Katana Client to Linksys VPN Gateway

Similar documents
IPsec VPN Application Guide REV:

VPN Configuration of ProSafe Client and Netgear ProSafe Router:

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Internet. SonicWALL IP SEV IP IP IP Network Mask

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

RouteFinder. IPSec VPN Client. Setup Examples. Reference Guide. Internet Security Appliance

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Setting up VPN Tracker with Nortel VPN Routers

ISG50 Application Note Version 1.0 June, 2011

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Using IPsec VPN to provide communication between offices

How To Industrial Networking

Configuration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Chapter 5 Virtual Private Networking Using IPsec

DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

VPNC Interoperability Profile

7. Configuring IPSec VPNs

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

Netopia TheGreenBow IPSec VPN Client. Configuration Guide.

How To Configure Apple ipad for Cyberoam L2TP

Configure VPN between ProSafe VPN Client Software and FVG318

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

Windows XP VPN Client Example

Chapter 6 Virtual Private Networking

Gateway to Gateway VPN Connection

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

How To Configure L2TP VPN Connection for MAC OS X client

Configuring IPsec between a Microsoft Windows XP Professional (1 NIC) and the VPN router

Configuring IPsec VPN with a FortiGate and a Cisco ASA

RF550VPN and RF560VPN

IPSec Pass through via Gateway to Gateway VPN Connection

Configuring SSH Sentinel VPN client and D-Link DFL-500 Firewall

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Configure IPSec VPN Tunnels With the Wizard

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

Chapter 4 Virtual Private Networking

VPN Wizard Default Settings and General Information

Micronet SP881. TheGreenBow IPSec VPN Client Configuration Guide.

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router:

VPN. VPN For BIPAC 741/743GE

ZyWALL USG-Series. How to setup a Site-to-site VPN connection between two ZyWALL USG series.

Application Notes. How to Configure UTM with Apple OSX and ios Devices for IPsec VPN

Keying Mode: Main Mode with No PFS (perfect forward secrecy) SA Authentication Method: Pre-Shared key Keying Group: DH (Diffie Hellman) Group 1

Interoperability Guide

Configuring the PIX Firewall with PDM

Interconnection between the Windows Azure

How to configure VPN function on TP-LINK Routers

VPN L2TP Application. Installation Guide

Apliware firewall. TheGreenBow IPSec VPN Client. Configuration Guide.

Chapter 8 Virtual Private Networking

How to configure VPN function on TP-LINK Routers

Vodafone MachineLink 3G. IPSec VPN Configuration Guide

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

Linksys RV042. TheGreenBow IPSec VPN Client. Configuration Guide.

Using Opensource VPN Clients with Firetunnel

OfficeConnect Internet Firewall VPN Upgrade User Guide

IP Office Technical Tip

VPNC Interoperability Profile

Configuring SonicOS for Microsoft Azure

Setting up VPN connection: DI-824VUP+ with Windows PPTP client

Symantec Firewall/VPN 200

Technical Document. Creating a VPN. GTA Firewall to WatchGuard Firebox SOHO 6 TD: GB-WGSOHO6

Virtual Private Network and Remote Access Setup

VPN Configuration Guide LANCOM

Configuring IPsec VPN between a FortiGate and Microsoft Azure

How To Setup Cyberoam VPN Client to connect a Cyberoam for remote access using preshared key

TheGreenBow IPsec VPN Client. Configuration Guide Cisco RV325 v1. Website: Contact:

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Cisco 1841 MyDigitalShield BYOG Integration Guide

Juniper NetScreen 5GT

From a Finder window choose Applications (shown circled in red) and then double click the Tether icon (shown circled in green).

Astaro User Portal: Getting Software and Certificates Astaro IPsec Client: Configuring the Client...14

Setting up D-Link VPN Client to VPN Routers

VPN Configuration Guide Linksys RV042/RV082

VPN Tracker for Mac OS X

Cisco RV 120W Wireless-N VPN Firewall

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

How to access peers with different VPN through IPSec. Tunnel

ZyXEL ZyWALL P1 firmware V3.64

Transcription:

Katana Client to Linksys VPN Gateway Goal Configure a VPN tunnel between a Katana client and a Linksys VPN gateway. Method The Katana client and the Linksys VPN gateway must have exactly the same IKE/IPsec settings in order to establish a VPN tunnel. Linksys gateway configuration The Linksys VPN gateway (WRV-54G) and firewall has one internal (trusted or LAN) and one external (untrusted or WAN) interface. The external interface must be assigned a public IP address, and the internal interface must be assigned a subnet. In this example, we use 101.101.101.75 for the external interface and 192.168.75.1/255.255.255.0 for the internal interface. Katana client configuration In this example, the Katana client has an IP address of 101.101.101.2 and is not behind a NAT. However, it is possible that the client may have a non-routable IP address and be located behind a NAT router. The connection to the Linksys VPN gateway will work in either case. A word of caution If the Katana client is trying to connect to the Linksys VPN gateway from behind a NAT, it is almost impossible to establish a functional VPN tunnel. There are two reasons. First, some NAT routers do not process IKE and IPsec packets correctly and if you are behind such a NAT router, you may not be able to access hosts behind the D-Link gateway even though an SA has been established. Second, a bigger problem is that the Linksys VPN gateway has a bug and it does not process NATed IKE packets correctly. The only way a functional VPN tunnel can be established is when the IKE packets arriving at the Linksys gateway have source (and destination) port as 500. Our suggestion is that you purchase the OmniVPN or Katana gateway. www.trlokom.com - 1-2004 Trlokom, Inc.

Linksys gateway remote access VPN configuration On the Linksys VPN gateway, the main VPN settings page (Security VPN) displays a menu of the available tunnels and the parameters of the selected tunnel. The remote access VPN is a tunnel that allows connecting from any remote IP address. All remote access users must use the same remote access VPN tunnel. There does not appear to be any way to configure multiple remote access tunnels or to allow more than one remote access connection at a time. Figure 1: Main VPN configuration page for Linksys gateway. www.trlokom.com - 2-2004 Trlokom, Inc.

Select a tunnel from the Select Tunnel Entry menu and configure it as follows: Select Tunnel Entry: VPN Tunnel: VPN Gateway: Tunnel Name: Local Group: IP Address: Mask: Remote Secure Gateway: Remote Secure Group: Encryption: Authentication: Key Exchange Method: PFS: Pre-Shared Key: Key Lifetime: Tunnel number Enabled Disabled Name of the tunnel ( remote in this example) Subnet Subnet IP address (192.168.75.0 in this example) Subnet mask (255.255.255.0 in this example) Any Any 3DES MD5 Auto (IKE) Enabled Secret for authentication ( abcd in this example) 28800 seconds (8 hours) www.trlokom.com - 3-2004 Trlokom, Inc.

Linksys gateway IKE/IPsec configuration Once the tunnel polices and identifiers are configured, click on the Advanced VPN Tunnel Setup button at the bottom of the page to configure IKE and IPsec proposals. Figure 2: IKE and IPsec proposals. www.trlokom.com - 4-2004 Trlokom, Inc.

For Phase 1, enter the following parameters: Operation Mode: Main Encryption: 3DES Authentication: MD5 Group: 1024-bit (Diffie-Hellman Group 2) Key Life Time: 28800 Seconds (8 hours) For Phase 2, enter the following parameters: Encryption: 3DES (set in the main window) Authentication: MD5 (set in the main window) PFS: Enabled (set in the main window) Group: 1024-bit (Diffie-Hellman Group 2) Key Life Time: 28800 Seconds (8 hours) Once the proposals have been configured, click Save Settings to save the proposals and return to the main page. It is critical that the exact same Phase 1 and Phase 2 proposals be entered at the remote client. www.trlokom.com - 5-2004 Trlokom, Inc.

Katana client tunnel configuration The Role must be set to Stand-alone client, and the VPN button in the toolbar must show a lock that is closed and green. Multiple VPN tunnels can be defined, and each one can be activated or deactivated independently. In the Configuration window, click the Add button to the right of the list of tunnels. This opens the dialog box to define tunnel parameters. Figure 3: Katana configuration window www.trlokom.com - 6-2004 Trlokom, Inc.

Enter the local (Katana side) and remote (Linksys side) configuration. If the client subnet mask is set to 32 (255.255.255.255), the IP address and client ID will be automatically set to the client s address. At the bottom left, the ID type must be set to Address and the mode set to Main mode. In addition, NAT Traversal must be enabled. For the Local configuration, enter: Client ID: Subnet: Public IP address: Current IP address of the client (101.101.101.2 in this example) Current subnet of the client (101.101.101.0 / 32 in this example) Same as the current IP address of the client (101.101.101.2 in this example) For the Remote configuration, enter: Remote ID: Subnet: Public IP address: Public IP address of the Linksys gateway (101.101.101.75 in this example) Subnet behind the Linksys gateway (192.168.75.0 / 24 in this example) Public IP address of the Linksys gateway (101.101.101.75 in this example) Figure 4: Tunnel definition. www.trlokom.com - 7-2004 Trlokom, Inc.

Katana client IKE / IPsec configuration To configure the IKE and IPsec parameters to match those on the gateway, click the Edit proposals button in the "Define tunnel" window. This will open the Edit proposals window where the IKE and IPsec parameters are specified. The proposal defined on the Katana client must match the proposal defined at the Linksys VPN gateway exactly. There must be only one proposal. The IKE (ISAKMP) settings must be Tunnel mode using Identity Protection mode, and NAT Traversal must be enabled. There is only one proposal for both ISAKMP and IPsec, i.e., 3DES-MD5. The lifetimes are set to 8 hours. Perfect forward secrecy is enabled using MODP 1024 (the second Diffie-Hellman group). Please make sure that the proposals are identical to those entered on the Linksys VPN gateway. Figure 5: IKE (ISAKMP) and IPsec proposals. www.trlokom.com - 8-2004 Trlokom, Inc.

Conclusion After the VPN tunnel is defined, Katana will automatically attempt to establish it. A green checkmark will appear next to the tunnel if it is established successfully. If a tunnel cannot be established, no icon will be displayed. If the tunnel has been disabled, a red cross will be displayed. To disconnect a tunnel, select it and click the Disconnect button to the right of the list of tunnels. Since VPN tunnels are created on demand, the tunnel may be re-established automatically. To disable a tunnel, turn off the Tunnel is enabled option at the top of the "Define tunnel" window. To completely disconnect from the VPN, click the VPN button in the toolbar. The lock will open and turn red. Figure 6: A green checkmark indicates that the tunnel is established. www.trlokom.com - 9-2004 Trlokom, Inc.

After establishing a VPN tunnel between the Katana client and the Linksys gateway, the details of the security association (SA) can be viewed by clicking the Security associations button in the Configuration window. To delete an SA, select it in the Security Associations window and press the Delete button on the keyboard. Figure 7: List of existing security associations. Please note that successfully establishing a SA may not be sufficient to connect to machines behind the Linksys gateway. Some NAT routers do not process IKE and IPsec packets correctly and if you are behind such a NAT router, you may not be able to access hosts behind the Linksys gateway even though an SA has been established. www.trlokom.com - 10-2004 Trlokom, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information