Technical Document. Creating a VPN. GTA Firewall to Linksys Cable/DSL Router TDVPNLINKSYS200605-01

Similar documents
Technical Document. Creating a VPN. GTA Firewall to Cisco PIX 501 TDVPNPIX

Technical Document. Creating a VPN. GTA Firewall to WatchGuard Firebox SOHO 6 TDVPNWGSOHO

Configuring GTA Firewalls for Remote Access

Configuring a GB-OS Site-to-Site VPN to a Non-GTA Firewall

GB-OS Version 6.2. Configuring IPv6. Tel: Fax Web:

Technical Document. Creating a VPN. GTA Firewall to WatchGuard Firebox SOHO 6 TD: GB-WGSOHO6

Installing the IPSecuritas IPSec Client

GB-OS. Certificate Management. Tel: Fax Web:

Installing the Shrew Soft VPN Client

GTA SSO Auth. Single Sign-On Service. Tel: Fax Web:

Installing the SSL Client for Linux

GTA SSO Auth. Single Sign-On Service. Tel: Fax Web:

GNAT Box VPN and VPN Client

GTA SSL Client & Browser Configuration

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

RouteFinder. IPSec VPN Client. Setup Examples. Reference Guide. Internet Security Appliance

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

GB-OS. VPN Gateway. Option Guide for GB-OS 4.0. & GTA Mobile VPN Client Version 4.01 VPNOG

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Shrew Soft VPN Client Configuration for GTA Firewalls

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

How To Industrial Networking

Internet. SonicWALL IP SEV IP IP IP Network Mask

IPsec VPN Application Guide REV:

Cyberoam IPSec VPN Client Configuration Guide Version 4

Katana Client to Linksys VPN Gateway

VPNC Interoperability Profile

Configuring IKEv2 VPN for Mac OS X Remote Access to a GTA Firewall

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

7. Configuring IPSec VPNs

Configure IPSec VPN Tunnels With the Wizard

RF550VPN and RF560VPN

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

HOWTO: How to configure IPSEC gateway (office) to gateway

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

IPSec VPN Client Installation Guide. Version 4

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

axsguard Gatekeeper IPsec XAUTH How To v1.6

Installation Guide Supplement

VPN Configuration of ProSafe Client and Netgear ProSafe Router:

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

VPN Wizard Default Settings and General Information

Radius Integration Guide Version 9

GB-OS. Firewall. Version 3.7. User s Guide SOFTWARE GBUG

Chapter 8 Virtual Private Networking

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

Setting up VPN Tracker with Nortel VPN Routers

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Chapter 4 Virtual Private Networking

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Configuring IPsec VPN with a FortiGate and a Cisco ASA

GB-OS Version 5.3. GTA SSL Sentinel. Tel: Fax Web:

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

VPNC Interoperability Profile

Defender 5.7. Remote Access User Guide

Interoperability Guide

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

SWsoft, Inc. Plesk File Server. Administrator's Guide. Plesk 7.5 Reloaded

VPN L2TP Application. Installation Guide

Howto: How to configure static port mapping in the corporate router/firewall for Panda GateDefender Integra VPN networks

Configuration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

VPN Configuration Guide LANCOM

Configuring a VPN for Dynamic IP Address Connections

Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

Netopia TheGreenBow IPSec VPN Client. Configuration Guide.

Configuring the PIX Firewall with PDM

OfficeConnect Internet Firewall VPN Upgrade User Guide

Citrix Access Gateway Enterprise Edition Citrix Access Gateway Plugin for Java User Guide. Citrix Access Gateway 8.1, Enterprise Edition

SWsoft, Inc. Plesk VPN. Administrator's Guide. Plesk 7.5 Reloaded

What information will you find in this document?

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

Nokia Mobile VPN How to configure Nokia Mobile VPN for Cisco ASA with PSK/xAuth authentication

Setting up D-Link VPN Client to VPN Routers

Application Notes. How to Configure UTM with Apple OSX and ios Devices for IPsec VPN

VPN. VPN For BIPAC 741/743GE

Vodafone MachineLink 3G. IPSec VPN Configuration Guide

How to Configure Access Control for Exchange using PowerShell Cmdlets A Step-by-Step guide

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Windows XP VPN Client Example

Hardware/Software Specifications for Self-Hosted Systems (Multi-Server)

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

Defender Delegated Administration. User Guide

VPN Tracker for Mac OS X

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

StoneGate Installation Guide

Micronet SP881. TheGreenBow IPSec VPN Client Configuration Guide.

Transcription:

Technical Document Creating a VPN GTA Firewall to Linksys Cable/DSL Router TDVPNLINKSYS200605-01

Contents Introduction 1 Encryption and Authentication Methods 1 IP Addresses Used in Examples 1 Documentation 2 Additional Documentation 2 GTA Firewall Configuration 4 Configuring the Encryption Object 4 Configuring the VPN Object 5 Configuring the IPSec Tunnel 6 Linksys Router Configuration 8

I n t r o d u c t i o n This document is written for the firewall administrator who has both a GTA firewall and a Linksys Cable/DSL Router operating on a network that requires a VPN (Virtual Private Network) to utilize both firewalls. Documentation was developed using a GTA firewall running GB-OS 4.0 and a Linksys Cable/DSL Router running firmware version 1.40.5. This document is written under the assumption that the reader has a strong working knowledge of TCP/IP, GB-OS and Linksys router administration. Note The example configuration in this document assumes both firewalls have static IP addresses. E n c r y p t i o n a n d A u t h e n t i c a t i o n M e t h o d s The following methods of encryption and authentication are supported for this configuration: Table 1.1: Supported Encyption and Authentication Methods Field Name Supported Encryption DES or 3DES Supported Authentication SHA1 or MD5 Supported Key Groups Diffie-Hellman Group 1 or 2 Field Value I P A d d r e s s e s U s e d i n E x a m p l e s The following IP addresses are used as examples in this document: Table 1.2: IP Addresses Used in Examples Field Name GTA Firewall External 199.120.255.78 Protected Network 192.168.71.0/24 Linksys Cable/DSL Router External 199.120.225.77 Protected Network 192.168.70.0/24 Field Value Technical Document Introduction

D o c u m e n t a t i o n A few conventions are used in this document to help you recognize specific elements of the text. If you are viewing this guide in PDF format, color variations may also be used to emphasize notes, warnings and new sections. Bold Italics Italics Blue Underline Small Caps Monospace Font Condensed Bold Bold Small Caps Emphasis Publications Clickable hyperlink (email address, web site or in-pdf link) On-screen field names On-screen text On-screen menus, menu items On-screen buttons, links A d d i t i o n a l D o c u m e n t a t i o n For instructions on installation, registration and setup of your GTA firewall, see the GB-OS User s Guide. For VPN setup and example configurations, see the VPN Option Guide. For optional features, see the appropriate feature guide. Manuals and other documentation can be found on the GTA website (www.gta.com). Documents on the website are either in plain text (*.txt) or Portable Document Format (*.pdf), which requires Adobe Acrobat. A free copy of the program can be obtained from www.adobe.com. 2 Technical Document Introduction

Technical Document Introduction 3

G TA F i r e w a l l C o n f i g u r a t i o n To configure your GTA firewall, log into the Web interface using an administrative account and follow the instructions below to setup up a GTA firewall to Linksys Cable/DSL Router VPN. Configuring the GTA firewall requires the completion of the following steps: 1. 2. 3. Configuring the Encryption Object Configuring the VPN Object Configuring the IPSec Tunnel Note GTA recommends that the NTP service be enabled on any GTA firewall using a VPN. C o n f i g u r i n g t h e E n c r y p t i o n O b j e c t To configure the encryption object, navigate to Configuration>System>Object Editor>Encryption Objects and click the New icon. Doing so will display the Edit Encryption Object screen. Enter the following settings to define the encryption object to be used by the VPN. Figure 2.1: Creating the Phase 1 Encryption Object Disable Name Description Field Name Encryption Method Hash Algorithm Key Group Table 2.1: Configuring the Phase 1 Encryption Object Linksys Encryption Field Value Phase 1 and 2 encryption object for GTA firewall to Linksys VPN <DES> <HMAC-MD5> <Diffie-Hellman Group 2 (1024 bits)> Click OK to return to the Encryption Objects screen and click the Save icon to save the new encryption object to the GTA firewall s configuration. Next, the VPN object must be configured. 4 Technical Document GTA Firewall Configuration

