How To Set Up Checkpoint Vpn For A Home Office Worker
|
|
- William McCarthy
- 3 years ago
- Views:
Transcription
1 SofaWare VPN Configuration Guide Part No.: Oct 2002 For gateway version 3
2 COPYRIGHT & TRADEMARKS Copyright 2002 SofaWare, All Rights Reserved. SofaWare, SofaWare S-box, and are trademarks, service marks, or registered trademarks of SofaWare Technologies Ltd. Check Point, the Check Point logo, FireWall-1, FireWall-1 SecureServer, FireWall-1 SmallOffice, FloodGate-1, INSPECT, IQ Engine, Meta IP, MultiGate, Open Security Extension, OPSEC, Provider-1, SecureKnowledge, SecureUpdate, SiteManager-1, SVN, UAM, User-to-Address Mapping, UserAuthority, Visual Policy Editor, VPN-1, VPN-1 Accelerator Card, VPN-1 Gateway, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 SmallOffice, and ConnectControl are trademarks, service marks, or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668 and 5,835,726 and may be protected by other U.S. Patents, foreign patents, or pending applications. 2 SofaWare VPN Configuration Guide
3 Contents Contents...3 Introduction...5 SofaWare 6 SofaWare Pro... 6 SofaWare Safe@Office... 6 SofaWare Safe@Office Plus... 6 About This Guide... 6 Typological Conventions... 7 Contacting Technical Support... 7 VPN Connectivity Solution Models...9 Safe@Office to Safe@Office (Site-to-Site VPN) Safe@Office to VPN-1 (Site-to-Site VPN) VPN RAS Client to VPN-1 VPN RAS Server VPN RAS Client to Safe@Office VPN RAS Server Using Safe@Home Pro as a VPN RAS Client Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN...15 Configuring VPN-1 NG FP1/FP2 for Site-to-Site VPN Configuring VPN for Site-to-Site VPN...37 Configuring VPN for Site-to-Site VPN SofaWare VPN Configuration Guide 3
4 Contents Configuring VPN-1 for RAS VPN...53 Configuring VPN-1 NG for RAS VPN Configuring VPN for RAS VPN Configuring VPN-1 NG FP Configuring gateway to NG FP3 In Client to Site Mode Configuring gateway to NG FP3 in Site To Site mode SofaWare VPN Configuration Guide
5 Chapter 1 Introduction The SofaWare S-box is available with the following software configurations: SofaWare Safe@Home, SofaWare Safe@Home Pro, SofaWare Safe@Office and SofaWare Safe@Office Plus. All four provide a web-based management interface, which enables you to manage and configure the S-box operation and options. Table1 summarizes the differences between the available Safe@ software configurations. Table 1: Safe@ Product Summary Safe@Home Safe@Home Pro Safe@Office and Safe@Office Plus Solution Home user firewall Telecommuter and home office Small branch offices Nodes /25 Standalone firewall Yes Yes Yes VPN functionality No Remote Access Client Remote Access Client/Server Your S-box can be upgraded to a more advanced product level, without replacing the hardware. For more information, contact your reseller or order@checkpoint.com. SofaWare VPN Configuration Guide 5
6 Introduction SofaWare protects your home network from hostile Internet activity. It is intended for home users and can be used by up to five computers and users. SofaWare Pro In addition to all the benefits of SofaWare SofaWare Pro provides Virtual Private Networking (VPN) functionality. SofaWare Pro contains a remote access VPN client, which enables employees working from home to securely connect to the corporate network. SofaWare Safe@Home Pro is intended for home users who are part of an extended enterprise network. It can be used by up to five computers and users. SofaWare Safe@Office SofaWare Safe@Office provides all the benefits of SofaWare Safe@Home Pro, along with expanded VPN functionality. It acts not only as a remote access VPN client, but as a remote access VPN server which is installed office-side to protect the company s VPN and make it available to telecommuting employees. SofaWare Safe@Office can also be configured as a VPN gateway, which allows permanent Site-to-Site VPN connections between two gateways, such as two company offices. SofaWare Safe@Office is intended both for companies with extended enterprise networks and for their employees working from home. It can be used by up to ten computers and users. SofaWare Safe@Office Plus SofaWare Safe@Office Plus extends SofaWare Safe@Office to support up to 25 computers and users. About This Guide This guide describes supported VPN solutions and provides instructions for implementing them. You should be familiar with the following before using this guide:! Basic FW-1/VPN-1 use. For information, refer to the Check Point VPN-1/FireWall-1 Administration Guide.! S-box use for your software configuration. For information, refer to the SofaWare S-box Getting Started Guide. 6 SofaWare VPN Configuration Guide
7 Introduction Typological Conventions To make finding information in this manual easier, some types of information are marked with special symbols or formatting. Boldface type is used for command and button names. Note: Notes are denoted by indented text and preceded by the Note icon. Important: Important notes are denoted by indented text and preceded by the Important icon. Contacting Technical Support To contact technical support, send an to: SofaWare VPN Configuration Guide 7
8
9 Chapter 2 VPN Connectivity Solution Models A virtual private network (VPN) consists of at least one VPN remote access (RAS) server or VPN gateway, and several VPN RAS clients. A VPN RAS server makes the corporate network remotely available to authorized users, such as employees working from home, who connect to the VPN RAS server using VPN RAS clients. A VPN gateway can be connected to another VPN gateway in a permanent, bi-directional relationship (Site-to-Site VPN). The two connected networks function as a single network. A connection between two VPN sites is called a VPN tunnel. VPN tunnels encrypt and authenticate all traffic passing through them. Through these tunnels, employees can safely use their company s network resources when working at home. For example, they can securely read , use the company s intranet, or access the company s database from home. SofaWare Safe@Home Pro and SofaWare Safe@Office provide VPN functionality. SofaWare Safe@Home Pro contains a VPN RAS client. SofaWare Safe@Office can act as a VPN RAS client, a VPN RAS server, or a Siteto-Site VPN gateway. Both SofaWare Safe@Office and Safe@Home Pro enable an exciting number of solutions to support your VPN connectivity needs. This chapter describes the following four basic solutions:! Safe@Office to Safe@Office (Site-to-Site VPN), page 10! Safe@Office to VPN-1 (Site-to-Site VPN), page 11! VPN RAS Client to VPN-1 VPN RAS Server, page 12! VPN RAS Client to Safe@Office VPN RAS Server, page 13 SofaWare VPN Configuration Guide 9
10 VPN Connectivity Solution Models to (Site-to-Site VPN) This solution enables you to establish Site-to-Site VPN connections between Site-to-Site VPN gateways. Note: In this solution model, both Site-to-Site VPN gateways must have a static IP address. Figure 1 shows a sample implementation of the Safe@Office to Safe@Office solution with three Safe@Office appliances (sbox1, sbox2, and sbox3). Each S-box acts as a Site-to-Site VPN gateway for a fully secure network. The networks communicate via VPN connections. Figure 1: Safe@Office to Safe@Office (Site-to-Site VPN) For information on configuring Safe@Office for Site-to-Site VPN, refer to the SofaWare S-box Getting Started Guide. 10 SofaWare VPN Configuration Guide
11 VPN Connectivity Solution Models to VPN-1 (Site-to-Site VPN) This solution enables you to establish Site-to-Site VPN connections between a Safe@Office Site-to-Site VPN gateway and a VPN-1 Site-to-Site VPN gateway. Note: In this solution model, both the VPN-1 and Safe@Office Site-to-Site VPN gateways must have a static IP address. Dynamic IP in Site-to-Site VPN is supported using a certificate. For more information refer to or contact support@sofaware.com. Figure 2 shows a sample implementation of the Safe@Office to VPN-1 solution, in which two Safe@Office appliances (sbox1 and sbox2) are connected to a VPN-1 Site-to-Site VPN gateway. Figure 2: Safe@Office to VPN-1 (Site-to-Site VPN) For information on configuring VPN-1 NG for Site-to-Site VPN, see Configuring VPN-1 NG FP3, page 73. For information on configuring VPN for Site-to-Site VPN, see Configuring VPN for Site-to-Site VPN, page 37. SofaWare VPN Configuration Guide 11
12 VPN Connectivity Solution Models VPN RAS Client to VPN-1 VPN RAS Server This solution enables Check Point SecureClient, and Check Point SecuRemote VPN RAS clients to connect to a VPN-1 VPN RAS server. Note: In this solution model, the VPN-1 VPN RAS server must have a static IP address. Figure 3 shows a sample implementation of the VPN RAS Client to VPN-1 VPN RAS Server solution, in which two Safe@ appliances (sbox1 and sbox2), a Check Point SecuRemote, and a Check Point SecureClient act as VPN RAS clients that download topology information from a VPN-1 VPN RAS gateway. Figure 3: VPN RAS Client to VPN-1 VPN RAS Server For information on configuring a VPN-1 NG or VPN as a VPN RAS Server, see Configuring VPN for Safe@ RAS VPN, page SofaWare VPN Configuration Guide
13 VPN Connectivity Solution Models VPN RAS Client to VPN RAS Server This solution enables Pro, Check Point SecureClient, and Check Point SecuRemote VPN RAS clients to connect to a Safe@Office VPN RAS server. Note: In this solution model, the Safe@Office VPN RAS server must have a static IP address. Figure 4 shows a sample implementation of the VPN RAS Client to Safe@Office VPN RAS Server solution, in which two Safe@ appliances (sbox1 and sbox2), a Check Point SecuRemote, and a Check Point SecureClient act as VPN RAS clients that download topology information from the Safe@Office VPN RAS server (sbox3). Figure 4: VPN RAS Client to Safe@Office VPN RAS Server For information on configuring Safe@Home Pro, Safe@Office, Check Point SecuRemote, or Check Point SecureClient as a VPN RAS client to a Safe@Office VPN RAS server, refer to the SofaWare S-box Getting Started Guide. SofaWare VPN Configuration Guide 13
14 VPN Connectivity Solution Models Using Pro as a VPN RAS Client Safe@Home Pro functions in VPN RAS client mode, in which connection is initiated only by the VPN RAS client. Safe@Home Pro uses only Manual mode VPN connection, in which the end-user surfs to and selects the VPN RAS server to which they want to establish a VPN connection. Figure 5 shows Safe@Home Pro acting as a VPN RAS client to VPN-1 and Safe@Office VPN RAS servers. Figure 5: Safe@Home Pro VPN RAS Client 14 SofaWare VPN Configuration Guide
15 Chapter 3 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN This chapter explains how to configure Check Point VPN-1 NG FP1/FP2 for the Safe@Office to VPN-1 (Site-to- Site VPN) solution described in Safe@Office to VPN-1 (Site-to-Site VPN), page 11. Note: To configure NG FP3, refer to chapter 6 Configure VPN-1 NG FP3 page 75 This chapter contains the following sections:! Configuring VPN-1 NG FP1/FP2 for Site-to-Site VPN, page 16 VPN-1 NG FP2 must be configured to work in Traditional Mode. Note: The screens shown in this chapter appear in both VPN-1 NG FP1 and FP2. Where FP1 and FP2 screens differ, both are shown. Note: You must configure the VPN-1 object to use a pre-shared secret before you configure VPN-1 NG FP1/FP2 for Site-to-Site. Note: Working with Dynamic IP s and certificates is supported. For more information, please refer to or contact support@sofaware.com. SofaWare VPN Configuration Guide 15
16 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Configuring VPN-1 NG FP1/FP2 for Site-to-Site VPN To configure VPN-1 NG FP1/FP2 for Site-to-Site VPN 1. Open the Check Point Policy Editor. 2. Create an S-box object by doing the following: a. In the Manage menu, click Network Objects. The Network Objects dialog box appears. b. If you are using FP1, click New and then click Workstation. The Workstation Properties dialog box appears with the General tab displayed. Do the following: 16 SofaWare VPN Configuration Guide
17 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN 1) In the Name field, type the object s name. 2) In the IP Address field, type the S-box s hiding address. 3) In the Type area, select Gateway. 4) Select Check Point products installed. 5) In the Version list, select ) In the Check Point Products list, select Firewall-1 and VPN-1. 7) In the Object Management area, select Managed by another Management Server [External]. c. If you are using FP2, click New, Check Point, and then Externally Managed Gateway. The Externally Managed Check Point Gateway dialog box opens with General Properties tab displayed. Do the following: SofaWare VPN Configuration Guide 17
18 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN 1) In the Name field, type the object s name. 2) In the Version list, select ) In the IP Address field, type the S-box s hiding address. 4) In the Check Point Products list, select Firewall-1 and VPN-1 Pro. d. Click Topology. The Topology tab is displayed. By default, no interfaces are defined. e. Add both an internal and external S-box interface. Do the following for each interface: 1) Click Add. The Interface Properties dialog box appears with the General tab displayed. 2) Type the interface s name, IP address, and subnet mask in the appropriate fields. 3) Click on the Topology tab. The Topology tab is displayed. 18 SofaWare VPN Configuration Guide
19 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN 4) If you are configuring the external interface, select External (leads out to the Internet) in the Topology area. Do not change the other settings. 5) If you are configuring the internal interface, select Internal (leads to the local network) in the Topology area, and select Network defined by the interface IP in the IP address Behind this interface area. Do not change the other settings. SofaWare VPN Configuration Guide 19
20 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN 6) Select All IP Address behind Gateway based on Topology 7) Click OK. f. In the menu, click VPN. The VPN tab is displayed. 20 SofaWare VPN Configuration Guide
21 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN g. Click Edit. Note: In FP1, FWZ appears in the Encryption Schemes list. Do not select FWZ. The IKE Properties dialog box appears. SofaWare VPN Configuration Guide 21
22 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN h. In the Support authentication methods area, select Pre-shared Secret, and click Edit Secrets... The Shared Secret dialog box appears. Do the following: 1) In the Peer Name column, click on the S-box s peer name. 22 SofaWare VPN Configuration Guide
23 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Note: If the VPN-1 object was not configured to use a pre-shared secret, the peer name will not be listed. 2) In the Enter Secrets field, type the unique password that should be used by the S-box and VPN-1 when establishing VPN connections to each other. 3) Click Set. 4) Click OK. The IKE Properties dialog box reappears. i. Click Advanced. The Advanced IKE properties dialog box appears. j. Optional - Select the Support aggressive mode check box. SofaWare VPN Configuration Guide 23
24 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Note: Main mode is supported in Site to Site configuration. k. Click OK. The IKE Properties dialog box reappears. l. Click OK. The Externally Managed VPN Host dialog box reappears with the VPN tab is displayed. m. Click OK. 3. Set VPN properties for the VPN-1 NG FP1/FP2 object by doing the following: a. In the Manage menu, click Network Objects. The Network Objects dialog box appears. b. Select the VPN-1 NG object and click Edit. The Check Point Gateway dialog box opens with General Properties tab displayed. 24 SofaWare VPN Configuration Guide
25 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN c. In the menu, click VPN. The VPN tab is displayed. d. Select IKE and click Edit. The IKE Properties dialog box appears. e. Click Advanced. The Advanced IKE properties dialog box appears. f. Select the Support aggressive mode check box. g. Click OK. The IKE Properties dialog box reappears. h. Click OK. The VPN tab reappears with certificate information displayed. SofaWare VPN Configuration Guide 25
26 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN 4. If desired, create a Topology user by doing the following: Note: A Topology user is a User object that enables the S-box to download the VPN-1 NG FP1/FP2 topology. If you do not create a Topology user, you must specify the VPN-1 s network configuration in the S-box VPN wizard. a. In the menu, click Topology. The Topology tab is displayed. 26 SofaWare VPN Configuration Guide
27 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN b. Select Exportable for SecuRemote/SecureClient. c. Click OK. d. In the Manage menu, choose Users and Administrators. The Users window opens. SofaWare VPN Configuration Guide 27
28 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN e. Click New, Users by Template, and then Default. The Users Properties dialog box appears with the General tab displayed. 28 SofaWare VPN Configuration Guide
29 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN f. Type the login name. In this example the name Topology is used. g. Click on the Encryption tab. The Encryption tab is displayed. SofaWare VPN Configuration Guide 29
30 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Note: In FP1, FWZ appears in the Client Encryption Methods list. Do not select FWZ. h. Select IKE and click Edit. The IKE Properties dialog box appears. 30 SofaWare VPN Configuration Guide
31 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Do the following: 1) Select the Password (pre-shared Secret) checkbox. The Password and Confirm Password fields are enabled. 2) In the Password and Confirm Password fields, type the pre-shared secret for the S-box. 3) Click on the Encryption tab. The Encryption tab is displayed. If you are using FP1, the screen appears as follows: SofaWare VPN Configuration Guide 31
32 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN If you are using FP2, the screen appears as follows: 4) If you are using FP2, select Defined below. 5) In the Encryption Algorithm list, select 3DES. 6) In the Data Integrity area, select SHA1. 7) Click OK. The User Properties dialog box reappears with the Encryption tab displayed. i. Click OK. The Users window reappears. j. Click Close. 5. Configure the rule base. 32 SofaWare VPN Configuration Guide
33 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Example 1 Note: Example 1 matches the Unrestricted configuration mode in the Safe@ gateway. In this case, all traffic should be directed to the secured network (and not to the external IP of the Safe@ gateway). All VPN traffic will be allowed into the safe@ secured network, and no VPN ONLY Allow / Server rules must be defined in the Safe@ gateway. Note: The object Internal represents the encryption domain of the NG firewall. The object Sbox_Network represents the subnet behind the Safe@ gateway. Note: If VPN access to the NG firewall itself is also needed, the NG object needs to appear in the rule base as well. Note: In this instance, the services that will be encrypted in both directions are ICMP, Telnet and FTP. Example 2 SofaWare VPN Configuration Guide 33
34 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN Note: Example 2 matches Restricted configuration in the Safe@ gateway. In this case all traffic must be directed to the external interface of the Safe@ gateway, and can be forward inbound using VPN ONLY allow / server rules. Directing the traffic to the secured network behind the Safe@ gateway is not allowed in this mode. Note: The object called Internal represents the encryption domain of the NG firewall. Note: If VPN access to the NG firewall itself is also needed, the NG object needs to appear in the rule base as well. Note: In this instance, the services that will be encrypted in both directions are ICMP, Telnet and FTP. 6. Set encryption properties for each of the rules by doing the following: a. In desired rule s row, right-click on the Encrypt icon, and click Set Properties in the popup menu that appears. The Encryption Properties dialog box appears. 34 SofaWare VPN Configuration Guide
35 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN b. Click Edit. The IKE Phase 2 Properties dialog box appears. c. In the Data Integrity list, select SHA1. SofaWare VPN Configuration Guide 35
36 Configuring VPN-1 NG FP1 and FP2 for Site-to-Site VPN d. Click OK. The Encryption Properties dialog box appears. e. Click OK. 7. Compile the policy. 36 SofaWare VPN Configuration Guide
37 Chapter 4 Configuring VPN for Site-to-Site VPN This chapter explains how to configure Check Point VPN for the Safe@Office to VPN-1 (Site-to-Site VPN) solution described in Safe@Office to VPN-1 (Site-to-Site VPN), page 11. Note: The information in this chapter is correct for VPN-1 4.1, SP4, and higher. This chapter contains the following sections:! Configuring VPN for Site-to-Site VPN Note: You must configure the VPN-1 object to use a pre-shared secret before you configure VPN-1 NG 4.1 for Site-to-Site. SofaWare VPN Configuration Guide 37
38 Configuring VPN for Site-to-Site VPN Configuring VPN for Site-to-Site VPN To configure VPN for Site-to-Site VPN 1. Open the Check Point Policy Editor. 2. Create the Gateway object by doing the following: a. In the Manage menu, choose Network Objects. The Network Objects dialog box appears. b. Click New and then click Workstation. The Workstation Properties dialog box appears with the General tab displayed. 38 SofaWare VPN Configuration Guide
39 Configuring VPN for Site-to-Site VPN Do the following: 1) In the Name field, type the object s name. 2) In the IP Address field, type the S-box s hiding address. 3) In the Location area, select External. 4) In the Type area, select Gateway. 5) In the Modules Installed area, select VPN-1& FireWall-1 version 4.1. c. Click OK. 3. Configure the Safe@ Gateway internal network object by doing the following: a. In the Manage menu, choose Network Objects. The Network Objects dialog box appears. b. Click New and then click Network. The Network Properties dialog box appears with the General tab displayed. SofaWare VPN Configuration Guide 39
40 Configuring VPN for Site-to-Site VPN Do the following: 1) In the Name field, type the network object name. 2) In the IP Address field, type the network object s IP address. 3) In the Net Mask field, type the network object s subnet mask. The subnet mask represents the home network. 4) Click OK. c. Open the Safe@ Gateway object you defined earlier. The Workstation Properties dialog box appears with the General tab displayed. d. In the menu, click VPN. The VPN tab is displayed. 40 SofaWare VPN Configuration Guide
41 Configuring VPN for Site-to-Site VPN. e. In the Domain area, select Other, and then select network object from the Other list. (In the example above, the network object is Mynet.) f. Click Edit. The IKE Properties dialog box appears. SofaWare VPN Configuration Guide 41
42 Configuring VPN for Site-to-Site VPN g. In the Support authentication methods area, select Pre-shared Secret, and click Edit Secrets... The Shared Secret dialog box appears. Do the following: 1) In the Peer Name column, click on the VPN-1 s peer name. Note: If the VPN-1 object was not configured to use a pre-shared secret, the peer name will not be listed. 42 SofaWare VPN Configuration Guide
43 Configuring VPN for Site-to-Site VPN 2) In the Enter Secrets field, type the unique password that should be used by the S-box and VPN-1 when establishing VPN connections to each other. 3) Click Set. 4) Click OK. The IKE Properties dialog box reappears. h. Click OK. The Workstation Properties dialog box reappears with the VPN tab displayed. i. Click OK. 4. Configure the VPN-1 object by doing the following: a. In the Manage menu, choose Network Objects. The Network Objects dialog box appears. b. Select the VPN-1 object and click Edit. The Workstation Properties dialog box appears with the General tab displayed. c. Click on the VPN tab. The VPN tab is displayed. SofaWare VPN Configuration Guide 43
44 Configuring VPN for Site-to-Site VPN Note: Your Domain area may look different, depending on the VPN topology of your network. d. In the Domain section, select the Exportable for SecuRemote check box. e. In the Encryption schemes defined area, click Edit. The IKE Properties dialog-box appears. 44 SofaWare VPN Configuration Guide
45 Configuring VPN for Site-to-Site VPN f. Verify that the following options are selected:! Pre-shared Secret! Optional - Support Aggressive Mode Note: Main Mode is also supported so Aggressive mode is optional.! Support keys exchange for subnets 4. If desired, create a Topology user by doing the following: Note: A Topology user is a User object that enables the S-box to download the VPN-1 NG FP1/FP2 topology. If you do not create a Topology user, you must specify the VPN-1 s network configuration in the S-box VPN wizard. a. In the Manage menu choose Users. The Users dialog box appears. SofaWare VPN Configuration Guide 45
46 Configuring VPN for Site-to-Site VPN b. Click New,and then click Default. The Users Properties dialog box appears with the General tab displayed. c. In the Name field, type the user name. In this example the name Topology is used. d. In the Expiration Date field, type the expiration date. e. Click on the Encryption tab. The Encryption tab is displayed. 46 SofaWare VPN Configuration Guide
47 Configuring VPN for Site-to-Site VPN f. In the Client Encryption Methods area, select the IKE check box and clear the FWZ check box. g. Click Edit. The IKE Properties dialog box appears with the Authentication tab displayed. h. Select Password, and type the password in the field. i. Click on the Encryption tab. The Encryption tab is displayed. SofaWare VPN Configuration Guide 47
48 Configuring VPN for Site-to-Site VPN Do the following: 1) In the Data Integrity area, select SHA1. 2) In the Encryption Algorithm list, select 3DES. 3) Click OK. The Users Properties dialog box reappears with the Encryption tab displayed. j. Click OK. 5. Edit the existing rule base. Example 1 Note: Example 1 matches the Unrestricted configuration mode in the Safe@ gateway. In this case, all traffic should be directed to the secured network (and not to 48 SofaWare VPN Configuration Guide
49 Configuring VPN for Site-to-Site VPN the external IP of the gateway). All VPN traffic will be allowed into the secured network, and no VPN ONLY Allow / Server rules must be defined in the Safe@ gateway. Note: The object Local_VPN_Domain represents the encryption domain of the behind the 4.1 firewall. The object Mynet represents the subnet behind the Safe@ gateway. Note: If VPN access to the 4.1 firewall itself is also needed, the 4.1 object needs to appear in the rule base as well. Note: In this instance, the services that will be encrypted in both directions are ICMP, and FTP. Example 2 This example shows the rules that must be added to an existing rule base in order for FTP and ICMP to be encrypted to and from the S-box. Note: Example 2 matches Restricted configuration in the Safe@ gateway. In this case all traffic must be directed to the external interface of the Safe@ gateway, and can be forward inbound using VPN ONLY allow / server rules. Directing the traffic to the secured network behind the Safe@ gateway is not allowed in this mode. Note: The object Local_VPN_Domain is the subnet behind the FW firewall. SofaWare VPN Configuration Guide 49
50 Configuring VPN for Site-to-Site VPN Note: If VPN access to the 4.1 firewall itself is also needed, the 4.1 object needs to appear in the rule base as well. Note: In this instance, the services that will be encrypted in both directions are ICMP, and FTP. 6. Set encryption properties for each of the rules by doing the following: a. In desired rule s row, right-click on the Encrypt icon, and click Set Properties in the popup menu that appears. The Encryption Properties dialog box appears. b. Click Edit. The IKE Properties dialog box appears. 50 SofaWare VPN Configuration Guide
51 Configuring VPN for Site-to-Site VPN c. In the Data Integrity list, select SHA1. d. Click OK. The Encryption Properties dialog box reappears. e. Click OK. 7. Compile the policy. SofaWare VPN Configuration Guide 51
52
53 Chapter 5 Configuring VPN-1 for Safe@ RAS VPN This chapter explains how to configure Check Point VPN-1 as a VPN RAS server, as described in the solution VPN RAS Client to VPN-1 VPN RAS Server, page 12. The VPN-1 versions supported are Check Point 4.1 SP4 and above, NG FP1, and NG FP2. If you are using NG FP3, please refer to Configuring VPN-1 NG FP3, page 73 After configuring VPN-1, you must configure the Safe@ appliance to act as a VPN RAS client. For instructions, refer to the SofaWare Safe@ Getting Started Guide. The SofaWare Safe@ Gateway uses IKE shared secrets to establish an IPSEC VPN connection from the Safe@ Gateway to the Check Point Enterprise VPN-1. This chapter contains the following sections:! Configuring VPN-1 NG for Safe@ RAS VPN, page 53.! Configuring VPN for Safe@ RAS VPN, page 64 Configuring VPN-1 NG for Safe@ RAS VPN Note: This procedure can be used for VPN-1 NG FP1 and FP2. To configure VPN-1 NG for Safe@ RAS VPN 1. Open the Check Point Policy Editor. 2. Edit the VPN-1 NG properties by doing the following: a. From the Manage menu, select Network Objects. The Network Objects dialog box appears. SofaWare VPN Configuration Guide 53
54 Configuring VPN-1 for RAS VPN b. Click on the VPN-1 workstation object that should receive the gateway VPN session request. The Workstation Properties dialog box appears with the General tab displayed. 54 SofaWare VPN Configuration Guide
55 Configuring VPN-1 for RAS VPN c. In the menu, click VPN. The VPN tab is displayed. d. In the Encryption schemes area, verify that the IKE check box is selected. e. Click Edit. The IKE Properties dialog box appears. SofaWare VPN Configuration Guide 55
56 Configuring VPN-1 for RAS VPN f. Verify that the following selections are made:! In the Support key exchange encryption with list: DES and/or 3DES! In the Support data integrity with area: MD5 and/or SHA1 Note: These are the minimal selections. If desired, you can select additional options. g. Click Advanced. The Advanced IKE properties dialog box appears. 56 SofaWare VPN Configuration Guide
57 Configuring VPN-1 for RAS VPN Do the following: 1) Select the Use UDP encapsulation check box. 2) From the Use UDP encapsulation list, select VPN1_IPSEC_encapsulation. 3) In the Rekeying Parameters area, set Renegotiate IKE security associations to 1440 minutes, and set Renegotiate IPSEC Security associations every to 3600 seconds. 4) In the Misc area, select Support IP compression for SecureClient, Support aggressive mode, and Support key exchange for subnets. 5) Click OK. The IKE Properties dialog box reappears. h. Click OK. The Workstation Properties dialog box reappears with the VPN tab displayed. i. Click OK. SofaWare VPN Configuration Guide 57
58 Configuring VPN-1 for RAS VPN 3. Create a new group object by doing the following: a. In the Manage menu, click Users. The Users dialog box appears. b. Click New and then Group. The Group Properties dialog box appears. 58 SofaWare VPN Configuration Guide
59 Configuring VPN-1 for RAS VPN c. In the Name field, type the group object s name. d. If users are already defined and you wish to add them to the new group, add users to your group by doing the following: 1) In the Not in Group list, select desired users. 2) Click Add>. The selected users are moved to the In Group list. e. Click OK. The Users dialog box reappears. The new group object appears in the Users list. f. Click Close. 4. If you wish to create a new Safe@ gateway user object, do the following: a. In the Manage menu, click Users. The Users window appears. b. Click New, User by Template, and then Default. The User Properties dialog box appears with the General tab displayed. SofaWare VPN Configuration Guide 59
60 Configuring VPN-1 for RAS VPN c. Type a login name for the new Safe@ gateway user. d. Click the Groups tab. The Groups tab is displayed. e. In the Available Groups list, select the group you created earlier and click Add>. The group is moved to the Belongs to Groups list. f. Click on the Encryption tab. The Encryption tab is displayed. 60 SofaWare VPN Configuration Guide
61 Configuring VPN-1 for RAS VPN g. In the Client Encryption Methods area, verify that the IKE check box is selected. h. Click Edit. The IKE Properties dialog box appears with the Authentication tab displayed. SofaWare VPN Configuration Guide 61
62 Configuring VPN-1 for RAS VPN Do the following: 1) Select Password. The Password and Confirm Password fields are enabled. 2) In the Password and Confirm Password fields, type the pre-shared secret for the gateway. 3) Click on the Encryption tab. The Encryption tab is displayed. 62 SofaWare VPN Configuration Guide
63 Configuring VPN-1 for RAS VPN 4) In the Transform area, select Encryption + Data Integrity (ESP). 5) In the Data Integrity area, select SHA1 or MD5. 6) In the Encryption Algorithm list, select DES or 3DES. 7) Click OK. The User Properties dialog box reappears with the Encryption tab displayed. i. Click OK. The Users window reappears. j. Click Close. 5. Add a rule to your rule base: Note: The rule above is only an example. The Destination and Service may vary according to your VPN settings and your network needs. 6. Compile the policy. Note: The object Internal represent the encryption domain of the NG firewall. SofaWare VPN Configuration Guide 63
