VPN Connection. VPN Gateway. 17 December 2002

Similar documents
VPN Connection. 8 October 2002

Configuration Guide. How to connect to an IPSec VPN using an iphone in ios. Overview

Proxicast IPSec VPN Client Example

VPN Tracker for Mac OS X

Greenbow VPN Client Example

VPN Setup for CNet s CWR g Wireless Router

Version 2.0 HOW-TO GUIDELINES. Setting up a Clustered VPN between StoneGate and Check Point NG TECHN11SG2.1-3/4/03

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

VPN Tracker for Mac OS X

VPN Tracker for Mac OS X

ZyWALL (ZLD) VPN Troubleshooting

VPN Configuration Guide LANCOM

Use Shrew Soft VPN Client to Connect with IPSec VPN Server on RV130 and RV130W

Using a VPN with Niagara Systems. v0.3 6, July 2013

VPN Tracker for Mac OS X

ZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003

Configuring a Hub & Spoke VPN in AOS

VPN Tracker for Mac OS X

Configuration of Shrew VPN Client on RV042, RV042G and RV082 VPN Routers through Windows

Use the IPSec VPN Wizard for Client and Gateway Configurations

Gigabit SSL VPN Security Router

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

Case 1: VPN direction from Vigor2130 to Vigor2820

HOWTO: How to configure the firewall for VPNs

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall.

VPN Configuration Guide. Cisco ASA 5500 Series

Ingate Firewall. interworking with. SSH Sentinel

VPN Configuration Guide. NETGEAR FVS318v3

Stonesoft Firewall/VPN Express. Release Notes for Version 5.5.2

Example - Configuring a Site-to-Site IPsec VPN Tunnel

ZyWALL USG-Series How to setup a Site-to-Site VPN connection between two ZyWALL USG series appliances. 1/8

Configuration Summary

Manual Overview. This manual contains the following sections:

Alcatel OmniAccess 200 Series

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

DrayTek Vigor Technical Specifications. PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6. Redundancy. By WAN interfaces traffic volume

Stonesoft IPsec VPN Client. Release Notes for Version 5.4.1

VPN Configuration Guide. NETGEAR FVG318 / FVS318G / FVS336G / FVS338 / DGFV338 FVX538 / SRXN3205 / SRX5308 / ProSecure UTM Series

Series 5000 ADSL Modem / Router. Firmware Release Notes

VPN Tracker for Mac OS X

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0

Establishing secure connectivity between Oracle Ravello and Oracle Cloud Infrastructure Database Cloud ORACLE WHITE PAPER DECEMBER 2017

Service Managed Gateway TM. How to Configure and Debug Generic Routing Encapsulation (GRE)

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

NSG100 Nebula Cloud Managed Security Gateway

Secure Entry CE Client & Watchguard Firebox 700 A quick configuration guide to setting up the NCP Secure Entry CE Client in a simple VPN scenario

AC3000 Tri-Band Wireless Gigabit Dual-WAN VPN SMB Router TEW-829DRU (v1.0r)

Configuration Guide. For Managing EAPs via EAP Controller

Vigor2900 Series Broadband Security Router Highly integrated broadband security router, combining high-speed routing technology with a comprehensive

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

How to Configure a Client-to-Site L2TP/IPsec VPN

VPN Tracker for Mac OS X

VPN2S. Handbook VPN VPN2S. Default Login Details. Firmware V1.12(ABLN.0)b9 Edition 1, 5/ LAN Port IP Address

Table of Contents 1 IKE 1-1

VPN Tracker for Mac OS X

Release Notes for DrayTek Vigor 2955 (UK/Ireland)

vcloud Director Tenant Portal Guide vcloud Director 8.20

Chapter 5 Virtual Private Networking

Chapter 6 Virtual Private Networking

ZyWALL 10W. Internet Security Gateway. Quick Start Guide Version 3.62 December 2003

Application Note. Applies to MultiMax

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

Configuring an IPSec Tunnel Between a Cisco SA500 and the Cisco VPN Client

QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS

StoneGate IPsec VPN Client Release Notes for Version 4.3.1

NSG50/100/200 Nebula Cloud Managed Security Gateway

! encor e networks TM

User Manual. SSV Remote Access Gateway. Web ConfigTool

UTM Content Security Gateway CS-2001

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide

M!DGE/MG102i VPN Configuration

Stonesoft Management Center. Release Notes for Version 5.6.1

VPN Tracker for Mac OS X

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0

Configuration of an IPSec VPN Server on RV130 and RV130W

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

Appendix B NETGEAR VPN Configuration

! encor e networks TM

StoneGate Management Center. Release Notes for Version 4.0.1

SonicWALL VPN with Win2K using IKE Prepared by SonicWALL, Inc. 05/01/2001

NCP Secure Managed Android Client Release Notes

MWA Deployment Guide. VPN Termination from Smartphone to Cisco ISR G2 Router

Manual Key Configuration for Two SonicWALLs

StoneGate IPsec VPN Client Release Notes for Version 5.0.0

SMG-1100/6100 User s Manual

Digi Application Guide Configure VPN Tunnel with Certificates on Digi Connect WAN 3G

Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0. Issue th October 2009 ABSTRACT

Configuring and Using Dynamic DNS in SmartCenter

How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel

StoneGate IPsec VPN Client. Release Notes for Version 5.2.1

Quick Note. Configure an IPSec VPN tunnel between a Digi TransPort LR router and a Digi Connect gateway. Digi Technical Support 20 September 2016

REMOTE ACCESS IPSEC. Course /14/2014 Global Technology Associates, Inc.

VPNC Scenario for IPsec Interoperability

Network+ Guide to Networks 6 th Edition

Setting up VPN connection: DI-804HV to DI-804V

Quick Note 13. Configuring a main mode IPsec VPN between a Digi TransPort and a Netgear DG834G. UK Support

VPN Quick Configuration Guide. D-Link

Internet. SonicWALL IP Cisco IOS IP IP Network Mask

VNS3 Configuration. Quick Launch for first time VNS3 users in Azure

SonicWall Global VPN Client Getting Started Guide

Transcription:

VPN Connection to ZyXEL ZyWALL VPN Gateway 17 December 2002 This document explains how to configure a virtual private network connection over an open network from a remote host running SSH Sentinel to a private network protected by a ZyXEL ZyWALL VPN gateway.

2 c 2000-2002 SSH Communications Security Corp No part of this publication may be reproduced, published, stored in an electronic database, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, for any purpose, without the prior written permission of SSH Communications Security Corp. This software is protected by international copyright laws. All rights reserved. ssh R is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions. SSH2, the SSH logo, IPSEC Express, SSH Certifier, SSH Sentinel, SSH NAT Traversal, IPSEC on silicon, Hypermode, SSH Accession, SSH Token Master, SSH Secure Shell and Making the Internet Secure are trademarks of SSH Communications Security Corp and may be registered in certain jurisdictions. All other names and marks are property of their respective owners. THERE IS NO WARRANTY OF ANY KIND FOR THE ACCU- RACY OR USEFULNESS OF THIS INFORMATION EXCEPT AS REQUIRED BY APPLICABLE LAW OR EXPRESSLY AGREED IN WRITING. SSH Communications Security Corp. Fredrikinkatu 42 FIN-00100 Helsinki FINLAND SSH Communications Security Inc. 1076 East Meadow Circle Palo Alto, CA 94303 USA SSH Communications Security K.K. House Hamamatsu-cho Bldg. 5F 2-7-1 Hamamatsu-cho, Minato-ku Tokyo 105-0013, JAPAN http://www.ssh.com/ e-mail: ipsec-sales@ssh.com (sales), sentinel-support@ssh.com (technical support) Tel: +358 20 500 7030 (Finland), +1 650 251 2700 (USA), +81 3 3459 6830 (Japan) Fax: +358 20 500 7031 (Finland), +1 650 251 2701 (USA), +81 3 3459 6825 (Japan)

CONTENTS 3 Contents 1 VPN Connection to ZyXEL ZyWALL VPN Gateway 5 1.1 Introduction........................................... 5 1.1.1 Further Information................................... 6 1.1.2 Platform Requirements................................. 6 1.2 Configuring ZyXEL ZyWALL VPN Gateway......................... 6 1.3 Configuring SSH Sentinel.................................... 7 1.3.1 Create the Pre-Shared Key............................... 8 1.3.2 Create the VPN Rule.................................. 8 1.4 Troubleshooting......................................... 9

4 CONTENTS

5 Chapter 1 VPN Connection to ZyXEL ZyWALL VPN Gateway 1.1 Introduction This document instructs configuring a ZyXEL ZyWALL series VPN gateway for a roadwarrior VPN gateway usage and setting up SSH Sentinel VPN client to connect to the target private LAN over the gateway. Note: For documentation on how to configure other features of ZyXEL ZyWALL, please refer to the ZyXEL ZyWALL manuals available at http://www.zywall.com/. The following proposal settings are used in the example configuration: Authentication: Pre-shared key IKE Encryption: 3DES IKE Integrity: MD5 IKE Mode: Main mode IKE Group: MOPD 1024 (group 2) IPSec Encryption: 3DES IPSec Integrity: HMAC-MD5 IPSec Mode: Tunnel PFS Group: MODP 1024 (group 2) Note: Virtual IP addressing (DHCP over IPSec, L2TP, manually assigned virtual IP address) and extended authentication (XAuth) techniques are not supported by the gateway. For more information, please consult ZyXEL support.

6 Chapter 1. VPN Connection to ZyXEL ZyWALL VPN Gateway 1.1.1 Further Information SSH Sentinel User Manual SSH Sentinel support: http://www.ssh.com ZyXEL Communications Corp: http://www.zywall.com 1.1.2 Platform Requirements The interoperability between SSH Sentinel and ZyXEL ZyWALL was tested with the following components: SSH Sentinel VPN client 1.4 ZyXEL ZyWALL 50 VPN gateway, firmware V3.50(WC.3) 17 June 2002 1.2 Configuring ZyXEL ZyWALL VPN Gateway Figure 1.1: VPN rule

1.3. Configuring SSH Sentinel 7 1. To declare a VPN tunnel, launch the ZyXEL Web Configurator at http://192.168.1.1. 2. Using the Web Configurator, configure IP addresses for the WAN and LAN interfaces as instructed in the ZyWALL user manual. This document assumes that you keep the factory default IP address (192.168.1.1, netmask 255.255.255.0) for the LAN interface. Your private LAN is then 192.168.1.0/255.255.255.0 (equals to 192.168.1.0/24). 3. To configure a roadwarrior VPN profile, Click Advanced VPN (see Figure 1.1 (VPN rule)). 4. Click the Advanced button to set IKE Phase 1 and Phase 2 parameters (see Figure 1.2 (IKE Phase 1 and Phase 2 parameters)). Figure 1.2: IKE Phase 1 and Phase 2 parameters 1.3 Configuring SSH Sentinel On the SSH Sentinel side, you need to do two things: Create a pre-shared key to be used for authentication, and create a connection rule to control the data traffic from the SSH Sentinel host to the private network via the ZyXEL ZyWALL VPN gateway. For basic information on how to create pre-shared keys and connection rules, see the appropriate sections in the SSH Sentinel User Manual.

8 Chapter 1. VPN Connection to ZyXEL ZyWALL VPN Gateway 1.3.1 Create the Pre-Shared Key First, create the pre-shared key needed for authentication. On the Key Management page of the Policy Editor, select My Keys and click Add to create a new pre-shared key. Remember to click Apply to update the settings. For detailed instructions, see the SSH Sentinel User Manual. 1.3.2 Create the VPN Rule 1. On the Security Policy page of the Policy Editor, select VPN Connections and click Add to add an new VPN rule. Specify the following values (see Figure 1.3 (The general properties of the VPN connection)): Figure 1.3: The general properties of the VPN connection Security gateway: The IP address of the ZyXEL ZyWALL (in this example, 172.16.13.11), or a Fully Qualified Domain Name (FQDN) of the public WAN interface of the ZyXEL ZyWALL VPN gateway. Note: If the WAN interface has a dynamic IP address, you may want to use the DDNS capabilities of the ZyXEL ZyWALL gateway. Your ZyWALL has DNNS client features, and it can update a dynamic DNS entry at your DDNS vendor (for example, http://www.dyndns.org). Even if the dynamic IP address is changed by an ISP DHCP server, your VPN gateway can always be

1.4. Troubleshooting 9 reached using the FQDN that your ZyXEL ZyWALL VPN gateway keeps automatically up-todate. For more information, please check the ZyXEL ZyWALL documentation and your DNNS service information. Remote network: Using the Network Editor (click the... button on the right to open the editor), declare a remote network profile for your LAN. In this example, the profile name is My Private LAN and the network is 192.168.1.0/255.255.255.0. Authentication key: Select the pre-shared key that you created earlier. Proposal template: Legacy proposal. 2. On the Rule Properties dialog box, under IPSec/IKE proposal, click Settings to specify the following settings: IKE proposal Encryption algorithm: 3DES Integrity function: MD5 IKE mode: main mode IKE group: MODP 1024 (group 2) IPSec proposal Encryption algorithm: 3DES Integrity function: HMAC-MD5 IPSec mode: tunnel PFS group: MODP 1024 (group 2) Note: Verify that the proposal settings match those used by your ZyWALL VPN profile. 1.4 Troubleshooting The audit logs and IKE log are available in SSH Sentinel for troubleshooting. Refer to the SSH Sentinel User Manual for more information.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback