background image

Configuration Wizard 

Seven easy steps Wizard 

BiGuard VPN client provides a Configuration Wizard that allows the creation of VPN 
configuration in seven easy steps. This Configuration Wizard is designed for remote computers 
that need to get connected to a corporate LAN through a VPN gateway.  
 
Let take the following example: 
The remote computer has a dynamically provided public IP address. 
It tries to connect the Corporate LAN behind a VPN gateway that has a DNS address 
"gateway.mydomain.com". 
The Corporate LAN address is 192.168.1.xxx. e.g. the remote computer want to reach a server 
with the IP address: 192.168.1.100. 
 

 

 
For configuring this connection, open wizard's window by selecting menu "Configuration > 
Wizard".  

 

 
 
 
 
 
 
 
 
 
 
 
 

 

 
 
 

 

Содержание BiGuard C01

Страница 1: ...BiGuard C01 BiGuard VPN Client Quick Installation Guide BiGuard series VPN enabled devices Secure access to Company Network ...

Страница 2: ...y and securely BiGuard VPN Client is an on demand IPSec VPN Client compliant with Billion BiGuard series VPN enabled devices Ideal for remote users and Teleworkers requiring access to the company network Network Topology In this example we will connect BiGuard VPN Client to the LAN behind the Billion BiGuard series VPN enabled routers The VPN Client is connected to the Internet by a DSL dialup con...

Страница 3: ...Billion BiGuard VPN enabled devices you must select the menu Configuration IPSec Click and add a new IPSec VPN setting as below Connection Name A user defined name for the connection e g BiGuardVPN Tunnel Activates or deactivates the IPSec connection Local ID Select local ID type ...

Страница 4: ...e automated Internet Key Exchange IKE setup most secure method with the highest level of security Aggressive Mode Uses the automated Internet Key Exchange IKE setup mid level security Speed is faster than Main mode Manual Key Manual standard level of security It is the fastest of the three methods Method There are two methods of checking the authentication information AH authentication header and ...

Страница 5: ...tablish a shared security policy and authenticated keys for services such as IPSec that require a key Before any IPSec traffic can be passed each router must be able to verify the identity of its peer This can be done by manually entering the pre shared key into both sides router or hosts IKE Life Time Allows you to specify the timer interval for renegotiation of the IKE security association The v...

Страница 6: ...g IKE negotiation It is possible to change this name at any time and read it in the tree control Two Phase 1 can not have the same name billion in our example Interface IP address of the network interface of the computer through which VPN connection is established If the IP address may change when it is received dynamically by an ISP select any Remote Gateway IP address or DNS address of the remot...

Страница 7: ...n alternate gateway in case the primary gateway is down or not responding Enter either the IP address or the url of the Redundant Gateway e g router dyndns com z BiGuard VPN Client will contact the primary gateway to establish a tunnel If it fails after several tries default is 5 tries configurable in Parameters panel then modify Retransmissions field to modify this default value the Redundant Gat...

Страница 8: ...please see Appendix A If this identity is not set VPN client s IP address is used Remote ID Remote ID is the identity the BiGuard VPN client is expecting to receive during Phase 1 from the VPN router This identity can be an IP address type IP address an domaine name type DNS an email address type Email a string type KEY ID a certificate issuer type DER ASN1 DN About X509 certificates please see Ap...

Страница 9: ...P address 192 168 205 117 in our example It is important this IP address not to belong to the remote LAN Address type The remote endpoint may be a LAN or a single computer In the first case choose Subnet address Choose Single address otherwise When choosing Subnet address the two fields Remote LAN address and Subnet mask became available When choosing Single address only the field Remote host addr...

Страница 10: ...Script A specific script or application e g Outlook CRM apps can be launched when this tunnel opens Script or application can be selected by browsing using button Alternate Servers DNS ans WINS server IP addresses of the remote LAN can be entered here to help users to resolve intranet addressing The DNS or WINS addresses are taken into account as soon as the tunnel is opened and as long as it is o...

Страница 11: ...enabled your firewall with IPSec traffic 1 Clink on to make into account all modifications we ve made on your VPN Client Configuration 2 Click on or generate traffic that will automatically open a secure IPSec VPN Tunnel e g ping IE browser 3 Select to see opened VPN Tunnels 4 Select if you want to access to the IPSec VPN logs and adjust filters to display less IPSec messaging ...

Страница 12: ...a corporate LAN through a VPN gateway Let take the following example The remote computer has a dynamically provided public IP address It tries to connect the Corporate LAN behind a VPN gateway that has a DNS address gateway mydomain com The Corporate LAN address is 192 168 1 xxx e g the remote computer want to reach a server with the IP address 192 168 1 100 For configuring this connection open wi...

Страница 13: ... gateway Address In IP or Domain name e g specify gateway mydomain com The Preshared key you will use for this tunnel this Preshared key must be the same in the gateway Step 2 of 7 You must specify the following information The IP address of your remote gateway LAN Network address e g specify 192 168 1 0 ...

Страница 14: ...ient in the VPN connection e g specify 192 100 205 101 Step 4 of 7 The fourth step summaries your new VPN configuration Other parameters may be further configured directly via the main interface e g virtual IP address etc Be sure that each client must use different VPN Client IP Address Warning ...

Страница 15: ...tion Name BiGuardVPN as example and PreShared Key 12345678 as example and select LAN to Host For BiGuard VPN Client Only then press Next Step 6 of 7 Input BiGuard VPN Client IP Address 195 100 205 101 as example and press Next Be sure that each client must use different VPN Client IP Address Warning ...

Страница 16: ...Step 7 of 7 After all you will see a Configuration Summary click Done too apply this rule ...

Страница 17: ... v AES 128 v v v AES 192 v v v AES 256 v v v Diffie Hellman Group Support Group1 MODP 768 v v v Group2 MODP 1024 v v v Group5 MODP 1536 v v v Authentication Mechanism Preshared key v v v X509 Certificate support PEM x x x X Auth x x x Key Management ISAKMP RFC2408 v v v IKE RFC2409 v v v IPSec Mode ESP v v v Tunnel v v v IKE Mode Main v v v Aggressive v v v Quick v v v x not support ...

Страница 18: ...erring to the Troubleshooting section in the User s Manual can solve most problems If you cannot resolve the problem with the Troubleshooting chapter please contact the dealer where you purchased this product Contact Billion WORLDWIDE http www billion com ...

Отзывы: