SofaWare VPN Configuration Guide

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SofaWare VPN Configuration Guide"

Transcription

1 SofaWare VPN Configuration Guide Part No.: Oct 2002 For gateway version 3

2 COPYRIGHT & TRADEMARKS Copyright 2002 SofaWare, All Rights Reserved. SofaWare, SofaWare S-box, and are trademarks, service marks, or registered trademarks of SofaWare Technologies Ltd. Check Point, the Check Point logo, FireWall-1, FireWall-1 SecureServer, FireWall-1 SmallOffice, FloodGate-1, INSPECT, IQ Engine, Meta IP, MultiGate, Open Security Extension, OPSEC, Provider-1, SecureKnowledge, SecureUpdate, SiteManager-1, SVN, UAM, User-to-Address Mapping, UserAuthority, Visual Policy Editor, VPN-1, VPN-1 Accelerator Card, VPN-1 Gateway, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 SmallOffice, and ConnectControl are trademarks, service marks, or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668 and 5,835,726 and may be protected by other U.S. Patents, foreign patents, or pending applications. 2 SofaWare VPN Configuration Guide

3 Contents Contents...3 Introduction...5 SofaWare 6 SofaWare Pro... 6 SofaWare 6 SofaWare Plus... 6 About This Guide... 6 Typological Conventions... 7 Contacting Technical Support... 7 VPN Connectivity Solution Models...9 to (Site-to-Site VPN) to VPN-1 (Site-to-Site VPN) VPN RAS Client to VPN-1 VPN RAS Server VPN RAS Client to VPN RAS Server Using Pro as a VPN RAS Client Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN...15 Configuring VPN-1 NG FP1/FP2 for Site-to-Site VPN Configuring VPN for Site-to-Site VPN...37 Configuring VPN for Site-to-Site VPN SofaWare VPN Configuration Guide 3

4 Contents Configuring VPN-1 for RAS VPN...53 Configuring VPN-1 NG for RAS VPN Configuring VPN for RAS VPN Configuring VPN-1 NG FP Configuring gateway to NG FP3 In Client to Site Mode Configuring gateway to NG FP3 in Site To Site mode SofaWare VPN Configuration Guide

5 Chapter 1 Introduction The SofaWare S-box is available with the following software configurations: SofaWare SofaWare Pro, SofaWare and SofaWare Plus. All four provide a web-based management interface, which enables you to manage and configure the S-box operation and options. Table1 summarizes the differences between the available software configurations. Table 1: Product Summary Pro and Plus Solution Home user firewall Telecommuter and home office Small branch offices Nodes /25 Standalone firewall Yes Yes Yes VPN functionality No Remote Access Client Remote Access Client/Server Your S-box can be upgraded to a more advanced product level, without replacing the hardware. For more information, contact your reseller or SofaWare VPN Configuration Guide 5

6 Introduction SofaWare protects your home network from hostile Internet activity. It is intended for home users and can be used by up to five computers and users. SofaWare Pro In addition to all the benefits of SofaWare SofaWare Pro provides Virtual Private Networking (VPN) functionality. SofaWare Pro contains a remote access VPN client, which enables employees working from home to securely connect to the corporate network. SofaWare Pro is intended for home users who are part of an extended enterprise network. It can be used by up to five computers and users. SofaWare SofaWare provides all the benefits of SofaWare Pro, along with expanded VPN functionality. It acts not only as a remote access VPN client, but as a remote access VPN server which is installed office-side to protect the company s VPN and make it available to telecommuting employees. SofaWare can also be configured as a VPN gateway, which allows permanent Site-to-Site VPN connections between two gateways, such as two company offices. SofaWare is intended both for companies with extended enterprise networks and for their employees working from home. It can be used by up to ten computers and users. SofaWare Plus SofaWare Plus extends SofaWare to support up to 25 computers and users. About This Guide This guide describes supported VPN solutions and provides instructions for implementing them. You should be familiar with the following before using this guide:! Basic FW-1/VPN-1 use. For information, refer to the Check Point VPN-1/FireWall-1 Administration Guide.! S-box use for your software configuration. For information, refer to the SofaWare S-box Getting Started Guide. 6 SofaWare VPN Configuration Guide

7 Introduction Typological Conventions To make finding information in this manual easier, some types of information are marked with special symbols or formatting. Boldface type is used for command and button names. Note: Notes are denoted by indented text and preceded by the Note icon. Important: Important notes are denoted by indented text and preceded by the Important icon. Contacting Technical Support To contact technical support, send an to: SofaWare VPN Configuration Guide 7

8

9 Chapter 2 VPN Connectivity Solution Models A virtual private network (VPN) consists of at least one VPN remote access (RAS) server or VPN gateway, and several VPN RAS clients. A VPN RAS server makes the corporate network remotely available to authorized users, such as employees working from home, who connect to the VPN RAS server using VPN RAS clients. A VPN gateway can be connected to another VPN gateway in a permanent, bi-directional relationship (Site-to-Site VPN). The two connected networks function as a single network. A connection between two VPN sites is called a VPN tunnel. VPN tunnels encrypt and authenticate all traffic passing through them. Through these tunnels, employees can safely use their company s network resources when working at home. For example, they can securely read , use the company s intranet, or access the company s database from home. SofaWare Pro and SofaWare provide VPN functionality. SofaWare Pro contains a VPN RAS client. SofaWare can act as a VPN RAS client, a VPN RAS server, or a Siteto-Site VPN gateway. Both SofaWare and Pro enable an exciting number of solutions to support your VPN connectivity needs. This chapter describes the following four basic solutions:! to (Site-to-Site VPN), page 10! to VPN-1 (Site-to-Site VPN), page 11! VPN RAS Client to VPN-1 VPN RAS Server, page 12! VPN RAS Client to VPN RAS Server, page 13 SofaWare VPN Configuration Guide 9

10 VPN Connectivity Solution Models to (Site-to-Site VPN) This solution enables you to establish Site-to-Site VPN connections between Site-to-Site VPN gateways. Note: In this solution model, both Site-to-Site VPN gateways must have a static IP address. Figure 1 shows a sample implementation of the to solution with three appliances (sbox1, sbox2, and sbox3). Each S-box acts as a Site-to-Site VPN gateway for a fully secure network. The networks communicate via VPN connections. Figure 1: to (Site-to-Site VPN) For information on configuring for Site-to-Site VPN, refer to the SofaWare S-box Getting Started Guide. 10 SofaWare VPN Configuration Guide

11 VPN Connectivity Solution Models to VPN-1 (Site-to-Site VPN) This solution enables you to establish Site-to-Site VPN connections between a Site-to-Site VPN gateway and a VPN-1 Site-to-Site VPN gateway. Note: In this solution model, both the VPN-1 and Site-to-Site VPN gateways must have a static IP address. Dynamic IP in Site-to-Site VPN is supported using a certificate. For more information refer to or contact Figure 2 shows a sample implementation of the to VPN-1 solution, in which two appliances (sbox1 and sbox2) are connected to a VPN-1 Site-to-Site VPN gateway. Figure 2: to VPN-1 (Site-to-Site VPN) For information on configuring VPN-1 NG for Site-to-Site VPN, see Configuring VPN-1 NG FP3, page 73. For information on configuring VPN for Site-to-Site VPN, see Configuring VPN for Site-to-Site VPN, page 37. SofaWare VPN Configuration Guide 11

12 VPN Connectivity Solution Models VPN RAS Client to VPN-1 VPN RAS Server This solution enables Check Point SecureClient, and Check Point SecuRemote VPN RAS clients to connect to a VPN-1 VPN RAS server. Note: In this solution model, the VPN-1 VPN RAS server must have a static IP address. Figure 3 shows a sample implementation of the VPN RAS Client to VPN-1 VPN RAS Server solution, in which two appliances (sbox1 and sbox2), a Check Point SecuRemote, and a Check Point SecureClient act as VPN RAS clients that download topology information from a VPN-1 VPN RAS gateway. Figure 3: VPN RAS Client to VPN-1 VPN RAS Server For information on configuring a VPN-1 NG or VPN as a VPN RAS Server, see Configuring VPN for RAS VPN, page SofaWare VPN Configuration Guide

13 VPN Connectivity Solution Models VPN RAS Client to VPN RAS Server This solution enables Pro, Check Point SecureClient, and Check Point SecuRemote VPN RAS clients to connect to a VPN RAS server. Note: In this solution model, the VPN RAS server must have a static IP address. Figure 4 shows a sample implementation of the VPN RAS Client to VPN RAS Server solution, in which two appliances (sbox1 and sbox2), a Check Point SecuRemote, and a Check Point SecureClient act as VPN RAS clients that download topology information from the VPN RAS server (sbox3). Figure 4: VPN RAS Client to VPN RAS Server For information on configuring Pro, Check Point SecuRemote, or Check Point SecureClient as a VPN RAS client to a VPN RAS server, refer to the SofaWare S-box Getting Started Guide. SofaWare VPN Configuration Guide 13

14 VPN Connectivity Solution Models Using Pro as a VPN RAS Client Pro functions in VPN RAS client mode, in which connection is initiated only by the VPN RAS client. Pro uses only Manual mode VPN connection, in which the end-user surfs to and selects the VPN RAS server to which they want to establish a VPN connection. Figure 5 shows Pro acting as a VPN RAS client to VPN-1 and VPN RAS servers. Figure 5: Pro VPN RAS Client 14 SofaWare VPN Configuration Guide

15 Chapter 3 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN This chapter explains how to configure Check Point VPN-1 NG FP1/FP2 for the to VPN-1 (Site-to- Site VPN) solution described in to VPN-1 (Site-to-Site VPN), page 11. Note: To configure NG FP3, refer to chapter 6 Configure VPN-1 NG FP3 page 75 This chapter contains the following sections:! Configuring VPN-1 NG FP1/FP2 for Site-to-Site VPN, page 16 VPN-1 NG FP2 must be configured to work in Traditional Mode. Note: The screens shown in this chapter appear in both VPN-1 NG FP1 and FP2. Where FP1 and FP2 screens differ, both are shown. Note: You must configure the VPN-1 object to use a pre-shared secret before you configure VPN-1 NG FP1/FP2 for Site-to-Site. Note: Working with Dynamic IP s and certificates is supported. For more information, please refer to or contact SofaWare VPN Configuration Guide 15

16 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Configuring VPN-1 NG FP1/FP2 for Site-to-Site VPN To configure VPN-1 NG FP1/FP2 for Site-to-Site VPN 1. Open the Check Point Policy Editor. 2. Create an S-box object by doing the following: a. In the Manage menu, click Network Objects. The Network Objects dialog box appears. b. If you are using FP1, click New and then click Workstation. The Workstation Properties dialog box appears with the General tab displayed. Do the following: 16 SofaWare VPN Configuration Guide

17 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN 1) In the Name field, type the object s name. 2) In the IP Address field, type the S-box s hiding address. 3) In the Type area, select Gateway. 4) Select Check Point products installed. 5) In the Version list, select ) In the Check Point Products list, select Firewall-1 and VPN-1. 7) In the Object Management area, select Managed by another Management Server [External]. c. If you are using FP2, click New, Check Point, and then Externally Managed Gateway. The Externally Managed Check Point Gateway dialog box opens with General Properties tab displayed. Do the following: SofaWare VPN Configuration Guide 17

18 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN 1) In the Name field, type the object s name. 2) In the Version list, select ) In the IP Address field, type the S-box s hiding address. 4) In the Check Point Products list, select Firewall-1 and VPN-1 Pro. d. Click Topology. The Topology tab is displayed. By default, no interfaces are defined. e. Add both an internal and external S-box interface. Do the following for each interface: 1) Click Add. The Interface Properties dialog box appears with the General tab displayed. 2) Type the interface s name, IP address, and subnet mask in the appropriate fields. 3) Click on the Topology tab. The Topology tab is displayed. 18 SofaWare VPN Configuration Guide

19 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN 4) If you are configuring the external interface, select External (leads out to the Internet) in the Topology area. Do not change the other settings. 5) If you are configuring the internal interface, select Internal (leads to the local network) in the Topology area, and select Network defined by the interface IP in the IP address Behind this interface area. Do not change the other settings. SofaWare VPN Configuration Guide 19

20 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN 6) Select All IP Address behind Gateway based on Topology 7) Click OK. f. In the menu, click VPN. The VPN tab is displayed. 20 SofaWare VPN Configuration Guide

21 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN g. Click Edit. Note: In FP1, FWZ appears in the Encryption Schemes list. Do not select FWZ. The IKE Properties dialog box appears. SofaWare VPN Configuration Guide 21

22 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN h. In the Support authentication methods area, select Pre-shared Secret, and click Edit Secrets... The Shared Secret dialog box appears. Do the following: 1) In the Peer Name column, click on the S-box s peer name. 22 SofaWare VPN Configuration Guide

23 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Note: If the VPN-1 object was not configured to use a pre-shared secret, the peer name will not be listed. 2) In the Enter Secrets field, type the unique password that should be used by the S-box and VPN-1 when establishing VPN connections to each other. 3) Click Set. 4) Click OK. The IKE Properties dialog box reappears. i. Click Advanced. The Advanced IKE properties dialog box appears. j. Optional - Select the Support aggressive mode check box. SofaWare VPN Configuration Guide 23

24 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Note: Main mode is supported in Site to Site configuration. k. Click OK. The IKE Properties dialog box reappears. l. Click OK. The Externally Managed VPN Host dialog box reappears with the VPN tab is displayed. m. Click OK. 3. Set VPN properties for the VPN-1 NG FP1/FP2 object by doing the following: a. In the Manage menu, click Network Objects. The Network Objects dialog box appears. b. Select the VPN-1 NG object and click Edit. The Check Point Gateway dialog box opens with General Properties tab displayed. 24 SofaWare VPN Configuration Guide

25 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN c. In the menu, click VPN. The VPN tab is displayed. d. Select IKE and click Edit. The IKE Properties dialog box appears. e. Click Advanced. The Advanced IKE properties dialog box appears. f. Select the Support aggressive mode check box. g. Click OK. The IKE Properties dialog box reappears. h. Click OK. The VPN tab reappears with certificate information displayed. SofaWare VPN Configuration Guide 25

26 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN 4. If desired, create a Topology user by doing the following: Note: A Topology user is a User object that enables the S-box to download the VPN-1 NG FP1/FP2 topology. If you do not create a Topology user, you must specify the VPN-1 s network configuration in the S-box VPN wizard. a. In the menu, click Topology. The Topology tab is displayed. 26 SofaWare VPN Configuration Guide

27 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN b. Select Exportable for SecuRemote/SecureClient. c. Click OK. d. In the Manage menu, choose Users and Administrators. The Users window opens. SofaWare VPN Configuration Guide 27

28 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN e. Click New, Users by Template, and then Default. The Users Properties dialog box appears with the General tab displayed. 28 SofaWare VPN Configuration Guide

29 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN f. Type the login name. In this example the name Topology is used. g. Click on the Encryption tab. The Encryption tab is displayed. SofaWare VPN Configuration Guide 29

30 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Note: In FP1, FWZ appears in the Client Encryption Methods list. Do not select FWZ. h. Select IKE and click Edit. The IKE Properties dialog box appears. 30 SofaWare VPN Configuration Guide

31 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Do the following: 1) Select the Password (pre-shared Secret) checkbox. The Password and Confirm Password fields are enabled. 2) In the Password and Confirm Password fields, type the pre-shared secret for the S-box. 3) Click on the Encryption tab. The Encryption tab is displayed. If you are using FP1, the screen appears as follows: SofaWare VPN Configuration Guide 31

32 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN If you are using FP2, the screen appears as follows: 4) If you are using FP2, select Defined below. 5) In the Encryption Algorithm list, select 3DES. 6) In the Data Integrity area, select SHA1. 7) Click OK. The User Properties dialog box reappears with the Encryption tab displayed. i. Click OK. The Users window reappears. j. Click Close. 5. Configure the rule base. 32 SofaWare VPN Configuration Guide

33 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Example 1 Note: Example 1 matches the Unrestricted configuration mode in the gateway. In this case, all traffic should be directed to the secured network (and not to the external IP of the gateway). All VPN traffic will be allowed into the secured network, and no VPN ONLY Allow / Server rules must be defined in the gateway. Note: The object Internal represents the encryption domain of the NG firewall. The object Sbox_Network represents the subnet behind the gateway. Note: If VPN access to the NG firewall itself is also needed, the NG object needs to appear in the rule base as well. Note: In this instance, the services that will be encrypted in both directions are ICMP, Telnet and FTP. Example 2 SofaWare VPN Configuration Guide 33

34 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Note: Example 2 matches Restricted configuration in the gateway. In this case all traffic must be directed to the external interface of the gateway, and can be forward inbound using VPN ONLY allow / server rules. Directing the traffic to the secured network behind the gateway is not allowed in this mode. Note: The object called Internal represents the encryption domain of the NG firewall. Note: If VPN access to the NG firewall itself is also needed, the NG object needs to appear in the rule base as well. Note: In this instance, the services that will be encrypted in both directions are ICMP, Telnet and FTP. 6. Set encryption properties for each of the rules by doing the following: a. In desired rule s row, right-click on the Encrypt icon, and click Set Properties in the popup menu that appears. The Encryption Properties dialog box appears. 34 SofaWare VPN Configuration Guide

35 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN b. Click Edit. The IKE Phase 2 Properties dialog box appears. c. In the Data Integrity list, select SHA1. SofaWare VPN Configuration Guide 35

36 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN d. Click OK. The Encryption Properties dialog box appears. e. Click OK. 7. Compile the policy. 36 SofaWare VPN Configuration Guide

37 Chapter 4 Configuring VPN for Site-to-Site VPN This chapter explains how to configure Check Point VPN for the to VPN-1 (Site-to-Site VPN) solution described in to VPN-1 (Site-to-Site VPN), page 11. Note: The information in this chapter is correct for VPN-1 4.1, SP4, and higher. This chapter contains the following sections:! Configuring VPN for Site-to-Site VPN Note: You must configure the VPN-1 object to use a pre-shared secret before you configure VPN-1 NG 4.1 for Site-to-Site. SofaWare VPN Configuration Guide 37

38 Configuring VPN for Site-to-Site VPN Configuring VPN for Site-to-Site VPN To configure VPN for Site-to-Site VPN 1. Open the Check Point Policy Editor. 2. Create the Gateway object by doing the following: a. In the Manage menu, choose Network Objects. The Network Objects dialog box appears. b. Click New and then click Workstation. The Workstation Properties dialog box appears with the General tab displayed. 38 SofaWare VPN Configuration Guide

39 Configuring VPN for Site-to-Site VPN Do the following: 1) In the Name field, type the object s name. 2) In the IP Address field, type the S-box s hiding address. 3) In the Location area, select External. 4) In the Type area, select Gateway. 5) In the Modules Installed area, select VPN-1& FireWall-1 version 4.1. c. Click OK. 3. Configure the Gateway internal network object by doing the following: a. In the Manage menu, choose Network Objects. The Network Objects dialog box appears. b. Click New and then click Network. The Network Properties dialog box appears with the General tab displayed. SofaWare VPN Configuration Guide 39

40 Configuring VPN for Site-to-Site VPN Do the following: 1) In the Name field, type the network object name. 2) In the IP Address field, type the network object s IP address. 3) In the Net Mask field, type the network object s subnet mask. The subnet mask represents the home network. 4) Click OK. c. Open the Gateway object you defined earlier. The Workstation Properties dialog box appears with the General tab displayed. d. In the menu, click VPN. The VPN tab is displayed. 40 SofaWare VPN Configuration Guide

41 Configuring VPN for Site-to-Site VPN. e. In the Domain area, select Other, and then select network object from the Other list. (In the example above, the network object is Mynet.) f. Click Edit. The IKE Properties dialog box appears. SofaWare VPN Configuration Guide 41

42 Configuring VPN for Site-to-Site VPN g. In the Support authentication methods area, select Pre-shared Secret, and click Edit Secrets... The Shared Secret dialog box appears. Do the following: 1) In the Peer Name column, click on the VPN-1 s peer name. Note: If the VPN-1 object was not configured to use a pre-shared secret, the peer name will not be listed. 42 SofaWare VPN Configuration Guide

43 Configuring VPN for Site-to-Site VPN 2) In the Enter Secrets field, type the unique password that should be used by the S-box and VPN-1 when establishing VPN connections to each other. 3) Click Set. 4) Click OK. The IKE Properties dialog box reappears. h. Click OK. The Workstation Properties dialog box reappears with the VPN tab displayed. i. Click OK. 4. Configure the VPN-1 object by doing the following: a. In the Manage menu, choose Network Objects. The Network Objects dialog box appears. b. Select the VPN-1 object and click Edit. The Workstation Properties dialog box appears with the General tab displayed. c. Click on the VPN tab. The VPN tab is displayed. SofaWare VPN Configuration Guide 43

44 Configuring VPN for Site-to-Site VPN Note: Your Domain area may look different, depending on the VPN topology of your network. d. In the Domain section, select the Exportable for SecuRemote check box. e. In the Encryption schemes defined area, click Edit. The IKE Properties dialog-box appears. 44 SofaWare VPN Configuration Guide

45 Configuring VPN for Site-to-Site VPN f. Verify that the following options are selected:! Pre-shared Secret! Optional - Support Aggressive Mode Note: Main Mode is also supported so Aggressive mode is optional.! Support keys exchange for subnets 4. If desired, create a Topology user by doing the following: Note: A Topology user is a User object that enables the S-box to download the VPN-1 NG FP1/FP2 topology. If you do not create a Topology user, you must specify the VPN-1 s network configuration in the S-box VPN wizard. a. In the Manage menu choose Users. The Users dialog box appears. SofaWare VPN Configuration Guide 45

46 Configuring VPN for Site-to-Site VPN b. Click New,and then click Default. The Users Properties dialog box appears with the General tab displayed. c. In the Name field, type the user name. In this example the name Topology is used. d. In the Expiration Date field, type the expiration date. e. Click on the Encryption tab. The Encryption tab is displayed. 46 SofaWare VPN Configuration Guide

47 Configuring VPN for Site-to-Site VPN f. In the Client Encryption Methods area, select the IKE check box and clear the FWZ check box. g. Click Edit. The IKE Properties dialog box appears with the Authentication tab displayed. h. Select Password, and type the password in the field. i. Click on the Encryption tab. The Encryption tab is displayed. SofaWare VPN Configuration Guide 47

48 Configuring VPN for Site-to-Site VPN Do the following: 1) In the Data Integrity area, select SHA1. 2) In the Encryption Algorithm list, select 3DES. 3) Click OK. The Users Properties dialog box reappears with the Encryption tab displayed. j. Click OK. 5. Edit the existing rule base. Example 1 Note: Example 1 matches the Unrestricted configuration mode in the gateway. In this case, all traffic should be directed to the secured network (and not to 48 SofaWare VPN Configuration Guide

49 Configuring VPN for Site-to-Site VPN the external IP of the gateway). All VPN traffic will be allowed into the secured network, and no VPN ONLY Allow / Server rules must be defined in the gateway. Note: The object Local_VPN_Domain represents the encryption domain of the behind the 4.1 firewall. The object Mynet represents the subnet behind the gateway. Note: If VPN access to the 4.1 firewall itself is also needed, the 4.1 object needs to appear in the rule base as well. Note: In this instance, the services that will be encrypted in both directions are ICMP, and FTP. Example 2 This example shows the rules that must be added to an existing rule base in order for FTP and ICMP to be encrypted to and from the S-box. Note: Example 2 matches Restricted configuration in the gateway. In this case all traffic must be directed to the external interface of the gateway, and can be forward inbound using VPN ONLY allow / server rules. Directing the traffic to the secured network behind the gateway is not allowed in this mode. Note: The object Local_VPN_Domain is the subnet behind the FW firewall. SofaWare VPN Configuration Guide 49

50 Configuring VPN for Site-to-Site VPN Note: If VPN access to the 4.1 firewall itself is also needed, the 4.1 object needs to appear in the rule base as well. Note: In this instance, the services that will be encrypted in both directions are ICMP, and FTP. 6. Set encryption properties for each of the rules by doing the following: a. In desired rule s row, right-click on the Encrypt icon, and click Set Properties in the popup menu that appears. The Encryption Properties dialog box appears. b. Click Edit. The IKE Properties dialog box appears. 50 SofaWare VPN Configuration Guide

51 Configuring VPN for Site-to-Site VPN c. In the Data Integrity list, select SHA1. d. Click OK. The Encryption Properties dialog box reappears. e. Click OK. 7. Compile the policy. SofaWare VPN Configuration Guide 51

52

53 Chapter 5 Configuring VPN-1 for RAS VPN This chapter explains how to configure Check Point VPN-1 as a VPN RAS server, as described in the solution VPN RAS Client to VPN-1 VPN RAS Server, page 12. The VPN-1 versions supported are Check Point 4.1 SP4 and above, NG FP1, and NG FP2. If you are using NG FP3, please refer to Configuring VPN-1 NG FP3, page 73 After configuring VPN-1, you must configure the appliance to act as a VPN RAS client. For instructions, refer to the SofaWare Getting Started Guide. The SofaWare Gateway uses IKE shared secrets to establish an IPSEC VPN connection from the Gateway to the Check Point Enterprise VPN-1. This chapter contains the following sections:! Configuring VPN-1 NG for RAS VPN, page 53.! Configuring VPN for RAS VPN, page 64 Configuring VPN-1 NG for RAS VPN Note: This procedure can be used for VPN-1 NG FP1 and FP2. To configure VPN-1 NG for RAS VPN 1. Open the Check Point Policy Editor. 2. Edit the VPN-1 NG properties by doing the following: a. From the Manage menu, select Network Objects. The Network Objects dialog box appears. SofaWare VPN Configuration Guide 53

54 Configuring VPN-1 for RAS VPN b. Click on the VPN-1 workstation object that should receive the gateway VPN session request. The Workstation Properties dialog box appears with the General tab displayed. 54 SofaWare VPN Configuration Guide

55 Configuring VPN-1 for RAS VPN c. In the menu, click VPN. The VPN tab is displayed. d. In the Encryption schemes area, verify that the IKE check box is selected. e. Click Edit. The IKE Properties dialog box appears. SofaWare VPN Configuration Guide 55

56 Configuring VPN-1 for RAS VPN f. Verify that the following selections are made:! In the Support key exchange encryption with list: DES and/or 3DES! In the Support data integrity with area: MD5 and/or SHA1 Note: These are the minimal selections. If desired, you can select additional options. g. Click Advanced. The Advanced IKE properties dialog box appears. 56 SofaWare VPN Configuration Guide

57 Configuring VPN-1 for RAS VPN Do the following: 1) Select the Use UDP encapsulation check box. 2) From the Use UDP encapsulation list, select VPN1_IPSEC_encapsulation. 3) In the Rekeying Parameters area, set Renegotiate IKE security associations to 1440 minutes, and set Renegotiate IPSEC Security associations every to 3600 seconds. 4) In the Misc area, select Support IP compression for SecureClient, Support aggressive mode, and Support key exchange for subnets. 5) Click OK. The IKE Properties dialog box reappears. h. Click OK. The Workstation Properties dialog box reappears with the VPN tab displayed. i. Click OK. SofaWare VPN Configuration Guide 57

58 Configuring VPN-1 for RAS VPN 3. Create a new group object by doing the following: a. In the Manage menu, click Users. The Users dialog box appears. b. Click New and then Group. The Group Properties dialog box appears. 58 SofaWare VPN Configuration Guide

59 Configuring VPN-1 for RAS VPN c. In the Name field, type the group object s name. d. If users are already defined and you wish to add them to the new group, add users to your group by doing the following: 1) In the Not in Group list, select desired users. 2) Click Add>. The selected users are moved to the In Group list. e. Click OK. The Users dialog box reappears. The new group object appears in the Users list. f. Click Close. 4. If you wish to create a new gateway user object, do the following: a. In the Manage menu, click Users. The Users window appears. b. Click New, User by Template, and then Default. The User Properties dialog box appears with the General tab displayed. SofaWare VPN Configuration Guide 59

60 Configuring VPN-1 for RAS VPN c. Type a login name for the new gateway user. d. Click the Groups tab. The Groups tab is displayed. e. In the Available Groups list, select the group you created earlier and click Add>. The group is moved to the Belongs to Groups list. f. Click on the Encryption tab. The Encryption tab is displayed. 60 SofaWare VPN Configuration Guide

61 Configuring VPN-1 for RAS VPN g. In the Client Encryption Methods area, verify that the IKE check box is selected. h. Click Edit. The IKE Properties dialog box appears with the Authentication tab displayed. SofaWare VPN Configuration Guide 61

62 Configuring VPN-1 for RAS VPN Do the following: 1) Select Password. The Password and Confirm Password fields are enabled. 2) In the Password and Confirm Password fields, type the pre-shared secret for the gateway. 3) Click on the Encryption tab. The Encryption tab is displayed. 62 SofaWare VPN Configuration Guide

63 Configuring VPN-1 for RAS VPN 4) In the Transform area, select Encryption + Data Integrity (ESP). 5) In the Data Integrity area, select SHA1 or MD5. 6) In the Encryption Algorithm list, select DES or 3DES. 7) Click OK. The User Properties dialog box reappears with the Encryption tab displayed. i. Click OK. The Users window reappears. j. Click Close. 5. Add a rule to your rule base: Note: The rule above is only an example. The Destination and Service may vary according to your VPN settings and your network needs. 6. Compile the policy. Note: The object Internal represent the encryption domain of the NG firewall. SofaWare VPN Configuration Guide 63

64 Configuring VPN-1 for RAS VPN Configuring VPN for RAS VPN To configure VPN for RAS VPN 1. Open the Check Point Policy Editor. 2. Edit the VPN properties by doing the following: a. From the Manage menu, select Network Objects. The Network Objects dialog box appears. b. Click on the VPN object that should receive the gateway VPN session request, and click Edit. The Workstation Properties dialog box appears with the General tab displayed. 64 SofaWare VPN Configuration Guide

65 Configuring VPN-1 for RAS VPN c. Click on the VPN tab. The VPN tab is displayed. SofaWare VPN Configuration Guide 65

66 Configuring VPN-1 for RAS VPN d. In the Encryption schemes defined area, verify that the IKE check box is selected. e. Click Edit. Note: In the example above, the Local_VPN_Domain object represents the secured networks protected by VPN-1. Your VPN-1 may have other network objects defined. The IKE Properties dialog box appears. 66 SofaWare VPN Configuration Guide

67 Configuring VPN-1 for RAS VPN f. Verify that the following selections are made:! In the Key Negotiation Encryption Method(s) list: DES and/or 3DES Note: CAST is not supported by gateway, but can be selected if desired.! In the Hash Method area: MD5 and/or SHA1! Support Aggressive Mode! Support Subnets Note: These are the minimal selections. If desired, you can select additional options. g. Click OK. The Workstation Properties dialog box reappears with the VPN tab displayed. h. Click OK. 3. Create a new group object by doing the following: a. From the Manage menu, click Users. The Users dialog box appears. SofaWare VPN Configuration Guide 67

68 Configuring VPN-1 for RAS VPN b. Click New and then click Group. The Group Properties dialog box appears. c. In the Name field, type the group object s name. d. If users are already defined, and you wish to add them to the new group, do the following: 1) In the Not in Group list, select desired users. 2) Click Add>. The selected users are moved to the In Group list. 68 SofaWare VPN Configuration Guide

69 Configuring VPN-1 for RAS VPN e. Click OK. The Users dialog box reappears. The new group appears in the Users list. f. Click Close. 4. If you wish to create a new gateway user object, do the following: a. From the Manage menu, click Users. The Users window appears. b. Click New and then click Default. The User Properties dialog box appears with the General tab displayed. Do the following: 1) In the Name field, type a name for the new gateway user. 2) If desired, type a new expiration date for the gateway user object in the Expiration Date field. c. Click the Groups tab. The Groups tab is displayed. SofaWare VPN Configuration Guide 69

