NAC Guest. Lab Exercises
|
|
- Christiana Lester
- 7 years ago
- Views:
Transcription
1 NAC Guest Lab Exercises November 25 th, 2008
2 2 Table of Contents Introduction... 3 Logical Topology... 4 Exercise 1 Verify Initial Connectivity... 6 Exercise 2 Provision Contractor VPN Access... 7 Exercise 3 Setup NAC for Contractor Access Exercise 4 Setup & Integrate NAC Guest Server Appendix A Answers to Exercise Questions Appendix B Common Issues/Gotchas... 33
3 3 Introduction ACME was completely satisfied with the previous NAC implementation work you provided and has contacted you for follow-on professional services work. To recap, you implemented NAC appliance with Single Sign On (SSO) to existing Active Directory credentials for VPN users. These users were checked to determine if they had Anti-Virus software installed and were using ACME issued devices. Non-compliant devices were provided with automatic remediation from the NAC manager. You suggested using Cisco ACS and IETF standards based RADIUS to provide both authentication and accounting as well as supplied them with a sample of the RADIUS accounting information that would be created. The follow-on project is to allow temporary guest access for contractors via VPN. You called an additional design meeting where it was decided that contractors would be required to install the Cisco AnyConnect VPN Client (AVC) and some type of antivirus software. Contractors only require access to a specific web based application and should be prevented from consuming too much bandwidth. You explained that there are multiple Guest options for NAC Appliance and the customer may want to consider the functionality of each. You will install a pilot with AVC using the built in guest functionality and guest server. NAC Appliance will be used to validate the posture of the contractor workstation and limit their access and bandwidth usage.
4 4 Logical Topology The diagram below depicts the logical L3 topology of the network that will be used in this lab. Please note that the UserPCs and Servers are VMWare images and that if you use shutdown you will loose all changes. Please ensure that you use restart, when needed. Unless otherwise specified, userids are administrator and passwords are cisco123 all in lower case. The default VNC password is cisco123. Firewall Outside VLAN /24.50 User PC 2 Win200 Pro SP4.254 outside (0) e0/0 Network Management VLAN / NAC-Server Inband VPN.1 fa0/ e0/1 inside (100) Fa X-over cable Server Bypass Firewall Inside NAC Untrusted VLAN /24 Firewall Inside NAC Trusted VLAN /24 Bridged Security Services VLAN /24.33 fa0/ NAC-Manager MAC Agent Win Agent Web Agent ACS 4.1 Win 2k DC DNS DHCP IIS Syslog fa0/ fa0/ Windows Servers VLAN /24 User PC 1 Win200 Pro SP4.50 Client Stations VLAN /24 NOTE: You may want to re-read the Introduction because there are several items that need done from the original statement of work.
5 5 Disclaimer This lab is intended to be a simple sample of one way to configure NAC in-band for VPN with NAC Guest Server. There are many ways NAC can be configured which vary depending on the situation and customer requirements. Please ensure that you consult all current Cisco documentation before proceeding with a design or installation. This Lab is primarily intended to be a learning tool and may not necessarily follow best practices. Documentation for NAC can be found on CCO: Additional training materials can be found on CCO under the Partner E-Learning Connection / PEC as follows; (requires a CCO Login): (From this location select Technologies, then All Offerings next to Security. Enter NAC in the keywords box and click search to see available NAC offerings) Version information is as follows: The labs were constructed using the following software version NAC Manager NAC Server NAC Windows Agent NAC Web Agent NAC Guest Server ACS (build12) ASA 8.0.2
6 6 Exercise 1 Verify Initial Connectivity Access UserPC1 and ping the following (note that UserPC1 belongs to the Wile E. Coyote): UserPC1 Default gateway Windows DC ASA Firewall Inside interface Access UserPC2 and Ping the following (note that UserPC2 belongs to the Contractor): Outside interface of the ASA If you have successfully completed theses connectivity test please continue. If not, troubleshoot your lab to identify and resolve any issues before proceeding. As in the real world, it is essential to verify the state of the network prior to starting an implementation! Q1.1: Do you agree with base-lining the network? Why/Why not?
7 7 Exercise 2 Provision Contractor VPN Access In this section you will set up SSL VPN on the ASA using the AnyConnect VPN Client and a single internal userid on the ASA. Recall that access will be controlled by the NAC infrastructure and posture will be assessed using the web agent on the contractor PC. Provisioning of temporary contractor login IDs in the NAC infrastructure will be done in subsequent steps. Section 1 - Set up ASA for AVC Access the Cisco ASDM Launcher from UserPC1 and login to the ASA (Device IP: ; Username administrator; Password: cisco123). Navigate to the Configuration tab, click on the Remote Access VPN button, and then expand the Network (Client) Access section. Select AnyConnect Connection Profile.
