows and MAC OS APSCN VPN Instructions for VPN Setup on Windows and MAC OS Updated 8/18/2015 Windows 10 and Windows 8/8.1 Table of Contents APSCN VPN Settings for Windows 10... 2 1. Creating a VPN Connection... 2 2. Disconnecting

More information

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall VPN Router. Quick Installation Guide M73-APO09-380 Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,

More information

AirStation VPN Setup Guide WZR-RS-G54

AirStation VPN Setup Guide WZR-RS-G54 AirStation VPN Setup Guide WZR-RS-G54 WZR-RS-G54 Introduction The WZR-RS-G54 s VPN services allows users to securely access their home or office network from anywhere in the world. All services available

More information

VPN Configuration Guide. Dell SonicWALL

VPN Configuration Guide. Dell SonicWALL VPN Configuration Guide Dell SonicWALL 2013 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this manual may not be copied, in whole or in part, without the written consent of

More information

ViPNet StateWatcher 4.3: Monitoring System for ViPNet Networks. Monitoring Server. Administrator's Guide

ViPNet StateWatcher 4.3: Monitoring System for ViPNet Networks. Monitoring Server. Administrator's Guide ViPNet StateWatcher 4.3: Monitoring System for ViPNet Networks. Monitoring Server Administrator's Guide 1991 2014 Infotecs. All rights reserved. Version: 00056-08 32 01 ENU This document is included in

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

SSL-VPN 200 Getting Started Guide

SSL-VPN 200 Getting Started Guide Secure Remote Access Solutions APPLIANCES SonicWALL SSL-VPN Series SSL-VPN 200 Getting Started Guide SonicWALL SSL-VPN 200 Appliance Getting Started Guide Thank you for your purchase of the SonicWALL SSL-VPN

More information

VPN Configuration Guide. Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router

VPN Configuration Guide. Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router VPN Configuration Guide Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router 2014 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this manual may not be copied, in whole or in

More information

Configuration Guide. DHCP Server. LAN client

Configuration Guide. DHCP Server. LAN client DHCP Server Configuration Guide 4.0 DHCP Server LAN client LAN client LAN client Copyright 2007, F/X Communications. All Rights Reserved. The use and copying of this product is subject to a license agreement.

More information

Multi-Homing Dual WAN Firewall Router

Multi-Homing Dual WAN Firewall Router Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet

More information

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client Make sure your DI-804HV or DI-808HV is running firmware ver.1.40 August 12 or later. You can check firmware version

More information

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6 WL/IP-8000VPN VPN Setup Guide Version 0.6 Document Revision Version Date Note 0.1 11/10/2005 First version with four VPN examples 0.2 11/15/2005 1. Added example 5: dynamic VPN using TheGreenBow VPN client

More information

Scenario: IPsec Remote-Access VPN Configuration

Scenario: IPsec Remote-Access VPN Configuration CHAPTER 3 Scenario: IPsec Remote-Access VPN Configuration This chapter describes how to use the security appliance to accept remote-access IPsec VPN connections. A remote-access VPN enables you to create

More information

4-441-095-12 (1) Network Camera

4-441-095-12 (1) Network Camera 4-441-095-12 (1) Network Camera SNC easy IP setup Guide Software Version 1.0 Before operating the unit, please read this manual thoroughly and retain it for future reference. 2012 Sony Corporation Table

More information

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0 Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0 Abstract Avaya IP Softphone R3 V2.1 now supports H.323 VoIP applications running over different

More information

Chapter 12 Supporting Network Address Translation (NAT)

Chapter 12 Supporting Network Address Translation (NAT) [Previous] [Next] Chapter 12 Supporting Network Address Translation (NAT) About This Chapter Network address translation (NAT) is a protocol that allows a network with private addresses to access information

More information

VPN Configuration Guide WatchGuard Fireware XTM

VPN Configuration Guide WatchGuard Fireware XTM VPN Configuration Guide WatchGuard Fireware XTM Firebox X Edge Core e-series Firebox X Edge Core e-series Firebox X Edge Peak e-series XTM 8 Series XTM 10 Series 2010 equinux AG and equinux USA, Inc. All

More information

Chapter 4 Customizing Your Network Settings

Chapter 4 Customizing Your Network Settings Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the RangeMax Dual Band Wireless-N Router WNDR3300, including LAN, WAN, and routing settings.

More information

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0 Avaya Solution & Interoperability Test Lab Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0 Abstract These Application Notes describe the steps for

More information

Best Practices: Pass-Through w/bypass (Bridge Mode)

Best Practices: Pass-Through w/bypass (Bridge Mode) Best Practices: Pass-Through w/bypass (Bridge Mode) EdgeXOS Deployment Scenario: Bridge Pass-Through This document is designed to provide an example as to how the EdgeXOS appliance is configured based

More information

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example Document ID: 77869 Contents Introduction Prerequisites Requirements Components Used Related Products

More information

How to setup a VPN on Windows XP in Safari.

How to setup a VPN on Windows XP in Safari. How to setup a VPN on Windows XP in Safari. If you want to configure a VPN connection from a Windows XP client computer you only need what comes with the Operating System itself, it's all built right in.

More information

VNC User Guide. Version 5.0. June 2012

VNC User Guide. Version 5.0. June 2012 VNC User Guide Version 5.0 June 2012 Trademarks VNC is a registered trademark of RealVNC Ltd. in the U.S. and in other countries. Other trademarks are the property of their respective owners. Protected

More information

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Configuring IPsec VPN with a FortiGate and a Cisco ASA Configuring IPsec VPN with a FortiGate and a Cisco ASA The following recipe describes how to configure a site-to-site IPsec VPN tunnel. In this example, one site is behind a FortiGate and another site

More information

Configuring Routers and Their Settings

Configuring Routers and Their Settings Configuring Routers and Their Settings When installing a router on your home network the routers settings are usually defaulted to automatically protect your home, and simplify setup. This is done because

More information

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs Tasks: 1 (10 min) Verify that TCP/IP is installed on each of the computers 2 (10 min) Connect the computers together via a switch 3 (10 min)

More information

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

More information

Configuring Network Address Translation (NAT)

Configuring Network Address Translation (NAT) 8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and

More information

Getting Started Guide

Getting Started Guide COMPREHENSIVE INTERNET SECURITY SonicWALL Global VPN Client 3.1 Getting Started Guide Before You Begin A computer running Windows 98 SE, Windows ME, Windows NT 4.0 (service pack 6 or later), Windows 2000

More information

Global VPN Client Getting Started Guide

Global VPN Client Getting Started Guide Global VPN Client Getting Started Guide PROTECTION AT THE SPEED OF BUSINESS Introduction The SonicWALL Global VPN Client creates a Virtual Private Network (VPN) connection between your computer and the

More information

Control Panel User Guide

Control Panel User Guide December 2011 Copyright by ClearAccess, Inc. All rights reserved. ClearAccess, Inc. reserves the right to revise this publication from time to time without obligation of ClearAccess to notify any person

More information

TechNote. Configuring SonicOS for MS Windows Azure

TechNote. Configuring SonicOS for MS Windows Azure Network Security SonicOS Contents Overview...1 Deployment Considerations...2 Supported Platforms...2 Configuring a Policy-Based VPN...2 Configuring a Route-Based VPN...17 Overview This TechNote details

More information

Configuring PA Firewalls for a Layer 3 Deployment

Configuring PA Firewalls for a Layer 3 Deployment Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step

More information

ViPNet ThinClient 3.3. Quick Start

ViPNet ThinClient 3.3. Quick Start ViPNet ThinClient 3.3 Quick Start 1991 2014 Infotecs Americas. All rights reserved. Version: 00060-07 34 02 ENU This document is included in the software distribution kit and is subject to the same terms

More information

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1 Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel between a WatchGuard Firebox Vclass appliance (Vcontroller version

More information

1 PC to WX64 direction connection with crossover cable or hub/switch

1 PC to WX64 direction connection with crossover cable or hub/switch 1 PC to WX64 direction connection with crossover cable or hub/switch If a network is not available, or if it is desired to keep the WX64 and PC(s) completely separated from other computers, a simple network

More information

Using Cisco UC320W with Windows Small Business Server

Using Cisco UC320W with Windows Small Business Server Using Cisco UC320W with Windows Small Business Server This application note explains how to deploy the Cisco UC320W in a Windows Small Business Server environment. Contents This document includes the following

More information

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X VPN Tracker for Mac OS X How-to: Interoperability with WatchGuard Firebox Internet Security Appliances Rev. 4.0 Copyright 2003-2005 equinux USA Inc. All rights reserved. 1. Introduction 1. Introduction

More information

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab Página 1 de 54 Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab This guide provides detailed information about how you can use five computers to create a test lab with which to configure

More information

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series VPN Configuration Guide Juniper Networks NetScreen / SSG / ISG Series equinux AG and equinux USA, Inc. 2009 equinux USA, Inc. All rights reserved. Under the copyright laws, this manual may not be copied,

More information

VPN Configuration Guide LANCOM

VPN Configuration Guide LANCOM VPN Configuration Guide LANCOM equinux AG and equinux USA, Inc. 2008 equinux USA, Inc. All rights reserved. Under the copyright laws, this manual may not be copied, in whole or in part, without the written

More information

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1 Configuring the BIG-IP and Check Point VPN-1 /FireWall-1 Introducing the BIG-IP and Check Point VPN-1/FireWall-1 LB, HALB, VPN, and ELA configurations Configuring the BIG-IP and Check Point FireWall-1

More information

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup 1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already

More information

Controlling Ashly Products From a Remote PC Location

Controlling Ashly Products From a Remote PC Location Controlling Ashly Products From a Remote PC Location Introduction Ashly networked products can be accessed from a remote PC on a different network if the router used for the Ashly device is properly configured.

More information

How to connect your new virtual machine to the Internet

How to connect your new virtual machine to the Internet This excerpt is taken from book Installing and Configuring SharePoint 2010 2 nd Edition. You can download this FREE ebook from the following link: http://walisystemsinc.com/installing_and_configuring_sharepoint2010_2nd_ed.php

More information

VPN Configuration Guide D-Link DFL-800

VPN Configuration Guide D-Link DFL-800 VPN Configuration Guide D-Link DFL-800 Revision 1.0.0 equinux AG and equinux USA, Inc. 2007 equinux USA, Inc. All rights reserved. Under the copyright laws, this manual may not be copied, in whole or in

More information

VPN Configuration Guide DrayTek Vigor / VigorPro

VPN Configuration Guide DrayTek Vigor / VigorPro VPN Configuration Guide DrayTek Vigor / VigorPro Remote Dial-In User Profile equinux AG and equinux USA, Inc. 2009 equinux USA, Inc. All rights reserved. Apple, the Apple logo, ibook, Mac, Mac OS, MacBook,

More information

ISG50 Application Note Version 1.0 June, 2011

ISG50 Application Note Version 1.0 June, 2011 ISG50 Application Note Version 1.0 June, 2011 Scenario 1 - ISG50 is placed behind an existing ZyWALL 1.1 Application Scenario For companies with existing network infrastructures and demanding VoIP requirements,

More information

Connecting an Android to a FortiGate with SSL VPN

Connecting an Android to a FortiGate with SSL VPN Connecting an Android to a FortiGate with SSL VPN This recipe describes how to provide a group of remote Android users with secure, encrypted access to the network using FortiClient and SSL VPN. You must

More information

Configuring the WT-4 for ftp (Infrastructure Mode)

Configuring the WT-4 for ftp (Infrastructure Mode) Introduction En Configuring the WT-4 for ftp (Infrastructure Mode) This document provides basic instructions on configuring the WT-4 wireless transmitter and a ftp server for transmission over an infrastructure

More information

Chapter 3 LAN Configuration

Chapter 3 LAN Configuration Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. This chapter contains the following sections

More information

Network Scanner Tool R3.1. User s Guide Version 3.0.04

Network Scanner Tool R3.1. User s Guide Version 3.0.04 Network Scanner Tool R3.1 User s Guide Version 3.0.04 Copyright 2000-2004 by Sharp Corporation. All rights reserved. Reproduction, adaptation or translation without prior written permission is prohibited,

More information

Using SonicWALL NetExtender to Access FTP Servers

Using SonicWALL NetExtender to Access FTP Servers SSL-VPN Using SonicWALL NetExtender to Access FTP Servers Problem: Using NetExtender to access an FTP Server on the LAN segment of a SonicWALL PRO 4060. Solution: Perform the following setup steps. Step

More information