manualshive.com logo in svg

SnapGear LITE, User Manual

Introducing NorthStar LITE, the ultimate Applications Manual for all your needs. Easily download this comprehensive manual for free from manualshive.com, providing step-by-step instructions and useful tips. Unlock the potential of NorthStar LITE with this essential manual, enhancing your experience and maximizing your productivity. Get your copy today!

Share
Download
background image

 

 

 

 

 

 

 

SnapGear

 VPN Router Family 

User Manual 

Rev: May 30, 2002 

 

 

 

 

7984 South Welby Park Drive #101 

Salt Lake City, Utah  84084 

Tel: 801-282-8492 

Fax: 801-282-8496

 

 

Summary of Contents for LITE

Page 1: ...SnapGear VPN Router Family User Manual Rev May 30 2002 7984 South Welby Park Drive 101 Salt Lake City Utah 84084 Tel 801 282 8492 Fax 801 282 8496 ...

Page 2: ...arted 11 New Networks 12 Setup Wizard 13 System requirements 13 Configuring the SnapGear VPN Router on your network 13 Initial setup using Linux 16 SnapGear Quick Setup Wizard 18 Configuring the PCs on your network 22 3 Connect to the Internet 24 Physically connect modem device 24 Select Internet connection 25 Configure PCs to use SnapGear VPN Router Internet gateway 28 ...

Page 3: ...te user configuration 38 5 Network Configuration 48 IP Configuration 48 Advanced IP Configuration 51 DHCP Server 53 Advanced Networking 54 6 Firewall 56 Incoming Access 56 Outgoing Access 59 Firewall Rules 61 Intruder Detection and Blocking 62 7 Virtual Private Networking 64 PPTP client setup 66 PPTP server setup 68 ...

Page 4: ...iv IPSec Setup 82 IPSec Interoperability 87 8 System 88 Time Server 88 Password 88 Diagnostics 88 Advanced 89 RESET button 89 9 Technical Support 90 Appendix A LED Status Patterns 91 ...

Page 5: ...es to securely access your company network to send and receive data at a very low cost With the SnapGear VPN Router you can now remotely access your office network securely through the Internet Additionally the SnapGear VPN Router is able to connect as a client to external VPNs With the SnapGear VPN Router everyone on your office LAN can access the Internet through the one connection Your entire n...

Page 6: ...m This system allocates Internet domain names and translates them into IP addresses A domain name is a meaningful and easy to remember name for an IP address DUN Dial Up Networking Ethernet A physical layer protocol based upon IEEE standards Extranet A private network that uses the public Internet to securely share part of a business s information or operations with suppliers vendors partners cust...

Page 7: ...communications LAN Local Area Network LED Light Emitting Diode MAC Address An Ethernet address set by the manufacturer Masquerade The process by which a gateway on the local network modifies outgoing packets to replace the source address of these packets with its own IP address In this way all IP traffic originating from the local network appears to come from the gateway itself and not the machine...

Page 8: ...not have a fixed IP address Router A network device that moves packets of data Differs from a hub or switch in that a router usually is intelligent enough to know where final destinations should be and how to get the packets there Subnet Mask See Net Mask Switch A network device that is like a hub but much smarter Although not a full router a switch understands to some degree the routing of Ethern...

Page 9: ...n you know who you are communicating with and integrity nobody else can tamper with your messages data WAN Wide Area Network WINS Windows Internet Naming Service WINS manages the association of workstation names and locations with Internet Protocol addresses Document Style Warnings Where there is something that you should take particular note of warning text like this will appear Bold text in proc...

Page 10: ... Chapter 2 Getting Started 2 Connect the telecommunications hardware modem for dial in dial out internet access Chapter 3 Connect to the Internet 3 Set up the network IP addresses and firewall Chapter 2 Configuring the SnapGear VPN Router on your network 4 Set up Internet hardware and Internet account and connect to the Internet Chapter 3 Connect to the Internet 5 Set up users security dial in dia...

Page 11: ...As shown above the front panel contains status LEDs You will also find status LEDs on the rear panel Label Activity Description POWER PWR On Power is supplied to the SnapGear VPN Router Flashing System will flash once every second while the SnapGear VPN Router is operating correctly System SYSTEM On If System is on and not flashing an operating error has occurred In this case the other LEDs form a...

Page 12: ...d The rear panel contains connector ports for LAN LAN and modem COM1 COM2 LAN 10BaseT status LEDs WAN 10BaseT status LEDs a reset button and power inlet The upper LEDs represent Link condition where a cable is connected correctly to another device such as a cable modem The lower light represents Activity as per the front panel Figure 1 2 SnapGear VPN Router back panels ...

Page 13: ...work configuration PPTP VPN server that provides communications to remote users running standard Windows VPN client software PAP CHAP MSCHAPv2 RADIUS and TACACS tunnel authentication RFC1334 RFC1994 Transparent tunnel support for PPTP IPSec pass through Dial in remote access with PAP CHAP MSCHAPv2 RADIUS and TACACS authentication Dial on demand for outgoing Internet connection Wizard setup and bro...

Page 14: ...el Ethernet LEDs Link Transmit Receive LAN link For the SnapGear SOHO and PRO models 10BaseT LAN port to connect to local network Ethernet hub Rear panel Ethernet LEDs Link Transmit Receive For the SnapGear LITE and LITE models 10 100BaseT LAN port to connect to local network Dial in Connection For SnapGear SOHO and PRO external modems may be attached to the serial ports for dial in connection Env...

Page 15: ... do not apply power to your SnapGear VPN Router SnapGear VPN Router comes with an inbuilt DHCP server that can automatically assign IP addresses to other devices on the network If you have an existing network there may already be an active DHCP server Additionally the PCs and devices on the network will already have their IP addresses assigned So to make installation in existing networks simpler S...

Page 16: ... Microsoft then TCP IP Your PC will then reboot 5 Highlight TCP IP this is followed by your Ethernet adapter s name if using 95 98 and click Properties 6 In the IP Address pane select Specify an IP Address Private network addresses should be taken from the ranges 10 0 0 0 10 255 255 255 10 8 prefix 172 16 0 0 172 31 255 255 172 16 12 prefix 192 168 0 0 192 168 255 255 192 168 16 prefix 7 Enter thi...

Page 17: ... you must be logged in as administrator to run Setup Wizard Configuring the SnapGear VPN Router on your network To configure the SnapGear VPN Router on your network 1 Apply power to the SnapGear VPN Router When the SnapGear VPN Router is powered on and it has no IP address it will flash all front panel LEDs except POWER These LEDs will remain flashing until it has acquired an IP address 2 Insert t...

Page 18: ... front panel of the SnapGear VPN Router will remain flashing until the SnapGear VPN Router has been assigned an address Once an IP address has been successfully assigned they will all stop flashing If more than one SnapGear VPN Router device is found on the network Setup Wizard will prompt you to select which one you want to set up based on the device s unique LAN port MAC address see Figure 4 A M...

Page 19: ...uter When setup is complete the wizard will prompt you to launch a web browser and open the SnapGear VPN Router Configuration web pages The SnapGear VPN Router Configuration web pages Your SnapGear VPN Router is now configured more configuration options are available through the SnapGear VPN Router Configuration web pages To access these select SnapGear VPN Router Config Pages from the SnapGear VP...

Page 20: ...ver or use the lin_set_ip program included on the SnapGear CD in the tools directory Using lin_set_ip This program is a command line tool for assigning the SnapGear VPN Router an IP address Depending on your system configuration you may need to run this program with root privileges You may also need to add an extra static route with route add host 255 255 255 255 eth0 Where eth0 is the name of you...

Page 21: ...erside of your SnapGear VPN Router If your network has a BOOTP server then you can use this to set up the SnapGear VPN Router Edit the BOOTP server s file etc bootptab and enter an entry for the SnapGear VPN Router Use the Ethernet MAC address printed on a label on the bottom of the SnapGear VPN Router Restart bootpd if it is running and connect the SnapGear VPN Router to the local network The Sna...

Page 22: ... then just reboot the Linux system Once the system is running it should serve the IP address to the SnapGear VPN Router when it is connected to your network SnapGear Quick Setup Wizard Once the initial network setup has been completed all common configuration tasks can be carried out through the web pages The SnapGear Quick Setup Wizard is provided to guide you through the basic steps to configure...

Page 23: ...se the method used to set the LAN port network address configuration either DHCP or manual 3 If you choose DHCP or Skip the Next button will take you to the ISP Connection configuration page 4 If you choose Manual the Next button takes you to the Manual LAN Configuration page where you must enter an IP address and a Subnet mask for the SnapGear LAN port ...

Page 24: ... to your ISP Note that Direct connections are those where the SnapGear Internet Port is connected to a LAN that has another gateway to the Internet 2 For Cable Modems you will be asked to specify your Cable Modem Service Provider In most cases Generic Cable Modem Provider is the correct response 3 If you connect to your ISP via a modem you must also specify ...

Page 25: ... ADSL modem communicates via PPPoE PPPoE is the option to select if your ISP requires username and password authentication to access the Internet You will also be asked to specify i The username and password for your ADSL connection ii If you want to connect on demand or stay connected continuously iii For connect on demand connections the idle disconnect time in minutes is required c Use DHCP to ...

Page 26: ...e manually statically entered or dynamically assigned by a DHCP server each time the PCs boot To take advantage of the SnapGear VPN Router s DHCP server or if you already have a DHCP server on the network for each non configured Windows workstation PC on the network open the Control Panel then Network Control Panel and select the Obtain an IP address from a DHCP server option which is under TCP IP...

Page 27: ...kstation PC on the network open TCP IP Properties see above for details on the location of this option and ensure that Use the following IP address is checked Then add the following information A unique IP address and appropriate subnet mask Default Gateway enter the IP address of the SnapGear VPN Router In the DNS tab enter the DNS server address es provided by your ISP ...

Page 28: ...nect to the Internet via an external dialup analog modem ISDN modem permanent analog modem cable modem or DSL link see Figure 6 Figure 3 1 Internet connection Physically connect modem device To connect your office network to the Internet you must first physically attach your SnapGear VPN Router to a modem device cable ISDN DSL or analog For analog modems attach the modem serial cable to one of the...

Page 29: ...ion method as PPPoE DHCP or Manually Assign Settings Alternatively the SnapGear VPN Router can determine the connection method automatically PPPoE is used if your ISP requires a username and a password authentication to access the Internet DHCP is used if your ISP did not provide you with a public IP address and or instructed you to obtain an IP automatically from a DHCP Server over the Internet M...

Page 30: ...n type Your SnapGear VPN Router will then attempt to automatically determine the appropriate connection method Connect to Internet Direct Choosing Direct Connection to the Internet will take you to the IP Configuration page See IP Configuration Connect to Internet Modem Figure 3 2 Setup modem Internet connection ...

Page 31: ... Enter the name of your Internet Service Provider ISP Phone number to dial Enter the number to dial to reach your Internet provider If you are behind a PABX that requires you to dial a prefix such as 0 or 9 for an outside line be sure to include the appropriate prefix ISP s DNS Server Enter the DNS server address supplied by your ISP Username and password Enter the unique username login given to y...

Page 32: ...e configured to use the SnapGear VPN Router as the default gateway for Internet access See the section Configuring the PCs on your network Chapter 2 for details on how this is done Establishing the connection At this point if you are using a modem or ISDN connection to your ISP the SnapGear VPN Router will place a call automatically whenever an application requires access to the Internet e g sendi...

Page 33: ...Connect to the Internet 29 If you are using a permanent connection device like a cable modem then Internet access is automatic ...

Page 34: ...facility establishes a PPP connection to the remote user or site Dial in requests are authenticated with usernames and passwords which are verified by the SnapGear VPN Router Once authenticated remote users and sites are connected and given the same access to the LAN resources as a local user To configure the SnapGear VPN Router for a dial in connection 1 Attach external modems to the relevant Sna...

Page 35: ...Dial in server configuration 31 Dial in setup Figure 4 1 Dial in setup ...

Page 36: ...nfigure SnapGear VPN Router s Dial In server select Dial In Setup from the Networking menu The table below describes all the fields in the Dial In Setup screen and explains how to enable and configure dial in access on a SnapGear VPN Router COM port ...

Page 37: ...P addresses Specify a free IP address from your local network each dial up client will use when connecting to the SnapGear VPN Router Authentication Scheme The authentication scheme you choose is the method by which the SnapGear VPN Router will challenge users dialing into the network Dial in clients must be configured to use the selected authentication scheme Select the desired option MSCHAPv2 is...

Page 38: ...you have enabled and configured the selected SnapGear VPN Router COM ports to support dial in click Continue and you will be able to create and configure dial in user accounts Dial in user accounts Figure 4 2 Dial in user account creation ...

Page 39: ...rname This username is required for dial in authentication only The name selected is case sensitive for example Jimsmith is not the same as jimsmith Password Enter the password for the remote dial in user Confirm Re enter the password to confirm Domain This field is optional and can be left blank If your network has a Windows NT server you may wish to attach a domain name to your dial in remote us...

Page 40: ...Dial in server configuration 36 Figure 4 3 User Maintenance Screen ...

Page 41: ...y under the Delete or Change Password for the Selected Account heading or reset if there is a mistake Similarly to delete an existing account Select the account in the Account List then check Delete under the Delete or Change Password for the Selected Account heading If you request a change to a User Account and it is successful the Dial In Setup screen will be represented with the change noted If...

Page 42: ...ies such as dial on demand Internet connection If a port was previously set up for Internet access and is subsequently enabled for dial in the Internet access function will be automatically disabled Remote user configuration Remote users can dial in connect through the SnapGear VPN Router using their standard Windows Dial Up Networking software A new dial out connection must be set up on the remot...

Page 43: ...will be using Click Next then fill in the details for the phone number of the modem connected to the SnapGear VPN Router Click Finish You should now see an icon in Dial Up Networking named as your Connection Name Click on this once then click on File and then Properties Click on the Server Types tab on the top of the window ...

Page 44: ...the Require encrypted password check boxes Leave the other Advanced Options unchecked Select the TCP IP network protocols from the Allowed network protocols list Do not select NetBEUI or IPX If an unsupported protocol is selected an error message will be returned Click TCP IP Settings Confirm that Server Assigned IP Address Server Assigned Name Server Address Use IP Header Compression and Use Defa...

Page 45: ...as been set up for the SnapGear VPN Router dial in account as indicated in the figure below Figure 4 7 Connect To dialogue box For Windows 2000 To configure a remote access connection on a Windows 2000 computer click Start Settings Network and Dial up Connections From the next window choose Make New Connection The network connection wizard will guide you through setting up a remote access connecti...

Page 46: ...Dial in server configuration 42 Figure 4 8 Network Connection Wizard ...

Page 47: ...Dial in server configuration 43 Figure 4 9 Connection Type Choose Dial up to private network as the connection type ...

Page 48: ...ver configuration 44 Figure 4 10 Phone number to dial Tick Use dialing rules to enable you to choose a country code and area code This feature is useful if you are using remote access in another state or overseas ...

Page 49: ...re 4 11 Connection Availability Select the option Only for myself to make the connection only available for you This is a security feature that will not allow any other users who log onto your machine to use this remote access connection ...

Page 50: ...ion will appear on the desktop To launch the new connection double click on the new icon on the desktop and the remote access login screen will appear as in the next figure If you did not create a desktop icon click Start Settings Network and Dial up Connections and choose the appropriate connection You will need to enter the username and password that had been set up for the SnapGear VPN Router d...

Page 51: ...Dial in server configuration 47 Figure 4 13 Remote Access Login Screen ...

Page 52: ...ork Configuration 48 5 Network Configuration IP Configuration Selecting IP Configuration from the Networking menu enables the user to set the IP address configuration of both the LAN and Internet interfaces ...

Page 53: ... IP address If the LAN interface of your SnapGear VPN Router obtains its IP address from a DHCP server on your local network then check DHCP assigned For a static IP address on the LAN interface enter the IP Address and Netmask in the fields provided Note that you must enter a static IP address if the SnapGear VPN router is to act as the DHCP server on your local network ...

Page 54: ...d for the local network to this machine Enter the IP address of the DNS Server which the SnapGear VPN Router will use to resolve domain names into the Domain Name Server field This should only be required if the SnapGear VPN Router is configured with a static IP address on the Internet interface and therefore doesn t receive its DNS server address automatically The SnapGear VPN Router can be confi...

Page 55: ...Network Configuration 51 Advanced IP Configuration Figure 5 2 Advanced IP Configuration ...

Page 56: ...red by all machines on your local network each of these local machines has its own private IP address SnapGear recommends leaving Masquerade set on the Internet Interface Internet Interface Aliases allows the SnapGear VPN Router to respond to multiple IP addresses on the Internet interface You must also setup appropriate Incoming Access rules to allow traffic sent to the additional aliased IP addr...

Page 57: ...p keep your network design as simple as possible your SnapGear VPN router can act as a DHCP server for machines on your local network To configure your SnapGear VPN Router as a DHCP server you must first set a static IP address and netmask on the LAN Interface see IP Configuration ...

Page 58: ...The lease time is the time for which a dynamically assigned IP will be valid Click Configure the IP addresses to be handed out to enter the addresses from which the DHCP server will allocate IP addresses to machines on the local network To reserve a particular IP address for a specific machine click on Configure the IP addresses to be reserved for particular hosts For each reserved IP address you ...

Page 59: ...ority to the following services domain tcp domain udp ftp ftp data http https imap irc nntp ntp pop3 smtp ssh and telnet Traffic Shaping provides a level of control over the relative performance of various types of IP traffic Note that this advanced feature is provided to allow expert users to fine tune their networks Additional Routes Expert users may add additional static routes using this featu...

Page 60: ...The SnapGear Firewall filters packets at the network layer determines whether session packets are legitimate and evaluates contents of packets at the application layer thus providing maximum protection for your private network Incoming Access Clicking Incoming Access on the Firewall menu will take you to the Incoming Access configuration page where you can configure the firewall to control externa...

Page 61: ...to these services can be restricted to specific interfaces For example you may want to restrict access to the SnapGear VPN Router s configuration web pages Web Admin to only machines on your local network Note that it is inadvisable to disallow all services as this will make future configuration changes impossible without resetting your SnapGear VPN Router to its factory default settings ...

Page 62: ...tion pages as this will hide your web administration pages from a casual web server who happens across your SnapGear VPN Router on the Internet Note that after changing the web server port number you must include the new port number in the URL to access the web administration pages For example if you change the web administration port number to 88 the URL to access the web administration will be s...

Page 63: ...control access to services provided by machines on your private network from users on the Internet Requests coming into the SnapGear VPN Router on the specified Incoming Port s will be forwarded to the Target Port on the Target Server Outgoing Access Your SnapGear VPN router can be configured to restrict certain network traffic going out the Internet interface These restrictions can either be appl...

Page 64: ...configured to restrict certain TCP IP application protocols or to block specified TCP and UDP ports Figure 6 4 Security Group Classes Configuration Once you have specified the restrictions you want each security group class to impose you can apply these restrictions globally to all machines on your local network or to specific machines or networks Use the Add Hosts or Networks section to specify t...

Page 65: ...dd custom firewall rules Access to this page is by clicking on Rules in the Firewall menu Please note that only experts on Firewalls and iptables rules will have the ability to add effective custom firewall rules Configuring the SnapGear Firewall via the Incoming Access and Outgoing Access configuration pages is adequate for all but some very specialized applications ...

Page 66: ...t attempt to connect to these services generate a system log entry providing details of the access attempt and then the access attempt is categorically denied Since network scans are often a prelude to a concerted attempt to compromise a host the ability to deny all access from hosts that have attempted to scan monitored ports is also available Select one or both of the block options to enable thi...

Page 67: ...enabled Generally the value of the trigger count should be in the 0 to 2 range A setting of 0 represents an immediate blocking of probing hosts Larger settings mean more attempts are permitted before blocking and whilst allowing the attacker a little more latitude such settings will reduce the number of false positives The ignore list contains a listing of host IP addresses which are to be ignored...

Page 68: ...to your office network across the Internet You will have the same access to your corporate network as if you were connected directly to it from your office Similarly telecommuters can set up a VPN tunnel over their cable modem or DSL links to their local Internet Service Providers With the SnapGear VPN Router you can establish a secure VPN over the Internet using either PPTP or IPSec IPSec provide...

Page 69: ...Virtual Private Networking 65 Figure 7 1 VPN tunneling using PPTP Server ...

Page 70: ... create a new VPN connection enter A descriptive name for the VPN connection which can provide an indication of the purpose of this connection The remote PPTP server IP address to which to connect A username and password you can use to login to the remote VPN you may need to obtain this information from the system administrator of the remote PPTP server and Optionally the remote network s netmask ...

Page 71: ...lient connections and more can be added in the same manner as above A VPN connection may be set as the default route for all network traffic by checking Make VPN the Default Route and clicking Apply Note that this option is available only when the SnapGear VPN Router is configured with a single VPN connection only ...

Page 72: ...VPN Router model The SnapGear PPTP Server allows remote Windows clients to securely connect to the local network To setup a VPN connection Enable and configure the PPTP VPN server Set up VPN user accounts on the SnapGear VPN Router with appropriate authentication security enabled Configure the VPN clients at the remote sites There is no need for any special software for the client The SnapGear PPT...

Page 73: ...PPTP Server setup To enable and configure SnapGear VPN Router s VPN server select PPTP VPN Server from the VPN menu in the SnapGear VPN Router Config Pages The table below describes the fields in the VPN Setup screen and the options available when enabling and configuring VPN access ...

Page 74: ...r ID and password The authentication scheme you choose is the method by which the SnapGear VPN Router will challenge users who endeavor to establish a PPTP connection to the network The remote client must be set up to use the selected authentication scheme MSCHAPv2 is the most secure It uses encrypted passwords SnapGear recommends the use of MSCHAPv2 plus data encryption as this keeps your data pr...

Page 75: ...igure 7 4 PPTP VPN Server Accounts screen Before remote users can set up a VPN tunnel to the SnapGear VPN Router PPTP server they must have user accounts set up The field options in the Add New Account are detailed in the table below ...

Page 76: ...lected Account field To delete an existing account Select the account in the Account List then check Delete in the Delete or Change Password for the Selected Account field If you request a change to a User Account and it is successful the PPTP VPN Setup screen will be represented with the change noted If the change request is unsuccessful an error will be reported Configuring the remote VPN client...

Page 77: ...e network has an external DHCP server i e your ISP dynamically assigns your an IP address To determine the current SnapGear VPN Router s PPTP server IP address select Diagnostics from the System menu in the main menu bar The IP address will be displayed in the VPN field Your remote users will need to know this PPTP IP address to be able to setup a VPN tunnel to the SnapGear VPN Router ...

Page 78: ...is already a networking connection established for the link to your local ISP Set up a new connection for the VPN connection Your SnapGear VPN Router s PPTP server will operate correctly with the standard Windows PPTP clients in all versions of Windows The following sections provide details for client setup in Windows 95 98 Windows NT and Windows 2000 Setup instructions for Windows ME and Windows ...

Page 79: ...other Advanced Options unchecked Select the TCP IP network protocols from the Allowed network protocols list Do not select NetBEUI or IPX If an unsupported protocol is selected an error message will be returned Click TCP IP Settings Confirm that Server Assigned IP Address Server Assigned Name Server Address Use IP Header Compression and Use Default Gateway on Remote Network are all selected Click ...

Page 80: ...Virtual Private Networking 76 Figure 7 7 VPN client server settings ...

Page 81: ... that this IP address may change from time to time if your ISP uses dynamic IP assignment In the Dial Using dialog box select RASSPPTPM VPN1 and click Next Click More and select Edit entry then Modem properties from the menu Select the Server tab Select TCP IP only Warning Do not select NetBEUI or IPX If an unsupported protocol is selected an error message will be returned Select the Security tab ...

Page 82: ... Up Networking account to access the Internet Once you have done this you are ready to begin The first thing you need to do is log in as Administrator on your PC Once logged in from the Start menu select Settings and then Network and Dial up Connections Figure 7 8 Network and Dial up Connections ...

Page 83: ...ake New Connection then click Next on the first window of this wizard which will bring up the Network Connection Type window Figure 7 9 Network Connection Type Select Connect to a private network through the Internet and click Next This displays the Destination Address window ...

Page 84: ...Address Enter the SnapGear PPTP server s IP address and click Next Select the Connection Availability that you require on the next window and click Next which will display the final window in this wizard Figure 7 11 Completing the Network Connection Wizard ...

Page 85: ... and click Connect For Windows NT click Dial and enter the username and password given to you by the SnapGear VPN Router s VPN administrator After you have been authenticated to the network you can check your e mail use the office printer access shared files and browse the network as if you were physically connected to the LAN To disconnect the VPN tunnel connection to the remote SnapGear VPN Rout...

Page 86: ...Virtual Private Networking 82 IPSec Setup The SnapGear VPN router supports IPSec tunnels as well as PPTP tunnels To setup your VPN using IPSec select IPSec from the VPN menu Figure 7 12 IPSec Setup ...

Page 87: ...Submit Enable the interface on which you want to use IPSec This may be the default gateway or a ppp interface for ADSL and cable modems or eth1 if the SnapGear VPN Router is connected to a router before connecting to the Internet Then click Submit To add a new IPSec connection click on Add under Add New IPSec Connection ...

Page 88: ...PN Router will use for IPSec The Authentication Identifier is required when using RSA key signatures for multiple Road Warriors and is used to identify the other participant during authentication If this field is left blank the Authentication Identifier defaults to the External IP Nexthop refers to the next hop gateway IP address to the public network which is not normally required and may be left...

Page 89: ...en notifications The tunnel will be restarted if no acknowledgements have been received for a period of Timeout The recommended keying used in IPSec is Automatic Keying IKE The default and recommended method of authentication is through a Pre Shared Secret A Pre Shared Secret should be at least 24 characters long and should be a phrase you can remember easily but would be difficult for others to g...

Page 90: ...rtual Private Networking 86 Figure 7 14 Automatic Keying Setup Click Submit to add the new IPSec tunnel after selecting the appropriate Automatic Startup Authorization Authentication and Key Configuration ...

Page 91: ...ecutive re keying events that is the lifetime of a key Shorter values offer higher security at the expense of the computational overhead necessary to calculate new keys The default value of 1 hour is recommended Checking the Enable Perfect Forward Secrecy of keys box means that an attacker who acquires the SnapGear VPN Router s long term key i e the pre shared secret or RSA Signature Key Private S...

Page 92: ...er accessible using the factory default password To prevent this the SnapGear VPN Router s password must be changed when Setup Wizard is run or the Configuration web pages are accessed for the first time The SnapGear VPN Router s password can be changed at any time through the Configuration web pages by clicking Password in the System menu The SnapGear VPN Router s password is the key to the secur...

Page 93: ... must already be configured on the local network with an IP address Flash upgrades can be performed using the configuration web pages To do this click Advanced then Flash Upgrade and enter the IP address of the PC with the binary image and the appropriate filename A TFTP server must be running on the machine that is hosting the file While the SnapGear VPN Router is being upgraded its front panel L...

Page 94: ...he SnapGear Knowledge Base Figure 9 1 Technical Support The Technical Support Report page is an invaluable resource for the SnapGear Technical Support Staff to analyze problems with your SnapGear VPN Router The information on this page gives the Support Staff important information about any problems you may be experiencing Should you experience a fault with your SnapGear VPN Router please attach t...

Page 95: ...hould contact your dealer please take note of the LED pattern to facilitate faster response and recovery action LED Pattern Status Action VPN Memory failure Contact your dealer COM2 Console device cannot initialize Contact your dealer All LEDs on In recovery mode usually from a bad Flash image While the reset button is held in this will be the LED pattern VPN Internet Link Cannot load static data ...

Reviews:

No comments

Related manuals for LITE

Paradyne 7995-A2-374 Quick Installation Instructions preview
7995-A2-374
Brand: Paradyne Pages: 1
ACTi GNR-310 Quick Installation Manual preview
GNR-310
Brand: ACTi Pages: 12
Acorn Computers Limited A300 Series Quick Start Manual preview
A300 Series
Brand: Acorn Computers Limited Pages: 2
Hanwha Techwin Wisenet PRN-6400DB4 User Manual preview
Wisenet PRN-6400DB4
Brand: Hanwha Techwin Pages: 125
Airaya AI108-1-050 Quick Install Manual preview
AI108-1-050
Brand: Airaya Pages: 28
Hirschmann MM2-2FXM3/2TX1 Description And Operating Instructions preview
MM2-2FXM3/2TX1
Brand: Hirschmann Pages: 8
GarrettCom Magnum mP62-5V -1M1SSC Installation And User Manual preview
Magnum mP62-5V -1M1SSC
Brand: GarrettCom Pages: 40
Billion BiPAC 7800NL User Manual preview
BiPAC 7800NL
Brand: Billion Pages: 170
GE ATS1203 Installation Sheet preview
ATS1203
Brand: GE Pages: 24
GE 0150-0241 ProBridge User Manual preview
0150-0241 ProBridge
Brand: GE Pages: 19
GE 40M06AAG User Manual preview
40M06AAG
Brand: GE Pages: 39
GE HC HP User Manual preview
HC HP
Brand: GE Pages: 114
GE GE-DSH-73 User Manual preview
GE-DSH-73
Brand: GE Pages: 179
GE MDS 4710M Technical Manual preview
MDS 4710M
Brand: GE Pages: 113
GE GE-DS-242-POE User Manual preview
GE-DS-242-POE
Brand: GE Pages: 210
GE EPM 7300 Installation Manual preview
EPM 7300
Brand: GE Pages: 304
GE MDS ORBIT ECR Technical Manual preview
MDS ORBIT ECR
Brand: GE Pages: 463
3Com 3C410012A - OfficeConnect Remote 531 Access Router Getting Started Manual preview
3C410012A - OfficeConnect Remote 531 Access Router
Brand: 3Com Pages: 72

Brands by name

Popular brands

Load more brands