User Guide Managed VPN Router. Wireless Maingate AB. Wireless Maingate AB



Similar documents
Introduction. Technology background

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Route Based Virtual Private Network

Configuring a VPN for Dynamic IP Address Connections

WAN Failover Scenarios Using Digi Wireless WAN Routers

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Configuration Example

How to access peers with different VPN through IPSec. Tunnel

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

VPN Configuration Guide DrayTek Vigor / VigorPro

Virtual Private Network and Remote Access Setup

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

21.4 Network Address Translation (NAT) NAT concept

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

Table of Contents. Introduction

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Creating a VPN with overlapping subnets

How To Load Balance On A Cisco Cisco Cs3.X With A Csono Css 3.X And Csonos 3.5.X (Cisco Css) On A Powerline With A Powerpack (C

White Paper. Telenor VPN

GPRS / 3G Services: VPN solutions supported

Virtual Private Network and Remote Access

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

VPN Tracker for Mac OS X

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Configuring Tunnel Default Gateway on Cisco IOS EasyVPN/DMVPN Server to Route Tunneled Traffic

Configure ISDN Backup and VPN Connection

TheGreenBow IPsec VPN Client. Configuration Guide Cisco RV325 v1. Website: Contact:

GPRS and 3G Services: Connectivity Options

Juniper / Cisco Interoperability Tests. August 2014

How To Setup Cyberoam VPN Client to connect a Cyberoam for remote access using preshared key

Chapter 4 Virtual Private Networking

Cisco QuickVPN Installation Tips for Windows Operating Systems

CCNA Security 1.1 Instructional Resource

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

VPN. VPN For BIPAC 741/743GE

- Introduction to PIX/ASA Firewalls -

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Fireware How To Network Configuration

Micronet SP881. TheGreenBow IPSec VPN Client Configuration Guide.

Title: Peer to Peer Communications on TDE systems Using Multi-Tech Routers

Network Services Internet VPN

Cisco Which VPN Solution is Right for You?

Planet CS TheGreenBow IPSec VPN Client. Configuration Guide.

Configuring Dual VPNs with Dual ISP Links Using ECMP Tech Note PAN-OS 7.0

VPN Configuration Guide. Cisco ASA 5500 Series

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Case Study for Layer 3 Authentication and Encryption

Configuring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

Firewall Troubleshooting

ZyXEL ZyWALL P1 firmware V3.64

Network Address Translation (NAT) Good Practice Guideline

Top-Down Network Design

Virtual Private Networks

IP Security. Ola Flygt Växjö University, Sweden

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

EDI BROCHURE ELECTRONIC DATA INTERCHANGE WITH FORD. created by GSEC, Global Supplier Electronic Communications

IP Office Technical Tip

Greenbow VPN Client with Teldat VPN Server. Configuration Highlights

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Cisco RV 120W Wireless-N VPN Firewall

Guideline for setting up a functional VPN

Using IPsec VPN to provide communication between offices

Apliware firewall. TheGreenBow IPSec VPN Client. Configuration Guide.

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Recommended IP Telephony Architecture

GNAT Box VPN and VPN Client

VPN Configuration Guide LANCOM

BUY ONLINE AT:

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Configuring IPsec VPN between a FortiGate and Microsoft Azure

Configure IPSec VPN Tunnels With the Wizard

VPN Only Connection Information and Sign up

Cisco 1700 Router Overview

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

HOWTO: How to configure IPSEC gateway (office) to gateway

IP Office Technical Tip

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

LinkProof And VPN Load Balancing

Chapter 8 Virtual Private Networking

Cisco SA 500 Series Security Appliance

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

Cisco Networking Academy CCNP Multilayer Switching

Chapter 3 LAN Configuration

VPN Configuration Guide. Cisco Small Business (Linksys) RV016 / RV042 / RV082

Configuring a GB-OS Site-to-Site VPN to a Non-GTA Firewall

Security Technology: Firewalls and VPNs

Vega 100G and Vega 200G Gamma Config Guide

Transcription:

E-mail: info@maingate.se Web: www.maingate.se User Guide Managed VPN Router

1.0 MANAGED VPN ROUTER Revision: 1.0 Date: 24.08.2009 Information class: Open Information Address: Drottninggatan 16 37131 Karlskrona Phone number: +46 455 363700 Fax number: +46 455 363737 Copyright 2009 The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. shall have no liability for any error or damages of any kind resulting from use of this document.

TABLE OF CONTENTS 1INTRODUCTION 4 1.1 TERMINOLOGY 4 2 PRODUCT OVERVIEW 5 2.1 Customer Requirements 5 3 ORDERING MANAGED VPN ROUTER 6 4 IP CONFIGURTION9 4.1 Maingate VPN tunnels 9 4.2 IP Routing 9 4.3 Firewall Configuration 10 4.3.1 Firewall between MVR routers and Internet 10 4.3.2 Firewall on Access network 11 5 INSTALLATION 12 5.1 Attaching routers to network 12 6 INVOICING 13 7 REFERENCES 14 8 APPENDIX 14 8.1 Document history 14

1 INTRODUCTION This document is intended to be used by the customer whenever ordering, configuring or using the Wireless Maingate Managed VPN Router product. 1.1 TERMINOLOGY Access Network HSRP IP Default Route IPSec LAN MVR OSPF TCP/IP VPN The network that connects the MVR routers with customer s routing equipment. Also called interconnect network. Hot Standby Router Protocol Default destination of unrouted IP packets Internet Protocol Security Local Area Network Managed VPN Router Open Shortest Path First (Routing protocol) Transmission Control Protocol/Internet Protocol Virtual Private Network WIRELESS MAINGATE AB 2008 4 (14)

2 PRODUCT OVERVIEW Maingate s Managed VPN Router product provides secure IP communication between the customer s network and Wireless Maingate s networks and services. This product can be used for any of Wireless Maingate s IP based services. An overview of the functionality is shown in figure 1 below. Figure 1 Product overview The customer application is connected to Wireless Maingate over the Internet using VPN tunnels. Each router has a redundant IPSec tunnel connected to a core router. To avoid IP addressing conflicts, the access network is a public IP-address network, provided by Maingate. 2.1 CUSTOMER REQUIREMENTS In order for the MVR product to function as expected, the customer s network must meet the following requirements: Network must be set up to allow both routers to communicate on Access network. Access to the Internet with two public IP-addresses that should be assigned to MVR routers. These addresses do not need to be on the same public network. If MVR routers are installed behind a firewall, traffic described in 4.3.1 must be allowed to pass through. E-mail: info@maingate.se Web: www.maingate.se 5 (14)

3 ORDERING MANAGED VPN ROUTER The Managed VPN Router product is ordered by completing and signing the Product Agreement for Manged VPN Router or choosing this access alternative in the product agreement for one of Maingate s access produts. The signed agreement can be delivered in original to a Maingate sales representative or sent by regular mail to Maingate. The pages of the Product Agreement are shown in figure 2. Managed VPN Figure 2 Managed VPN Router Product Agreement One separate Account Details form (page 3) is required for each separate connection. The Account Details are completed as follows: Technical Contact Person 1 and 2 Operational Updates Contact details of two persons responsible for assisting Maingate in managing the routers. Email address(es) of a customer representative(s) that will receive updates concerning operational issues, such as planned or unscheduled outages both during working and non-working hours. E-mail: info@maingate.se Web: www.maingate.se 6 (14)

Once the completed Product Agreement has been processed, Maingate will configure the new account. Subsequently a confirmation mail with be sent to the Main Contact Person and the Technical Contact Persons. Two documents will be attached to the confirmation e-mail: Managed VPN Router User Guide (this document) Managed VPN Router Configuration Form The Configuration Form (figure 3) must be completed by the customer in order for Maingate to configure the routers. Figure 3 Configuration Form Router 1 and 2, public IP address Two public IP addresses accessible over the Internet will be assigned to MVR routers outside interface. Speed and Duplex settings Speed and duplex settings for MVR router interfaces to match customer equipment. Enter values in format speed/duplex, ex 100/full or 10/half. E-mail: info@maingate.se Web: www.maingate.se 7 (14)

Customer encrypted range Routing in access network Customer OSPF information Customer networks next hop The network(s) from which customer will access Wireless Maingate services. Routing mechanism used between MVR routers and customer equipment. Possible values are Static or OSPF. OSPF Process and Area identifier. Only entered if OSPF routing is chosen. Gateway for MVR routers on the inside interfaces. Customer encrypted range will be routed to this point. Only entered if static routing is chosen. E-mail: info@maingate.se Web: www.maingate.se 8 (14)

Cisc o Sy stems WIC0 WIC0 PWR AC T/CH0 ACT/CH0 ET H AC T 0K COL AC T/CH1 ACT/CH1 Cisco Systems Cisco Systems Cisco 1700 SERIE S ROUTER PWR PWR 0K 0K WIC0 WIC0 ACT/CH0 ACT /CH0 ACT/CH1 ACT /CH1 WIC0 WIC0 ACT/CH0 ACT/CH0 ACT/CH1 ACT/CH1 ETH ACT COL ETH ACT COL Cisco 1700 SERIES ROUTER Cisco 1700 SERIES ROUTER 1.0 MANAGED VPN ROUTER 4 IP CONFIGURATION In order for MVR to function correctly, the transmission of IP packets between Maingate and the customer must be carefully configured. This chapter describes how the customer should set up and configure their systems and networks to be compatible with the MVR solution. 4.1 MAINGATE VPN TUNNELS IPSec encryption is used for the VPN tunnel between Maingate and the LAN connecting the customer network. IPSec is a set of standard protocols for implementing secure communication and encryption key exchange between computers. An IPSec VPN generally consists of two communication channels between the endpoint hosts: a key-exchange channel over which authentication and encryption key information is passed, and one or more data channels over which private network traffic is carried. The VPN used by Maingate MVR routers uses 3DES encryption on both keyexchange and data channels. 4.2 IP ROUTING Once the MVR routers have been set up, the customer s LAN must be configured to route applicable packets through them and allow packets from Maingate network to reach the customer application via MVR routers. There are two ways of configuring this; static routing with HSRP redundancy or OSPF with routing redundancy. The figure below shows an example of how static routing could be set up. Please note that Maingate does not require customer to have redundant connections or firewalls as shown below. Figure 4 IP routing between Maingate and customer with HSRP E-mail: info@maingate.se Web: www.maingate.se 9 (14)

Cisco S ystems Cisco S ystems PW R 0K WIC0 WIC0 PW R ACT/CH0 ACT/CH0 ETH ACT 0K COL ACT/CH1 ACT/CH1 WIC0 WIC0 ACT /CH0 ACT/CH0 ACT/CH1 ACT /CH1 ETH ACT COL Cisco 1700 SE RIES ROU TER Cisco 1700 SE RIES ROU TER 1.0 MANAGED VPN ROUTER On both MVR routers and customer firewalls or equivalent equipment, a virtual interface is configured. These virtual interfaces are used for routing to handle redundancy. If a router or tunnel breaks down, the virtual interface will move to the standby router. Hence, there will only be traffic on one tunnel at a time. An example of OSPF configuration is shown below. Figure 5 IP routing between Maingate and customer with OSPF The inside networks on the Managed VPN routers share routing information with the customer network using a dynamic routing protocol such as OSPF. Routing of the customer networks will then be redirected to Maingate s network via both routers and vice versa. There is no hard-configured primary or secondary router, as OSPF will choose the best path between Maingate and the customer networks. If a router malfunctions or a tunnel breaks down, the routing protocol will update the paths and send all traffic through one tunnel. The actual IP-addresses to use and networks to be routed are specified on the MVR configuration form. 4.3 FIREWALL CONFIGURATION Maingate does not require any firewalls for the MVR service. However, when using IP-based communication, special attention must be paid to providing adequate security for the systems and information. Since using some of Maingate s services effectively expands the customer s LAN to a multitude of connection points, special attention to security is appropriate. 4.3.1 Firewall between MVR routers and Internet The customer must ensure that the customer s firewall is open to permit the types of IP sessions that Wireless Maingate uses for VPN connection and remote access. The following traffic must be allowed to pass through the firewalls to MVR routers: SSH from 87.237.152.140 and 83.241.178.2 ESP bi-directional with 87.237.152.33 ESP bi-directional with 83.241.178.2 IKE (udp 500) bi-directional with 87.237.152.33 IKE (udp 500) bi-directional with 83.241.178.2 E-mail: info@maingate.se Web: www.maingate.se 10 (14)

4.3.2 Firewall on Access network The customer must ensure that the customer s firewall is open to allow the types of IP sessions that are used by terminal and application. If not, the IP packets will be blocked and communication will not function correctly. Wireless Maingate s firewall towards the VPN tunnel is open to allow for all types of IP sessions. E-mail: info@maingate.se Web: www.maingate.se 11 (14)

5 INSTALLATION 5.1 ATTACHING ROUTERS TO NETWORK Maingate will deliver two preconfigured routers which should be installed by the customer. Both routers should be connected as shown in figure 6 below. Figure 6 How to connect MVR routers The customer should connect Internet to the lower outlet marked as FE0 and the access network to the upper outlet marked as FE1. Maingate recommends that the routers are placed physically apart and with redundant power supply. Note: The routers are not delivered to the customer until the MVR configuration form has been correctly filled in. E-mail: info@maingate.se Web: www.maingate.se 12 (14)

6 INVOICING The Managed VPN Router product is invoiced monthly. The invoice specifies any applicable initiation fees and periodic fees per connection. The structure of fees for Managed VPN Router is as follows: Initiation fee Periodic fee A fixed, one-time fee per connection for set-up and configuration of the routers A monthly fee for surveillance and support E-mail: info@maingate.se Web: www.maingate.se 13 (14)

7 REFERENCES 8 APPENDIX 8.1 DOCUMENT HISTORY Revision Date Signature Comments 1.0 2009-08-24 HS New layout. E-mail: info@maingate.se Web: www.maingate.se 14 (14)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information