• No results found

Configuring the OfficeConnect Secure Gateway for a remote L2TP over IPSec connection

N/A
N/A
Protected

Academic year: 2021

Share "Configuring the OfficeConnect Secure Gateway for a remote L2TP over IPSec connection"

Copied!
18
0
0

Loading.... (view fulltext now)

Full text

(1)

(Software v1.80)

Creating L2TP over IPSec VPNs between the

OfficeConnect Cable/DSL Secure Gateway and the

Microsoft VPN Client

1.0 Introduction

The OfficeConnect Cable/DSL Secure Gateway supports IPSec, PPTP and L2TP over IPSec for VPN connections. IPSec can be used for Gateway-to-Gateway (i.e. network-to-network) connections and remote user connections (i.e. single PC-to-network). PPTP and L2TP over IPSec are used for remote user connections only.

This document will describe in detail the steps needed to configure VPNs between an OfficeConnect Cable/DSL Secure Gateway and an L2TP/IPSec VPN Client. The supported Microsoft Operating Systems are

• Windows NT4*

• Windows 98/Me*

• Windows 2000**

• Windows XP

*A L2TP over IPSec integrated VPN client for Windows NT4, 98 & Me is available from Microsoft at www.microsoft.com/vpn

** Requires changes to the Windows registry. Please follow the instructions on the Microsoft website – Microsoft Knowledge Base Article - 240262

http://support.microsoft.com/default.aspx?scid=kb;en-us;240262 and then refer back to this document.

IMPORTANT – The OfficeConnect Cable/DSL Secure Gateway does not

support L2TP over IPSec tunnels initiated from behind a NAT device. If

this is required, use either PPTP or IPSec as the VPN protocol.

Please select the section required

Configuring the OfficeConnect Secure Gateway for a remote L2TP over IPSec connection

Configuring the L2TP VPN client on Windows XP Configuring the L2TP VPN client on Windows NT4 Configuring the L2TP VPN client on Windows 98/Me Configuring the L2TP VPN client on Windows 2000

(2)

(Software v1.80)

2.0 Connecting to the OfficeConnect Cable/DSL Secure Gateway using a

L2TP over IPSec Client

Network – 192.168.1.0

PC running VPN client software Cable or DSL

modem Internet

Secure Gateway WAN IP - 60.0.32.15

Figure 1 – PC running VPN client software and an OfficeConnect Secure Gateway connecting via the Internet

2.1 Configuring the OfficeConnect Cable/DSL Secure Gateway

Figure 2 – L2TP over IPSec Connections on the OfficeConnect Cable/DSL Secure Gateway

1. Select the L2TP over IPSec Server tick box. The screen will change to reflect this selection.

2. 2. If the Gateway ID has not already been specified, enter a Gateway ID such as the WAN IP address of the gateway.

3. If required enter the domain that the remote client will authenticate with

4. Enter the IPSec Shared Key that will be used for all L2TP over IPSec client authentication.

5. Encryption Level – Check the level of encryption required, if both DES and 3DES are selected then the OfficeConnect Secure Gateway will accept either level.

6. Enter the First Remote IP Address and the Last Remote IP Address. This will be the range of IP addresses that remote PPTP & L2TP over IPSec users will be given when they connect.

!Note – Ensure that the IP addresses entered here do not overlap with the LAN DHCP address range!

(3)

(Software v1.80)

7. Click on the Apply button on the right of the screen

9. Click on the New button on the right of the screen, a pop-up window will appear 8. Click on the VPN Connections tab at the top of the page

Figure 3 – Configuring a VPN client connection on the OfficeConnect Cable/DSL Secure Gateway

10. User Name - Enter the user name of the remote user that will be connecting 11. Description - Add a description that will make the connection easily identifiable 12. Connection Type – Click on the Remote User Access radio button

13. Tunnel Type – Select L2TP over IPSec from the pull down menu

14. Password - Enter the password that the remote user will use to authenticate the connection.

15. Click on the Add button on the right of the screen

The OfficeConnect Cable/DSL Secure Gateway is now ready to accept a connection from a remote L2TP over IPSec VPN client. Make a note of all information used in the configuration, as it will be required to configure the VPN client.

(4)

(Software v1.80)

2.2 Configuring the VPN Client

Windows XP

3Com recommends using the Windows XP native L2TP over IPSec VPN client. The following describes how to configure this.

Step 1 – New Connection Wizard Step 2 – New Connection Wizard From the Windows Start button, select

Settings>Network Connections>New Connection Wizard

Click Next and select Connect to the network at my workplace

Step 3 – New Connection Wizard Step 4 – New Connection Wizard Click Next and select Virtual Private Network

connection Click Next and enter a name for the VPN connection:

(5)

(Software v1.80)

Step 5 – New Connection Wizard Step 6 – New Connection Wizard Click Next and choose an initial connection to dial if

required: Click Next and enter the public (WAN) IP address of

the OfficeConnect Secure Gateway:

Step 7 – New Connection Wizard

Click Next, then Finish.

Step 1 – Dial up Configuration Step 2 – Dial up Configuration Select Properties on the Dial-Up connection prompt Select the Security tab

(6)

(Software v1.80)

Step 3 – Dial up Configuration Step 4 – Dial up Configuration Click IPSec settings… and tick the Use pre-shared

key for authentication Enter the OfficeConnect Secure Gateway L2TP IPSec Shared Key shared secret. Click OK.

Select the Networking Tab and change the Type of VPN to L2TP IPSec VPN. Click OK.

Step 5 – Options Step 6 - Connect

Select the Options tab and check the Include

Windows logon domaincheckbox The Domain field is now visible. Enter the Domain specified in the OfficeConnect Secure Gateway L2TP Configuration

Establishing a Connection

From the Windows Start button, select Settings>Network Connections and choose the connection that was configured to access the OfficeConnect Secure Gateway. Enter the Username and password and press Connect.

If selecting the connection does not present the username and password dialogue, click the connection with the right button and select Properties. Under the Options tab, tick the Prompt for name and password checkbox.

(7)

(Software v1.80)

Windows NT4

Microsoft provides a freely available L2TP over IPSec VPN client for pre-Windows 2000 operating systems (not Windows 95). The installation file msl2tp.exe is available from the Microsoft web site http://www.microsoft.com/vpn.

In addition to the above Microsoft VPN client, Windows NT4 requires Service Pack 6A, which can be found at:

http://www.microsoft.com/ntserver/nts/downloads/recommended/SP6/allSP6.asp

You will need to install the Point to Point Tunneling Protocol by using the following procedure if it is not already installed:

Step 1 – From Control Panel, Open the network folder

Step 2 – Network Configuration Step 3 – Select Network Protocol Select the Protocols tab. If the Network Protocols list

does not include the Point to Point Tunneling

Protocol, click Add. Otherwise Cancel the dialog and proceed to installation of the VPN client.

Select the Point to Point Tunneling Protocol and click OK.

Step 4 – PPTP Configuration Step 5 – Remote Access Setup

Set the Number of Virtual Private Networks to 1. Add the RASPPTPM device if not already present.

Click Continue and then close all the dialogs.

Windows will need to restart.

(8)

(Software v1.80)

Installation of the VPN Client

Step 1 – Ensure your operating system is upgraded with the latest patches (see above)

• Step 2 – Download and install the Microsoft L2TP over IPSec VPN client msl2tp.exe (a reboot is required)

• Step 3 – From the Windows Start button select:

Programs>Microsoft IPSec VPN>Microsoft IPSec VPN Configuration

Step 4 – Select Use a pre-shared key for IPSec authentication, and enter the OfficeConnect Secure Gateway L2TP over IPSec shared secret, as the key (see below). Click OK.

• Step 5 – The IPSec configuration is now complete, you now need to create a new VPN connection in the Windows Dial-up networking Connection Wizard

(9)

(Software v1.80)

After installing the VPN client you will need to reboot the PC. After this, you will first need to reconfigure Remote Access.

Step 1 – From Control Panel, Open the network folder

Step 2 – Network Configuration Step 3 – Select Network Protocol Select the Protocols tab. Select Point to Point

Tunneling Protocol and click Properties. Change the Number of Virtual Private Networks to 2.

Step 4 – Remote Access Setup

Add the RASL2TPM device. Click Continue and then close all the dialogs. Windows will need to restart.

(10)

(Software v1.80)

Windows NT4 Dialup

Step 1 – From My Computer, Open Dial-Up Networking.

Step 2 – New Phonebook Entry Step 3 – Configure Phonebook Entry Create a new phonebook entry. Provide the entry

with a name. Click Next and leave all the check boxes unchecked.

Step 4 – Select Modem Step 5 – Phone Number

Click Next and select the “RASL2TPM” modem. Click Next. For the phone number, enter the public (WAN) IP address of the OfficeConnect Secure Gateway.

(11)

(Software v1.80)

(The Following Steps may or may not appear

during your setup)

Step 6 – IP Address Step 7 – DNS Server

Click Next. Leave your IP address as 0.0.0.0. The OfficeConnect Secure Gateway will provide this.

Click Next. You must manually configure the DNS server with the correct IP address otherwise the NT4 VPN client will not connect. Also configure a WINS server if required. Obtain the DNS and WINS information from the OfficeConnect Secure Gateway administrator. Click Next and Finish.

Step 8 – DNS Server Step 9 – DNS Server

Select More and Edit Entry and modem properties. Select the Server tab and ensure that the settings are as below. Click TCP/IP Settings.

(12)

(Software v1.80)

Step 10 – TCP/IP Settings Step 11 - Connect

Check the DNS (and WINS if required) are manually configured. If you wish to access Internet sites directly (not via the VPN connection), untick “Use default gateway on remote network”. However, you will need to leave this ticked if your VPN connection is to a site with multiple IP subnets. Click OK and OK again.

Enter the Username, password and Domain as specified in the VPN configuration in the

OfficeConnect Secure Gateway and click on the OK button.

Establishing a Connection

From My Computer, select Dial-Up Networking and choose the phonebook entry that was configured to access the OfficeConnect Secure Gateway. Click Dial, enter the username and password (and domain if required) and then click OK.

(13)

(Software v1.80)

Windows 98/Me

Microsoft provides a freely available L2TP over IPSec VPN client for pre-Windows 2000 operating systems (not Windows 95). The installation file msl2tp.exe is available from the Microsoft web site http://www.microsoft.com/vpn.

However, if you wish to use the Microsoft VPN client, the following instructions will help you configure this.

In addition to the above Microsoft VPN client, Windows 98 requires the latest version of dial- up networking to be installed for Windows 98 / 98SE which can be found at

http://support.microsoft.com/default.aspx?scid=KB;EN-US;q285189& It also requires the latest version of Internet Explorer to be installed (although this does not need to be used as the default browser).

Installation of the VPN Client

• Step 1 – Ensure your operating system is upgraded with the latest patches (see above)

• Step 2 – Download and install the Microsoft L2TP over IPSec VPN client msl2tp.exe (a reboot is required)

• Step 3 – From the Windows Start button select:

Programs>Microsoft IPSec VPN>Microsoft IPSec VPN Configuration

Step 4 – Select Use a pre-shared key for IPSec authentication, and enter the OfficeConnect Secure Gateway L2TP over IPSec shared secret, as the key (see below). Click OK.

• Step 5 – The IPSec configuration is now complete, you now need to create a new VPN connection in the Windows Dial-up networking Connection Wizard

(14)

(Software v1.80)

Step 3 – New Connection Wizard Step 4 – New Connection Wizard Enter a name for the connection and set the device to

be the Microsoft L2TP/IPSec VPN adapter Click Next and enter the public (WAN) IP address of the OfficeConnect Secure Gateway as the VPN server

Step 5 – New Connection Wizard Step 6 – Dial-up Configuration

Click Finish to complete the wizard From My Computer, open up Dial-Up Networking.

Select the new L2TP connection with the right mouse button and select Properties, On the Server Types tab, uncheck the NetBEUI and IPX/SPX Compatible tick boxes.

(15)

(Software v1.80)

Step 7 – If a domain is being used, edit Client for

Microsoft Networks Step 8 – Configure domain name Right click on Network Neighbourhood. Then

highlight Client For Microsoft Networks and click on the Properties button

Check the Log on to Windows NT domain checkbox and type the domain name entered in the OfficeConnect Secure Gateway in the Windows NT domain field

Establishing a Connection

From My Computer, open up Dial-up Networking. Open the connection that you’ve just created to access the OfficeConnect Secure Gateway, enter the username and password and press Connect.

(16)

(Software v1.80)

Windows 2000

TheL2TP VPN client is a pre-installed component of the Windows 2000 operating system.

However configuring its use with a shared secret and defining the IPSec policies to allow L2TP over IPSec is required. Please follow the instructions on the Microsoft website – Microsoft Knowledge Base Article - 240262

http://support.microsoft.com/default.aspx?scid=kb;en-us;240262 and then refer back to this document

Step 1 – New Connection Wizard Step 2 – New Connection Wizard From the Windows Start button, select

Settings>Network and Dialup Connections>Make New Connection

Click Next and select Connect to a private network through the Internet

Step 3 – New Connection Wizard Step 4 – New Connection Wizard Click Next and choose an initial connection to dial if

required Click Next and enter the public (WAN) IP address of

the Gateway

(17)

(Software v1.80)

Step 5 – New Connection Wizard Step 6 – New Connection Wizard

Click Next and choose the connection availability Click Next and enable Internet Connection Sharing if required, for security reasons 3Com recommends this be left disabled

Step 7 – New Connection Wizard

Click Next, enter a name for the VPN connection, then click Finish

(18)

(Software v1.80)

Step 1 – Dial up Configuration Step 2 – Dial up Configuration From the Windows Start button, select

Settings>Network and Dial-up Connections and choose the connection that was configured to access the Gateway. Select Properties

Select the Networking tab and change the Type of VPN server to Layer-2 Tunneling Protocol (L2TP) The click OK

Establishing a Connection

From the Windows Start button, select Settings>Network and Dial-up Connections and choose the connection that was configured to access the OfficeConnect Secure Gateway.

Enter the Username and password and press Connect.

References

Related documents

UserName This is the User identifier used for the PayFuse account Password This is the password used for the PayFuse account Mode Y for Test, P for Live. Alias/CID This

Select the [ Dial Plan Settings > Dial Plan Settings > HuntGroup HuntGroup ] of ] of Gateway Gateway to add to add hunt group for remote host. hunt group for

This guide describes step by step the configuration of a remote access to the Astaro Security Gateway by using L2TP over IPSec.. L2TP over IPSec is a combination of the Layer

From your Windows 2000 Professional desktop click Start > Settings > Network and Dial-Up Connections, and select Make New Connection!. When the Welcome to the Network

With the success of the cinema screenings (a unique showcase of contemporary Italian films), L’ Altra Italia is now an organization that presents year-round programs..

After the SEG proxy integration setup is complete, you can manage the connected device email traffic, set email policies, and take appropriate actions on the devices from the

L2TP: Allowed remote dial-in user to make a L2TP VPN connection through the Internet Specifies the IPSec policy to “None”, “Nice to Have”, or “Must”.. User Account

The 3Com® OfficeConnect Wireless Cable/DSL Gateway is an easy-to-install, high-quality device which offers small business and home office users secure, reliable shared Internet