GajShield UPTM Certification Module 4 GajShield Infotech Pvt Ltd
Types Of VPN IPSec - IP Security PPTP - Point-to-Point Tunneling Protocol L2TP - Layer 2 Tunneling Protocol GRE - Generic Route Encapsulation
VPN In this training session you will learn -How to configure Site-to-Site VPN using Preshared Key. -How to configure Client-to-Site VPN using X509 Certificate. -VPN Configuration for L2TP/IPsec. -VPN Configuration for PPTP.
Client to Site VPN Site to Site VPN
Site-to-Site IPSec VPN Configuration Using Preshared Key
Example Setup We have to established Site-to-Site VPN. User From Parel Branch can access Web Server of Andheri Branch. User From Andheri Branch can access Mail and Database Server of Parel Branch. User-1 192.168.1.2 User -1 192.162.2 TATA 219.2.3.1 MTNL 212.5.9.1 Router Router LAN 192.168.2.1/24 TATA 219.2.3.2 Internet Cloud MTNL 212.5.9.2 LAN 192.168.1.1/24 VPN server switch User-2 192.168.1.3 User-2 192.168.2.3 VPN server Parel Branch Andheri Branch Web Server 192.168.1.4 Mail Server 192.168.2.4 Data Base Server 192.168.2.5
Steps to configure Site-to-Site VPN Using Preshared Key 1. Creation of Policy. 2. Creation of Tunnel. 3. Required to add rules. 4. Restart VPN
VPN Policy This section contain information about parameters required to define VPN Tunnels. Default Policy will come with factory setting. If you want you can create your own policy.
VPN Policy Settings Note-Policy configuration required to setup a ipsec tunnel.
VPN Tunnel Details This section contains information about configured Tunnels
VPN Tunnel Configuration Using Preshared Key Example configuration of Site-to-Site VPN using Preshared Key. If we know remote IP address Static IP of UPTM Gateway of UPTM Local Network Remote VPN Server IP Remote Local Lan
Rules for site-to-site VPN For VPN Connectivity For access of LAN
Restart VPN
Client-to-Site L2TP/IPsec VPN Configuration Using X509 Certificate
Client-to-Site VPN example User from remote location want to connect Mail Server Inside Andhri Branch. So that he/she can access there mail. Remote-User-1 219.64.2.1 User -1 192.162.2 TATA 219.2.3.1 Router Remote User LAN 192.168.2.1/24 TATA 219.2.3.2 Internet Cloud Remote-User-2 210.1.5.9 User-2 192.168.2.3 VPN server Andheri Branch Mail Server 192.168.2.4 Data Base Server 192.168.2.5
Steps to Configure Client-to-Site L2TP/IPsec VPN Using x509 Certificate 1. Create CA Certificate. 2. Create local request file. 3. Sign local request file by Signing CA. 4. Create User request file. 5. Sign User request file by Signing CA. 6. Creation of policy. 7. Creation of tunnel. 8. Configure L2TP Options. 9. Add new user. 10. Required to add rules. 12. Restart L2TP. 13. Restart VPN Tunnel.
CA Certificate Details After expiry date certificate will not work. So take expiry date at least 10 years from date of creation. CA certificate Password Uniqe for each certificate Note: Don t use special character and space in any of the above field.
Signing CA Certificate
User Certificate Details User Certificate Password Uniqe for each certificate Note: Don t use special character and space in any of the above field.
User Request File and User Certificate Signed By CA User Certificate File User Request File Click here to sign by CA
User Request File Signed By Signing CA CA certificate password
VPN Policy This section contain information about parameters required to define VPN Tunnels. Default Policy will come with factory setting. If you want you can create your own policy.
VPN Policy Settings Note-Policy configuration required to setup a ipsec tunnel.
VPN Tunnel Details This section contains information about configured Tunnels
VPN Tunnel Configuration Using Certificate Example configuration of Client-to-Site VPN using X509 certificate. If we don t know remote IP address Remote Server IP is Any. User Certificate We need to create User Certificate from VPN->Certificate->Manage Certificate Option
Local Certificate Details Local IPsec key settings is required when we want to configure VPN using X509 certificate. Before configuring it we need to create CA certificate and User Certificate in VPN->Certificate Section.
Advance VPN Options No need to changed any thing until required.
L2TP Configuration Static IP of UPTM Reserve IP range Local IP of UPTM
VPN User Configuration You can assign any free IP from IP-range allocate for VPN users. Or you can left it blank, VPN server will assign IP to user automatically form IP pool define in L2TP or PPTP configuration.
VPN Users
Rules of L2TP/IPsec VPN Rules for VPN Rules to access machine inside local LAN
Restart L2TP
Restart VPN
PPTP Configuration
Client-to-Site VPN example User from remote location want to connect Mail Server Inside Andhri Branch. So that he/she can access there mail. Remote-User-1 219.64.2.1 User -1 192.162.2 TATA 219.2.3.1 Router Remote User LAN 192.168.2.1/24 TATA 219.2.3.2 Internet Cloud Remote-User-2 210.1.5.9 User-2 192.168.2.3 VPN server Andheri Branch Mail Server 192.168.2.4 Data Base Server 192.168.2.5
Steps to configured PPTP VPN Configure PPTP options Add VPN User Create rule for VPN. Restart PPTP.
PPTP Configuration Reserver Local Lan Range Local Lan IP of UPTM
VPN User Configuration You can assign any free IP from IP-range allocate for VPN users. Or you can left it blank, VPN server will assign IP to user automatically form IP pool define in L2TP or PPTP configuration.
VPN Users
Rules for VPN Rules to access machine inside local LAN
Restart PPTP
How to save Certificate
Click here to save certificate
Export password User certificate password Export Password Required when we import certificate on windows machine.
Windows Machine Configuration for L2TP and PPTP VPN Client
Click on add button Click on Add button
IP of VPN server
Click on settings button
If we are using preshared key click on IPSec Settings
Click on Connect Button Enter User name and password