White Paper. Telenor VPN



Similar documents
DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

SpiderCloud E-RAN Security Overview

GPRS and 3G Services: Connectivity Options

Cisco Which VPN Solution is Right for You?

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

For extra services running behind your router. What to do after IP change

Technical Notes TN 1 - ETG FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

GPRS / 3G Services: VPN solutions supported

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Routing Security Server failure detection and recovery Protocol support Redundancy

Creating a VPN with overlapping subnets

Network Services Internet VPN

Birdstep Intelligent Mobile IP Client v2.0, Universal Edition. Seamless secure mobility across all networks. Copyright 2002 Birdstep Technology ASA

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

WAN Failover Scenarios Using Digi Wireless WAN Routers

Cisco QuickVPN Installation Tips for Windows Operating Systems

User Guide Managed VPN Router. Wireless Maingate AB. Wireless Maingate AB

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

VPN. Date: 4/15/2004 By: Heena Patel

Cornerstones of Security

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

Enabling NAT and Routing in DGW v2.0 June 6, 2012

M!DGE/MG102i. Application notes.

Scenario: Remote-Access VPN Configuration

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

WHITE PAPER. Mobility Services Platform (MSP) Using MSP in Wide Area Networks (Carriers)

How To Configure An Ipsec Tunnel On A Network With A Network Gateways (Dfl-800) On A Pnet 2.5V2.5 (Dlf-600) On An Ipse Vpn

EMR. Ethernet Modem Router for Wireless Networks. A wireless secure access to Ethernet industrial networks making use of the public operator networks

Cisco Wireless Security Gateway R2

Cisco Virtual Office Express

Technical White Paper

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

Radio Access Routing Devices for M2M Communications Requirements and Reference Implementation

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

ISG50 Application Note Version 1.0 June, 2011

Using IPsec VPN to provide communication between offices

Chapter 9 Monitoring System Performance

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

HOWTO: How to configure IPSEC gateway (office) to gateway

Pre-lab and In-class Laboratory Exercise 10 (L10)

Technical papers Virtual private networks

UIP1868P User Interface Guide

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

VPN Tracker for Mac OS X

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Cisco SR 520-T1 Secure Router

Supporting Multiple Firewalled Subnets on SonicOS Enhanced

How to access peers with different VPN through IPSec. Tunnel

R4: Configuring Windows Server 2008 Network Infrastructure

IP Telephony Basics. Part of The Technology Overview Series for Small and Medium Businesses

Table of Contents. Introduction

Case Study for Layer 3 Authentication and Encryption

SIP Trunking Configuration with

Using Remote Desktop Software with the LAN-Cell

GSM services over wireless LAN

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Application Description

LinkProof And VPN Load Balancing

Configure IPSec VPN Tunnels With the Wizard

Configuring Windows Server 2008 Network Infrastructure

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

Configuring IPsec between a Microsoft Windows XP Professional (1 NIC) and the VPN router

Scenario: IPsec Remote-Access VPN Configuration

IP Office Technical Tip

Hosted PBX Platform-asa-Service. Offering

How To Configure Apple ipad for Cyberoam L2TP

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

Application Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

TheGreenBow IPsec VPN Client. Configuration Guide Cisco RV325 v1. Website: Contact:

VPN Tracker for Mac OS X

Configuring IPsec VPN between a FortiGate and Microsoft Azure

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

LAN TCP/IP and DHCP Setup

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

Security Awareness. Wireless Network Security

Firewall Troubleshooting

TechNote. Configuring SonicOS for Amazon VPC

About IHM VoIP. Description of IHM VoIP enabled products and protocols used.

Tech-Note Bridges Vs Routers Version /06/2009. Bridges Vs Routers

Transcription:

White Paper Telenor VPN Versjon 2.2 September 2006 Side 1 av 5

Table of contents 1 Short introduction... 3 2 Product information... 3 2.1 Mobile Data Access... 3 2.2 SMS Acess and SMS Bedrift... 4 2.3 ProffNett... 4 3 Telenor VPN... 4 Abbreviations API GPRS GPS GSM GW IKE IP NAT M2M MDA SMS-C UMTS VPN WAP Application Programmable Interface General Packet Radio System Global Positioning System Global System for Mobile communication Gateway Internet Key Exchange Internet Protocol Network Addressing Translation Machine to machine Mobile Data Access Short Message Services Center Universal Mobile Telecommunication System Virtual Private Network Wireless Application Protocol Versjon 2.2 September 2006 Side 2 av 5

1 Short introduction Telenor VPN gives the customer/3rd party secure access to an internal network or dedicated services over an external unsecured network. Virtual Private Network (VPN) technology are used to attend to the security over the external network to make sure that the Customer can communicate with Telenors mobile network in a secure way. 2 Product information With Telenor VPN, customers get a secure, reliable access to support corporate products from Telenor, see Figure 1. Figure 1 Simplified sketch of Telenor VPN 2.1 Mobile Data Access The product Mobile Data Access gives the mobile users secure access to the companys internal data network and services like e-mail and intranet via the mobile network. The Customer authenticates the employees when they access the Companys LAN. Mobile Data Access is used as infrastructure for several applications made for specific business sectors, access to e-mail and common files and also for cellular machine-to-machine communication. It is recommended not to combine MDA traffic with other services in the same VPN tunell. Figure 2 Simplified sketch of Telenor VPN with MDA Versjon 2.2 September 2006 Side 3 av 5

2.2 SMS Acess and SMS Bedrift SMS Access and SMS Bedrift are using Telenor VPN for secure transport of SMS between the SMS service center (SMSC) at Telenor and the SMS server at the customer. The target group for SMS Bedrift are companies with needs in communications in SMS with customers and employees or in m2m-solutions. SMS Bedrift traffic is not permitted for resale. SMS Access are targeted mainly for service providers who will offer value added services based on SMS. SMS Access and SMS Bedrift are enableing two-way SMS communication between a server at the customers premises and mobile terminals in the Telenor mobile network. Companies are offered a direct connection from their own central server to the Telenor SMSC. The customers are given a five-figure number that can be used for sending and receiving messages. SMS can be used for sending ordinary messages to and from a mobile terminal, but such a message can also be used to carry different kinds of information, such as readings from a weather station, transport of GPS information etc. 2.3 ProffNett ProffNett uses Telenor VPN for secure transport of signalling information between the Proffnett server at Telenor and the switchboard server at the customer. Proffnett is a voice service ensuring low cost mobile telephony between the company s employees. 3 Telenor VPN Hardware Telenor VPN requires a VPN-enabled router or dedicated VPN hardware on the customer s side. Reuse of existing router at the customer is possible as long the router satisfies the requirements in this document and is powerful enough to handle additional processing. The customer owns and administrates its VPN gateway. If a Cisco router is used, Telenor can generate a configuration file that the customer can use to configure the router. If other routers or VPN terminating devices are used, the customer itself must configure the equipment. Alternatively, a third party can install, configure and administrate the customer s VPN gateway. Experiences shows that the Telenor VPN solution may be used with most VPN-enabled routers. The customer uses the same VPN GW for terminating VPN connections from mostly all existing and future services from Telenor. Access lists Telenor s VPN gateway uses access lists to control which traffic, based on sender address, receiving address or both, that is sent through which VPN tunnel. In this access list it is stated which server(s) in Telenors network the customer can reach trough the VPN tunnel. For each new customer, or if an existing customer shall implement a new service, the access lists must be updated with this information. The access list on the customer s side must match the access list in Telenor VPN gateway to accept the traffic from Telenor and handle it correctly. Requirements to the customer Before a customer can connect to Telenor using Telenor VPN, the following requirements must be fulfilled: The customer s internal network must be protected by a firewall. The firewall must be able to forward IKE- and IPsec traffic between Telenor and the terminating point in the customer s premises on IP layer 3. VPN gateway feature set supporting IPsec with 3DES must be available at the customer premises.. If the VPN service is to be incorporated into an existing multi-purpose router, the customer must make sure that this router is capable of handling the increased processor load resulting from IPsec encryption/decryption processing. If a Cisco router is used, Telenor can help configure the router by sending over to the customer a suggested configuration. If a router from another manufacturer is used, the customers must do the configureation Versjon 2.2 September 2006 Side 4 av 5

themselves. The router must run an IOS supporting IPsec 3DES. If existing VPN router is used, the customer must ensure that it is powerful enough to handle the extra processing. The customer VPN router must be assigned a public IP address, making the router accessible from the Internet. Requirements for placement of the VPN GW: Preferably the VPN GW should be placed on a dedicated leg on the firewall. The firewall must then be configured to allow IPsec traffic from Telenor s VPN GW to the customer s VPN GW. Alternatively, the VPN GW can be placed on the open segment between the firewall and the Internet edge router. In this configuration, the VPN GW must be protected using access lists to prevent unauthorised access. Requirements for addressing: The customer is allocated a subnet of private IP-addresses from a predefined IP-range in Telenor. This address space will be dimensioned based on the number of servers in the customer s network that need to communicate through the VPN tunnel. Each server in the customer s network is assigned an IP-address from the address space mentioned above. This address can be assigned as a secondary address, or the customer can use NAT in the firewall. The advantage by using NAT is that then the address allocation is transparent to the customer s internal network. The VPN GW will be defined as the default Gateway for the network that shall be reached in Telenor s network. If all official IP addresses are places outside the firewall, a host route must be made in the Customers router. This in order to route traffic going to the VPN terminating point to the Customers firewall. As a minimum solution the Customer must route a /30 network with official IP addresses through the firewall, and assign an address to the firewalls interface on the inside as a secondary address and the other to the VPN GW. Versjon 2.2 September 2006 Side 5 av 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information