Matrix Technical Support Mailer 167 NAVAN CNX200 PPTP VPN with Windows Client 22/07/2014 Dear Friends, This mailer helps you in understanding and configuring PPTP VPN of Matrix NAVAN CNX200 with Windows client. Introduction of VPN: A virtual private network (VPN) is a private network, which uses the public network (Internet) to connect two computers or two networks or remote offices/users located at different remote sites on the network to share or access data securely, as if they are in the same network A VPN is composed of two parts: VPN Server and VPN Client There are two common types of VPN: 1. Remote Access VPN 2. Site to Site VPN A well designed VPN includes data encryption, tunneling, data integration and authentication processes. To perform all these processes, VPN can be created using several security protocols, as below: 1. Internet Protocol Security (IPsec) 2. Layer Two Tunneling Protocol (L2TP) 3. Secure Sockets Layer (SSL) 4. Point-to-Point Tunneling Protocol (PPTP) Introduction of PPTP Protocol: Point to Point Tunneling Protocol PPTP supports multi-protocol VPN s with 40 bit and 128 bit encryption using a protocol called MPPE (Microsoft Point to Point Encryption)
PPTP is based on PPP negotiation, authentication and encryption schemes NAVAN supports 10 VPN Connections (as a Server) and 10 VPN Connections (as a Client) for PPTP In this MTSM NAVAN will work as PPTP server and PC/Laptop with Windows OS will work as PPTP client. Configuration in NAVAN (PPTP Server): Server signifies that system should work as PPTP server and create the tunnel on request from client 1. Open GUI of NAVAN with the current IP address of NAVAN (Default IP address of LAN and WAN port of NAVAN CNX200 is 192.168.2.56 and 192.168.1.1 respectively). Default System Engineer password is 1234. Login now as System Engineer
2. After successful login click on VPN tab. 3. Click on PPTP option on the left pane under VPN option and program required parameters General Settings:
Assign IP address signifies the range of IP address which should be assigned to PPTP clients when connected with PPTP VPN tunnel. Make sure that LAN IP and VPN Client IP are in different subnet Primary and Secondary DNS server signifies that IP address programmed here should be assigned to PPTP clients to resolve domain name query of internal network hosts WINS Server signifies that IP address programmed here should be assigned to PPTP clients to resolve NETBIOS name TCP/IP query from connected PPTP clients of internal network hosts (Admin can program this if any WINS server is available in internal network) User Authentication Protocol signifies that PPTP server should use here programmed authentication protocol to authenticate remote devices PPTP clients 1. PAP (Password Authentication Protocol) 2. CHAP (Challenge Handshake Authentication Protocol) (Stronger than PAP) Disconnect after idle timer signifies that if packets are not sent or received from this tunnel till the expiry of this timer, system should disconnect the tunnel of that PPTP client 4. Program PPTP members by clicking on Add members
5. Program User name and Password for PPTP member PPTP members signifies that here selected users should be allowed to connect with system PPTP server User Name and Password should be defined on server side and same should be given to clients for connection establishment Configure the IP address you want to allow access to. It can be: 1. Single IP address 2. IP subnet (Allow access to the entire remote network of the client) 3. None or Road Warrior (If you want to allow access to any IP address) For example, we are setting User Name as test and Password as matrix After entering User Name and Password, Click OK to add member. System Engineer can add maximum of 10 PPTP members.
6. PPTP member added successfully. Submit the Page. 22/07/2014
Configuration in PC/Laptop (PPTP Client): 1. Open the Windows Control Panel and select the Network and Sharing Centre item in Control Panel. A list of existing dial-up and LAN connections will appear.
2. Click set up a new connection or network option as shown below. 22/07/2014 3. A new window titled Choose a connection option appears, which asks you to select the type of connection you want to do. Select Connect to a workplace option in this window and click Next.
4. Select the type of connection to connect to the workplace. Select Use my Internet Connection (VPN) to connect using VPN Connection. 5. In Internet address, enter the internet address to which you wish to connect to; which is actually the Server Address (IP address or domain name of NAVAN). In Destination name, enter the desired name of the destination which you want to be displayed as icon of this new VPN connection. Click Next.
6. In Username and Password, enter your Username and Password provided to you by your Server (Created in NAVAN while adding PPTP member i.e. User Name as test and Password as matrix). Click Connect.
7. The VPN Connection is ready to use. The connection usually takes not more than a minute. 8. Connection Status
Windows Client is now connected with NAVAN via PPTP VPN Tunnel and same can be checked in status of NAVAN Go Status VPN Connections in VPN tab In this way Windows Client can access the local network connected behind the NAVAN securely
For more information, contact Matrix Technical Training Team Training@MatrixComSec.com Disclaimer: The information contained in this e-mail and/or attachment may contain confidential or privileged information. Unauthorized use, disclosure or copying is strictly prohibited and may constitute unlawful act and can possibly attract legal action, civil and/or criminal. The contents of this message need not necessarily reflect or endorse the views of Matrix Comsec Pvt Ltd on any subject matter. Any action taken or omitted on this message is not entirely at your risk and the originator of this message nor does Matrix Comsec Pvt Ltd take any responsibility or liability towards the same. If you are not the intended recipient, please notify us immediately and permanently delete the message.