manualshive.com logo in svg

Vasco Personal aXsGUARD, Руководство по установке и настройке

"Vasco Personal aXsGUARD - лучшее решение для защиты вашей сети. Установочное и конфигурационное руководство доступно для загрузки совершенно бесплатно на нашем сайте. Позволит настроить устройство быстро и без проблем. Скачивайте сейчас с manualshive.com и обеспечьте безопасность вашей сети."

Поделиться
Скачать
background image

Personal aXsGUARD - 7.7.1

Chapter 3. Features and Concepts

© VASCO Data Security 2013

8

should  be  connected  to  the  PAX.  A  secure  option  is  to  connect  the  Internet  Interface  of  the  PAX  to  the
user’s LAN and only connect the client computers that actually need access to corporate resources to the
PAX LAN (double NAT).

For  additional  information  about  aXsGUARD  Gatekeeper  Firewall  Rules  and  Policies,  see  the
aXsGUARD Gatekeeper Firewall How To, which can be accessed via the Documentation button in the
Administration Tool.

3.4. NAT Traversal

3.4.1. Purpose and Definition

 

The PAX enables you to easily connect peers that are connected to a Network Address Translated network
segment of a gateway.

Network Address Translation (NAT) is a general term to describe techniques that establish and maintain TCP/
IP and/or UDP connections traversing network address translation (NAT) gateways. For detailed information
about NAT, see the aXsGUARD Gatekeeper System Administration How To, which can be accessed via the
Documentation button in the Administrator Tool.

As of PAX version 1.1, you can configure custom NAT rules on the aXsGUARD Gatekeeper. The rules are
downloaded by the PAX when it connects to the aXsGUARD Gatekeeper VPN server. By default, the NAT
rules  apply  to  the  PAX’s  WAN  interface;  they  are  comparable  to  port  forwarding  rules  on  the  aXsGUARD
Gatekeeper.

3.4.2. UPnP and NAT-PMP

   

Universal Plug and Play and NAT-PMP:

UPnP

 (Universal Plug’n'Play) enables programs running on a host to automatically configure port forwarding

on the PAX. UPnP basically allows a program to open ports that are necessary for its operation, without any
warning or intervention from the system administrator. For this reason, there is a security risk associated with
enabling UPnP on the PAX. Technically, a worm or malware could use this function to compromise your LAN’s
security.

It  is  therefore  recommended  to  manually  configure  port  forwarding  whenever  possible  and  disable  UPnP.
However,  in  some  cases  dynamic  port  forwarding  may  be  required  if  manual  port  forwarding  becomes
impractical.

NAT-PMP

 is a protocol similar to UPnP supported by a number of Windows and Linux applications.

3.4.3. DNAT and Port Forwarding

Destination network address translation (DNAT) is a technique for transparently changing the destination IP
address of an en route packet and performing the inverse function for any replies. DNAT is commonly used
to publish a service located in a private network on a publicly accessible IP address. This use of DNAT is
also called port forwarding.

In most cases the WAN interface of the PAX is connected directly to the Internet and is assigned a public IP
address. In that case, network packets leaving the WAN interface are masqueraded. (For information about
masquerading,  see  the  aXsGUARD  Gatekeeper  System  Administration  How  To,  which  can  be  accessed
via the Documentation button in the Administrator Tool). By default, the PAX firewall blocks all connections
originating from the Internet.

If the WAN interface of the PAX is connected to a NAT’d network in a private range (the WAN interface is
connected to the LAN, as shown in 

Figure 3.3, “WAN to LAN Option in NAT Environment”

), you can enable

access to its LAN from the network connected to its WAN interface.

Содержание Personal aXsGUARD

Страница 1: ...Personal aXsGUARD Installation and Configuration Guide 7 7 1...

Страница 2: ...ou May Need 6 3 2 Central Management and PKI 6 3 3 Security Recommendations 7 3 4 NAT Traversal 8 3 4 1 Purpose and Definition 8 3 4 2 UPnP and NAT PMP 8 3 4 3 DNAT and Port Forwarding 8 3 4 4 SNAT an...

Страница 3: ...boot Procedure 26 6 Status Logging and Diagnostics 27 6 1 Overview 27 6 2 Checking the Status 27 6 2 1 On the aXsGUARD Gatekeeper 27 6 2 2 On the Personal aXsGUARD 27 6 3 Checking the Logs 27 6 3 1 On...

Страница 4: ...RES LIABILITY DESPITE THE FOREGOING EXCLUSIONS AND LIMITATIONS Intellectual Property and Copyright VASCO Products contain proprietary and confidential information VASCO Data Security Inc and or VASCO...

Страница 5: ...and connect the Personal aXsGUARD with the corporate aXsGUARD Gatekeeper starting with the factory default settings In Chapter 6 Status Logging and Diagnostics we explain how to access the Personal aX...

Страница 6: ...r design means that optional features can be purchased at any time to support for example e mail and Web access control The aXsGUARD Gatekeeper can easily be integrated into existing IT infrastructure...

Страница 7: ...tional in service appliance requires the following steps 1 Logging on to the aXsGUARD Gatekeeper as the default sysadmin user and changing the sysadmin password 2 Creating a new user with full adminis...

Страница 8: ...Warranty Notice Do not press the reset button on the back panel of the AG 1296 model Removal of the protective seal automatically voids the product warranty and will necessitate a replacement Figure...

Страница 9: ...Hz Signal Rate 5GHz Up to 450Mbps 2 4GHz Up to 300Mbps EIRP 20dBm Reception Sensitivity 300M_2 4G 70dBm 270M_2 4G 70dBm 195M_2 4G 71dBm 130M_2 4G 74dBm 54M_2 4G 79dBm 6M_2 4G 94dBm 450M_5G 64dBm 405M_...

Страница 10: ...tually a hardware OpenVPN client 3 2 Central Management and PKI The hosts client and server involved in an SSL VPN connection use digital certificates for identification and encryption purposes In ter...

Страница 11: ...ept ICMP traffic and VASCO remote support connections Figure 3 2 PAX Firewall Scenarios The stat sec Firewall Policy and dynamic policies configured for PPTP L2TP or OpenVPN do not apply to the PAX Al...

Страница 12: ...he PAX UPnP basically allows a program to open ports that are necessary for its operation without any warning or intervention from the system administrator For this reason there is a security risk ass...

Страница 13: ...ows traffic from the NAT d WAN to traverse the PAX s firewall while incoming Internet traffic remains blocked Figure 3 3 WAN to LAN Option in NAT Environment 3 4 4 SNAT and Masquerading Source Network...

Страница 14: ...ly try an alternate IP address in case the primary VPN connection is failing Failover can also be applied at the protocol level since the PAX supports UDP and TCP see Section 3 7 TCP or UDP The defaul...

Страница 15: ...s such your PAX becomes a secured wireless access point for your corporate network This requires some minor configuration on the client side Consult the documentation of the client s operating system...

Страница 16: ...and IP address es of aXsGUARD Gatekeeper VPN server s on the Internet The user level is limited to stopping and starting the VPN connection initiating a remote support connection and rebooting the PA...

Страница 17: ...f the PAX settings on the server side 4 2 Feature Activation Before you can access the menu to configure your PAX settings you need to activate the feature on the aXsGUARD Gatekeeper 1 Log on to the a...

Страница 18: ...ersonal aXsGUARD Client 2 Click on Add New 3 Enter the common settings as explained in the table below 4 Enter the settings per tab Each tab is explained separately Section 4 5 General Settings to Sec...

Страница 19: ...matically initiated after the PAX has completed its boot procedure If the option is unchecked the VPN must be started manually by accessing the Administrator Tool of the PAX PAX admin password The pas...

Страница 20: ...c leaving the PAX s client is routed via the VPN tunnel including traffic towards the Internet As a result the corporate aXsGUARD Gatekeeper acts as an Internet network Gateway If this option is unche...

Страница 21: ...fied as the DNS suffix a query for www would result in a DNS query for www mydomain com Start IP Address Netmask The first IP address of the DHCP range using the CIDR notation e g 10 0 0 30 24 End IP...

Страница 22: ...y detect this SSID automatically when they are within a proper range Encryption Type The type of encryption to be used for the wireless communication between the client and the PAX See Section 3 6 Wir...

Страница 23: ...aining rules of the type through the aXsGUARD Gatekeeper are valid These policies define access to services on the Internet when the VPN tunnel is down Tunnel Firewall Policies only fwd dynamic polici...

Страница 24: ...ctivate NAT see Section 4 10 1 Activating NAT 1 Check Enable Automated NAT 2 Select the desired NAT type Figure 4 8 UPnP and NAT PMP 4 10 3 DNAT and Port Forwarding In this section we explain how to c...

Страница 25: ...r SMTP traffic Destination IP The IP address of the host to which traffic is forwarded Only one IP address may be entered e g 192 168 1 100 Destination Port The port number to which traffic must be fo...

Страница 26: ...packets matching the specified source address e g 80 90 100 200 If left empty any source IP is assumed and the rule applies to all packets Interface LAN WAN The network device that handles the traffic...

Страница 27: ...68 1 1 Netmask 255 255 255 0 DHCP Server Enabled admin login password login admin password admin all lower cases user login password login user password user all lower cases URL to access the PAX Admi...

Страница 28: ...gs of your Internet browser before you start The PAX Administrator Tool may not be accessible if a proxy server is configured 1 Configure your client s network interface so that it uses the PAX DHCP s...

Страница 29: ...FQDN or IP address e g if the client needs a VPN connection to several sites or in a failover situation VPN Protocol Type Auto Use this option to automatically detect the VPN protocol type used by the...

Страница 30: ...a valid client certificate is present 5 5 Reboot Procedure 1 Log on to the PAX as explained in Section 5 4 Installation Instructions 2 Click on Reboot Now Figure 5 4 Rebooting the PAX The reboot proc...

Страница 31: ...Administrator Tool 2 Navigate to VPN RAS Status Personal aXsGUARD Figure 6 1 Status Information Screen aXsGUARD Gatekeeper administrators can easily reboot any connected PAX by clicking on the reboot...

Страница 32: ...ines Any event that is logged after reaching the threshold will replace the oldest entry 1 Log on to the PAX Administrator Tool as explained in Section 5 4 Installation Instructions 2 Click on Logging...

Страница 33: ...es in the status screen If the load is persistently high try rebooting the PAX If rebooting doesn t solve the problem contact VASCO Support 6 5 Initiating a Remote Support Connection To initiate a rem...

Страница 34: ...s of your Internet browser If a proxy server is configured you may not be able to access the PAX Administrator Tool Clear the settings and try again Consult your browser s documentation if necessary V...

Страница 35: ...nd reported in the Knowledge Base at the following URL http www vasco com support 2 If there is no solution in the Knowledge Base please contact the company which supplied you with the VASCO product 3...

Страница 36: ...4 2 PAX Client Settings 14 4 3 PAX Network Settings 16 4 4 PAX Client DHCP Settings 17 4 5 PAX Wireless Settings 18 4 6 PAX Firewall Configuration 19 4 7 Activating NAT 20 4 8 UPnP and NAT PMP 20 4 9...

Страница 37: ...General Tab 15 4 3 PAX Client Settings Network Tab 16 4 4 PAX Client DHCP Tab 17 4 5 PAX Wireless Settings Tab 18 4 6 Firewall Settings Tab 19 4 7 PAX NAT Settings Tab 21 4 8 PAX SNAT and Masquerading...

Страница 38: ...Personal aXsGUARD 7 7 1 VASCO Data Security 2013 xxxiv List of Examples 3 1 Maintenance of master in HA cluster 11 3 2 Selecting UDP as the VPN protocol 11...

Страница 39: ...n 7 18 L Licensed appliance 3 Logging 27 M Masquerading 21 N NAT 8 21 NAT Port Mapping 8 NAT PMP 8 Network Address Translation 8 21 21 R Reboot 26 Remote support 12 S SNAT 21 Spare unit 2 SSID 18 Stat...

Отзывы:

Нет отзывов

Похожие инструкции для Personal aXsGUARD

SAINT-GOBAIN SageGlass 300-1194-001 Product Sheet preview
SageGlass 300-1194-001
Бренд: SAINT-GOBAIN Страницы: 2
Fortinet FortiGate 60M Installation Manual preview
FortiGate 60M
Бренд: Fortinet Страницы: 64
Lanner FW-6436 User Manual preview
FW-6436
Бренд: Lanner Страницы: 19
HP ProCurve Access Controller 720wl Disassembly Instructions preview
ProCurve Access Controller 720wl
Бренд: HP Страницы: 3
HP A-F1000-E Product End-Of-Life Disassembly Instructions preview
A-F1000-E
Бренд: HP Страницы: 3
8e6 Technologies appliance watchdog User Manual preview
appliance watchdog
Бренд: 8e6 Technologies Страницы: 50
vpneveryone HTTPS VPN Secure WiFi USB Dongle User Manual preview
HTTPS VPN Secure WiFi USB Dongle
Бренд: vpneveryone Страницы: 13
Alpha Shield Hardware Firewall User Manual preview
Hardware Firewall
Бренд: Alpha Shield Страницы: 19
TEMPERED Airwall-250 Series Installation Instructions preview
Airwall-250 Series
Бренд: TEMPERED Страницы: 2

Бренды по названию

Популярные бренды

Загрузить еще бренды