C o n f i g u r i n g t h e V P N O b j e c t To configure the VPN object to be used by the connection, navigate to Configuration>System>Object Editor>VPN Objects and click the New icon. Doing so will display the Edit VPN Object screen. Figure 2.2: Configuring the VPN Object Disable Name Description Phase I Field Name Exchange Mode Encryption Object Advanced Force Mobile Protocol Force NAT-T Protocol Lifetime DPD Interval Phase II Encryption Object Advanced Lifetime Table 2.2: Configuring the VPN Object Linksys VPN Object Field Value VPN Object used in the GTA firewall to Linksys VPN <Main> <Linksys Encryption> As defined in Configuring the Encryption Object. 90 minutes 30 seconds <Linksys Encryption> As defined in Configuring the Encryption Object. 60 minutes Click OK to return to the VPN Objects screen and click the Save icon to save the new VPN object to the GTA firewall s configuration. Next, the IPSec tunnel must be configured. Technical Document GTA Firewall Configuration 5

C o n f i g u r i n g t h e I P S e c Tu n n e l To configure the IPSec tunnel, which will be utilizing the configured encryption and VPN objects, navigate to Configuration>VPN>IPSec Tunnels and click the New icon. Doing so will display the Edit IPSec Tunnel screen. Figure 2.3: Configuring the IPSec Tunnel Table 2.3: Configuring the IPSec Tunnel Field Name Field Value Disable Description GTA firewall to Linksys Cable/DSL Router VPN IPSec Mode <IKE> VPN Object <Linksys VPN Object > As defined in Configuring the VPN Object. Pre-shared Secret adcdef123456 The pre-shared secret must match on the Linksys Cable/DSL Router. Local Gateway Network <External> This is the external network s logical interface. <Protected Networks> This is the protected network s IP address. Advanced Identity <IP Address> Remote Gateway 199.120.225.77 This is the IP address of the Linksys Cable/DSL Router s remote gateway. Network <USER DEFINED>, 192.168.70.0/24 This is the IP address of the Linksys Cable/DSL Router s protected network. Advanced Identity <IP Address> 6 Technical Document GTA Firewall Configuration

Click OK to return to the IPSec Tunnels screen. Under the Advanced tab, ensure that the Automatic Policies checkbox is enabled. By enabling automatic policies, the GTA firewall will generate the necessary VPN policies to allow traffic between the GTA firewall and the Linksys Cable/DSL Router. Figure 2.4: Enabling Automatic Policies Click the Save button to apply the VPN configuration to your GTA firewall. Next, it is necessary to configure the Linksys Cable/DSL Router. Technical Document GTA Firewall Configuration 7

L i n k s y s R o u t e r C o n f i g u r a t i o n To configure your Linksys Cable/DSL Router, log into the web interface using an administrative account and follow the instructions below to setup up a GTA firewall to Linksys Cable/DSL Router VPN. The Linksys Cable/DSL Router has only two functional areas to define the VPN: 1. 2. VPN Configuration Advanced VPN Configuration Once logged in, navigate to the VPN Section and enter the following information: Table 3.1: VPN Configuration Field Name Field Value This Tunnel Enable Tunnel Name Local Secure Group Linksys to GTA Firewall VPN <Subnet> Local Secure Group IP 192.168.70.0 Local Secure Group Mask 255.255.255.0 Remote Secure Group This is the IP address of the Linksys Cable/DSL Router s protected network. In this configuration example, the protected network has a Class C netmask. <Subnet> Remote Secure Group IP 192.168.71.0 Remote Secure Group Mask 255.255.255.0 Remote Secure Gateway 199.120.225.78 Encryption Authentication Key Management PFS (Perfect Forward Secrecy) Pre-shared Key Key Lifetime This is the IP address of the GTA firewall s protected network. In this configuration example, the protected network has a Class C netmask. This is the IP address of the GTA firewall. DES MD5 <AUTO (IKE)> Enabled abcdef123456 This field must match the pre-shared secret defined on the GTA firewall. 5400 seconds Note Encryption methods must match those set in the GTA firewall s encryption object. See Configuring the Encryption Object for settings. 8 Technical Document Linksys Router Configuration

Figure 3.1: VPN Configuration Once the configuration is complete, click the Apply button. After the settings have been applied to the Linksys router, click on the Advanced button to open the Advanced Settings screen. On the Advanced Settings screen, enter the following information: Table 3.2: Advanced VPN Configuration Field Name Phase 1 Operation Mode Proposal 1 Encryption Proposal 1 Authentication Proposal 1 Group Proposal 1 Key Lifetime Phase 2 Proposal 2 Encryption Proposal 2 Authentication PFS Proposal 2 Group Proposal 2 Key Lifetime Other Options NetBIOS Broadcast Anti-Replay Keep-Alive If IKE failed more than... Field Value Main mode <DES> <MD5> <1024-bit> This corresponds to Diffie-Hellman Group 2. 5400 seconds This field must be less than or equal to the GTA firewall s Phase 1 lifetime. DES This settings was configured on the previous screen. MD5 This settings was configured on the previous screen. On This settings was configured on the previous screen. <1024-bit> This corresponds to Diffie-Hellman Group 2. 3600 seconds This field must be less than or equal to the GTA firewall s Phase 1 lifetime. Checked Technical Document Linksys Router Configuration

Figure 3.2: Advanced VPN Configuration Once the advanced configuration is complete, click the Apply button. Your GTA firewall to Linksys Cable/DSL Router VPN is now complete. You can test the VPN s functionality by pinging from a host on one protected network to a host on the other protected network. 10 Technical Document Linksys Router Configuration

Technical Document Linksys Router Configuration 11

Copyright 1996-2006, Global Technology Associates, Incorporated (GTA). All rights reserved. Except as permitted under copyright law, no part of this manual may be reproduced or distributed in any form or by any means without the prior permission of Global Technology Associates, Incorporated. Technical Support GTA includes 30 days up and running installation support from the date of purchase. See GTA s web site for more information. GTA s direct customers in the USA should call or email GTA using the telephone and email address below. International customers should contact a local GTA authorized channel partner. Tel: +1.407.380.0220 Email: support@gta.com Disclaimer Neither GTA, nor its distributors and dealers, make any warranties or representations, either expressed or implied, as to the software and documentation, including without limitation, the condition of software and implied warranties of its merchantability or fitness for a particular purpose. GTA shall not be liable for any lost profits or for any direct, indirect, incidental, consequential or other damages suffered by licensee or others resulting from the use of the program or arising out of any breach of warranty. GTA further reserves the right to make changes to the specifications of the program and contents of the manual without obligation to notify any person or organization of such changes. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation for their use. GTA assumes no responsibility with regard to the performance or use of these products. Every effort has been made to ensure that the information in this manual is accurate. GTA is not responsible for printing or clerical errors. Trademarks & Copyrights GNAT Box, GB Commander and Surf Sentinel are registered trademarks of Global Technology Associates, Incorporated. GB-OS, RoBoX, GB- Ware and Firewall Control Center are trademarks of Global Technology Associates, Incorporated. Global Technology Associates and GTA are registered service marks of Global Technology Associates, Incorporated. The GTA Mobile VPN Client is licensed from TheGreenBow. Microsoft, Internet Explorer, Microsoft SQL and Windows are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Adobe and Adobe Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. UNIX is a registered trademark of The Open Group. Linux is a registered trademark of Linus Torvalds. BIND is a trademark of the Internet Systems Consortium, Incorporated and University of California, Berkeley. WELF and WebTrends are trademarks of NetIQ. Sun, Sun Microsystems, Solaris and Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Java software may include software licensed from RSA Security, Inc. Some products contain software licensed from IBM are available at http://oss.software.ibm.com/icu4j/. SurfControl is a registered trademark of SurfControl plc. Some products contain technology licensed from SurfControl plc. Some products include software developed by the OpenSSL Project (http://www.openssl.org/). Kaspersky Lab and Kaspersky Anti-Virus is licensed from Kaspersky Lab Int. Some products contain technology licensed from Kaspersky Lab Int. Mailshell and Mailshell Anti-Spam is a trademark of Mailshell Incorporated. Some products contain technology licensed from Mailshell Incorporated. All other products are trademarks of their respective companies. Global Technology Associates, Inc. 3505 Lake Lynda Drive, Suite 109 Orlando, FL 32817 USA Tel: +1.407.380.0220 Fax: +1.407.380.6080 Web: http://www.gta.com Email: info@gta.com 12 Technical Document

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information