background image

 

www.cnetusa.com 

11

Configuring SSH Sentinel Security Policy 

From the Security Policy window, click on the “Security Policy” tab, select VPN 
connections and click on “Add” button. 
 
 

                          

 

 
 
 
In the “Add VPN Connection” window, enter an IP address or a Domain Name 
associated with the WAN IP of the CNet router.  For remote network, click the “…” 
micro button and enter the remote network information.  The default LAN network 
address of CWR-854 is 192.168.1.0 with 255.255.255.0 for subnet mask. 
 
 

Содержание CWR-854

Страница 1: ...g an IPSec client to connect CNet s wireless broadband router CWR 854 F with VPN capability The VPN feature can be used for secure remote access to a home or work network from anywhere on the Internet VPN Client Software used for this test is SSH Sentinel v1 4 which is free for non commercial use Applications ...

Страница 2: ...SL modem or we are dialing up using a modem In the second scenario the client system is also behind a NAT route In this case the computer we re working on is connected to a router and through a Cable DSL modem to the Internet First Scenario To configure VPN both on the client system as well as the router we need to know about the IP address schema used on the home network By default the LAN IP of ...

Страница 3: ...www cnetusa com 3 Router s VPN Configuration Please use the routers s default IP address 192 168 1 254 to access its configuration ...

Страница 4: ...ite choose Subnet Address to allow access to the whole LAN network For remote site choose Any Address so that the router accepts VPN requests from any IP address Both local and remote systems are identified by IP Key management is auto IKE Click the advance key to see the settings for phase 1 and 2 negotiations In phase 1 peers are authenticated to each other and a secure encrypted link is establi...

Страница 5: ...www cnetusa com 5 The last step to finalize VPN configuration is to enter the PSK Pre Shared Key and save settings The router is now ready to accept incoming VPN connections ...

Страница 6: ...www cnetusa com 6 ...

Страница 7: ...T router for example another CWR 854 The connection is from VPN client NAT router Cable DSL modem Internet Cable DSL modem VPN router The only difference in the configuration with scenario one is to configure the VPN router s remote site to be NAT T any address as below picture shows ...

Страница 8: ...rst one involves the creation of a key management and the second one is the actual VPN security policy After the software is installed right click on the Sentinel icon in the task bar and select Run Policy Editor Configuring SSH Sentinel Key Management From the SSH Sentinel policy editor click on Key Management tab Then select the add button under My Keys folder ...

Страница 9: ...www cnetusa com 9 From the New Authentication Key window select the create a pre shared key radio button and click next ...

Страница 10: ...www cnetusa com 10 In the next window type a name and the same exact key you have entered in the router s VPN configuration and click Finish ...

Страница 11: ... VPN connections and click on Add button In the Add VPN Connection window enter an IP address or a Domain Name associated with the WAN IP of the CNet router For remote network click the micro button and enter the remote network information The default LAN network address of CWR 854 is 192 168 1 0 with 255 255 255 0 for subnet mask ...

Страница 12: ...www cnetusa com 12 Click OK to save the changes and return to the Rule Properties window ...

Страница 13: ...www cnetusa com 13 Click on the IPSec IKE proposal settings button to view proposal parameters ...

Страница 14: ...operties window Click on the Advanced tab to view Security association lifetimes as well as Audit and some other advanced settings If the VPN client system is sitting behind a NAT device you ll need to check the box next to Pass NAT device using NAT T ...

Страница 15: ...test Click OK to go back to the SSH Sentinel Policy Editor window and click Apply to update security policy changes we ve made Now click on Diagnostics to start probing the connection to the VPN server If Diagnostics complete successfully it means that you can establish an IPSec protected connection to the VPN server ...

Страница 16: ...www cnetusa com 16 We can now use the SSH Sentinel icon in the task bar select the VPN server and establish the VPN tunnel ...

Страница 17: ...t the VPN connection bring up a DOS window and try a ping to the IP address of one of the computers at home If ping is successful then the connection is established and you should be able to see and map network drives to systems behind the VPN router ...

Отзывы: