VPN Tracker for Mac OS X

Similar documents
VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Configuration Guide. NETGEAR FVS318v3

VPN Configuration Guide LANCOM

Example - Configuring a Site-to-Site IPsec VPN Tunnel

Case 1: VPN direction from Vigor2130 to Vigor2820

VPN Configuration Guide. NETGEAR FVG318 / FVS318G / FVS336G / FVS338 / DGFV338 FVX538 / SRXN3205 / SRX5308 / ProSecure UTM Series

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall.

FAQ about Communication

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

Integration Guide. Oracle Bare Metal BOVPN

Manual Key Configuration for Two SonicWALLs

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Setting Up Windows 2K VPN Connection Through The Symantec Raptor Firewall Firewall

VPN Configuration Guide. Cisco ASA 5500 Series

DFL-210, DFL-800, DFL-1600 How to setup IPSec VPN connection with DI-80xHV

TopGlobal MB8000 VPN Solution

VPN Quick Configuration Guide. D-Link

Site-to-Site VPN with SonicWall Firewalls 6300-CX

CHAPTER 7 ADVANCED ADMINISTRATION PC

Configuration of an IPSec VPN Server on RV130 and RV130W

Secure Entry CE Client & Watchguard Firebox 700 A quick configuration guide to setting up the NCP Secure Entry CE Client in a simple VPN scenario

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Configuration Guide. How to connect to an IPSec VPN using an iphone in ios. Overview

Configuring VPNs in the EN-1000

VPN Configuration Guide SonicWALL

Setting up VPN connection: DI-804HV to DI-804V

Firewall. Access Control, Port Forwarding, Custom NAT and Packet Filtering. Applies to the xrd and ADSL Range. APPLICATION NOTE: AN-005-WUK

IP806GA/GB Wireless ADSL Router

Quick Note. Configure an IPSec VPN tunnel between a Digi TransPort LR router and a Digi Connect gateway. Digi Technical Support 20 September 2016

VPNC Scenario for IPsec Interoperability

Use the IPSec VPN Wizard for Client and Gateway Configurations

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

SLE in Virtual Private Networks

Step-by-Step Configuration

LevelOne FBR User s Manual. 1W, 4L 10/100 Mbps ADSL Router. Ver

Broadband Router DC-202. User's Guide

Greenbow VPN Client Example

VPN Configuration Guide Linksys RV042/RV082/RV016

LevelOne Broadband Routers

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

SonicWALL VPN with Win2K using IKE Prepared by SonicWALL, Inc. 05/01/2001

ZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003

HOW TO CONFIGURE AN IPSEC VPN

Step-by-Step Configuration

Configuration Example

ZyWALL USG-Series How to setup a Site-to-Site VPN connection between two ZyWALL USG series appliances. 1/8

LevelOne WBR User s Manual. 11g Wireless ADSL VPN Router. Ver

Chapter 6 Virtual Private Networking

How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel

Configure ISDN Connectivity between Remote Sites

VPN Setup for CNet s CWR g Wireless Router

Connecting the DI-804V Broadband Router to your network

Service Managed Gateway TM. How to Configure and Debug Generic Routing Encapsulation (GRE)

LevelOne. User's Guide. Broadband Router FBR-1402TX FBR-1403TX

How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel

G806+H3C WSR realize VPN networking

Configuration Guide SuperStack 3 Firewall L2TP/IPSec VPN Client

Multi-Function Wireless Router. User's Guide. Wireless Access Point Broadband Internet Access. 4-Port Switching Hub

CradlePoint to Adtran NetVanta VPN Setup Example

Configuring the EN-2000 s VPN Firewall

Appendix B NETGEAR VPN Configuration

Service Managed Gateway TM. Configuring IPSec VPN

Quick Note 31 Using an External Modem with a Digi TransPort Router

Configure Cisco Router For Remote Access Ipsec Vpn Connections

How to configure IPSec VPN between a CradlePoint router and a Fortinet router

1 Purpose. ewon2001 User Manual ver ewon2001 TM TCP/IP Router 23. Feb. 2006

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

Quick Note 65. Configure an IPSec VPN tunnel between a TransPort WR router and an Accelerated SR router. Digi Technical Support 7 June 2018

Configuration Guide WatchGuard XTM 33

Google Cloud VPN Interop Guide

Configure Point to Point Tunneling Protocol (PPTP) Server on RV016, RV042, RV042G and RV082 VPN Routers for Windows

Efficient SpeedStream 5861

Quick Note 13. Configuring a main mode IPsec VPN between a Digi TransPort and a Netgear DG834G. UK Support

IP819VGA g ADSL VoIP Gateway

IP806GA/GB Wireless ADSL Router

Collax VPN. Howto. Requirements Collax Security Gateway Collax Business Server Collax Platform Server including Collax Gatekeeper module

HowTo IPSec Roadwarrior using PSK

Network+ Guide to Networks 6 th Edition

How to Configure BGP over IKEv2 IPsec Site-to- Site VPN to an Google Cloud VPN Gateway

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Virtual Private Networks (VPN)

Configuration Example

REMOTE ACCESS IPSEC. Course /14/2014 Global Technology Associates, Inc.

LKR Port Broadband Router. User's Manual. Revision C

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

Broadband Router DC 202

Microsoft Exam

FortiGate. on OCB FE Configuration Guide. 6 th December 2018 Version 1.0

Remote Access via Cisco VPN Client

Broadband Router. with 2 Phone Ports WIRED. Installation and Troubleshooting Guide RT31P2. A Division of Cisco Systems, Inc. Model No.

Transcription:

VPN Tracker for Mac OS X How-to: Interoperability with WatchGuard Firebox Rev. 1.0 Copyright 2003 equinux USA Inc. All rights reserved.

1. Introduction 1. Introduction This document describes how VPN Tracker can be used to establish a connection between a Macintosh running Mac OS X and a WatchGuard Firebox Internet Security Gateway. The entire WatchGuard product range from Firebox 700 to Firebox 4500 should be compatible with VPN Tracker they only differ in the number of simultaneous IPsec connections. equinux tested the Firebox 1000. Note: This How-to is not for the Firebox Vclass System. The WatchGuard Firebox is configured as a router connecting a company LAN to the Internet. The first example demonstrates a connection scenario with a dial-in Mac connecting to a WatchGuard Firebox. This paper is only a supplement to, not a replacement for, the instructions that have been included with your WatchGuard Firebox. Please be sure to read and understand those instructions before beginning. 2. Prerequisites Firstly, you have to make sure that your WatchGuard Firebox has VPN support built in. Please refer to your WatchGuard Firebox manual for details. Furthermore you should use a recent WatchGuard Firebox configuration version. The latest software release for your WatchGuard Firebox can be obtained from http://www.watchguard.com We tested the windows configuration software version 6.10-2358-SP1 with Linux boot image 6.1.B1278 The type of the license needed (personal or professional edition) depends on the connection scenario you are using: 2

3. Connecting a VPN Tracker host to a WatchGuard Firebox If you connect a dial-in Mac without it s own subnet to the WatchGuard Firebox you need a Personal License. If you want to establish a LAN-to-LAN connection from your Mac to the WatchGuard Firebox, you need a VPN Tracker Professional License. VPN Tracker is compatible with Mac OS X 10.2 or higher. Make sure to use VPN Tracker 1.5.3 or higher. 1 3. Connecting a VPN Tracker host to a WatchGuard Firebox In this example the Mac running VPN Tracker is directly connected to the Internet via a dialup or PPP connection. 2 The virtual IP address 10.1.2.3 will be assigned to the Mac by VPN Tracker. The WatchGuard Firebox is configured in NAT mode and has the static WAN IP address 169.1.2.3 and the private LAN IP address 192.168.1.1. The Stations in the LAN behind the WatchGuard Firebox use 192.168.1.1 as their default gateway and should have a working Internet connection. 1 VPN Tracker 1.5.2 through 1.5.2 included a wrong connection type for WatchGuard Firebox (the Phase 2 Proposal settings should be 3DES (on top of the list) to match the default WatchGuard settings.) 2 Please note that the connection via a routernetwork Address Translation (NAT) only works if the NAT router supports IPSEC passthrough. Please contact your router s manufacturer for details. 3

3. Connecting a VPN Tracker host to a WatchGuard Firebox VPN Tracker Mac (dynamic IP) Local Host 10.1.2.3 WatchGuard WAN 169.1.2.3 LAN 192.168.1.1 192.168.1.10 192.168.1.20 192.168.1.30 LAN 192.168.1.0/24 Figure 1: VPN Tracker-WatchGuard Firebox connection diagram (host to network) 3.1 W atchg uar d F ir ebox configuration Please use the Branch Office VPN and manual IPSec setting on the WatchGuard Firebox, in order for VPN Tracker to connect. The pre-defined VPN Tracker connection type has been created using the default settings for Branch Office VPN. If you change any of the settings on the Firebox, you will subsequently have to adjust the connection type in VPN Tracker. Be sure that the WAN IP of the remote gateway is not in the list of blocked sites, i.e. the WAN IP is not a private IP. Step 1 Add a Gateway Select a name for the remote gateway (e.g. mac-vpntracker). Enter the Gateway Identifier (e.g. vpntracker@domain.com) and the Shared Key. 4

3. Connecting a VPN Tracker host to a WatchGuard Firebox Figure 2: WatchGuard Remote Gateway dialog Be sure to check the Enable Aggressive Mode box at the bottom of the above pictured frame (you must click More to see this setting). The other options can be left at their default state. Please note that WatchGuard Firebox by default uses relatively weak encryption settings. If you want to obtain maximal security you should change the encryption settings in the advanced options to 3DES and SHA1 for phase 1. Caution: If you change the encryption algorithms for phase 1 in the advanced options you must also change the same options respectively in the Connection Type definition for VPN Tracker. Step 2 Configuration of the Tunnel: Figure 3: Add a tunnel and select the previously defined gateway Here you simply have to select the previously created gateway mac-vpntracker and enter a name for the Tunnel (e.g. also mac-vpntracker ). You can leave the other settings in their default state. 5

3. Connecting a VPN Tracker host to a WatchGuard Firebox Figure 4: Configure the VPN-Tunnel Step 3 Add Routing Policy Figure 5: Add routing policy You must enter the LAN IP address of the network behind the Watchguard Firebox as Local Network (132.168.1.0/24), and the virtual IP of the VPN Tracker Host as Remote Host (10.1.2.3). This last setting refers to the Local Host field in VPN Tracker. Please note: The remote host IP is not the same as the dynamic IP from the ISP. Select mac-vpntracker from Step 2 as Tunnel. After steps 1, 2 and 3 the IPSec Configuration should look like this: 6

3. Connecting a VPN Tracker host to a WatchGuard Firebox Step 1 Step 2 Step 3 Figure 6: Finished IPsec Configuration Step 4 Services You must edit the Firewall settings to allow the virtual IP address (10.1.2.3) from the VPN Tracker side to access the local network on the WatchGuard side. Of course, you must set this up for both directions (incoming and outgoing). To create a new Firewall setting, add a service and select the Packet Filter Any. On the Incoming tab select Enabled and Allowed from the popup menu. Then add the virtual IP address (10.1.2.3) to the From list and the IP address of the LAN (192.168.1.0/24) to the To list. For the Outgoing tab use the same values with interchanged From and To addresses. 7

4. VPN Tracker configuration Figure 7: Firewall properties 3.2 M ultiple VPN T racker H osts Repeat steps 1 to 4, using different tunnel and gateway names e.g. mac-vpntracker2. If you want to allow multiple simultaneous connections, you will also have to use different virtual IP addresses for each connection. 4. VPN Tracker configuration Step 1 Add a new connection with the following options: Choose WatchGuard as the Connection Type, Host to Network as mode, then type in the remote endpoint (169.1.2.3) and the remote network (192.168.1.0/24). Enter the local host, which will be the virtual IP address of your Mac (10.1.2.3). Click the triangle next to Identifiers in order to reveal the identifiers pane. Type in the same Local Identifier that you typed in in Figure 2 (vpntracker@domain.com). Leave the Remote Identifier field blank. 8

4. VPN Tracker configuration Figure 8: VPN Tracker connection dialog Step 2 Click Edit pre-shared key and type in the shared secret key that you typed in in the WatchGuard Firebox (Figure 2). Figure 9: Shared key dialog Step 3 Save the connection and Click Start IPsec in the VPN Tracker main window. You re done. After 10-20 seconds the red status indicator for the connection should change to green, which means you re securely connected to the WatchGuard Firebox. After IP sec has been started, you can quit VPN Tracker. The IPsec service will keep running. 9

5. Setting up a LAN-to-LAN connection Now to test your connection simply ping a host in the WatchGuard network from the dialed-in mac: ping 192.168.1.10 And from the WatchGuard network (192.168.1.0/24) you can: ping 10.1.2.3 > Debugging If the status indicator does not change to green please have a look at the log file on both sides. You can define the amount of information available in the log file in the VPN Tracker preferences. 5. Setting up a LAN-to-LAN connection In this example the Mac running VPN Tracker Professional is directly connected to the Internet via a second Ethernet card or via a dialup or PPP connection. The WAN side IP address can be dynamically or statically assigned. The gateway Mac running VPN Tracker is configured as a router that connects the LAN behind the gateway Mac (10.1.0.0/24) to the internet. Therefore, Internet Sharing must be enabled on the gateway Mac. It can be enabled in the Sharing control panel under the Tab Internet. If you are using Mac OS X Server, VPN Tracker will automatically enable routing. The LAN IP address of the gateway Mac is 10.1.0.1 in our example. The client workstations in the LAN must be configured with the gateway Mac as their router. The WatchGuard Firebox is permanently connected to the Internet and has the static WAN IP address 169.1.2.3 and the private LAN IP address 192.168.1.1. The stations in the LAN behind the WatchGuard Firebox use 192.168.1.1 as their default gateway and should have a working internet connection. The WatchGuard Firebox is the passive side waiting for connections that are initiated from the VPN Tracker side. 10

5. Setting up a LAN-to-LAN connection 10.1.0.2 VPN Tracker Mac WAN dynamic LAN 10.1.0.1 WatchGuard WAN (eth1) 169.1.2.3 LAN (eth0) 192.168.1.1 192.168.1.10 10.1.0.3 192.168.1.20 10.1.0.4 192.168.1.30 LAN 10.1.0.0/24 LAN 192.168.1.0/24 Figure 10: VPN Tracker WatchGuard Firebox connection diagram (network to network) 5.1 W atchg uar d F ir ebox configuration Step 1-2 Step 3 The WatchGuard Firebox has to be configured the same way as in steps 1 and 2 of chapter 3.1. The routing policy from step 3 is a slightly different. Select Network as the remote side and enter the network address of the VPN Tracker network (10.1.0.0/24) (Figure 11). Figure 11: Routing Policy with network to network Step 4 You must edit the Firewall settings to allow the network IP address (eg. 10.1.0.0/24) from the VPN Tracker side to access the local network on the WatchGuard side (192.168.0.0/24). Once again, you must set this up running both ways, incoming (from 10.1.0.0/24 to 192.168.1.0/24 and outgoing (from 192.168.1.0/24 to 10.1.0.0/24). 11

5. Setting up a LAN-to-LAN connection Figure 12: Firewall Properties with Network to Network If the remote gateways have static IP addresses you can choose to configure them in the central WatchGuard Firebox gateway explicitly. Then you can define different shared keys for the different remote gateways. 5.2 VPN T racker configuration Step 1 Add a new connection with the following options. Choose WatchGuard as Connection Type, Network to Network as mode and type in the remote endpoint and the remote network parameters. 12

5. Setting up a LAN-to-LAN connection Figure 13: VPN Tracker - Network to Network dialog Step 2,3 The setup of the shared key and the startup of the connection works the same way as described in section 4. 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback