VPN Tracker for Mac OS X

Similar documents
VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

VPN Configuration Guide LANCOM

VPN Configuration Guide Linksys RV042/RV082/RV016

VPN Configuration Guide. Juniper SRX-Series

VPN Quick Configuration Guide. D-Link

VPN Configuration Guide SonicWALL

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

VPN Configuration Guide. NETGEAR FVS318v3

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

VPN Configuration Guide. NETGEAR FVG318 / FVS318G / FVS336G / FVS338 / DGFV338 FVX538 / SRXN3205 / SRX5308 / ProSecure UTM Series

VPN Configuration Guide. Cisco ASA 5500 Series

Case 1: VPN direction from Vigor2130 to Vigor2820

Configuration Guide. How to connect to an IPSec VPN using an iphone in ios. Overview

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall.

Configuration of Shrew VPN Client on RV042, RV042G and RV082 VPN Routers through Windows

Configure a Site-to-Site Virtual Private Network (VPN) Connection on an RV340 or RV345 Router

Example - Configuring a Site-to-Site IPsec VPN Tunnel

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Use Shrew Soft VPN Client to Connect with IPSec VPN Server on RV130 and RV130W

SonicWall Global VPN Client Getting Started Guide

IPSecuritas 3.x. Configuration Instructions. Collax Platform Server. for

Configuring a site-to-site VPN with a VPN-1 Gateway using the VPN-1 Edge VPN Wizard

Remote Access via Cisco VPN Client

Collax VPN. Howto. Requirements Collax Security Gateway Collax Business Server Collax Platform Server including Collax Gatekeeper module

How to use VPN L2TP over IPsec

Digi Application Guide Configure VPN Tunnel with Certificates on Digi Connect WAN 3G

ZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003

DFL-210, DFL-800, DFL-1600 How to setup IPSec VPN connection with DI-80xHV

Implementation Guide for protecting. CheckPoint Firewall-1 / VPN-1. with. BlackShield ID

Version 2.0 HOW-TO GUIDELINES. Setting up a Clustered VPN between StoneGate and Check Point NG TECHN11SG2.1-3/4/03

Setup L2TP/IPsec VPN Server on SoftEther VPN Server

V7610 TELSTRA BUSINESS GATEWAY

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide

G806+H3C WSR realize VPN networking

Configuring an IPSec Tunnel Between a Cisco SA500 and the Cisco VPN Client

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

OpenVPN protocol. Restrictions in Conel routers. Modified on: Thu, 14 Aug, 2014 at 2:29 AM

Use the IPSec VPN Wizard for Client and Gateway Configurations

Configuration Guide. For Managing EAPs via EAP Controller

Configuration of an IPSec VPN Server on RV130 and RV130W

Service Managed Gateway TM. Configuring IPSec VPN

Setting up L2TP Over IPSec Server for remote access to LAN

Configuration Guide SuperStack 3 Firewall L2TP/IPSec VPN Client

Configuring VPNs in the EN-1000

Site-to-Site VPN with SonicWall Firewalls 6300-CX

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

VPNC Scenario for IPsec Interoperability

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT

Configuring L2TP over IPsec

How to Configure a Client-to-Site L2TP/IPsec VPN

Quick Note 13. Configuring a main mode IPsec VPN between a Digi TransPort and a Netgear DG834G. UK Support

Proxicast IPSec VPN Client Example

User Manual. SSV Remote Access Gateway. Web ConfigTool

VPN Setup for CNet s CWR g Wireless Router

HOW TO CONFIGURE AN IPSEC VPN

Silver Peak EC-V and Microsoft Azure Deployment Guide

MWA Deployment Guide. VPN Termination from Smartphone to Cisco ISR G2 Router

Efficient SpeedStream 5861

Configure ISDN Connectivity between Remote Sites

TopGlobal MB8000 VPN Solution

Chapter 5 Virtual Private Networking

Connecting the DI-804V Broadband Router to your network

Vodafone MachineLink. PPTP Configuration Guide

REMOTE ACCESS IPSEC. Course /14/2014 Global Technology Associates, Inc.

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

Appendix B NETGEAR VPN Configuration

SonicWALL VPN with Win2K using IKE Prepared by SonicWALL, Inc. 05/01/2001

FAQ about Communication

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

USR-G808 User Manual

Data Sheet. NCP Secure Enterprise macos Client. Next Generation Network Access Technology

Use NAT to Hide the Real IP Address of CTC to Establish a Session with ONS 15454

Configuring site-to-site VPN between two VPN-1/FireWall-1 Gateways using mesh topology

This version of the des Secure Enterprise MAC Client can be used on Mac OS X 10.7 Lion platform.