8 8 From here, select the Add button to add a new connection profile. Name the new profile Contractor-AVC and give it an alias of contractor. Next select the manage option for the DfltGrpPolicy to open the window and create a new group policy.
9 9 From this new window select Add and name the new group policy contractor, uncheck Inherit for both the Banner and Address Pools. Set the banner to Welcome Contractor and then click on Select to create a new address pool. Once Select is clicked the following window will appear: From the Select Address Pool window click on Add and add a new pool with the following info:
10 10 Name: contractor-avc-pool1 Starting IP Address: Ending IP Address: Subnet Mask: Note: You previously added a static route in the NAC Server for the /24 subnet pointing at the inside address of the ASA. This is the subnet that the customer had reserved for their VPN pools. Since there are still available addresses in this pool that we are using for the AVC, you do not need to update the route in the NAC Server. If you had added new addresses, you would have had to add a static route for the new range.
11 11 After entering the information into the Add IP Pool window and click OK. From here select the new pool and click on Assign and then click OK. Ensure that the new address pool now shows as the selected Address Pool. Expand the More Options section and uncheck the Inherit box next to Tunneling Protocols and Simultaneous Logins and fill in the following information: Tunneling Protocols: SSL VPN Client Simultaneous Logins: 10
12 12 Click OK on the Configure Group Policy window, the Configure Group Polices window, and the Add SSL VPN Connection Profile window. This will return to the following ASDM window. At this point you are ready to enable SSL VPN Access on an external interface. Click on the Enable Cisco AnyConnect VPN check box in the Access Interfaces section. This will result in a popup asking you to designate an AnyConnect image.
13 13 Click Yes and then click Browse Flash to select the Windows AnyConnect image (anyconnect-win k9.pkg). Click OK and then OK again to return to the main ASDM screen. Now click Allow Access on the outside interface to allow AVC on this interface. Apply when finished. Q2.1: What have we configured so far?
14 14 Next you will need to add the internal userid for the contractor into the ASA. Expand the AAA/Local Users item in the tree and select then Local Users. Click Add and set the username and password as follows. Also, click the bullet next to No ASDM, SSH, Telnet or Console access under the Access Restriction section. Username: contractor Password: cisco123 Access Restriction: No ASDM, SSH, Telnet or Console access
15 15 Next select VPN Policy, from the left side column. Unselect Inherit for the Group Policy and choose contractor from the drop down box. Click OK when done. After clicking OK on the Add User Account window above you should be returned to main ASDM screen. Apply and Save the configuration to the ASA.
16 16 Section 2 Test Access from Contractor PC Access UserPC2 and login (VNC Password: cisco123; username: administrator; password: cisco123) Open a web browser and browse to the outside interface of the Firewall: Proceed at the Security Alert and enter the userid of contractor and password of cisco123 on the login screen. Click Login. You should be presented with the following screen:
17 17 Click Continue and the AVC installer should start. If you are prompted, accept the certificate and continue. Install and connect screens are shown below:
18 18 After connecting with the AVC, look at the AnyConnect VPN Client by double clicking the AVC icon in the system tray. Verify your IP address to ensure it came from the VPN pool as you configured it. At this point you are connected to the network as a contractor.
19 19 Q2.2: What can you reach and Why/Why not? Q2.3: What do we need to do next?
20 20 Exercise 3 Setup NAC for Contractor Access At this point you are now ready to build the contractor role within the NAC environment and set up the restrictions as per the customer s specifications. As you recall, the customer would like to have the contractor s access restricted to only allow http access to the intranet web server as well as restrict the bandwidth for the entire contractor group. Section 1 Create the Contractor Role and Set its Restrictions Access the NAC Manager Configuration screen from UserPC1 and login. To do this, click on the Internet explorer icon on the desktop. From the IE home page, select the CAM / NAC Manager link and login with the credentials admin / cisco123. Navigate to User Roles in the User Management pane. Add a new role called contractor and set the description. Also, set the Max Sessions per User Account to 20 and take the defaults for the remaining items. Click Create Role.
21 21 Now click the Policies link for the new contractor role you just created. Add a policy to the contractor role by clicking Add Policy. (Note: The contractor role is preselected for you.)
22 22 Now set it up to only allow http to the intranet web server at :80 Next, add a Bandwidth policy to restrict the bandwidth for the contractor role. Click the Bandwidth tab then click the Edit icon associated with the contractor role. Set the Upstream Bandwidth and Downstream Bandwidth each to 100. Set the Burstable Traffic to 10 and give this policy a description.
23 23 Now add an internal userid called testcontractor and set the password to cisco123. To do so navigate to Local Users under the User Management pane, then select the Local Users tab, and the New sub-tab. Place this user in the contractor role and click Create User. At this point you are ready to test. Before testing answer the following questions: Q3.1: Can the contractor connect to the intranet web server now? Why/Why not? Q3.2: What are the role requirements for the new Contractor role? From UserPC2 attempt access the intranet website ( The contractors don t have SSO so you ll be redirected on the NAC and asked to login. Login with the test credentials you just created (testcontractor/cisco123) to view the intranet s website. Q3.3: Is this what you expected?
24 24 Exercise 4 Setup & Integrate NAC Guest Server The final step to completing the guest access options for you customer is to install and integrate the NAC Guest Server. This will enable employees to add guest accounts on the fly. They will do this through the guest server web interface, instead of adding them to the NAC infrastructure like we did for the testcontractor or allowing contractors to enter their own credentials. Section 1 Initial set up of Guest Server Bootstrap guest server. NOTE: Already done. This process is similar to NAC Manager and NAC Server. Access guest server admin interface to complete initial configuration from UserPC1 s web browser; userid: administrator password: cisco123
25 25 Next add a sponsor account by navigating to Authentication > Sponsors > Local User Database tab. Click on Add user to add the sponsor account. Wile E. Coyote will be the Lobby Ambassador that will build the guest accounts. Set the username to wecoyote with a password of cisco123 and add Wile s address of wecoyote@acme.com. Click on Add User.
26 26 Next add the definition for the NAC Server by navigating to Devices > NAC Appliance and clicking on Add NAC Appliance. Now add the definitions for the NAC Manager. Name: NAC Manager Address: Admin Username: administrator Password: cisco123 Role: contractor
27 27 Click Add NAC Manager. Now test the connectivity to the NAC Manager by selecting the Test Connection button. A NAC test account will be added and then deleted. Note: If you want to see if this really happened in the NAC Manager, go check the Monitoring > Event Logs and you will see the creation/deletion of a test user. Next, setup functionality by going to Devices > Settings and entering the following information: Enable Yes SMTP Server: Sent From Address: guestserver@acme.com
28 28 Click Save Settings. Note: This will require a restart. Execute the restart using the Restart button after saving the settings. Logout of the administrative interface and log into the sponsor interface by navigating to and logging in with the account created above which should have been userid of wecoyote with a password of cisco123. You will know you are on the right page is the screen display Cisco NAC Guest Server and not Cisco NAC Guest Server Administration. Next test the functionality by adding a guest account for the Road Runner, who is now a contractor using SSL VPN, to log in. Navigate to User Accounts > Create and add the user s info: First Name: Road Last Name: Runner Company: Road Runner Contracting Address: rrunner@acme.com Note the time ranges. Take the defaults for now but can you see how to control this user s access to the customer s network? Click Add User.
29 29 After Adding the Account you should see the following screen indicating the account was successfully created. Ensure that you capture the username and password which will be used later in the lab. In a production environment, this information can be printed or sent via or sms text message.
30 30 On UserPC1 navigate back to the NAC Manager and login if required (admin / cisco123) Remove active users from the Online Users list in the NAC Manager by navigating to Monitoring > Online Users and selecting Kick Users. On UserPC2 attempt to access the test web server at When prompted for credentials, enter the new Guest account you just created and click Continue. The username is rrunner@acme.com and the password was randomly generated by the Guest Server.
31 31 As a final check, take a look at the local users in the NAC Manager by browsing to User Manager, Local Users. After selecting the Local Users tab, you should see rrunner@acme.com with a Description of Created using API. This completes the basic setup and testing of the Guest Server. Congratulations, this concludes the lab exercises!
32 32 Appendix A Answers to Exercise Questions Q1.1: Do you agree with base-lining the network? Why/Why not? Always baseline a network so you understand what works/doesn t work BEFORE you start. How can you know if you solved a problem if you don t know what the state of the situation was before you started? Q2.1: What have we configured so far? AnyConnect VPN on the ASA for contractor access. Q2.2: What can you reach and Why/Why not? Though the contractor has established a VPN through ACME s ASA they have not gone through the NAC Server. Therefore the contractor is stuck on the untrusted side. This means that until they authenticate through NAC they will have no access to the intranet. The only things reachable (i.e. pingable) are (the ASA) and (the NAC Server). Q2.3: What do we need to do next? Since there currently is no Contractor role in NAC the contractor cannot pass through the NAC Server. If this was Road Runner attempting to connect, say from his home PC, he would not be able to connect either. Though Road Runner may be able to login and his PC may even have clamwin installed, his PC would still fail the hidden registry check. (Again, assuming this was his home PC and it didn t have the registry value.) Q3.1: Can the contractor connect to the intranet web server now? Why/Why not? Yes the contractor can authenticate at the NAC Server and be assigned a role (the Contractor role) which has permissions to contact the intranet web server on port 80. Q3.2: What are the role requirements for the new Contractor role? Currently there are no requirements associated with the Contractor role. Q3.3: Is this what you expected? Since the contractor s credentials associate to the Contractor role and that role does permit port 80 access to the intranet web server, then yes, this behavior is expected.
33 33 Appendix B Common Issues/Gotchas 1. Remember to use caution during the initial configuration of the NAC Server to ensure that the untrusted interface is not connected to the network. This could result in spanning-tree issues until the configuration is complete. 2. The NAC Manager cannot be on the NAC Server s trusted VLAN. Therefore always setup a VLAN further in the intranet for the NAC Manager. 3. NAC Server doesn t auto negotiate a trunk port. Remember you ll need to hard code the dot1q trunking on the switch port, if require are trunking to the NAC Server. 4. As a safety precaution, set the native VLAN on the trunk ports going to the NAC Server to non-existent (and different) VLANs. 5. If using FQDN for the NAC appliances and using signed certificates make sure that DNS is not broken for the authenticating users using the NAC Agent. (For example, when programming the Discovery Host on the NAC Manager and using a server name instead of IP address.) 6. Remember to create the default login page.
INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505
INTEGRATION GUIDE DIGIPASS Authentication for Cisco ASA 5505 Disclaimer DIGIPASS Authentication for Cisco ASA5505 Disclaimer of Warranties and Limitation of Liabilities All information contained in this
More informationConfiguring SSL VPN on the Cisco ISA500 Security Appliance
Application Note Configuring SSL VPN on the Cisco ISA500 Security Appliance This application note describes how to configure SSL VPN on the Cisco ISA500 security appliance. This document includes these
More informationChapter 8 Lab B: Configuring a Remote Access VPN Server and Client
Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client Topology Note: ISR G2 devices have Gigabit Ethernet interfaces instead of FastEthernet Interfaces. All contents are Copyright 1992 2012
More informationUniversity of Central Florida UCF VPN User Guide UCF Service Desk
University of Central Florida UCF VPN User Guide UCF Service Desk Table of Contents UCF VPN... 1 Cisco AnyConnect SSL Client... 2 Installation... 2 Starting New Sessions... 4 Ending a VPN Session... 5
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationF-SECURE MESSAGING SECURITY GATEWAY
F-SECURE MESSAGING SECURITY GATEWAY DEFAULT SETUP GUIDE This guide describes how to set up and configure the F-Secure Messaging Security Gateway appliance in a basic e-mail server environment. AN EXAMPLE
More informationSetting Up Scan to SMB on TaskALFA series MFP s.
Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and
More informationStep by step guide to implement SMS authentication to Cisco ASA 5500 - Clientless SSL VPN and Cisco VPN
Installation guide for securing the authentication to your Cisco ASA 5500 Clientless SSL VPN and Cisco VPN Client Solutions with the Nordic Edge One Time Password Server, delivering strong authentication
More informationSSL-VPN 200 Getting Started Guide
Secure Remote Access Solutions APPLIANCES SonicWALL SSL-VPN Series SSL-VPN 200 Getting Started Guide SonicWALL SSL-VPN 200 Appliance Getting Started Guide Thank you for your purchase of the SonicWALL SSL-VPN
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationWorkspot Configuration Guide for the Cisco Adaptive Security Appliance
Workspot Configuration Guide for the Cisco Adaptive Security Appliance Workspot, Inc. 1/27/2015 Cisco ASA and Workspot Overview The Cisco Adaptive Security Appliance (ASA) provides organizations with secure,
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationTest Case 3 Active Directory Integration
April 12, 2010 Author: Audience: Joe Lowry and SWAT Team Evaluator Test Case 3 Active Directory Integration The following steps will guide you through the process of directory integration. The goal of
More informationApache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific
Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide
More informationASA 8.x: VPN Access with the AnyConnect VPN Client Using Self Signed Certificate Configuration Example
ASA 8.x: VPN Access with the AnyConnect VPN Client Using Self Signed Certificate Configuration Example Document ID: 99756 Contents Introduction Prerequisites Requirements Components Used Conventions Background
More informationWiNG5 CAPTIVE PORTAL DESIGN GUIDE
WiNG5 DESIGN GUIDE By Sriram Venkiteswaran WiNG5 CAPTIVE PORTAL DESIGN GUIDE June, 2011 TABLE OF CONTENTS HEADING STYLE Introduction To Captive Portal... 1 Overview... 1 Common Applications... 1 Authenticated
More informationHow to Configure an Initial Installation of the VMware ESXi Hypervisor
How to Configure an Initial Installation of the VMware ESXi Hypervisor I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will not provide
More informationD-Link Central WiFiManager Configuration Guide
Table of Contents D-Link Central WiFiManager Configuration Guide Introduction... 3 System Requirements... 3 Access Point Requirement... 3 Latest CWM Modules... 3 Scenario 1 - Basic Setup... 4 1.1. Install
More information6.0. Getting Started Guide
6.0 Getting Started Guide Netmon Getting Started Guide 2 Contents Contents... 2 Appliance Installation... 3 IP Address Assignment (Optional)... 3 Logging In For the First Time... 5 Initial Setup... 6 License
More informationUsing a VPN with Niagara Systems. v0.3 6, July 2013
v0.3 6, July 2013 What is a VPN? Virtual Private Network or VPN is a mechanism to extend a private network across a public network such as the Internet. A VPN creates a point to point connection or tunnel
More informationUse Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W
Article ID: 5037 Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote resources by establishing
More informationSSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.
Contents Introduction... 2 Prepare Work PC for Remote Desktop... 4 Add VPN url as a Trusted Site in Internet Explorer... 5 VPN Client Installation... 5 Starting the VPN Application... 6 Connect to Work
More informationConfiguring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication
Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication This application note describes how to authenticate users on a Cisco ISA500 Series security appliance. It includes these
More informationDevice Interface IP Address Subnet Mask Default Gateway
Felix Rohrer Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway S1 VLAN 99 192.168.99.11 255.255.255.0 192.168.99.1 S2 VLAN 99 192.168.99.12 255.255.255.0 192.168.99.1
More informationUsing SonicWALL NetExtender to Access FTP Servers
SSL-VPN Using SonicWALL NetExtender to Access FTP Servers Problem: Using NetExtender to access an FTP Server on the LAN segment of a SonicWALL PRO 4060. Solution: Perform the following setup steps. Step
More informationVirtual Appliance for VMware Server. Getting Started Guide. Revision 2.0.2. Warning and Disclaimer
Virtual Appliance for VMware Server Getting Started Guide Revision 2.0.2 Warning and Disclaimer This document is designed to provide information about the configuration and installation of the CensorNet
More informationDeploying Secure Internet Connectivity
C H A P T E R 5 Deploying Secure Internet Connectivity This chapter is a step-by-step procedure explaining how to use the ASDM Startup Wizard to set up the initial configuration for your ASA/PIX Security
More informationIIS, FTP Server and Windows
IIS, FTP Server and Windows The Objective: To setup, configure and test FTP server. Requirement: Any version of the Windows 2000 Server. FTP Windows s component. Internet Information Services, IIS. Steps:
More informationScenario: IPsec Remote-Access VPN Configuration
CHAPTER 3 Scenario: IPsec Remote-Access VPN Configuration This chapter describes how to use the security appliance to accept remote-access IPsec VPN connections. A remote-access VPN enables you to create
More informationConfiguring a BEC 7800TN Wireless ADSL Modem
Configuring a BEC 7800TN Wireless ADSL Modem Setting Up the PC Logging into BEC Configuring Wireless Setup Setup Static IP Setup Main Port Finished Firmware Update ATTENTION! Before the modem is programmed
More informationExternal Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale Reading
More informationConfiguring PA Firewalls for a Layer 3 Deployment
Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step
More informationManagement Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.
Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of
More informationManaged Security Web Portal USER GUIDE
Managed Security Web Portal USER GUIDE CONTENTS 1.0 Introduction 4 2.0 Login 4 3.0 Portal Layout 4 3.1 Home Tab 5 3.2 Web Filtering Tab 5 3.3 SSL VPN Users Tab 6 4.0 Web Filtering Administration 7 4.1
More informationAbstract. Avaya Solution & Interoperability Test Lab
Avaya Solution & Interoperability Test Lab Application Notes for Configuring a Virtual Private Network (VPN) for Avaya IP Office using the Edgewater Networks EdgeMarc 4500 VoIP VPN Appliance - Issue 1.0
More informationChapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
More informationPineApp Surf-SeCure Quick
PineApp Surf-SeCure Quick Installation Guide September 2010 WEB BASED INSTALLATION SURF-SECURE AS PROXY 1. Once logged in, set the appliance s clock: a. Click on the Edit link under Time-Zone section.
More informationObjectives. Background. Required Resources. CCNA Security
Chapter 8 Lab B, Configuring a Remote Access VPN Server and Client Topology IP Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 FA0/1 192.168.1.1 255.255.255.0 N/A
More informationUsing Cisco UC320W with Windows Small Business Server
Using Cisco UC320W with Windows Small Business Server This application note explains how to deploy the Cisco UC320W in a Windows Small Business Server environment. Contents This document includes the following
More informationDIGIPASS Authentication for Cisco ASA 5500 Series
DIGIPASS Authentication for Cisco ASA 5500 Series With IDENTIKEY Server 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 20 Disclaimer Disclaimer of Warranties and Limitations
More informationHow to Configure the Cisco UC500 for use with Integra Telecom SIP Solutions
How to Configure the Cisco UC500 for use with Integra Telecom SIP Solutions Overview: This document provides a reference for configuration of the Cisco UC500 IP PBX to connect to Integra Telecom SIP Trunks.
More informationUsing a VPN with CentraLine AX Systems
Using a VPN with CentraLine AX Systems User Guide TABLE OF CONTENTS Introduction 2 What Is a VPN? 2 Why Use a VPN? 2 How Can I Set Up a VPN? 2 Important 2 Network Diagrams 2 Network Set-Up with a VPN 2
More informationSevOne NMS Download Installation and Implementation Guide
SevOne NMS Download Installation and Implementation Guide 5.3.X 530 V0002 Contents 1. Get Started... 3 2. SevOne Download Installation... 6 3. Appliance Network Configuration... 9 4. Install License and
More informationLab 6.2.12a Configure Remote Access Using Cisco Easy VPN
Lab 6.2.12a Configure Remote Access Using Cisco Easy VPN Objective Scenario Topology In this lab, the students will complete the following tasks: Enable policy lookup via authentication, authorization,
More informationDIS VPN Service Client Documentation
DIS VPN Service Client Documentation Background ------------------------------------------------------------------------------------------------ 1 Downloading the Client ---------------------------------------------------------------------------------
More informationV310 Support Note Version 1.0 November, 2011
1 V310 Support Note Version 1.0 November, 2011 2 Index How to Register V310 to Your SIP server... 3 Register Your V310 through Auto-Provision... 4 Phone Book and Firmware Upgrade... 5 Auto Upgrade... 6
More informationChapter 6 Virtual Private Networking Using SSL Connections
Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide
More informationClientless SSL VPN Users
Manage Passwords, page 1 Username and Password Requirements, page 3 Communicate Security Tips, page 3 Configure Remote Systems to Use Clientless SSL VPN Features, page 3 Manage Passwords Optionally, you
More informationConfigure ISE Version 1.4 Posture with Microsoft WSUS
Configure ISE Version 1.4 Posture with Microsoft WSUS Document ID: 119214 Contributed by Michal Garcarz, Cisco TAC Engineer. Aug 03, 2015 Contents Introduction Prerequisites Requirements Components Used
More informationCNW Re-Tooling Exercises
CNW Re-Tooling Exercises I Exercise 1: VPN... 1 Scenario... 1 Detail Steps to perform exercise:... 1 Exercise 2: Install and Configure a Certificate to Web Server... 4 Scenario... 4 Detail Steps to perform
More informationiboss Enterprise Deployment Guide iboss Web Filters
iboss Enterprise Deployment Guide iboss Web Filters Copyright Phantom Technologies, Inc. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
More informationOptimum Business SIP Trunk Set-up Guide
Optimum Business SIP Trunk Set-up Guide For use with IP PBX only. SIPSetup 07.13 FOR USE WITH IP PBX ONLY Important: If your PBX is configured to use a PRI connection, do not use this guide. If you need
More informationFirewall VPN Router. Quick Installation Guide M73-APO09-380
Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,
More informationConfiguring Devices for Use with Cisco Configuration Professional (CCP) 2.5
Configuring Devices for Use with Cisco Configuration Professional (CCP) 2.5 Objectives Part 1: Configure CCP Access for Routers Enable HTTP/HTTPS server. Create a user account with privilege level 15.
More informationAccessing the Media General SSL VPN
Launching Applications and Mapping Drives Remote Desktop Outlook Launching Web Applications Full Access VPN Note: To access the Media General VPN, anti-virus software must be installed and running on your
More informationAllworx Installation Course
VPN Hello and welcome. In the VPN section we will cover the steps for enabling the VPN feature on the Allworx server and how to set up a VPN connection to the Allworx System from your PC. Page 1 VPN The
More informationApplication Note. Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1.
Application Note Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1.0 Page 1 Controlling Access to Large Numbers of Networks Devices to
More informationAdministrator Guide. v 11
Administrator Guide JustSSO is a Single Sign On (SSO) solution specially developed to integrate Google Apps suite to your Directory Service. Product developed by Just Digital v 11 Index Overview... 3 Main
More informationRoomWizard Synchronization Software Manual Installation Instructions
2 RoomWizard Synchronization Software Manual Installation Instructions Table of Contents Exchange Server Configuration... 4 RoomWizard Synchronization Software Installation and Configuration... 5 System
More informationMulti-Homing Dual WAN Firewall Router
Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet
More informationCisco AnyConnect Secure Mobility Solution Guide
Cisco AnyConnect Secure Mobility Solution Guide This document contains the following information: Cisco AnyConnect Secure Mobility Overview, page 1 Understanding How AnyConnect Secure Mobility Works, page
More informationHow To Configure SSL VPN in Cyberoam
How To Configure SSL VPN in Cyberoam Applicable Version: 10.00 onwards Overview SSL (Secure Socket Layer) VPN provides simple-to-use, secure access for remote users to the corporate network from anywhere,
More informationSkills Assessment Student Training Exam
Skills Assessment Student Training Exam Topology Assessment Objectives Part 1: Initialize Devices (8 points, 5 minutes) Part 2: Configure Device Basic Settings (28 points, 30 minutes) Part 3: Configure
More informationElfiq Link Balancer (Link LB) Quick Web Configuration Guide
Elfiq Link Balancer (Link LB) Quick Web Configuration Guide Elfiq Operating System (EOS) - Version 3.5.0 and higher Document Version 2.0 -January 2012 Elfiq Networks (Elfiq Inc.) www.elfiq.com 1. About
More informationMulti-Homing Security Gateway
Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000
More informationRemote PC Guide for Standalone PC Implementation
Remote PC Guide for Standalone PC Implementation Updated: 2007-01-22 The guide covers features available in NETLAB+ version 3.6.1 and later. IMPORTANT Standalone PC implementation is no longer recommended.
More informationCampus VPN. Version 1.0 September 22, 2008
Campus VPN Version 1.0 September 22, 2008 University of North Texas 1 9/22/2008 Introduction This is a guide on the different ways to connect to the University of North Texas Campus VPN. There are several
More informationTotalCloud Phone System
TotalCloud Phone System Cisco SF 302-08P PoE VLAN Configuration Guide Note: The below information and configuration is for deployment of the Cbeyond managed switch solution using the Cisco 302 8 port Power
More informationManaging Software and Configurations
55 CHAPTER This chapter describes how to manage the ASASM software and configurations and includes the following sections: Saving the Running Configuration to a TFTP Server, page 55-1 Managing Files, page
More informationConfiguring Global Protect SSL VPN with a user-defined port
Configuring Global Protect SSL VPN with a user-defined port Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be Global Protect SSL VPN Overview This document gives you an overview on how to configure
More informationCisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief
Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents
More informationFonality. Optimum Business Trunking and the Fonality Trixbox Pro IP PBX Standard Edition V4.1.2- p13 Configuration Guide
Fonality Optimum Business Trunking and the Fonality Trixbox Pro IP PBX Standard Edition V4.1.2- p13 Configuration Guide Fonality Table of Contents 1. Overview 2. SIP Trunk Adaptor Set-up Instructions 3.
More informationConfiguring Sponsor Authentication
CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five
More informationMillbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0
Millbeck Communications Secure Remote Access Service Internet VPN Access to N3 VPN Client Set Up Guide Version 6.0 COPYRIGHT NOTICE Copyright 2013 Millbeck Communications Ltd. All Rights Reserved. Introduction
More information3CX PHONE SYSTEM CUSTOMER CONFIGURATION ADVICE. Configuring for Integra Telecom SIP Solutions
3CX PHONE SYSTEM CUSTOMER CONFIGURATION ADVICE Configuring for Integra Telecom SIP Solutions BACKGROUND This document provides guidance for configuring the 3CX Phone System to properly interface to and
More informationConnect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.
Lab 1.2.2 Capturing and Analyzing Network Traffic Host Name IP Address Fa0/0 Subnet Mask IP Address S0/0/0 Subnet Mask Default Gateway RouterA 172.17.0.1 255.255.0.0 192.168.1.1 (DCE) 255.255.255.0 N/A
More informationUser Guide. Cloud Gateway Software Device
User Guide Cloud Gateway Software Device This document is designed to provide information about the first time configuration and administrator use of the Cloud Gateway (web filtering device software).
More informationInstalling and Configuring vcenter Support Assistant
Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationUser Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream
User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner
More informationCREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC
CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC 1 Introduction Release date: 11/12/2003 This application note details the steps for creating an IKE IPSec VPN tunnel
More informationLab 8.4.5.1 Configuring LEAP/EAP using Local RADIUS Authentication
Lab 8.4.5.1 Configuring LEAP/EAP using Local RADIUS Authentication Objective Topology Estimated Time: 40 minutes Number of Team Members: Students can work in teams of two. In this lab, the student will
More informationScenario: Remote-Access VPN Configuration
CHAPTER 7 Scenario: Remote-Access VPN Configuration A remote-access Virtual Private Network (VPN) enables you to provide secure access to off-site users. ASDM enables you to configure the adaptive security
More informationVirtual Appliance Setup Guide
The Barracuda SSL VPN Vx Virtual Appliance includes the same powerful technology and simple Web based user interface found on the Barracuda SSL VPN hardware appliance. It is designed for easy deployment
More informationThe initial set up takes a few steps, but then each time you want to connect it is just a two set process.
Remote Access to your Desktop using VPN Overview VPN is a tool that enables you to access one computer from another. Typical uses for Pop Center members would be 1) access their pop center computer from
More informationSTATIC IP SET UP GUIDE VERIZON 7500 WIRELESS ROUTER/MODEM
STATIC IP SET UP GUIDE VERIZON 7500 WIRELESS ROUTER/MODEM Verizon High Speed Internet for Business Verizon High Speed Internet for Business SETTING UP YOUR NEW STATIC IP CONNECTION AND IP ADDRESS(ES) This
More informationBarracuda IM Firewall Administrator s Guide
Barracuda IM Firewall Administrator s Guide Version 3.0 Barracuda Networks Inc. 3175 S. Winchester Blvd Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2007, Barracuda Networks www.barracuda.com
More informationAstaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client
Astaro Security Gateway V8 Remote Access via L2TP over IPSec Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If
More informationV Series Rapid Deployment Version 7.5
V Series Rapid Deployment Version 7.5 Table of Contents Module 1: First Boot Module 2: Configure P1 and N interfaces Module 3: Websense Software installation (Reporting Server) Module 4: Post installation
More informationExternal authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy
External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington
More informationVPN Configuration Guide. Cisco ASA 5500 Series
VPN Configuration Guide Cisco ASA 5500 Series 2010 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this configuration guide may not be copied, in whole or in part, without the
More informationAlienVault. Unified Security Management (USM) 4.8-5.x Initial Setup Guide
AlienVault Unified Security Management (USM) 4.8-5.x Initial Setup Guide Contents USM v4.8-5.x Initial Setup Guide Copyright AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault, AlienVault
More informationHow To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (
UAG715 Support Note Revision 1.00 August, 2012 Written by CSO Scenario 1 - Trunk Interface (Dual WAN) Application Scenario The Internet has become an integral part of our lives; therefore, a smooth Internet
More informationHOTPin Integration Guide: DirectAccess
1 HOTPin Integration Guide: DirectAccess Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; Celestix assumes no responsibility
More informationEmail Setup Guide. network support pc repairs web design graphic design Internet services spam filtering hosting sales programming
Email Setup Guide 1. Entourage 2008 Page 2 2. ios / iphone Page 5 3. Outlook 2013 Page 10 4. Outlook 2007 Page 17 5. Windows Live Mail a. New Account Setup Page 21 b. Change Existing Account Page 25 Entourage
More informationInstallation Notes for Outpost Network Security (ONS) version 3.2
Outpost Network Security Installation Notes version 3.2 Page 1 Installation Notes for Outpost Network Security (ONS) version 3.2 Contents Installation Notes for Outpost Network Security (ONS) version 3.2...
More informationInstalling Novell Client Software (Windows 95/98)
Installing Novell Client Software (Windows 95/98) Platform: Windows 95/98 Level of Difficulty: Intermediate The following procedure describes how to install the Novell Client software. This software allows
More informationSonicOS Enhanced 5.7.0.2 Release Notes
SonicOS Contents Platform Compatibility... 1 Key Features... 2 Known Issues... 3 Resolved Issues... 4 Upgrading SonicOS Enhanced Image Procedures... 6 Related Technical Documentation... 11 Platform Compatibility
More informationAccessing TP SSL VPN
Accessing TP SSL VPN This guide describes the steps to install, connect and disconnect the SSL VPN for remote access to TP intranet systems using personal notebooks. A. Installing the SSL VPN client Junos
More information6.40A AudioCodes Mediant 800 MSBG
AudioCodes Mediant 800 MSBG Page 1 of 66 6.40A AudioCodes Mediant 800 MSBG 1. Important Notes Check the SIP 3 rd Party Validation Website for current validation status. The SIP 3 rd party Validation Website
More informationClassroom Management network FAQ and troubleshooting
Classroom Management network FAQ and troubleshooting Author: Grant Kelly The concepts in this document are intended to be a guide to aid in the resolution of certain issues that occur with using the Classroom
More information