70 Configuring VPN-1 for RAS VPN d. In the Available Groups list, select the group you created earlier and click Add >. The group is moved to the Belongs to Groups list. e. Click on the Encryption tab. The Encryption tab is displayed. f. In the Client Encryption Methods area, verify that the IKE check box is selected. 70 SofaWare VPN Configuration Guide

71 Configuring VPN-1 for RAS VPN g. Click Edit. The IKE Properties dialog box appears with the Authentication tab displayed. Do the following: 1) Select Password. The Password field is enabled. 2) In the Password field, type the pre-shared secret for the gateway. 3) Click on the Encryption tab. The Encryption tab is displayed. SofaWare VPN Configuration Guide 71

72 Configuring VPN-1 for RAS VPN 4) In the Transform area, select Encryption + Data Integrity (ESP). 5) In the Data Integrity area, select SHA1 or MD5. 6) In the Encryption Algorithm list, select DES or 3DES. 7) Click OK. The User Properties dialog box reappears with the Encryption tab displayed. h. Click OK. The Users window reappears. i. Click Close. 5. Add a rule to your rule base: Note: The rule above is only an example. The Destination and Service may vary according to your VPN settings and your network needs. 6. Compile the policy. Note: The object Internal represents the encryption domain of the FW firewall. 72 SofaWare VPN Configuration Guide

73 Chapter 6 Configuring VPN-1 NG FP3 This chapter explains how to create Site-to-Site and Client-to-Site VPN tunnels between gateway and NG FP3 using communities. Note: SSC (SofaWare SmartCenter Connector) add-on must be installed on the NG FP3 firewall SofaWare VPN Configuration Guide 73

74 Configuring VPN-1 NG FP3 Configuring gateway to NG FP3 In Client to Site Mode Create and Configure object 1. Open the Check Point Policy Editor. 2. Create a Gateway object by doing the following: a. In the Manage menu, click Network Objects. The Network Objects dialog box appears. b. Click New, Check Point, and then Gateway... c. The Gateway properties page appears 3. Configure the Gateway Object by doing the following: 74 SofaWare VPN Configuration Guide

75 Configuring VPN-1 NG FP3 a. In the Name field, type the object s name. b. Next to the IP Address field select the Dynamic Address checkbox. c. In the Type field choose GW Type. d. In the SofaWare Profile field choose Profile. e. In the Password field enter a password, or press on the Generate Password button. f. Select the VPN Enabled check box. g. Save the object by clicking OK. Note: The password is automatically used as its shared secret in the community. SofaWare VPN Configuration Guide 75

76 Configuring VPN-1 NG FP3 Configure the Community 1. Define the Community by doing the following: a. Select the VPN Manager tab: b. Double click on the RemoteAccess community. The RemoteAccess Community Properties window appears. 2. Add participants to the pre-defined RemoteAccess Community: a. In the General Tab, Enter Object name. b. In the Participating Gateways, choose the firewall gateways you wish to use. 76 SofaWare VPN Configuration Guide

77 Configuring VPN-1 NG FP3 c. In the Participating User Groups, select All SofaWare VPN GW s d. Click OK. Note: You can choose All Users, and it will include All SofaWare VPN GW s SofaWare VPN Configuration Guide 77

78 Configuring VPN-1 NG FP3 Configure Global Properties 1. From the menu select Policy and Global Properties 2. The Global Properties page appears. 3. Select Remote Access and then VPN Basic in the tree on the left side of the dialog-box. 4. Select the Hybrid Mode (VPN-1 & Firewall-1 authentication) checkbox. 5. Click OK Rule base Note: If using Gateways version 2.0.x, it is mandatory to select also Preshared Secret Note: The If Via access rule condition means "Accept if encrypted between community members". In the example below, all services are allowed via the RemoteAccess community. 78 SofaWare VPN Configuration Guide

79 Configuring VPN-1 NG FP3 6. Install the policy on the desired gateways and profiles. Configuring gateway to NG FP3 in Site To Site mode Create a network object Note: Working with Dynamic IP s and certificates is supported. For more information, please refer to or contact 1. Open the Check Point Policy Editor. 2. Create a Gateway object by doing the following: a. In the Manage menu, click Network Objects. SofaWare VPN Configuration Guide 79

80 Configuring VPN-1 NG FP3 b. Click New. c. Select Network... d. The Network Properties window opens e. In the Name field type the name of the object f. In the Network Address field type the network IP address 80 SofaWare VPN Configuration Guide

81 Configuring VPN-1 NG FP3 g. In the Net Mask field type the subnet mask h. Click OK Create and Configure object 1. Open the Check Point Policy Editor. 2. Create a Gateway object by doing the following: a. In the Manage menu, click Network Objects. The Network Objects dialog box appears. b. Click New, Check Point, and then Gateway. c. The Gateway properties page appears. 3. Configure the Gateway object by doing the following: SofaWare VPN Configuration Guide 81

82 Configuring VPN-1 NG FP3 a. In the Name field, type the object s name. b. In the IP Address field, type your IP address. c. In the Type field, choose GW Type d. In the SofaWare Profile field, choose Profile e. In the Password field, enter a password, or press the Generate Password button. f. Select the VPN Enabled check box. 4. Configure Topology by doing the following: a. Select the Topology tab 82 SofaWare VPN Configuration Guide

83 Configuring VPN-1 NG FP3 b. From the Manually defined drop-down menu select the network object that represents the network protected by the gateway c. Save the object by clicking OK. Configure the Community 1. Define the Community a. Select the VPN Manager tab. b. Right-click in the VPN Manager, then from the New Community menu choose Star. Note: Meshed communities are not supported in NG FP3 with gateways The Start community Properties page appears SofaWare VPN Configuration Guide 83

84 Configuring VPN-1 NG FP3 c. In the Name field type the name of the object. Note: In order to accept encrypted traffic, the user can check the "Accept all encrypted traffic" checkbox on the community object. This will add an automatic access rule for all encrypted traffic between community members. d. Select the Central Gateways tab. e. Add the gateway object you wish to be the Central Gateway. 84 SofaWare VPN Configuration Guide

85 Configuring VPN-1 NG FP3 f. Select the Satellite Gateways tab g. Click Add... and choose the gateway object. h. Services in the Clear definitions will not effect the tunnel between and FP3. The will encrypt all traffic. i. Click on VPN Properties tab. j. Define Phase 1 and Phase 2 properties. SofaWare VPN Configuration Guide 85

86 Configuring VPN-1 NG FP3 Note: All VPN Encryption and Data Integrity combinations are allowed. In the example above Phase 1 is configured to use 3DES + MD5, and phase 2 is configured to use 3DES + SHA1. Other combinations are allowed. Note: There is no need to define Advanced Properties. Note: There is no need to define the shared secret on the community. The password is automatically used as its shared secret in the community. k. Click OK l. The new Start community is presented in the VPN Manager tab. 86 SofaWare VPN Configuration Guide

87 Configuring VPN-1 NG FP3 Rule Base Note: The "If Via" access rule condition means "Accept if encrypted between community members." Note: In the example below, only FTP and ICMP protocols will be Encrypted via the Star_1 Community. SofaWare VPN Configuration Guide 87

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

Configuring Windows 2000/XP IPsec for Site-to-Site VPN IPsec for Site-to-Site VPN November 2002 Copyright 2002 SofaWare Technologies Inc, All Rights Reserved. Reproduction, adaptation, or translation with prior written permission is prohibited except as allowed

More information

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1 Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel with a WatchGuard Firebox II or Firebox III (software version 4.5 or later)

More information

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1 Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel between a WatchGuard Firebox Vclass appliance (Vcontroller version

More information

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel This document describes the procedures required to configure an IPSec VPN tunnel between a WatchGuard SOHO or SOHO tc and a Check Point FireWall-1.

More information

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router Configuring TheGreenBow VPN Client with a TP-LINK VPN Router This chapter describes how to configure TheGreenBow VPN Client with a TP-LINK router. This chapter includes the following sections: Example

More information

Check Point FW-1/VPN-1 NG/FP3

Check Point FW-1/VPN-1 NG/FP3 Check Point FW-1/VPN-1 NG/FP3 Implementation Guide Copyright Copyright 2006, CRYPTOCard Corp. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC 1 Introduction Release date: 11/12/2003 This application note details the steps for creating an IKE IPSec VPN tunnel

More information

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway Fireware How To VPN How do I set up a manual branch office VPN tunnel? Introduction You use Branch Office VPN (BOVPN) with manual IPSec to make encrypted tunnels between a Firebox and a second IPSec-compliant

More information

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300 Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300 This example explains how to configure pre-shared key based simple IPSec tunnel between NetScreen Remote Client and RN300 VPN Gateway.

More information

Global VPN Client Getting Started Guide

Global VPN Client Getting Started Guide Global VPN Client Getting Started Guide 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential

More information

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing

More information

GNAT Box VPN and VPN Client

GNAT Box VPN and VPN Client Technical Document TD VPN-GB-WG-02 with SoftRemoteLT from SafeNet, Inc. GTA Firewall WatchGuard Firebox Configuring an IPSec VPN with IKE GNAT Box System Software version 3.3.2 Firebox 1000 Strong Encryption

More information

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM Objective Scenario Topology In this lab, the students will complete the following tasks: Prepare to configure Virtual Private Network (VPN)

More information

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0 Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0 Abstract Avaya IP Softphone R3 V2.1 now supports H.323 VoIP applications running over different

More information

Windows XP VPN Client Example

Windows XP VPN Client Example Windows XP VPN Client Example Technote LCTN0007 Proxicast, LLC 312 Sunnyfield Drive Suite 200 Glenshaw, PA 15116 1-877-77PROXI 1-877-777-7694 1-412-213-2477 Fax: 1-412-492-9386 E-Mail: support@proxicast.com

More information

VPNC Interoperability Profile

VPNC Interoperability Profile StoneGate Firewall/VPN 4.2 and StoneGate Management Center 4.2 VPNC Interoperability Profile For VPN Consortium Example Scenario 1 Introduction This document describes how to configure a StoneGate Firewall/VPN

More information

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Configuring IPsec VPN with a FortiGate and a Cisco ASA Configuring IPsec VPN with a FortiGate and a Cisco ASA The following recipe describes how to configure a site-to-site IPsec VPN tunnel. In this example, one site is behind a FortiGate and another site

More information

Scenario: Remote-Access VPN Configuration

Scenario: Remote-Access VPN Configuration CHAPTER 7 Scenario: Remote-Access VPN Configuration A remote-access Virtual Private Network (VPN) enables you to provide secure access to off-site users. ASDM enables you to configure the adaptive security

More information

Scenario: IPsec Remote-Access VPN Configuration

Scenario: IPsec Remote-Access VPN Configuration CHAPTER 3 Scenario: IPsec Remote-Access VPN Configuration This chapter describes how to use the security appliance to accept remote-access IPsec VPN connections. A remote-access VPN enables you to create

More information

WatchGuard Mobile User VPN Guide

WatchGuard Mobile User VPN Guide WatchGuard Mobile User VPN Guide Mobile User VPN establishes a secure connection between an unsecured remote host and a protected network over an unsecured network using Internet Protocol Security (IPSec).

More information

SonicWALL Check Point Firewall-1 VPN Interoperability

SonicWALL Check Point Firewall-1 VPN Interoperability SonicWALL Check Point Firewall-1 VPN Interoperability A Tech Note prepared by SonicWALL, Inc. SonicWALL, Inc. 1160 Bordeaux Drive Sunnyvale, CA 94089-1209 1-888-557-6642 http://www.sonicwall.com Introduction

More information

Chapter 4 Virtual Private Networking

Chapter 4 Virtual Private Networking Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between

More information

ISG50 Application Note Version 1.0 June, 2011

ISG50 Application Note Version 1.0 June, 2011 ISG50 Application Note Version 1.0 June, 2011 Scenario 1 - ISG50 is placed behind an existing ZyWALL 1.1 Application Scenario For companies with existing network infrastructures and demanding VoIP requirements,

More information

Chapter 8 Virtual Private Networking

Chapter 8 Virtual Private Networking Chapter 8 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FWG114P v2 Wireless Firewall/Print Server. VPN tunnels provide secure, encrypted

More information

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1 Configuring the BIG-IP and Check Point VPN-1 /FireWall-1 Introducing the BIG-IP and Check Point VPN-1/FireWall-1 LB, HALB, VPN, and ELA configurations Configuring the BIG-IP and Check Point FireWall-1

More information

Chapter 6 Basic Virtual Private Networking

Chapter 6 Basic Virtual Private Networking Chapter 6 Basic Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVG318 wireless VPN firewall. VPN communications paths are called tunnels.

More information

WINXP VPN to ZyWALL Tunneling

WINXP VPN to ZyWALL Tunneling WINXP VPN to ZyWALL Tunneling 1. Setup WINXP VPN 2. Setup ZyWALL VPN This page guides us to setup a VPN connection between the WINXP VPN software and ZyWALL router. There will be several devices we need

More information

How To Industrial Networking

How To Industrial Networking How To Industrial Networking Prepared by: Matt Crites Product: Date: April 2014 Any RAM or SN 6xxx series router Legacy firmware 3.14/4.14 or lower Subject: This document provides a step by step procedure

More information

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6 WL/IP-8000VPN VPN Setup Guide Version 0.6 Document Revision Version Date Note 0.1 11/10/2005 First version with four VPN examples 0.2 11/15/2005 1. Added example 5: dynamic VPN using TheGreenBow VPN client

More information

Checkpoint 156-815. 156-815 Check Point Provider-1 NGX (v4) Practice Test. Version 2.1

Checkpoint 156-815. 156-815 Check Point Provider-1 NGX (v4) Practice Test. Version 2.1 Checkpoint 156-815 156-815 Check Point Provider-1 NGX (v4) Practice Test Version 2.1 QUESTION NO: 1 Two CMAs can be created for a single Customer, for High availability (HA). Which of these statements

More information

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W Article ID: 5037 Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote resources by establishing

More information

Check Point UserAuthority Guide. Version NGX R61

Check Point UserAuthority Guide. Version NGX R61 Check Point UserAuthority Guide Version NGX R61 700358 January 2006 2003-2006 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright

More information

Remote Access VPN Solutions

Remote Access VPN Solutions Remote Access VPN Solutions P/N 500187 June 2000 Check Point Software Technologies Ltd. In this Document: Introduction Page 3 Remote Access VPN Defined Page 3 Business Case Page 4 Key Requirements Page

More information

Configure VPN between ProSafe VPN Client Software and FVG318

Configure VPN between ProSafe VPN Client Software and FVG318 Configure VPN between ProSafe VPN Client Software and FVG318 The following configuration is tested with: NETGEAR FVG318 with firmware version 1.0.41 NETGEAR ProSafe VPN Client Software version 10.5.1 Configure

More information

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i... Page 1 of 10 Question/Topic UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) in SonicOS Enhanced Answer/Article Article Applies To: SonicWALL Security

More information

VPN Wizard Default Settings and General Information

VPN Wizard Default Settings and General Information 1. ProSecure UTM Quick Start Guide This quick start guide describes how to use the IPSec VPN Wizard to configure IPSec VPN tunnels on the ProSecure Unified Threat Management (UTM) Appliance. The IP security

More information

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall. Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall Overview This document describes how to implement IPSec with pre-shared secrets

More information

HOWTO: How to configure IPSEC gateway (office) to gateway

HOWTO: How to configure IPSEC gateway (office) to gateway HOWTO: How to configure IPSEC gateway (office) to gateway How-to guides for configuring VPNs with GateDefender Integra Panda Security wants to ensure you get the most out of GateDefender Integra. For this

More information

Configuring a VPN between a Sidewinder G2 and a NetScreen

Configuring a VPN between a Sidewinder G2 and a NetScreen A PPLICATION N O T E Configuring a VPN between a Sidewinder G2 and a NetScreen This document explains how to create a basic gateway to gateway VPN between a Sidewinder G 2 Security Appliance and a Juniper

More information

TechNote. Configuring SonicOS for MS Windows Azure

TechNote. Configuring SonicOS for MS Windows Azure Network Security SonicOS Contents Overview...1 Deployment Considerations...2 Supported Platforms...2 Configuring a Policy-Based VPN...2 Configuring a Route-Based VPN...17 Overview This TechNote details

More information

Configure IPSec VPN Tunnels With the Wizard

Configure IPSec VPN Tunnels With the Wizard Configure IPSec VPN Tunnels With the Wizard This quick start guide provides basic configuration information about setting up IPSec VPN tunnels by using the VPN Wizard on the ProSafe Wireless-N 8-Port Gigabit

More information

Cert Pro 4/17/01 2:05 AM Page 1 T HE C HECK P OINT. Certified Professional Program SECURE. www.checkpoint.com/ccpp

Cert Pro 4/17/01 2:05 AM Page 1 T HE C HECK P OINT. Certified Professional Program SECURE. www.checkpoint.com/ccpp Cert Pro 4/17/01 2:05 AM Page 1 T HE C HECK P OINT Professional Program SECURE YOUR FUTURE www.checkpoint.com/ccpp Cert Pro 4/17/01 2:05 AM Page 2 Certify your Future Companies that select Check Point

More information

TechNote. Configuring SonicOS for Amazon VPC

TechNote. Configuring SonicOS for Amazon VPC Network Security SonicOS Contents Overview... 1 System or Network Requirements / Prerequisites... 3 Deployment Considerations... 3 Configuring Amazon VPC with a Policy-Based VPN... 4 Configuring Amazon

More information

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client Astaro Security Gateway V8 Remote Access via L2TP over IPSec Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If

More information

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance This article will easily explain how to configure your Apple ipad, iphone or ipod Touch

More information

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE V IRTUAL PRIVATE NETWORKS C ONTENTS Introduction to the Scenarios... 3 Scenario 1: Gateway-to-Gateway With Pre-Shared Secrets... 3 Configuring

More information

Route Based Virtual Private Network

Route Based Virtual Private Network Route Based Virtual Private Network Document Scope This solutions document provides details about Route Based Virtual Private Network (VPN) Technology, its advantages, and procedures to configure a Route

More information

CheckPoint Software Technologies LTD. How to Install and Configure SecureClient and SecureServer

CheckPoint Software Technologies LTD. How to Install and Configure SecureClient and SecureServer CheckPoint Software Technologies LTD. How to Install and Configure SecureClient and SecureServer Event: Partner Exchange Conference Date: October 19, 1999 Revision 1.0 Author: Richard Devera, Southern

More information

Netopia 3346. TheGreenBow IPSec VPN Client. Configuration Guide. http://www.thegreenbow.com. support@thegreenbow.com

Netopia 3346. TheGreenBow IPSec VPN Client. Configuration Guide. http://www.thegreenbow.com. support@thegreenbow.com TheGreenBow IPSec VPN Client Configuration Guide Netopia 3346 WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com IPSec VPN Router Configuration Property of TheGreenBow Sistech SA - Sistech

More information

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation Basic ViPNet VPN Deployment Schemes Supplement to ViPNet Documentation 1991 2015 Infotecs Americas. All rights reserved. Version: 00121-04 90 01 ENU This document is included in the software distribution

More information

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client Topology Note: ISR G2 devices have Gigabit Ethernet interfaces instead of FastEthernet Interfaces. All contents are Copyright 1992 2012

More information

Integrate Check Point Firewall

Integrate Check Point Firewall Integrate Check Point Firewall EventTracker Enterprise Publication Date: Oct.26, 2015 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The purpose of this document is

More information

If you have questions or find errors in the guide, please, contact us under the following e-mail address:

If you have questions or find errors in the guide, please, contact us under the following e-mail address: 1. Introduction... 2 2. Remote Access via PPTP... 2 2.1. Configuration of the Astaro Security Gateway... 3 2.2. Configuration of the Remote Client...10 2.2.1. Astaro User Portal: Getting Configuration

More information

Fireware How To Network Configuration

Fireware How To Network Configuration Fireware How To Network Configuration How do I configure the external interface of my Firebox? Introduction Most users configure the Firebox interfaces when they use the Quick Setup Wizard to create a

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Technical Notes TN 1 - ETG 3000. FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?

Technical Notes TN 1 - ETG 3000. FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection? FactoryCast Gateway TSX ETG 3021 / 3022 modules How to Setup a GPRS Connection? 1 2 Table of Contents 1- GPRS Overview... 4 Introduction... 4 GPRS overview... 4 GPRS communications... 4 GPRS connections...

More information

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab Microsoft Corporation Published: May, 2005 Author: Microsoft Corporation Abstract This guide describes how to create

More information

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client Astaro Security Gateway V8 Remote Access via SSL Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If you are not

More information

VPN SECURITY POLICIES

VPN SECURITY POLICIES TECHNICAL SUPPORT NOTE Introduction to the VPN Menu in the Web GUI Featuring ADTRAN OS and the Web GUI Introduction This Technical Support Note shows the different options available in the VPN menu of

More information

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X VPN Tracker for Mac OS X How-to: Interoperability with Check Point VPN-1 Gateway Rev. 3.0 Copyright 2003-2004 equinux USA Inc. All rights reserved. 1. Introduction 1. Introduction This document describes

More information

VNS3 to Cisco ASA Instructions. ASDM 9.2 IPsec Configuration Guide

VNS3 to Cisco ASA Instructions. ASDM 9.2 IPsec Configuration Guide VNS3 to Cisco ASA Instructions ASDM 9.2 IPsec Configuration Guide 2016 Site-to-Site IPsec Tunnel IPsec protocol allows you to securely connect two sites together over the public internet using cryptographically

More information

How do I set up a branch office VPN tunnel with the Management Server?

How do I set up a branch office VPN tunnel with the Management Server? Fireware How To VPN How do I set up a branch office VPN tunnel with the Management Server? Introduction Using the WatchGuard Management Server, you can make fully authenticated and encrypted IPSec tunnels

More information

VPN. VPN For BIPAC 741/743GE

VPN. VPN For BIPAC 741/743GE VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,

More information

This topic discusses Cisco Easy VPN, its two components, and its modes of operation. Cisco VPN Client > 3.x

This topic discusses Cisco Easy VPN, its two components, and its modes of operation. Cisco VPN Client > 3.x Configuring Remote-Access VPNs via ASDM Created by Bob Eckhoff This white paper discusses the Cisco Easy Virtual Private Network (VPN) components, modes of operation, and how it works. This document also

More information

Advanced VPN Concepts and Tunnel Monitoring

Advanced VPN Concepts and Tunnel Monitoring Chapter 5 Advanced VPN Concepts and Tunnel Monitoring Solutions in this chapter: Encryption Overview VPN Communities Policy-Based VPN Route-Based VPN Summary Solutions Fast Track Frequently Asked Questions

More information

Chapter 5 Virtual Private Networking Using IPsec

Chapter 5 Virtual Private Networking Using IPsec Chapter 5 Virtual Private Networking Using IPsec This chapter describes how to use the IPsec virtual private networking (VPN) features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to provide

More information

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client A P P L I C A T I O N N O T E Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client This application note describes how to set up a VPN connection between a Mac client and a Sidewinder

More information

Global VPN Client Getting Started Guide

Global VPN Client Getting Started Guide Global VPN Client Getting Started Guide PROTECTION AT THE SPEED OF BUSINESS Introduction The SonicWALL Global VPN Client creates a Virtual Private Network (VPN) connection between your computer and the

More information

The logic of configuration Create VPN Object( pre-shared key) Configure IPsec tunnel Create the IP rule for IPsec tunnel

The logic of configuration Create VPN Object( pre-shared key) Configure IPsec tunnel Create the IP rule for IPsec tunnel - Network topology WAN IP: 9.68.0.3/4 DFL-800 LAN IP: 9.68.3./4 WAN Static IP: 9.68.0.4/4 Remote LAN Internal LAN IP: 9.68.3.0/4 DFL-600 LAN IP: 9.68../4 PC IP: 9.68.3.00/4 Internal LAN IP: 9.68..0/4 PC

More information

Nokia Mobile VPN How to configure Nokia Mobile VPN for Cisco ASA with PSK/xAuth authentication

Nokia Mobile VPN How to configure Nokia Mobile VPN for Cisco ASA with PSK/xAuth authentication Nokia Mobile VPN How to configure Nokia Mobile VPN for Cisco ASA with PSK/xAuth authentication Table of Contents Introduction... 3 Internal address pool configuration... 4 Creating VPN policies... 7 Creating

More information

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication. Figure 4-5: VPN Consortium Scenario

More information

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc. nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances The information contained in this document represents the current view of Microsoft Corporation on the issues discussed

More information

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing

More information

Connecting Remote Offices by Setting Up VPN Tunnels

Connecting Remote Offices by Setting Up VPN Tunnels Connecting Remote Offices by Setting Up VPN Tunnels Cisco RV0xx Series Routers Overview As your business expands to additional sites, you need to ensure that all employees have access to the network resources

More information

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication. Figure 4-5: VPN Consortium Scenario

More information

CHECK POINT. Software Blade Architecture. Secure. Flexible. Simple.

CHECK POINT. Software Blade Architecture. Secure. Flexible. Simple. CHECK POINT Software Blade Architecture Secure. Flexible. Simple. softwareblades from Check Point Today s Security Challenge Protecting networks against today s constantly evolving threat environment has

More information

Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm

Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm Document Version:2.0-12/07/2007 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be

More information

Configuring IPsec VPN between a FortiGate and Microsoft Azure

Configuring IPsec VPN between a FortiGate and Microsoft Azure Configuring IPsec VPN between a FortiGate and Microsoft Azure The following recipe describes how to configure a site-to-site IPsec VPN tunnel. In this example, one site is behind a FortiGate and another

More information

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client Sophos UTM Remote Access via PPTP Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without

More information

VPNC Interoperability Profile

VPNC Interoperability Profile VPNC Interoperability Profile Valid for Barracuda NG Firewall 5.0 Revision 1.1 Barracuda Networks Inc. 3175 S. Winchester Blvd Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2010,

More information

VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router:

VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router: Page 1 of 8 VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router: This document will guide you on how to create IKE and auto-vpn policies for your ProSafe NETGEAR Router, as well as

More information

Integrity Advanced Server Gateway Integration Guide

Integrity Advanced Server Gateway Integration Guide Integrity Advanced Server Gateway Integration Guide 1-0273-0650-2006-03-09 Editor's Notes: 2006 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application Intelligence, Check

More information

Compiled By: Chris Presland v1.0. 29 th September. Revision History Phil Underwood v1.1

Compiled By: Chris Presland v1.0. 29 th September. Revision History Phil Underwood v1.1 Compiled By: Chris Presland v1.0 Date 29 th September Revision History Phil Underwood v1.1 This document describes how to integrate Checkpoint VPN with SecurEnvoy twofactor Authentication solution called

More information

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

Step By Step Guide: Demonstrate DirectAccess in a Test Lab Step By Step Guide: Demonstrate DirectAccess in a Test Lab Microsoft Corporation Published: May 2009 Updated: October 2009 Abstract DirectAccess is a new feature in the Windows 7 and Windows Server 2008

More information

Virtual Private Network and Remote Access Setup

Virtual Private Network and Remote Access Setup CHAPTER 10 Virtual Private Network and Remote Access Setup 10.1 Introduction A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks

More information

How to setup a VPN on Windows XP in Safari.

How to setup a VPN on Windows XP in Safari. How to setup a VPN on Windows XP in Safari. If you want to configure a VPN connection from a Windows XP client computer you only need what comes with the Operating System itself, it's all built right in.

More information

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004 ZyWALL 5 Internet Security Appliance Quick Start Guide Version 3.62 (XD.0) May 2004 Introducing the ZyWALL The ZyWALL 5 is the ideal secure gateway for all data passing between the Internet and the LAN.

More information

VPN L2TP Application. Installation Guide

VPN L2TP Application. Installation Guide VPN L2TP Application Installation Guide 1 Configuring a Remote Access L2TP VPN Dial-in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter (included

More information

Application Note: Integrate Juniper IPSec VPN with Gemalto SA Server. SASolutions@gemalto.com October 2007. www.gemalto.com

Application Note: Integrate Juniper IPSec VPN with Gemalto SA Server. SASolutions@gemalto.com October 2007. www.gemalto.com Application Note: Integrate Juniper IPSec VPN with Gemalto SA Server SASolutions@gemalto.com October 2007 www.gemalto.com Table of contents Overview... 3 Architecture... 5 Configure Juniper IPSec on an

More information

Configuring a VPN for Dynamic IP Address Connections

Configuring a VPN for Dynamic IP Address Connections Configuring a VPN for Dynamic IP Address Connections Summary A Virtual Private Network (VPN) is a virtual private network that interconnects remote (and often geographically separate) networks through

More information

Ingate Firewall. TheGreenBow IPSec VPN Client Configuration Guide. http://www.thegreenbow.com support@thegreenbow.com

Ingate Firewall. TheGreenBow IPSec VPN Client Configuration Guide. http://www.thegreenbow.com support@thegreenbow.com TheGreenBow IPSec VPN Client Configuration Guide Ingate Firewall WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com IPSec VPN Router Configuration Property of TheGreenBow Sistech SA -

More information

Stateful Inspection Technology

Stateful Inspection Technology White Paper Stateful Inspection Technology The industry standard for enterprise-class network security solutions Check Point protects every part of your network perimeter, internal, Web to keep your information

More information

Cisco SA 500 Series Security Appliance

Cisco SA 500 Series Security Appliance TheGreenBow IPSec VPN Client Configuration Guide Cisco SA 500 Series Security Appliance This guide applies to the following models: Cisco SA 520 Cisco SA 520W Cisco SA 540 WebSite: Contact: http://www.thegreenbow.de

More information

Using Microsoft Active Directory for Checkpoint NG AI SecureClient

Using Microsoft Active Directory for Checkpoint NG AI SecureClient Using Microsoft Active Directory for Checkpoint NG AI SecureClient Dave Crowfoot www.works4me.com dave@works4me.com This is the solution that I came up with to utilize MS Active directory to authenticate

More information

Lab 6.2.12a Configure Remote Access Using Cisco Easy VPN

Lab 6.2.12a Configure Remote Access Using Cisco Easy VPN Lab 6.2.12a Configure Remote Access Using Cisco Easy VPN Objective Scenario Topology In this lab, the students will complete the following tasks: Enable policy lookup via authentication, authorization,

More information

This chapter describes how to set up and manage VPN service in Mac OS X Server.

This chapter describes how to set up and manage VPN service in Mac OS X Server. 6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure

More information

Parallels Plesk Panel

Parallels Plesk Panel Parallels Plesk Panel Copyright Notice Parallels Holdings, Ltd. c/o Parallels International GMbH Vordergasse 49 CH8200 Schaffhausen Switzerland Phone: +41 526320 411 Fax: +41 52672 2010 Copyright 1999-2011

More information

DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide

DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide This guide will show how to configure a Windows 2000/XP machine to make an IPsec VPN Tunnel connection to a DI-804HV. Below is the example

More information

Technical Document. Creating a VPN. GTA Firewall to WatchGuard Firebox SOHO 6 TD: GB-WGSOHO6

Technical Document. Creating a VPN. GTA Firewall to WatchGuard Firebox SOHO 6 TD: GB-WGSOHO6 Technical Document Creating a VPN GTA Firewall to WatchGuard Firebox SOHO 6 TD: GB-WGSOHO6 Contents INTRODUCTION 1 Supported Encryption and Authentication Methods 1 Addresses Used in Examples 1 Documentation

More information

Application Note. Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1.

Application Note. Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1. Application Note Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1.0 Page 1 Controlling Access to Large Numbers of Networks Devices to

More information