64 Configuring VPN-1 for RAS VPN Configuring VPN for RAS VPN To configure VPN for RAS VPN 1. Open the Check Point Policy Editor. 2. Edit the VPN properties by doing the following: a. From the Manage menu, select Network Objects. The Network Objects dialog box appears. b. Click on the VPN object that should receive the gateway VPN session request, and click Edit. The Workstation Properties dialog box appears with the General tab displayed. 64 SofaWare VPN Configuration Guide
65 Configuring VPN-1 for RAS VPN c. Click on the VPN tab. The VPN tab is displayed. SofaWare VPN Configuration Guide 65
66 Configuring VPN-1 for RAS VPN d. In the Encryption schemes defined area, verify that the IKE check box is selected. e. Click Edit. Note: In the example above, the Local_VPN_Domain object represents the secured networks protected by VPN-1. Your VPN-1 may have other network objects defined. The IKE Properties dialog box appears. 66 SofaWare VPN Configuration Guide
67 Configuring VPN-1 for RAS VPN f. Verify that the following selections are made:! In the Key Negotiation Encryption Method(s) list: DES and/or 3DES Note: CAST is not supported by gateway, but can be selected if desired.! In the Hash Method area: MD5 and/or SHA1! Support Aggressive Mode! Support Subnets Note: These are the minimal selections. If desired, you can select additional options. g. Click OK. The Workstation Properties dialog box reappears with the VPN tab displayed. h. Click OK. 3. Create a new group object by doing the following: a. From the Manage menu, click Users. The Users dialog box appears. SofaWare VPN Configuration Guide 67
68 Configuring VPN-1 for RAS VPN b. Click New and then click Group. The Group Properties dialog box appears. c. In the Name field, type the group object s name. d. If users are already defined, and you wish to add them to the new group, do the following: 1) In the Not in Group list, select desired users. 2) Click Add>. The selected users are moved to the In Group list. 68 SofaWare VPN Configuration Guide
69 Configuring VPN-1 for RAS VPN e. Click OK. The Users dialog box reappears. The new group appears in the Users list. f. Click Close. 4. If you wish to create a new Safe@ gateway user object, do the following: a. From the Manage menu, click Users. The Users window appears. b. Click New and then click Default. The User Properties dialog box appears with the General tab displayed. Do the following: 1) In the Name field, type a name for the new Safe@ gateway user. 2) If desired, type a new expiration date for the Safe@ gateway user object in the Expiration Date field. c. Click the Groups tab. The Groups tab is displayed. SofaWare VPN Configuration Guide 69
70 Configuring VPN-1 for RAS VPN d. In the Available Groups list, select the group you created earlier and click Add >. The group is moved to the Belongs to Groups list. e. Click on the Encryption tab. The Encryption tab is displayed. f. In the Client Encryption Methods area, verify that the IKE check box is selected. 70 SofaWare VPN Configuration Guide
71 Configuring VPN-1 for RAS VPN g. Click Edit. The IKE Properties dialog box appears with the Authentication tab displayed. Do the following: 1) Select Password. The Password field is enabled. 2) In the Password field, type the pre-shared secret for the gateway. 3) Click on the Encryption tab. The Encryption tab is displayed. SofaWare VPN Configuration Guide 71
72 Configuring VPN-1 for RAS VPN 4) In the Transform area, select Encryption + Data Integrity (ESP). 5) In the Data Integrity area, select SHA1 or MD5. 6) In the Encryption Algorithm list, select DES or 3DES. 7) Click OK. The User Properties dialog box reappears with the Encryption tab displayed. h. Click OK. The Users window reappears. i. Click Close. 5. Add a rule to your rule base: Note: The rule above is only an example. The Destination and Service may vary according to your VPN settings and your network needs. 6. Compile the policy. Note: The object Internal represents the encryption domain of the FW firewall. 72 SofaWare VPN Configuration Guide
73 Chapter 6 Configuring VPN-1 NG FP3 This chapter explains how to create Site-to-Site and Client-to-Site VPN tunnels between Safe@ gateway and NG FP3 using communities. Note: SSC (SofaWare SmartCenter Connector) add-on must be installed on the NG FP3 firewall SofaWare VPN Configuration Guide 73
74 Configuring VPN-1 NG FP3 Configuring gateway to NG FP3 In Client to Site Mode Create and Configure object 1. Open the Check Point Policy Editor. 2. Create a Safe@ Gateway object by doing the following: a. In the Manage menu, click Network Objects. The Network Objects dialog box appears. b. Click New, Check Point, and then Safe@ Gateway... c. The Safe@ Gateway properties page appears 3. Configure the Safe@ Gateway Object by doing the following: 74 SofaWare VPN Configuration Guide
75 Configuring VPN-1 NG FP3 a. In the Name field, type the object s name. b. Next to the IP Address field select the Dynamic Address checkbox. c. In the Type field choose GW Type. d. In the SofaWare Profile field choose Profile. e. In the Password field enter a password, or press on the Generate Password button. f. Select the VPN Enabled check box. g. Save the object by clicking OK. Note: The Safe@ password is automatically used as its shared secret in the community. SofaWare VPN Configuration Guide 75
76 Configuring VPN-1 NG FP3 Configure the Community 1. Define the Community by doing the following: a. Select the VPN Manager tab: b. Double click on the RemoteAccess community. The RemoteAccess Community Properties window appears. 2. Add participants to the pre-defined RemoteAccess Community: a. In the General Tab, Enter Object name. b. In the Participating Gateways, choose the firewall gateways you wish to use. 76 SofaWare VPN Configuration Guide
77 Configuring VPN-1 NG FP3 c. In the Participating User Groups, select All SofaWare VPN GW s d. Click OK. Note: You can choose All Users, and it will include All SofaWare VPN GW s SofaWare VPN Configuration Guide 77
78 Configuring VPN-1 NG FP3 Configure Global Properties 1. From the menu select Policy and Global Properties 2. The Global Properties page appears. 3. Select Remote Access and then VPN Basic in the tree on the left side of the dialog-box. 4. Select the Hybrid Mode (VPN-1 & Firewall-1 authentication) checkbox. 5. Click OK Rule base Note: If using Gateways version 2.0.x, it is mandatory to select also Preshared Secret Note: The If Via access rule condition means "Accept if encrypted between community members". In the example below, all services are allowed via the RemoteAccess community. 78 SofaWare VPN Configuration Guide
79 Configuring VPN-1 NG FP3 6. Install the policy on the desired gateways and profiles. Configuring gateway to NG FP3 in Site To Site mode Create a network object Note: Working with Dynamic IP s and certificates is supported. For more information, please refer to or contact support@sofaware.com. 1. Open the Check Point Policy Editor. 2. Create a Safe@ Gateway object by doing the following: a. In the Manage menu, click Network Objects. SofaWare VPN Configuration Guide 79
80 Configuring VPN-1 NG FP3 b. Click New. c. Select Network... d. The Network Properties window opens e. In the Name field type the name of the object f. In the Network Address field type the network IP address 80 SofaWare VPN Configuration Guide
81 Configuring VPN-1 NG FP3 g. In the Net Mask field type the subnet mask h. Click OK Create and Configure object 1. Open the Check Point Policy Editor. 2. Create a Safe@ Gateway object by doing the following: a. In the Manage menu, click Network Objects. The Network Objects dialog box appears. b. Click New, Check Point, and then Safe@ Gateway. c. The Safe@ Gateway properties page appears. 3. Configure the Safe@ Gateway object by doing the following: SofaWare VPN Configuration Guide 81
82 Configuring VPN-1 NG FP3 a. In the Name field, type the object s name. b. In the IP Address field, type your IP address. c. In the Type field, choose GW Type d. In the SofaWare Profile field, choose Profile e. In the Password field, enter a password, or press the Generate Password button. f. Select the VPN Enabled check box. 4. Configure Topology by doing the following: a. Select the Topology tab 82 SofaWare VPN Configuration Guide
83 Configuring VPN-1 NG FP3 b. From the Manually defined drop-down menu select the network object that represents the network protected by the gateway c. Save the object by clicking OK. Configure the Community 1. Define the Community a. Select the VPN Manager tab. b. Right-click in the VPN Manager, then from the New Community menu choose Star. Note: Meshed communities are not supported in NG FP3 with gateways The Start community Properties page appears SofaWare VPN Configuration Guide 83
84 Configuring VPN-1 NG FP3 c. In the Name field type the name of the object. Note: In order to accept encrypted traffic, the user can check the "Accept all encrypted traffic" checkbox on the community object. This will add an automatic access rule for all encrypted traffic between community members. d. Select the Central Gateways tab. e. Add the gateway object you wish to be the Central Gateway. 84 SofaWare VPN Configuration Guide
85 Configuring VPN-1 NG FP3 f. Select the Satellite Gateways tab g. Click Add... and choose the gateway object. h. Services in the Clear definitions will not effect the tunnel between and FP3. The will encrypt all traffic. i. Click on VPN Properties tab. j. Define Phase 1 and Phase 2 properties. SofaWare VPN Configuration Guide 85
86 Configuring VPN-1 NG FP3 Note: All VPN Encryption and Data Integrity combinations are allowed. In the example above Phase 1 is configured to use 3DES + MD5, and phase 2 is configured to use 3DES + SHA1. Other combinations are allowed. Note: There is no need to define Advanced Properties. Note: There is no need to define the shared secret on the community. The Safe@ password is automatically used as its shared secret in the community. k. Click OK l. The new Start community is presented in the VPN Manager tab. 86 SofaWare VPN Configuration Guide
87 Configuring VPN-1 NG FP3 Rule Base Note: The "If Via" access rule condition means "Accept if encrypted between community members." Note: In the example below, only FTP and ICMP protocols will be Encrypted via the Star_1 Community. SofaWare VPN Configuration Guide 87
Configuring Windows 2000/XP IPsec for Site-to-Site VPN
IPsec for Site-to-Site VPN November 2002 Copyright 2002 SofaWare Technologies Inc, All Rights Reserved. Reproduction, adaptation, or translation with prior written permission is prohibited except as allowed
More informationConfiguring an IPSec Tunnel between a Firebox & a Check Point FireWall-1
Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel with a WatchGuard Firebox II or Firebox III (software version 4.5 or later)
More informationConfigure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1
Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel between a WatchGuard Firebox Vclass appliance (Vcontroller version
More informationConfiguring a Check Point FireWall-1 to SOHO IPSec Tunnel
Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel This document describes the procedures required to configure an IPSec VPN tunnel between a WatchGuard SOHO or SOHO tc and a Check Point FireWall-1.
More informationCheck Point FW-1/VPN-1 NG/FP3
Check Point FW-1/VPN-1 NG/FP3 Implementation Guide Copyright Copyright 2006, CRYPTOCard Corp. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
More informationConfiguring TheGreenBow VPN Client with a TP-LINK VPN Router
Configuring TheGreenBow VPN Client with a TP-LINK VPN Router This chapter describes how to configure TheGreenBow VPN Client with a TP-LINK router. This chapter includes the following sections: Example
More informationFireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway
Fireware How To VPN How do I set up a manual branch office VPN tunnel? Introduction You use Branch Office VPN (BOVPN) with manual IPSec to make encrypted tunnels between a Firebox and a second IPSec-compliant
More informationCREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC
CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC 1 Introduction Release date: 11/12/2003 This application note details the steps for creating an IKE IPSec VPN tunnel
More informationConfiguring IPSec VPN Tunnel between NetScreen Remote Client and RN300
Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300 This example explains how to configure pre-shared key based simple IPSec tunnel between NetScreen Remote Client and RN300 VPN Gateway.
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing
More informationGNAT Box VPN and VPN Client
Technical Document TD VPN-GB-WG-02 with SoftRemoteLT from SafeNet, Inc. GTA Firewall WatchGuard Firebox Configuring an IPSec VPN with IKE GNAT Box System Software version 3.3.2 Firebox 1000 Strong Encryption
More informationGlobal VPN Client Getting Started Guide
Global VPN Client Getting Started Guide 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential
More informationWindows XP VPN Client Example
Windows XP VPN Client Example Technote LCTN0007 Proxicast, LLC 312 Sunnyfield Drive Suite 200 Glenshaw, PA 15116 1-877-77PROXI 1-877-777-7694 1-412-213-2477 Fax: 1-412-492-9386 E-Mail: support@proxicast.com
More informationConfiguring IPsec VPN with a FortiGate and a Cisco ASA
Configuring IPsec VPN with a FortiGate and a Cisco ASA The following recipe describes how to configure a site-to-site IPsec VPN tunnel. In this example, one site is behind a FortiGate and another site
More informationLab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM
Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM Objective Scenario Topology In this lab, the students will complete the following tasks: Prepare to configure Virtual Private Network (VPN)
More informationVPNC Interoperability Profile
StoneGate Firewall/VPN 4.2 and StoneGate Management Center 4.2 VPNC Interoperability Profile For VPN Consortium Example Scenario 1 Introduction This document describes how to configure a StoneGate Firewall/VPN
More informationConfiguring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0
Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0 Abstract Avaya IP Softphone R3 V2.1 now supports H.323 VoIP applications running over different
More informationScenario: IPsec Remote-Access VPN Configuration
CHAPTER 3 Scenario: IPsec Remote-Access VPN Configuration This chapter describes how to use the security appliance to accept remote-access IPsec VPN connections. A remote-access VPN enables you to create
More informationSonicWALL Check Point Firewall-1 VPN Interoperability
SonicWALL Check Point Firewall-1 VPN Interoperability A Tech Note prepared by SonicWALL, Inc. SonicWALL, Inc. 1160 Bordeaux Drive Sunnyvale, CA 94089-1209 1-888-557-6642 http://www.sonicwall.com Introduction
More informationChapter 4 Virtual Private Networking
Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between
More informationRemote Access VPN Solutions
Remote Access VPN Solutions P/N 500187 June 2000 Check Point Software Technologies Ltd. In this Document: Introduction Page 3 Remote Access VPN Defined Page 3 Business Case Page 4 Key Requirements Page
More informationHow To Industrial Networking
How To Industrial Networking Prepared by: Matt Crites Product: Date: April 2014 Any RAM or SN 6xxx series router Legacy firmware 3.14/4.14 or lower Subject: This document provides a step by step procedure
More informationScenario: Remote-Access VPN Configuration
CHAPTER 7 Scenario: Remote-Access VPN Configuration A remote-access Virtual Private Network (VPN) enables you to provide secure access to off-site users. ASDM enables you to configure the adaptive security
More informationChapter 8 Virtual Private Networking
Chapter 8 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FWG114P v2 Wireless Firewall/Print Server. VPN tunnels provide secure, encrypted
More informationUse Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W
Article ID: 5037 Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote resources by establishing
More informationHow To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip
WINXP VPN to ZyWALL Tunneling 1. Setup WINXP VPN 2. Setup ZyWALL VPN This page guides us to setup a VPN connection between the WINXP VPN software and ZyWALL router. There will be several devices we need
More informationOvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6
WL/IP-8000VPN VPN Setup Guide Version 0.6 Document Revision Version Date Note 0.1 11/10/2005 First version with four VPN examples 0.2 11/15/2005 1. Added example 5: dynamic VPN using TheGreenBow VPN client
More informationCheck Point UserAuthority Guide. Version NGX R61
Check Point UserAuthority Guide Version NGX R61 700358 January 2006 2003-2006 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright
More informationWatchGuard Mobile User VPN Guide
WatchGuard Mobile User VPN Guide Mobile User VPN establishes a secure connection between an unsecured remote host and a protected network over an unsecured network using Internet Protocol Security (IPSec).
More informationConfiguring the BIG-IP and Check Point VPN-1 /FireWall-1
Configuring the BIG-IP and Check Point VPN-1 /FireWall-1 Introducing the BIG-IP and Check Point VPN-1/FireWall-1 LB, HALB, VPN, and ELA configurations Configuring the BIG-IP and Check Point FireWall-1
More informationChapter 6 Basic Virtual Private Networking
Chapter 6 Basic Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVG318 wireless VPN firewall. VPN communications paths are called tunnels.
More informationISG50 Application Note Version 1.0 June, 2011
ISG50 Application Note Version 1.0 June, 2011 Scenario 1 - ISG50 is placed behind an existing ZyWALL 1.1 Application Scenario For companies with existing network infrastructures and demanding VoIP requirements,
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall Overview This document describes how to implement IPSec with pre-shared secrets
More informationCheckpoint 156-815. 156-815 Check Point Provider-1 NGX (v4) Practice Test. Version 2.1
Checkpoint 156-815 156-815 Check Point Provider-1 NGX (v4) Practice Test Version 2.1 QUESTION NO: 1 Two CMAs can be created for a single Customer, for High availability (HA). Which of these statements
More informationUTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...
Page 1 of 10 Question/Topic UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) in SonicOS Enhanced Answer/Article Article Applies To: SonicWALL Security
More informationCert Pro 4/17/01 2:05 AM Page 1 T HE C HECK P OINT. Certified Professional Program SECURE. www.checkpoint.com/ccpp
Cert Pro 4/17/01 2:05 AM Page 1 T HE C HECK P OINT Professional Program SECURE YOUR FUTURE www.checkpoint.com/ccpp Cert Pro 4/17/01 2:05 AM Page 2 Certify your Future Companies that select Check Point
More informationConfiguring a VPN between a Sidewinder G2 and a NetScreen
A PPLICATION N O T E Configuring a VPN between a Sidewinder G2 and a NetScreen This document explains how to create a basic gateway to gateway VPN between a Sidewinder G 2 Security Appliance and a Juniper
More informationHOWTO: How to configure IPSEC gateway (office) to gateway
HOWTO: How to configure IPSEC gateway (office) to gateway How-to guides for configuring VPNs with GateDefender Integra Panda Security wants to ensure you get the most out of GateDefender Integra. For this
More informationAstaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client
Astaro Security Gateway V8 Remote Access via L2TP over IPSec Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If
More informationCheckPoint Software Technologies LTD. How to Install and Configure SecureClient and SecureServer
CheckPoint Software Technologies LTD. How to Install and Configure SecureClient and SecureServer Event: Partner Exchange Conference Date: October 19, 1999 Revision 1.0 Author: Richard Devera, Southern
More informationTechNote. Configuring SonicOS for Amazon VPC
Network Security SonicOS Contents Overview... 1 System or Network Requirements / Prerequisites... 3 Deployment Considerations... 3 Configuring Amazon VPC with a Policy-Based VPN... 4 Configuring Amazon
More informationVPN Wizard Default Settings and General Information
1. ProSecure UTM Quick Start Guide This quick start guide describes how to use the IPSec VPN Wizard to configure IPSec VPN tunnels on the ProSecure Unified Threat Management (UTM) Appliance. The IP security
More informationConfigure VPN between ProSafe VPN Client Software and FVG318
Configure VPN between ProSafe VPN Client Software and FVG318 The following configuration is tested with: NETGEAR FVG318 with firmware version 1.0.41 NETGEAR ProSafe VPN Client Software version 10.5.1 Configure
More informationStep-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab
Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab Microsoft Corporation Published: May, 2005 Author: Microsoft Corporation Abstract This guide describes how to create
More informationTechNote. Configuring SonicOS for MS Windows Azure
Network Security SonicOS Contents Overview...1 Deployment Considerations...2 Supported Platforms...2 Configuring a Policy-Based VPN...2 Configuring a Route-Based VPN...17 Overview This TechNote details
More informationThis topic discusses Cisco Easy VPN, its two components, and its modes of operation. Cisco VPN Client > 3.x
Configuring Remote-Access VPNs via ASDM Created by Bob Eckhoff This white paper discusses the Cisco Easy Virtual Private Network (VPN) components, modes of operation, and how it works. This document also
More informationIntegrate Check Point Firewall
Integrate Check Point Firewall EventTracker Enterprise Publication Date: Oct.26, 2015 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The purpose of this document is
More informationSTONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE
STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE V IRTUAL PRIVATE NETWORKS C ONTENTS Introduction to the Scenarios... 3 Scenario 1: Gateway-to-Gateway With Pre-Shared Secrets... 3 Configuring
More informationIf you have questions or find errors in the guide, please, contact us under the following e-mail address:
1. Introduction... 2 2. Remote Access via PPTP... 2 2.1. Configuration of the Astaro Security Gateway... 3 2.2. Configuration of the Remote Client...10 2.2.1. Astaro User Portal: Getting Configuration
More informationVPN. VPN For BIPAC 741/743GE
VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,
More informationConfigure IPSec VPN Tunnels With the Wizard
Configure IPSec VPN Tunnels With the Wizard This quick start guide provides basic configuration information about setting up IPSec VPN tunnels by using the VPN Wizard on the ProSafe Wireless-N 8-Port Gigabit
More informationHow do I set up a branch office VPN tunnel with the Management Server?
Fireware How To VPN How do I set up a branch office VPN tunnel with the Management Server? Introduction Using the WatchGuard Management Server, you can make fully authenticated and encrypted IPSec tunnels
More informationCreate a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance
Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance This article will easily explain how to configure your Apple ipad, iphone or ipod Touch
More informationChapter 8 Lab B: Configuring a Remote Access VPN Server and Client
Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client Topology Note: ISR G2 devices have Gigabit Ethernet interfaces instead of FastEthernet Interfaces. All contents are Copyright 1992 2012
More informationAdvanced VPN Concepts and Tunnel Monitoring
Chapter 5 Advanced VPN Concepts and Tunnel Monitoring Solutions in this chapter: Encryption Overview VPN Communities Policy-Based VPN Route-Based VPN Summary Solutions Fast Track Frequently Asked Questions
More informationFireware How To Network Configuration
Fireware How To Network Configuration How do I configure the external interface of my Firebox? Introduction Most users configure the Firebox interfaces when they use the Quick Setup Wizard to create a
More informationVPN Tracker for Mac OS X
VPN Tracker for Mac OS X How-to: Interoperability with Check Point VPN-1 Gateway Rev. 3.0 Copyright 2003-2004 equinux USA Inc. All rights reserved. 1. Introduction 1. Introduction This document describes
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationNetopia 3346. TheGreenBow IPSec VPN Client. Configuration Guide. http://www.thegreenbow.com. support@thegreenbow.com
TheGreenBow IPSec VPN Client Configuration Guide Netopia 3346 WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com IPSec VPN Router Configuration Property of TheGreenBow Sistech SA - Sistech
More informationCreating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client
A P P L I C A T I O N N O T E Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client This application note describes how to set up a VPN connection between a Mac client and a Sidewinder
More informationRoute Based Virtual Private Network
Route Based Virtual Private Network Document Scope This solutions document provides details about Route Based Virtual Private Network (VPN) Technology, its advantages, and procedures to configure a Route
More informationVNS3 to Cisco ASA Instructions. ASDM 9.2 IPsec Configuration Guide
VNS3 to Cisco ASA Instructions ASDM 9.2 IPsec Configuration Guide 2016 Site-to-Site IPsec Tunnel IPsec protocol allows you to securely connect two sites together over the public internet using cryptographically
More informationNokia Mobile VPN How to configure Nokia Mobile VPN for Cisco ASA with PSK/xAuth authentication
Nokia Mobile VPN How to configure Nokia Mobile VPN for Cisco ASA with PSK/xAuth authentication Table of Contents Introduction... 3 Internal address pool configuration... 4 Creating VPN policies... 7 Creating
More informationBasic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation
Basic ViPNet VPN Deployment Schemes Supplement to ViPNet Documentation 1991 2015 Infotecs Americas. All rights reserved. Version: 00121-04 90 01 ENU This document is included in the software distribution
More informationCHECK POINT. Software Blade Architecture. Secure. Flexible. Simple.
CHECK POINT Software Blade Architecture Secure. Flexible. Simple. softwareblades from Check Point Today s Security Challenge Protecting networks against today s constantly evolving threat environment has
More informationSophos UTM. Remote Access via PPTP. Configuring UTM and Client
Sophos UTM Remote Access via PPTP Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without
More informationUsing Microsoft Active Directory for Checkpoint NG AI SecureClient
Using Microsoft Active Directory for Checkpoint NG AI SecureClient Dave Crowfoot www.works4me.com dave@works4me.com This is the solution that I came up with to utilize MS Active directory to authenticate
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing
More informationIntegrity Advanced Server Gateway Integration Guide
Integrity Advanced Server Gateway Integration Guide 1-0273-0650-2006-03-09 Editor's Notes: 2006 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application Intelligence, Check
More informationHow To Configure An Ipsec Tunnel On A Network With A Network Gateways (Dfl-800) On A Pnet 2.5V2.5 (Dlf-600) On An Ipse 2.0.5 Vpn
- Network topology WAN IP: 9.68.0.3/4 DFL-800 LAN IP: 9.68.3./4 WAN Static IP: 9.68.0.4/4 Remote LAN Internal LAN IP: 9.68.3.0/4 DFL-600 LAN IP: 9.68../4 PC IP: 9.68.3.00/4 Internal LAN IP: 9.68..0/4 PC
More informationDI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide This guide will show how to configure a Windows 2000/XP machine to make an IPsec VPN Tunnel connection to a DI-804HV. Below is the example
More informationZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004
ZyWALL 5 Internet Security Appliance Quick Start Guide Version 3.62 (XD.0) May 2004 Introducing the ZyWALL The ZyWALL 5 is the ideal secure gateway for all data passing between the Internet and the LAN.
More informationTechnical Notes TN 1 - ETG 3000. FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?
FactoryCast Gateway TSX ETG 3021 / 3022 modules How to Setup a GPRS Connection? 1 2 Table of Contents 1- GPRS Overview... 4 Introduction... 4 GPRS overview... 4 GPRS communications... 4 GPRS connections...
More informationCompiled By: Chris Presland v1.0. 29 th September. Revision History Phil Underwood v1.1
Compiled By: Chris Presland v1.0 Date 29 th September Revision History Phil Underwood v1.1 This document describes how to integrate Checkpoint VPN with SecurEnvoy twofactor Authentication solution called
More informationVPN L2TP Application. Installation Guide
VPN L2TP Application Installation Guide 1 Configuring a Remote Access L2TP VPN Dial-in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter (included
More informationAstaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client
Astaro Security Gateway V8 Remote Access via SSL Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If you are not
More informationChapter 5 Virtual Private Networking Using IPsec
Chapter 5 Virtual Private Networking Using IPsec This chapter describes how to use the IPsec virtual private networking (VPN) features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to provide
More informationVPN SECURITY POLICIES
TECHNICAL SUPPORT NOTE Introduction to the VPN Menu in the Web GUI Featuring ADTRAN OS and the Web GUI Introduction This Technical Support Note shows the different options available in the VPN menu of
More informationGlobal VPN Client Getting Started Guide
Global VPN Client Getting Started Guide PROTECTION AT THE SPEED OF BUSINESS Introduction The SonicWALL Global VPN Client creates a Virtual Private Network (VPN) connection between your computer and the
More informationnappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.
nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances The information contained in this document represents the current view of Microsoft Corporation on the issues discussed
More informationVPNC Interoperability Profile
VPNC Interoperability Profile Valid for Barracuda NG Firewall 5.0 Revision 1.1 Barracuda Networks Inc. 3175 S. Winchester Blvd Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2010,
More informationHow to setup a VPN on Windows XP in Safari.
How to setup a VPN on Windows XP in Safari. If you want to configure a VPN connection from a Windows XP client computer you only need what comes with the Operating System itself, it's all built right in.
More informationWhy Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs
Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs P/N 500205 July 2000 Check Point Software Technologies Ltd. In this Document: Introduction Page 1 Integrated VPN/firewall Page 2 placed
More informationVirtual Private Network and Remote Access Setup
CHAPTER 10 Virtual Private Network and Remote Access Setup 10.1 Introduction A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks
More informationConnecting Remote Offices by Setting Up VPN Tunnels
Connecting Remote Offices by Setting Up VPN Tunnels Cisco RV0xx Series Routers Overview As your business expands to additional sites, you need to ensure that all employees have access to the network resources
More informationHow to configure VPN function on TP-LINK Routers
How to configure VPN function on TP-LINK Routers 1. VPN Overview... 2 2. How to configure LAN-to-LAN IPsec VPN on TP-LINK Router... 3 3. How to configure GreenBow IPsec VPN Client with a TP-LINK VPN Router...
More informationConfiguring IPsec VPN between a FortiGate and Microsoft Azure
Configuring IPsec VPN between a FortiGate and Microsoft Azure The following recipe describes how to configure a site-to-site IPsec VPN tunnel. In this example, one site is behind a FortiGate and another
More informationStateful Inspection Technology
White Paper Stateful Inspection Technology The industry standard for enterprise-class network security solutions Check Point protects every part of your network perimeter, internal, Web to keep your information
More informationConfiguring a VPN for Dynamic IP Address Connections
Configuring a VPN for Dynamic IP Address Connections Summary A Virtual Private Network (VPN) is a virtual private network that interconnects remote (and often geographically separate) networks through
More informationVPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets
VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication. Figure 4-5: VPN Consortium Scenario
More informationLaboratory Exercises V: IP Security Protocol (IPSec)
Department of Electronics Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture (FESB) University of Split, Croatia Laboratory Exercises V: IP Security Protocol (IPSec) Keywords:
More informationNetgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall
Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall This document is a step-by-step instruction for setting up VPN between Netgear ProSafe VPN firewall (FVS318 or FVM318) and Cisco PIX
More informationHow to configure VPN function on TP-LINK Routers
How to configure VPN function on TP-LINK Routers 1. VPN Overview... 2 2. How to configure LAN-to-LAN IPsec VPN on TP-LINK Router... 3 3. How to configure GreenBow IPsec VPN Client with a TP-LINK VPN Router...
More informationVPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets
VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication. Figure 4-5: VPN Consortium Scenario
More informationThis chapter describes how to set up and manage VPN service in Mac OS X Server.
6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure
More informationCyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm
Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm Document Version:2.0-12/07/2007 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be
More informationStep By Step Guide: Demonstrate DirectAccess in a Test Lab
Step By Step Guide: Demonstrate DirectAccess in a Test Lab Microsoft Corporation Published: May 2009 Updated: October 2009 Abstract DirectAccess is a new feature in the Windows 7 and Windows Server 2008
More informationMcAfee Firewall Enterprise 8.2.1
Configuration Guide FIPS 140 2 Revision A McAfee Firewall Enterprise 8.2.1 The McAfee Firewall Enterprise FIPS 140 2 Configuration Guide, version 8.2.1, provides instructions for setting up McAfee Firewall
More informationFirewall Troubleshooting
Firewall Troubleshooting (Checkpoint Specific) For typical connectivity issues where a firewall is in question follow these steps to eliminate any issues relating to the firewall. Firewall 1. From the
More informationIPSec Pass through via Gateway to Gateway VPN Connection
IPSec Pass through via Gateway to Gateway VPN Connection 1. Connection 2 In the diagram depicted below, the left side router represents the SME200/SME100/SME50 in HQ and right side represents the PC installed
More information