VPNC Scenario for IPsec Interoperability

Similar documents
Configuring VPNs in the EN-1000

The EN-4000 in Virtual Private Networks

How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel

How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel

Virtual Tunnel Interface

Configuration Guide. How to connect to an IPSec VPN using an iphone in ios. Overview

Quick Note. Configure an IPSec VPN tunnel between a Digi TransPort LR router and a Digi Connect gateway. Digi Technical Support 20 September 2016

SLE in Virtual Private Networks

How to Configure an IKEv1 IPsec VPN to an AWS VPN Gateway with BGP

Virtual Private Networks

Site-to-Site VPN with SonicWall Firewalls 6300-CX

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall.

Configuring the EN-2000 s VPN Firewall

Configuring VPN from Proventia M Series Appliance to Proventia M Series Appliance

How to Configure an IKEv1 IPsec VPN to an AWS VPN Gateway with BGP

Integration Guide. Oracle Bare Metal BOVPN

Configuration of an IPSec VPN Server on RV130 and RV130W

Configuring VPN from Proventia M Series Appliance to NetScreen Systems

How to Configure a Site-To-Site IPsec VPN to the Amazon AWS VPN Gateway

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Efficient SpeedStream 5861

Proxy Protocol Support for Sophos UTM on AWS. Sophos XG Firewall How to Configure VPN Connections for Azure

Configuring VPN from Proventia M Series Appliance to Symantec 5310 Systems

Using the EN-2000 s Management System

Google Cloud VPN Interop Guide

How to Configure an IPsec VPN to an AWS VPN Gateway with BGP

Quick Note 65. Configure an IPSec VPN tunnel between a TransPort WR router and an Accelerated SR router. Digi Technical Support 7 June 2018

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

How to Configure Forcepoint NGFW Route-Based VPN to AWS with BGP TECHNICAL DOCUMENT

HOW TO CONFIGURE AN IPSEC VPN

VPN Configuration Guide. NETGEAR FVG318 / FVS318G / FVS336G / FVS338 / DGFV338 FVX538 / SRXN3205 / SRX5308 / ProSecure UTM Series

BiGuard C01 BiGuard VPN Client Quick Installation Guide (BiGuard series VPN enabled devices) Secure access to Company Network

Service Managed Gateway TM. How to Configure and Debug Generic Routing Encapsulation (GRE)

How to Configure BGP over IKEv2 IPsec Site-to- Site VPN to an Google Cloud VPN Gateway

VNS3 to Windows RRAS Instructions. Windows 2012 R2 RRAS Configuration Guide

DFL-210, DFL-800, DFL-1600 How to setup IPSec VPN connection with DI-80xHV

Table of Contents 1 IKE 1-1

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

Configuring General Settings for the EN-4000

Virtual Tunnel Interface

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router

Internet. SonicWALL IP Cisco IOS IP IP Network Mask

Quick Note. Configure an IPSec VPN tunnel in Aggressive mode between a TransPort LR router and a Cisco router. Digi Technical Support 7 October 2016

VPN Auto Provisioning

VPN Ports and LAN-to-LAN Tunnels

ZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003

Windows 2000 Pre-shared IKE Dialup VPN Setup Procedures

Case 1: VPN direction from Vigor2130 to Vigor2820

Defining IPsec Networks and Customers

VPN Tracker for Mac OS X

Release Notes. NCP Android Secure Managed Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

VPN Tracker for Mac OS X

This version of the des Secure Enterprise MAC Client can be used on Mac OS X 10.7 Lion platform.

Abstract. Avaya Solution & Interoperability Test Lab

Configuring the EN-2000 for its Network Functions

Google Cloud VPN Interop Guide

How to Configure an IKEv1 IPsec Site-to-Site VPN to the Static Microsoft Azure VPN Gateway

Chapter 6 Virtual Private Networking

VPN Tracker for Mac OS X

Configuring IPSec tunnels on Vocality units

Chapter 5 Virtual Private Networking

Account Registration and Log-In for the encloud Management System

VPN Configuration Guide. NETGEAR FVS318v3

Example - Configuring a Site-to-Site IPsec VPN Tunnel

OpenVPN protocol. Restrictions in Conel routers. Modified on: Thu, 14 Aug, 2014 at 2:29 AM

NCP Secure Enterprise macos Client Release Notes

PPTP Server: This guide will show how an IT administrator can configure the VPN-PPTP server settings.

NCP Secure Client Juniper Edition (Win32/64) Release Notes

NCP Secure Managed Android Client Release Notes

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

In the event of re-installation, the client software will be installed as a test version (max 10 days) until the required license key is entered.

VPN Configuration Guide LANCOM

Firepower Threat Defense Site-to-site VPNs

VPN Tracker for Mac OS X

IPsec Dead Peer Detection Periodic Message Option

Configuring VPN Policies

Configuring a Hub & Spoke VPN in AOS

How to configure IPSec VPN between a Cradlepoint router and a SRX or J Series Juniper router

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

Service Managed Gateway TM. Configuring IPSec VPN

NCP Secure Entry macos Client Release Notes

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

Dynamic Multipoint VPN between CradlePoint and Cisco Router Example

Connecting the DI-804V Broadband Router to your network

Configuring LAN-to-LAN IPsec VPNs

How to Configure an IPsec Site-to-Site VPN to a Windows Azure VPN Gateway

Data Sheet. NCP Secure Entry Mac Client. Next Generation Network Access Technology

Digi Application Guide Configure VPN Tunnel with Certificates on Digi Connect WAN 3G

EN-1000 Quick Configuration Guide

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

Data Sheet. NCP Secure Enterprise macos Client. Next Generation Network Access Technology

Configuration of Shrew VPN Client on RV042, RV042G and RV082 VPN Routers through Windows

NCP Secure Client Juniper Edition Release Notes

VPN Configuration Guide. Juniper SRX-Series

Data Sheet. NCP Exclusive Remote Access Mac Client. Next Generation Network Access Technology

Use the IPSec VPN Wizard for Client and Gateway Configurations

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

Google Cloud VPN Interop Guide

NCP Secure Enterprise macos Client Release Notes

FAQ about Communication

Transcription:

EN-4000 Reference Manual Document D VPNC Scenario for IPsec Interoperability EN-4000 Router T his document presents a configuration profile for IPsec interoperability. The configuration profile conforms to the format recommended by the Virtual Private Network Consortium (VPN Consortium or VPNC). The format is described at the following website: http://www.vpnc.org/interopprofiles/interop-01.html To prepare the profile, each manufacturer of VPN devices uses its software package to configure the same scenario. Customers can study how each manufacturer configures its router for the sample scenario, and then can get VPN configurations for devices from different manufacturers to operate together. The VPN Consortium developed the scenario. The EN-4000 supports IPsec interoperability as described in the scenario. D.1 Scenario 1: Gateway-to-Gateway VPN with Preshared Secret Figure D-1 shows a typical gateway-to-gateway VPN that uses a preshared secret for authentication. Figure D-1. Scenario 1: Gateway-to-Gateway VPN For information on trademarks, safety, limitations of liability, and similar topics, see http://www.encorenetworks.com/disclaimer.htm. Version A.1, August 2014 2014 Encore Networks, Inc. All rights reserved.

Page D-2 EN-4000 Reference Manual, Document D VPN Gateway A has the following properties: Gateway A connects the private, internal LAN 10.5.6.0/24 to the internet. Gateway A s WAN external (internet) interface has the public IP address 14.15.16.17. Gateway A s LAN interface has the private IP address 10.5.6.1. VPN Gateway B has the following properties: Gateway B connects the private, internal LAN 172.23.9.0/24 to the internet. Gateway B s WAN external (internet) interface has the public IP address 22.23.24.25. Gateway B s LAN interface has the private IP address 172.23.9.1. The following IKEv1 Phase 1 parameters are used in scenario 1: Main mode 3DES SHA-1 MODP group 2 [Diffie Hellman Group 2] (1024 bits) Preshared secret: hr5xb84l6aa9r6 Note: The preshared secret includes the lowercase letter l (ell); do not mistake it for the number 1 (one). Security Association lifetime of 28,800 seconds (8 hours), with no kilobytes rekeying The following IKEv1 Phase 2 parameters are used in scenario 1: 3DES SHA-1 ESP tunnel mode MODP group 2 [Diffie Hellman Group 2] (1024 bits) Perfect forward secrecy for rekeying Security Association lifetime of 3,600 seconds (1 hour), with no kilobytes rekeying Selectors for all IP protocols, all ports, between 10.5.6.0/24 and 172.23.9.0/24, using IPv4 subnets D.2 Configuring the EN-4000 for VPNC Scenario 1! Caution: If you configure routers as Gateway A and Gateway B to implement the scenario, make sure those routers are attached only to closed networks. In this implementation of interoperability scenario 1, Gateway A is an EN-4000 router from Encore Networks, Inc. Gateway B can be an EN-4000, any other Encore Networks VPN device, or another manufacturer s VPN device. The procedures in the following sections are presented as quick guidelines for configuring an EN-4000 as Gateway A in scenario 1. 1 The entries in the configuration 1. For details of VPN configuration, see The EN-4000 in Virtual Private Networks, in the EN-4000 document set, available at http://www.encorenetworks.com/document_catalog.htm.

VPNC Scenario for IPsec Interoperability Page D-3 screens reflect the values shown in Figure D-1 and the values listed after that figure. Use this document to work through the configuration of the EN-4000 for scenario 1. Note: Although its configuration is not addressed in this document, Gateway B must be configured to terminate the tunnel that Gateway A initiates. After Gateway A and Gateway B have been configured for scenario 1, start the tunnel for scenario 1 and monitor it in operation. D.2.1 Setting Up, Starting Up, and Logging In Use the following instructions to set up the EN-4000: 2 1 Make sure all EN-4000 hardware has been installed. If SIMs are used, make sure they have been installed. 2 Use an Ethernet cable to connect a control console (such as a PC) to a LAN port on the rear of the Gateway A EN-4000. Turn the EN-4000 s power on. 3 Open a web browser. Make sure JavaScript is enabled in the browser. Type the IP address for the EN-4000 s LAN port (http://192.168.10.1) in the browser s address window, and press the Enter key. Accept cookies for the management system. 4 Type the user name and password, and select the button to Log In. Note: Get the user name and password from your network administrator. After you complete the log-in, the Status Overview Screen is displayed (Figure D-2). 5 Make sure the EN-4000 has received its basic configuration. And, if you installed any SIM in step 1, activate each new SIM in its carrier network. Figure D-2. Status Overview Screen for EN-4000 Management System 2. For more information on EN-4000 installation, see the EN-4000 Quick Installation Guide, at http://www.encorenetworks.com/documentation/en4000-v1.5/_en4000_quick_guide.pdf.

Page D-4 D.2.2 EN-4000 Reference Manual, Document D Configuring an IPsec VPN Tunnel on the EN-4000 1 In the EN-4000 s browser-based management system, select the Network tab, then the VPN tab. The List of Configured IPsec VPN Tunnels is displayed (Figure D-3). Figure D-3. List of Configured IPsec VPN Tunnels Note: In the VPN tunnel configuration screens, left indicates local (that is, it indicates the EN-4000 router) and right indicates remote (the device at the other end of the connection). 2 Select the button Add IPsec Tunnel (at left on the screen, below the list of Tunnel Names). The screen for Configuring an IPsec VPN Tunnel is displayed (Figure D-4). Figure D-4. Configuring an IPsec VPN Tunnel for VPNC Scenario 1 Scen_1_VPNC

VPNC Scenario for IPsec Interoperability Page D-5 3 On the screen for Configuring an IPsec VPN Tunnel, configure the following: Tunnel Name: Scen_1_VPNC Left Subnet: 10.5.6.0/24 Left [local EN-4000 s public IP address]: 14.15.16.17 Left ID: 14.15.16.17 Left Firewall: NO Right [remote router s public IP address]: 22.23.24.25 Right Subnet: 172.23.9.0/24 Right ID: 22.23.24.25 IPsec Start-Up Operations: ROUTE Pre-Shared Key: hr5xb84l6aa9r6 Note: The preshared key includes the lowercase letter l (ell); do not mistake it for the number 1 (one). 4 When you have finished configuring the VPN tunnel, select the Save & Apply button (in the lower left corner of the screen). The new VPN tunnel configuration is saved. The List of Configured IPsec VPN Tunnels is redisplayed. The new tunnel is at the bottom of the list of Tunnel Names (Figure D-5). Figure D-5. List of Configured IPsec VPN Tunnels Including the Tunnel Named Scen_1_VPNC Scen_1_VPNC 5 In the List of Configured IPsec VPN Tunnels, you may (if you wish) delete the default IPsec VPN tunnel (named firsttunnel in Figure D-5). (That deletion is not required.)! Caution: Do not delete any VPN tunnels that are active or that you intend to use. 6 On the screen for the List of Configured IPsec VPN Tunnels, select the Save & Apply button (under Modifications and Additions, at the lower right of the screen).

Page D-6 EN-4000 Reference Manual, Document D 7 In the List of Configured IPsec VPN Tunnels, select the Edit button at the far right of the row under IPsec Defaults. The screen for Configuring IPsec Defaults is displayed (Figure D-6). Figure D-6. Configuring IPsec Defaults for VPNC Scenario 1 8 On the screen for Configuring IPsec Defaults, configure the following: Phase 1: IKE Lifetime: 72h [72 hours] Key Life: 8h [8 hours] ReKey Margin: 0h [0 hours; thus no kilobytes rekeying] Keying Tries: 2 [the default value] Key Exchange: IKEv1 Auth [Authentication]: secret Aggressive Mode: No ( No indicates use of main mode.) IKE Encryption Protocol: 3DES IKE Authentication Protocol: SHA1 IKE DH [Diffie Hellman] Group: Group2

VPNC Scenario for IPsec Interoperability Page D-7 Phase 2 (uses perfect forward secrecy): ESP Encryption Protocol: 3DES ESP Authentication Protocol: SHA1 ESP DH [Diffie Hellman] Group: Group2 DPD [Dead Peer Detection] Action: Restart DPD [Dead Peer Detection] Delay: 20s [seconds] DPD [Dead Peer Detection] Timeout: 120s [seconds] Re-Key: No Re-Auth: No Responder: No (This means that the local EN-4000 will initiate the tunnel.) 9 When you have finished configuring IPsec defaults, select the Save & Apply button in the lower right corner of the screen. The IPsec defaults are saved, and the List of Configured IPsec VPN Tunnels is redisplayed (Figure D-7). Figure D-7. List of Configured IPsec VPN Tunnels with IPsec Defaults for Testing the Tunnel Named Scen_1_VPNC Scen_1_VPNC 10 Do one of the following: a If this is the first IPsec VPN activity since system start-up, select the IPSEC Start button (at the lower left of the management window). b If IPsec VPN tunnels are already running, select the IPSEC Restart button. In either case, the new IPsec VPN tunnel is started. Note: To complete the tunnel in VPNC Scenario 1, you must also configure Gateway B.

Page D-8 EN-4000 Reference Manual, Document D D.3 Starting the Tunnel for VPNC Scenario 1 If you performed step 10a or step 10b on page 7, the tunnel is already up, and you may skip this section. 1 In the List of Configured IPsec VPN Tunnels, select the Tunnel Up button in the row for the tunnel named Scen_1_VPNC. The selected VPN tunnel (Scen_1_VPNC) is started. Note: To complete the tunnel in VPNC Scenario 1, you must also configure Gateway B. D.4 Checking the Connection Note: To complete the tunnel in VPNC Scenario 1, you must also configure Gateway B. The procedure in this section should not be performed until Gateway B has been configured and is ready to connect. 1 In the EN-4000 Management System, select the Network tab. Then select VPN, IPsec Status to see the status of each active IPsec VPN tunnel (Figure D-8). (Active VPN tunnels include tunnels that are up and tunnels that are being brought up.) Figure D-8. Status of IPsec VPN Tunnels Note: The display lists one or more of the following: NO DATA FOUND: No IPsec VPN tunnel is active. CONNECTING: The indicated IPsec VPN tunnels are starting IKEv1 s phase 1 (tunnel set-up). INSTALLED: The indicated IPsec VPN tunnels are starting IKEv1 s phase 2 (data transfer). ESTABLISHED: The indicated IPsec VPN tunnels have finished IKEv1 s phase 2 (data transfer) successfully. If your IPsec VPN tunnel s name (TUNNEL, in Figure D-8) is displayed in the INSTALLED line of the IPsec VPN Tunnel Status Screen, then the tunnel has been set up successfully and is exchanging data with Gateway B.

VPNC Scenario for IPsec Interoperability Page D-9 D.5 Troubleshooting If there is a problem with an IPsec VPN tunnel, do the following: 1 On the EN-4000 management system, select the Status tab; then select the System Log tab. The system log (Figure D-9) is displayed. Note: Your EN-4000 s system log will include progressive states of the IPsec VPN tunnels. Figure D-9. System Log 2 Do the following: a Find lines about the VPN tunnel in the system log. (The system log includes tunnel names.) b Study those lines to determine the cause of the problem. c Then consider potential resolutions of the problem.

Page D-10 EN-4000 Reference Manual, Document D

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback