Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015



Similar documents
How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

Workflow Guide. Establish Site-to-Site VPN Connection using Digital Certificates. For Customers with Sophos Firewall Document Date: November 2015

How To Configure Apple ipad for Cyberoam L2TP

How To Configure L2TP VPN Connection for MAC OS X client

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

ZyWALL USG-Series. How to setup a Site-to-site VPN connection between two ZyWALL USG series.

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

ISG50 Application Note Version 1.0 June, 2011

Configuring IPsec VPN between a FortiGate and Microsoft Azure

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Configure VPN between ProSafe VPN Client Software and FVG318

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Configure IPSec VPN Tunnels With the Wizard

How To Configure SSL VPN in Cyberoam

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Chapter 4 Virtual Private Networking

Configuring a VPN for Dynamic IP Address Connections

How To Configure Syslog over VPN

How to access peers with different VPN through IPSec. Tunnel

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

How To Industrial Networking

VPN L2TP Application. Installation Guide

Enable VPN PPTP Server Function

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

How To Setup Cyberoam VPN Client to connect a Cyberoam for remote access using preshared key

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

VPN Wizard Default Settings and General Information

Chapter 6 Virtual Private Networking

Scenario 1: One-pair VPN Trunk

VPN. VPN For BIPAC 741/743GE

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

How To Configure Virtual Host with Load Balancing and Health Checking

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router:

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Using IPsec VPN to provide communication between offices

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Connecting an Android to a FortiGate with SSL VPN

VPN Configuration of ProSafe Client and Netgear ProSafe Router:

Configuring a FortiGate unit as an L2TP/IPsec server

V310 Support Note Version 1.0 November, 2011

VPN PPTP Application. Installation Guide

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Based on the VoIP Example 1(Basic Configuration and Registration), we will introduce how to dial the VoIP call through an encrypted VPN tunnel.

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

VPN Tracker for Mac OS X

Connecting Remote Offices by Setting Up VPN Tunnels

Configuration Procedure

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.

Configuring IPsec between a Microsoft Windows XP Professional (1 NIC) and the VPN router

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Chapter 3 LAN Configuration

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Fireware How To Network Configuration

RouteFinder. IPSec VPN Client. Setup Examples. Reference Guide. Internet Security Appliance

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

VPN Tracker for Mac OS X

TechNote. Configuring SonicOS for MS Windows Azure

7. Configuring IPSec VPNs

Multi-Homing Security Gateway

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Netopia TheGreenBow IPSec VPN Client. Configuration Guide.

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Chapter 8 Virtual Private Networking

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

Micronet SP881. TheGreenBow IPSec VPN Client Configuration Guide.

Technical Notes TN 1 - ETG FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?

How To Configure An Ipsec Tunnel On A Network With A Network Gateways (Dfl-800) On A Pnet 2.5V2.5 (Dlf-600) On An Ipse Vpn

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Cisco QuickVPN Installation Tips for Windows Operating Systems

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

Chapter 5 Virtual Private Networking Using IPsec

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

PPTP Server Access Through The

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

Chapter 9 Monitoring System Performance

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

Using a VPN with CentraLine AX Systems

Using a VPN with Niagara Systems. v0.3 6, July 2013

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

IPsec VPN Application Guide REV:

Configuring SSL VPN on the Cisco ISA500 Security Appliance

F-SECURE MESSAGING SECURITY GATEWAY

TheGreenBow IPsec VPN Client. Configuration Guide Cisco RV325 v1. Website: Contact:

VPNC Interoperability Profile

Apliware firewall. TheGreenBow IPSec VPN Client. Configuration Guide.

Transcription:

Workflow Guide Establish Site-to-Site VPN Connection using RSA Keys For Customers with Sophos Firewall Document Date: November 2015 November 2015 Page 1 of 10

Establish Site-to-Site VPN Connection using RSA Keys Contents Overview... 3 Scenario... 3 Site A Configuration... 4 Step 1: Create IPsec Connection...4 Step 2: Activate Connection...7 Site B Configuration... 7 Step 1: Create IPsec Connection...7 Step 2: Activate and Establish Connection... 10 November 2015 Page 2 of 10

Establish Site-to-Site VPN Connection using RSA Keys Overview IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It is used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). Sophos Firewall s IPsec VPN offers site-to-site VPN with cost-effective site-to-site remote connectivity, eliminating the need for expensive private remote access networks like leased lines, Asynchronous Transfer Mode (ATM) and Frame Relay. The mechanisms used to authenticate VPN peers are Preshared Key, Digital Certificate and RSA Keys. This article describes a detailed demonstration of how to set up a site-to-site IPsec VPN connection between the two networks using RSA Keys to authenticate VPN peers. Scenario Configure a site-to-site IPsec VPN connection between Site A and Site B by following the steps given below. In this article, we have used the following parameters to create the VPN connection. Network Parameters Site A Network details Local Server (WAN IP address) 10.206.1.173 Local LAN address 172.17.17.17/24 Local ID john@sophos.com <RSA Key for Site A> Site B Network details Remote VPN server (WAN IP address) 10.206.1.213 Remote LAN Network 172.16.16.16/24 Remote ID dean@sophos.com <Remote RSA Key for Site B > November 2015 Page 3 of 10

Site A Configuration The configuration is to be done from Site A s Sophos Firewall Admin Console using profile having readwrite administrative rights for relevant feature(s). Step 1: Create IPsec Connection Go to System > VPN > IPsec and click Add under IPsec Connections. Create a Connection as per following parameters. Parameters Value Description General Settings Name SiteA_to_SiteB Specify a unique name to identify IPsec Connection. Connection Type SitetoSite Select SitetoSite. Policy Action on VPN Restart DefaultHeadOffice Respond Only Select policy to be used for connection. Policy can also be added by clicking Create New link. Select the Action to be taken on the connection when VPN services or Device restarts. Available Options - Respond Only: Keeps connection ready to respond to any incoming request. - Initiate: Activates connection on system/service start so that the connection can be established whenever required. - Disable: Keeps connection disabled till the user activates. November 2015 Page 4 of 10

Authentication Details Authentication Type RSA Key Select Authentication Type. Authentication of user depends on the type of connection. Local RSA Key <Site A RSA Key> Mention the Local RSA Key. Remote RSA key <Site B RSA Key> Mention the Remote RSA Key. Endpoint Details Local PortB-10.206.1.173 Remote 10.206.1.213 Select Local WAN port from the list. IP Aliases created for WAN interfaces will be listed along with the default WAN interfaces. Specify an IP Address or domain name of the remote peer. Click Add icon click Remove icon against the option Remote to add new endpoint pairs or to remove the endpoint pairs. Network Details IP Family IPv4 Local Subnet 172.17.17.0/24 Select IP family to configure IPsec VPN tunnels with mixed IP families. Available Options: - IPv4 - IPv6 By default, IPv4 will be selected. Four types of IPsec VPN tunnels can be created: 4 in 4 (IPv4 subnets with IPv4 gateway) 6 in 6 (IPv6 subnets with IPv6 gateway) 4 in 6 (IPv4 subnets with IPv6 gateway) 6 in 4 (IPv6 subnets with IPv4 gateway) Select Local LAN Address of Site A. Add and Remove LAN Address using Add Button and Remove Button. Remote LAN Network 172.16.16.0/24 Select IP Addresses and netmask of remote network in Site B which is allowed to connect to the Device server through VPN tunnel. Multiple subnets can be specified. Select IP Hosts from the list of IP Hosts available. You can also add a new IP Host and include in the list. November 2015 Page 5 of 10

Click Save to create IPSec connection. November 2015 Page 6 of 10

Step 2: Activate Connection On clicking Save, the following screen is displayed showing the connection created above. Click under Status (Active) to activate the connection. Site B Configuration All configurations are to be done from Admin Console of Site B's SF Device using Device Access Profile having read/write administrative rights over relevant features. Step 1: Create IPsec Connection Go to System > VPN > IPsec and click Add under IPsec Connections. Create a Connection as per following parameters. Parameters Value Description General Settings Name SiteB_to_SiteA Specify a unique name to identify IPsec Connection. Connection Type SitetoSite Select SitetoSite. Policy DefaultBranchOffice Select policy to be used for connection. Policy can also be added by clicking Create New link. November 2015 Page 7 of 10

Select the Action to be taken on the connection when VPN services or Device restarts. Action on VPN Restart Authentication Details Authentication Type Initiate RSA Key Available Options - Respond Only: Keeps connection ready to respond to any incoming request. - Initiate: Activates connection on system/service start so that the connection can be established whenever required. - Disable: Keeps connection disabled till the user activates. Select Authentication Type. Authentication of user depends on the type of connection. Local RSA Key <Site B RSA Key> Mention the Local RSA Key. Remote RSA Key <Site A RSA Key> Mention the Remote RSA Key. Endpoint Details Local PortB-10.206.1.213 Remote 10.206.1.173 Select Local WAN port from the list. IP Aliases created for WAN interfaces will be listed along with the default WAN interfaces. Specify an IP Address or domain name of the remote peer. Click Add icon click Remove icon against the option Remote to add new endpoint pairs or to remove the endpoint pairs. Network Details IP Family IPv4 Local Subnet 172.16.16.0/24 Select IP family to configure IPsec VPN tunnels with mixed IP families. Available Options: - IPv4 - IPv6 By default, IPv4 will be selected. Four types of IPsec VPN tunnels can be created: 4 in 4 (IPv4 subnets with IPv4 gateway) 6 in 6 (IPv6 subnets with IPv6 gateway) 4 in 6 (IPv4 subnets with IPv6 gateway) 6 in 4 (IPv6 subnets with IPv4 gateway) Select Local LAN Address of Site B. Add and Remove LAN Address using Add Button and Remove Button. Remote LAN Network 172.17.17.0/24 Select IP Addresses and netmask of remote network in Site A which is allowed to connect to the Device server through VPN tunnel. Multiple subnets can be specified. Select IP Hosts from the list of IP Hosts available. You can also add a new IP Host and include in the list. November 2015 Page 8 of 10

Click Save to create IPSec connection. November 2015 Page 9 of 10

Step 2: Activate and Establish Connection On clicking Save, the following screen is displayed showing the connection created above. Click under Status (Active) and Status (Connection). The above configuration establishes an IPSec connection between Two (2) sites. Note: Make sure that Network Policies that allow LAN to VPN and VPN to LAN traffic are configured. Network Policies can be created from Policies Page. In a Head Office and Branch Office setup, usually the Branch Office acts as the tunnel initiator and Head Office acts as a responder due to following reasons: Since Branch Office or other Remote Sites have dynamic IPs, Head Office is not able to initiate the connection. As there can be many Branch Offices, to reduce the load on Head Office it is a good practise that Branch Offices retries the connection instead of the Head Office retrying all the branch office connections. Document Version: 1.0 6 November, 2015 November 2015 Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information