SSL... 2 2.1. 3 2.2. 2.2.1. 2.2.2. SSL VPN

Similar documents
Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

If you have questions or find errors in the guide, please, contact us under the following address:

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Sophos UTM. Remote Access via SSL Configuring Remote Client

Astaro User Portal: Getting Software and Certificates Astaro IPsec Client: Configuring the Client...14

Sophos UTM. Remote Access via IPsec. Configuring UTM and Client

Sophos UTM. Remote Access via PPTP Configuring Remote Client

Sophos UTM. Remote Access via IPsec Configuring Remote Client

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Configuring Global Protect SSL VPN with a user-defined port

Configuring SSL VPN on the Cisco ISA500 Security Appliance

F-Secure Messaging Security Gateway. Deployment Guide

VPN: Using WebVPN SSL Client This document outlines the process for using the WebVPN SSL with Internet Explorer and Firefox

Scenario: IPsec Remote-Access VPN Configuration

VPN: Using the WebVPN SSL Client

WestermoConnect User Guide. VPNeFree Service

Using the FDO Remote Access Portal

How to configure your Windows PC post migrating to Microsoft Office 365

Hosted Microsoft Exchange Client Setup & Guide Book

For paid computer support call

How To Industrial Networking

VPN Quick Configuration Guide. Astaro Security Gateway V8

Guideline for setting up a functional VPN

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Setting up a Virtual Private Network (VPN) connection Windows 8

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

Application Note: Integrate Juniper IPSec VPN with Gemalto SA Server. October

Chapter 5 Virtual Private Networking Using IPsec

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

McAfee SMC Installation Guide 5.7. Security Management Center

Installing the Microsoft Network Driver Interface

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Windows XP VPN Client Example

Accessing the Media General SSL VPN

NSi Mobile Installation Guide. Version 6.2

Web Authentication Application Note

Setting Up Scan to SMB on TaskALFA series MFP s.

How to set up Outlook Anywhere on your home system

Hosted Microsoft Exchange Client Setup & Guide Book

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

F-SECURE MESSAGING SECURITY GATEWAY

MultiSite Manager. Setup Guide

Virtual Owl. Guide for Windows. University Information Technology Services. Training, Outreach, Learning Technologies & Video Production

WhatsUp Gold v16.3 Installation and Configuration Guide

CHARTER BUSINESS custom hosting faqs 2010 INTERNET. Q. How do I access my ? Q. How do I change or reset a password for an account?

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

client configuration guide. Business

Virtual Data Centre. User Guide

How to configure VPN function on TP-LINK Routers

Using the FDO Remote Access Portal

CTERA Agent for Mac OS-X

Network Configuration Settings

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

VPN Configuration Guide WatchGuard Fireware XTM

Campus VPN. Version 1.0 September 22, 2008

University of Central Florida UCF VPN User Guide UCF Service Desk

Virtual Appliance for VMware Server. Getting Started Guide. Revision Warning and Disclaimer

Global VPN Client Getting Started Guide

Network FAX Driver. Operation Guide

Pre-lab and In-class Laboratory Exercise 10 (L10)

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

While every effort was made to verify the following information, no warranty of accuracy or usability is expressed or implied.

Clientless SSL VPN Users

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Dynamic DNS How-To Guide

How do I set up a branch office VPN tunnel with the Management Server?

MadCap Software. Upgrading Guide. Pulse

7.1. Remote Access Connection

SSL Web Proxy. Generally to access an internal web server which is behind a NAT router, you have the following two methods:

ProxyCap Help. Table of contents. Configuring ProxyCap Proxy Labs

MultiSite Manager. Setup Guide

Neoteris IVE Integration Guide

SyncThru TM Web Admin Service Administrator Manual

NEFSIS DEDICATED SERVER

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

1 Using DATABOKS Online Backup Manager

How to configure VPN function on TP-LINK Routers

How To Configure SSL VPN in Cyberoam

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

Citrix Access on SonicWALL SSL VPN

SSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.

Scenario: Remote-Access VPN Configuration

Exostar LDAP Proxy / Secure Setup Guide. This document provides information on the following topics:

Configuring GTA Firewalls for Remote Access

IMAP and SMTP Setup in Clients

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

A Guide to New Features in Propalms OneGate 4.0

Setting up Remote Desktop

VPN Wizard Default Settings and General Information

Neoteris IVE Integration Guide

Chapter 6 Basic Virtual Private Networking

Transcription:

1. Introduction... 2 2. Remote Access via SSL... 2 2.1. Configuration of the Astaro Security Gateway... 3 2.2. Configuration of the Remote Client...10 2.2.1. Astaro User Portal: Getting Software and Certificates...10 2.2.2. SSL VPN Client: Installing the Software...12 This document may not be copied or distributed by any means, electronically or mechanically, in whole or in part, for any reason, without the express written permission of Astaro GmbH & Co. KG. 2011 Astaro GmbH & Co. KG. All rights reserved. An der RaumFabrik 33a, 76227 Karlsruhe, Germany, http://www.astaro.com Astaro Security Gateway and WebAdmin are trademarks of Astaro. All further trademarks are the property of their respective owners. No guarantee is given for the correctness of the information contained in this document.

This guide contains complementary information on the Administration Guide and the Online Help. If you are not sure whether you have the current version of this guide, you can download it from the following Internet address: http://www.astaro.com/kb If you have questions or find errors in the guide, please, contact us under the following e-mail address: documentation@astaro.com For further help use our support-forum under... http://www.astaro.org... or use the Astaro Support offers http://www.astaro.com/support This guide describes step by step the configuration of a remote access to the Astaro Security Gateway by using the Secure Sockets Layer (SSL) protocol. The SSL remote access feature in Astaro Security Gateway provides security by a double authentication using X.509 certificates and username/password. Astaro's SSL VPN feature reuses the TCP port 443 to establish an encrypted tunnel to your company, allowing you to access internal resources. The Astaro User Portal offers the Astaro SSL VPN Client software, the configuration files, the necessary keys and configuration guides. You should get the log-in data for the user portal from your system administrator. 2 of 14

The Astaro Security Gateway is configured via the web based WebAdmin configuration tool from the administration PC. Opening and using this configuration tool is extensively described in the Astaro Security Gateway V8 administration guide. 1. Define the user account for the remote host: Open the Users >> Users page. Define a new user account for the remote client. With remote access via SSL this user account is necessary for accessing the Astaro User Portal and for VPN. More detailed information on the configuration of a User Account and detailed explanations of the individual settings can be found in the Astaro Security Gateway V8 administration guide in chapter 5. Make the following settings: Username: Enter a specific user name (e.g. gforeman). In doing so remember that the remote user will need this username later to log in to the Astaro User Portal. Real name: Enter the full name of the remote user (e.g. George Foreman). Email address: Enter the e-mail address of the user. When you specify an e-mail address, an X.509 certificate for this user will be generated automatically while creating the 3 of 14

user account, using the e-mail address as the certificate's VPN ID. The certificate will be displayed on the Remote Access >> Certificate Management >> Certificates tab. Authentication: With the Local authentication method the following two entry menus will be displayed for the definition of the password. In doing so remember that also the remote user will need this user name later to log in to the Astaro User Portal. Password: Enter the password for the user. In doing so remember that the remote user will need this password later to log in to the Astaro User Portal. Repeat: Confirm the password. Use static remote access IP: With a Remote Access via SSL it is not possible to assign a static IP address to the user. Leave this option deactivated if the user uses only the remote access via SSL. Comment (optional): Enter a description or additional information on the user. Save your settings by clicking on the Save button. 2. Configure the SSL remote access: Open the Remote Access >> SSL >> Global page. On the Global tab enable the SSL remote access by clicking Enable. The status light shows amber and the page becomes editable. More detailed information on the configuration of a SSL Remote Access and detailed explanations of the individual settings can be found in the Astaro Security Gateway V8 administration guide in chapter 13. 4 of 14

Remote access settings Use the Remote access settings section to select the authorized users and assign the access conditions. Users and groups: Select the users and user groups that should be able to use SSL remote access (in this example: gforeman). Local networks: Select the local networks that should be reachable to SSL clients (in this example: Internal (Network)). Note: If you wish the SSL-connected users to be allowed to access the Internet, you need to select Any in the Local networks dialog box. Additionally, you need to define appropriate Masquerading or NAT rules.??? Automatic packet filter rules: Once the SSL VPN tunnel is successfully established, the packet filter rules for the data traffic will automatically be added. After the completion of the connection, the packet filter rules will be removed. 3. Configure the SSL settings: 5 of 14

Open the Remote Access >> SSL >> Settings tab. Server settings Interface address: Protocol: Select the network protocol that all SSL VPN clients must use. By default, this is set to TCP. Port: Select the port that all SSL VPN clients must use. By default, this is set to 443. Override hostname: Virtrual IP pool Pool network: The default settings assign addresses from the private IP space 10.242.2.x/24. This network is called the VPN Pool (SSL). If you wish to use a different network, simply change the definition of the VPN Pool (SSL) on the Definitions >> Networks page. Local certificate: In order to authenticate for VPN clients, the SSL server needs a local certificate (in this example: Local X.509 Cert this certificate is automatically preset). Confirm your settings by clicking on Apply. The status light shows green and the remote access is activated. 4. Configure the advanced SSL remote access settings: Open the Remote Access >> SSL >> Advanced tab. Cryptographic settings This section controls the encryption parameters for all SSL VPN remote access clients. Encryption algorithm: Supported algorithms are (all in Cipher Block Chaining (CBC) mode): DES-EDE3 168bit (3DES), AES (Rijndael) 128bit/192bit/256bit and Blowfish (BF). Authentication algorithm: Supported algorithms are MD5 128bit and SHA1 160bit. Key size: The key size (key length) is the length of the Diffie-Hellman key exchange. The longer this key is, the more secure the symmetric keys are. The length is specified in bits. You can choose between a key size of 1024 or 2048 bits. Server certificate: Key Lifetime: Save your setting by clicking on the Apply button. 6 of 14

Network settings Use data compression: All data sent through the SSL VPN tunnel will be compressed prior to encryption. Save your setting by clicking on Apply. Debug settings Enable Debug mode: This option controls how much debug output is generated in the log file. Select this option if you encounter connection problems and need detailed information about the negotiation of client parameters. Save your setting by clicking on the Apply button. 5. Configure the advanced remote access settings: Open the Remote Access >> Advanced page. This page allows you to define name servers (DNS and WINS) and the name service domain, which should be assigned to hosts during the connection establishment. 6. Define the packet filter rule (optional): You must define this packet filter rule if you have disabled the Automatic packet filter rule function during the configuration of the SSL remote access in step 2. Open the Network Security >> Packet Filter >> Rules tab. After clicking on the New rule button the dialog box for new rules will appear. Create a new rule for the access to the local internal network. Source: Remote host or user (in this example: gforeman). Service: Set the service. Destination: The allowed internal network (in this example: Internal (Network)). 7 of 14

Action: Allow. Confirm your settings by clicking on Save. New rules will be added at the end of the list and remain disabled (status light shows red) until they are explicitly enabled by clicking on the status light. Active rules are processed in the order of the numbers (next to the status light) until the first matching rule. Then the following rules will be ignored! The sequence of the rules is thus very important. Therefore never place a rule such as Any Any Any Allow at the beginning of the rules since all traffic will be allowed through and the following rules ignored! More detailed information on the definition of Packet Filter Rules and detailed explanations of the individual settings can be found in the Astaro Security Gateway V8 administration guide. 7. Define the masquerading rule (optional): Masquerading is used to mask the IP addresses of one network (in this example: gforeman) with the IP address of a second network (in this example: External). Thus remote users, who have only private IP addresses can surf on the Internet with an official IP address. More detailed information on the definition of Masquerading Rules and detailed explanations of the individual settings can be found in the Astaro Security Gateway V8 administration guide. Open the Network Security >> NAT >> Masquerading tab. Make the following settings: Network: Select the network of the remote endpoint (in this example: gforeman). Interface: Select the interface that shall be used to mask the clients. (in this example: External). Then confirm your settings by clicking on Save. New masquerading rules will be added at the end of the list and remain disabled (status light shows red) until they are explicitly enabled by clicking on the status light. 8. Activate the proxies (optional): If the remote employees shall access URL services via the remote access you may configure the required proxies on the Astaro Security Gateway this would be the DNS and HTTP proxy for example. 8 of 14

More detailed information on the configuration of Proxies and detailed explanations of the individual settings can be found in the Astaro Security Gateway V8 administration guide. After configuring the VPN server (Headquarters) you must configure the road warrior. Depending on the security policy of your organization and the requirements of your network you might have to make additional settings. 9 of 14

The Astaro User Portal is available for the remote access users. You can use this portal to download guides and tools for the configuration of your client. Especially for the SSL remote access, the user portal offers a configuration guide and a customized SSL VPN client software, which already includes software, certificates and configuration handled by a simple installation procedure. This client supports most business applications such as native Outlook, native Windows Filesharing and many more. You should get the following log-in data for the Astaro User Portal from your system administrator: IP address, user name and password. 1. Start your Browser and open the Astaro User Portal: Start your browser and enter the management address of the Astaro User Portal as follows: https://ip address (example: https://218.93.117.220). A security notice will appear. Accept the security notice by clicking OK (Mozilla Firefox) or Yes (Internet Explorer). 2. Log in to the Astaro UserPortal: Username: Your username, which you received from the administrator. Password: Your password, which you received from the administrator. Please note that passwords are case-sensitive! Click Login. 3. Load the tools for the SSL Remote Access to your client: The SSL VPN tab will contain the software and keys for your client; to do so have two options. Either you download a complete software package with the pertinent key for a new installation or you update an already installed SSL VPN client with new keys. The SSL VPN Client is available for Microsoft Windows 2000/XP/Vista and 7. Start the download process by clicking on Download. 10 of 14

For the configuration of SSL VPN on Linux, MacOS X, BSD and Solaris please see installation instructions on http://openvpn.net (all necessary files are available over the Astaro User Portal. Close the Astaro User Portal session by clicking on Logout. The rest of the configuration takes place on the remote user client. This will require the IP address or hostname of the server, as well as a valid username and password. These should be supplied by the security system administrator. 11 of 14

The first part of the installation uses the Installation Menu to configure basic settings. The setup program will check the hardware of the system, and then install the necessary software on your PC. Unpack the installation package (for example by using WinZip), if you have received it as a.zip file. Open a file browser and go to the appropriate directory. Launch the file setup.exe from this directory. You should see the installation wizard now. Click on Next to proceed. You will see the software license. If you agree to the terms of the license, click on I Agree. Choose the install location. Click on Install to proceed. 12 of 14

Then the installation process will be started. The installation wizard will copy the necessary files on your system. A virtual network card will be installed during the installation process. Since the relevant driver is not certified by Microsoft, a corresponding caution message will appear during the installation process. You can ignore this message. Click on Continue Installation. When installation process is finished, you are asked to complete. Click on Next to do so. When installation process is finished, you are asked to close the installation wizard. Click on Finish to do so. After the software installation the client is automatically started. Then the SSL VPN icon ( ) will be displayed in your Task bar. A double click on this icon opens the User Authentication dialogue box. 13 of 14

Log in with your Username and Password, which you use also for the Astaro User Portal and then start the connection by clicking OK. The connection status is indicated by the SSL VPN icon: Disconnected ( ), connecting ( ) and connected ( ). The Connection dialogue box allows you to monitor the set-up of the connection. The SSL VPN Remote Access can be disconnected by clicking Disconnect. Further information is usually available from the network administrator. The basic settings for the remote access via SSL are now finished. Depending on the security policy of your organization and the requirements of your network you might have to make additional settings. 14 of 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information