Secure Entry CE Client & Watchguard Firebox 700 A quick configuration guide to setting up the NCP Secure Entry CE Client in a simple VPN scenario

AirCruiser G Wireless Router GN-BR01G

Greenbow VPN Client Example

Configuring a VPN Using Easy VPN and an IPSec Tunnel, page 1

Remote Access via VPN Configuration (May 2011)

PGP Desktop Security 7.0 Checkpoint Firewall1 / VPN1 ver 4.1 / 2000

Astaro Security Linux v5 & NCP Secure Entry Client A quick configuration guide to setting up NCP's Secure Entry Client and Astaro Security Linux v5

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

VPN2S. Handbook VPN VPN2S. Default Login Details. Firmware V1.12(ABLN.0)b9 Edition 1, 5/ LAN Port IP Address

Checkpoint VPN-1 NG/FP3

Manual Overview. This manual contains the following sections:

HP MSM Series. Setup Guide

Cisco Secure Desktop (CSD) on IOS Configuration Example using SDM

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

Identity Firewall. About the Identity Firewall

VNS3 IPsec Configuration. VNS3 to Cisco ASA ASDM 9.2

Setting Up Windows 2K VPN Connection Through The Symantec Raptor Firewall Firewall

Internet. SonicWALL IP Cisco IOS IP IP Network Mask

Transcription:

VPN Tracker for Mac OS X How-to: Interoperability with Check Point VPN-1 GateWay Rev. 1.1 Copyright 2003 equinux USA Inc. All rights reserved.

1. Introduction 1. Introduction This document describes how VPN Tracker can be used to establish a connection between a Macintosh running Mac OS X and a Check Point VPN-1 GateWay. equinux has tested the Check Point VPN-1 GateWay with FP3 and FP4. The Check Point VPN-1 GateWay is configured as a router, connecting a company LAN to the Internet. The example demonstrates a connection scenario, with a dial-in Mac connecting to a Check Point VPN-1 GateWay. This paper is only a supplement to, not a replacement for, the instructions that have been included with your Check Point VPN-1 GateWay. Please be sure to read and understand those instructions before beginning. All trademarks, product names, company names, logos, screenshots displayed, cited or otherwise indicated on the How-to are the property of their respective owners. EQUINUX SHALL HAVE ABSOLUTELY NO LIABILITY FOR ANY DIRECT OR INDIRECT, SPECIAL OR OTHER CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE USE OF THE HOW-TO OR ANY CHANGE TO THE ROUTER GENERALLY, INCLUDING WITHOUT LIMITATION, ANY LOST PROFITS, BUSINESS, OR DATA, EVEN IF EQUINUX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 2

2. Prerequisites 2. Prerequisites Firstly, you should use a recent software version. For this document, VPN-1 FP3 and FP4 has been used. The type of the VPN Tracker license needed (personal or professional edition) depends on the connection scenario you are using: If you connect a dial-in Mac without it s own subnet to the Check Point VPN-1 GateWay you need a Personal License. If you want to establish a LAN-to-LAN connection from your Mac to the Check Point VPN-1 GateWay, you need a VPN Tracker Professional License. If you connect a dial-in Mac without it s own subnet to multiple Networks on CheckPoint side you also need the Professional License. VPN Tracker is compatible with Mac OS X 10.2 or higher. Be sure to use VPN Tracker 2.0.3 or higher. 1 For this document VPN Tracker version 2.0.3 has been used. 1 All VPN Tracker versions prior to 2.0.3 did not include a correct connection type for CheckPoint VPN-1. 3

3. Connecting to a Check Point VPN-1 GateWay using pre-shared secrets In this example, the Mac running VPN Tracker is directly connected to the internet via a dialup or PPP connection. 2 The Check Point VPN-1 GateWay is configured in NAT mode and has the static WAN IP address 169.1.2.3 with gateway 169.1.2.1 and the private LAN IP address 192.168.1.1. The stations in the LAN behind the Check Point VPN-1 GateWay use 192.168.1.1 as their default gateway and should have a working Internet connection. The firewall rules are already defined and the VPN connection between the windows clients and the Check Point VPN-1 GateWay works. VPN Tracker Mac (dynamic IP) cpmodule WAN 169.1.2.3 LAN 192.168.1.1 192.168.1.10 192.168.1.20 192.168.1.30 LAN 192.168.1.0/24 Figure 1: VPN Tracker - Check Point VPN-1 GateWay connection diagram (host to network) 2 Please note that the connection via a router, which uses Network Address Translation (NAT), only works if the NAT router supports IPsec passthrough. Please contact your router s manufacturer for details. 4

3.1 Check P oint VPN-1 GateW ay configuration The pre-defined VPN Tracker connection type has been created using the default settings on Check Point VPN-1 GateWay. If you change any of the settings on the Check Point VPN-1 GateWay, you will subsequently have to adjust the connection type in VPN Tracker. Step 1 VPN - Basic Setup: Please enable the Pre-Shared Secret Feature in the Global Properties, witch is disabled by default. Figure 2: Global Properties 5

Step 2 VPN Advanced Setup: Please check all the settings. The VPN Tracker connection type uses these settings. Figure 3: Global Properties - Advanced 6

Step 3 User properties: Please enter a Login Name in the form user@domain. If you use a VPN Tracker version prior to 2.0.5, the username must contain the "@" sign. With VPN Tracker 2.0.5 you can also use a Login Name in the form: vpntracker. Figure 4: User Properties - General Please check the other user settings. Please use no authentication scheme and don t generate a certificate for the pre-shared key based connection. 7

Figure 5: User Properties - Authentication Figure 6: User Properties - Certificates 8

Enable the IKE Encryption Method and the Log. Figure 7: User Properties - Encryption Edit the IKE encryption method and enter your Password (Pre-shared secret). Please be sure that Public Key isn t enabled. Figure 8: IKE Phase 2 Properties 9

Step 4 Add user in a RemoteAccess Group. The screenshots are only a example of adding the previously created user in a group called RemoteAccessUsers. You may already have existing Access Groups. We used the following. Figure 9: Group Properties - RemoteAccessusers Figure 10: Main Screen - cpmodule 10

Step 4 Tradition mode configuration. Please be sure that the previously created group is in the VPN community. Click on the Tradition mode configuration button. Figure 11: Check Point Gateway - cpmodule Please enable Pre-Shared Secret and click on the Advanced... button. Figure 12: Traditional mode IKE Properties 11

Enable in the Traditional mode advanced IKE properties the Support for aggressive mode. This is very import for the pre-shared key based communication. If you want to use certificates with VPN Tracker you ll always use the main mode. Figure 13: Traditional mode advanced IKE properties > Multiple VPN Tracker Hosts Just create another user with the same settings. 12

3.2 VPN T racker configuration Step 1 Add a new connection with the following options: Choose Check Point (Pre-shared key) as the Connection Type, Host to Network as Topology, then type in the remote endpoint (169.1.2.3) and the remote network (192.168.1.0/24). Figure 14: VPN Tracker main dialog (with PSK) Step 2 Click select Pre-shared key and click Edit.... Type in the same pre-shared secret that you typed-in in the Check Point VPN-1 GateWay configuration (Figure 2). Use the login name as local identifier. If you have typed in a correct username, the word "email" should be visible beside the input field. With VPN Tracker version 2.0.5 you can use a username in the form vpntracker but you have to type in @vpntracker as local identifier. An identifier of the form "@user" will be interpreted as "user" with a type of "email" (User-FQDN). This is to help all Check Point users who have usernames without an "@" in them, as Check Point always expects an User-FQDN identifier. 13

Figure 15: Pre-shared key dialog Step 3 Save the connection and Click Start IPsec in the VPN Tracker main window. You re done. After 10-20 seconds the red status indicator for the connection should change to green, which means you re securely connected to the Check Point VPN-1 GateWay. After IPsec has been started, you may quit VPN Tracker. The IPsec service will keep running. Now to test your connection simply ping a host in the Check Point VPN-1 GateWay network from the dialed-in Mac in the Terminal utility: ping 192.168.1.10 > Debugging If the status indicator does not change to green please have a look at the log file on both sides. You can define the amount of information available in the log file in the VPN Tracker preferences. 14

4. Connecting to a Check Point VPN-1 GateWay using RSA X.509 cerificates 4. Connecting to a Check Point VPN-1 GateWay using RSA X.509 cerificates 4.1 Check P oint VPN-1 GateW ay configuration Step 1 Step 2 The setup of enabling IPsec works the same way as described in section 4. User Properties: Please enter a Login Name in the form certificateuser or certificateuser@domain Figure 16: User Properties - General 15

4. Connecting to a Check Point VPN-1 GateWay using RSA X.509 cerificates Figure 17: User Properties - Groups Generate and save the certificate. The PKCS#12 file contains the certificate, your private key and the CA. Figure 18: user Properties - Certificates 16

4. Connecting to a Check Point VPN-1 GateWay using RSA X.509 cerificates Please be sure that you enable the Public Key Authentication in the IKE Phase 2 Properties. Figure 19: IKE Phase 2 Properties Step 4 Tradition mode IKE properties: Please enable the Public key Signatures. You can leave the Pre-Shared Secrets enabled. Figure 20: Traditional mode IKE properties 17

4. Connecting to a Check Point VPN-1 GateWay using RSA X.509 cerificates 4.2 VPN T racker configuration Step 1 Open the Certificate manager (File -> Show certificates) of VPN Tracker and import the PKCS#12 file you previously exported from your Check Point VPN-1 GateWay. Figure 21: VPN Tracker - Certificate Import Step 2 Add a new connection with the following options: Choose CheckPoint (Certificates) as the Connection Type, Host to Network as Topology, then type in the remote endpoint (169.1.2.3) and the remote network (192.168.1.0/24). Figure 22: VPN Tracker main dialog (with certificates) 18

4. Connecting to a Check Point VPN-1 GateWay using RSA X.509 cerificates Step 3 Choose as own certificate the certificate you imported in step 1 and verify the remote certificate with CAs. Choose own certificate as local identifier and IP address as remote identifier. Do not Verify the remote certificate. Figure 23: Certificate dialog 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback