Allied Telesis VPN manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Allied Telesis VPN, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Allied Telesis VPN one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Allied Telesis VPN. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Allied Telesis VPN should contain:
- informations concerning technical data of Allied Telesis VPN
- name of the manufacturer and a year of construction of the Allied Telesis VPN item
- rules of operation, control and maintenance of the Allied Telesis VPN item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Allied Telesis VPN alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Allied Telesis VPN, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Allied Telesis service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Allied Telesis VPN.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Allied Telesis VPN item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    C613-16004-00 REV D www .alliedtelesis.com AlliedW ar e TM OS How T o | Intr oduction This document descri bes how to pr ovide secur e remote acce ss through IP se curity (IPSec) Virtual Priva te Networks (VPN). This VPN solution is suitable for an y business deployment and pro vides your office with secur e internet acc ess and fire wall protectio[...]

  • Page 2

    Which pr oducts and releases do es it apply to? > Page 2 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T This document describes h ow to configure the Windows system to use IPSec VPN to connect to your office through the AR4 1 5S r outer . When y our staff want to connect to the office th ey simply use the VPN[...]

  • Page 3

    Security issue > Page 3 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T Security issue Since this Windows VPN solution is usually used to allow remote access into corporate networks, a common security concern is “what happen s if the remote laptop or PC is stolen or falls into unauthorised hands?” This is [...]

  • Page 4

    Configuring the r outer > P erform in itial sec urity configuration on the router Page 4 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T Configuring the r outer This section contains a script file f or running IPSec encaps ulating L2TP on a Head Office AR400 series r outer , configured to support IPSec remote [...]

  • Page 5

    Configuring the r outer > The configuration script Page 5 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T The configuration script Note: Comments are indi cated in the script below using the # symbol. Placeholders for IP addresses, passwords, etc ar e indicated by text within < > set system name=”IPSec[...]

  • Page 6

    Configuring the r outer > The configuration script Page 6 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T # Firewall enable fire create fire poli=main create fire poli=main dy=dynamic add fire poli=main dy=dynamic user=ANY add fire poli=main int=vlan1 type=private # Dynamic private interfaces are accepted from[...]

  • Page 7

    Configuring the router > Set the r outer to use the configuration Page 7 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T Set the r outer to use the configuration After loading the configuration onto the switch, set the router to use the script after a reboot. If you named the script vpn.cfg, enter the command:[...]

  • Page 8

    Configuring the VPN c lient > Add a ne w registry entr y Page 8 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T Configuring the VPN client Configuring the Wi ndows 2000 VPN clie nt inv olves the following stages: z "Add a ne w registr y entr y", on this page z "Add the IP Security P olicy Manage[...]

  • Page 9

    Configuring the VPN client > Add the IP Security Policy Managem ent snap-in Page 9 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T Add the IP Security P olicy Manag ement snap-in Note: Y ou need to know the public IP ad dress for the r outer from y our Internet Ser vice Pr ovider (ISP) for this configuration. [...]

  • Page 10

    Configuring the VPN client > Add the IP Security Policy Managem ent snap-in Page 10 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 3. Click Add . This opens the Add Standalone Snap-In window . Scr oll down the list of Available Standalone Snap-ins and select IP Security Policy Management , as shown in the fol[...]

  • Page 11

    Configuring the VPN client > Create an IP Security Pol icy Page 11 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T Cr eate an IP Security P olicy 1. On the Console window , click , then right-click I P Security Policies on Local Mac hine . 2. Select Create IP Security Polic y . This opens the IP Security Polic[...]

  • Page 12

    Configuring the VPN client > Create an IP Security Pol icy Page 12 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 3. Click Next , then enter a name for y our security po licy (e .g. “T o Head Office”), as shown in the follo wing figure. 4. Click Next. This opens the Requests f or Secure Communication wind[...]

  • Page 13

    Configuring the VPN client > Create an IP Securi ty Rule Page 13 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 5. Click Next. Y ou ha ve now completed the IP Security P olicy Wizard, as sho wn in the following figure. 6. Lea ve the Edit proper ties checkbox check ed. Click Finish . Cr eate an IP Security Rul[...]

  • Page 14

    Configuring the VPN client > Create an IP Securi ty Rule Page 14 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 2. Click Add . This opens the Security Rule Wizard , as shown in the f ollowing figure. 3. Click Next . The next window lets you specify the tunnel en dpoint for the IP Security rule, if requir ed. [...]

  • Page 15

    Configuring the VPN client > Create an IP Securi ty Rule Page 15 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 4. Click Next . The next window lets y ou specify the network type the IP Security rule applies to . Mak e sure the All network connections option is selected, as shown in the follo wing figure. 5. [...]

  • Page 16

    Configuring the VPN client > Create an IP Filter Page 16 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T Cr eate an IP Filter 1. Click Next . The next window , shown in the following figur e , lets you specify the IP filter for the type of IP traffic the IP Secu rity rule applies to . 2. Click Add to start cre[...]

  • Page 17

    Configuring the VPN client > Create an IP Filter Page 17 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 3. Click Add . This star ts the IP Filter Wizard , as shown in the following figure. 4. Click Next . This opens the IP T raff ic Source window . Select My IP Address from the Source addr ess drop- down bo x[...]

  • Page 18

    Configuring the VPN client > Create an IP Filter Page 18 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 5. Click Next . This opens the IP T raff ic Destination window . Select A specif ic IP Address fr om the Destination address dr op-down bo x, as shown in the follo wing figure. Enter the destination IP addr[...]

  • Page 19

    Configuring the VPN client > Create an IP Filter Page 19 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 7. Click Next . This opens the IP Protocol Port window . Sele ct Fro m t h is po r t and enter 1 70 1 , as shown in the following figur e . 8. Click Next . This completes the IP F ilter wizard. Lea ve the E[...]

  • Page 20

    Configuring the VPN client > Create an IP Filter Page 20 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 9. Click Finish , then on the IP Filter Li st window , click Close . This r eturns you to the Secur ity Rule Wizard IP Filter List windo w . The filter list no w includes y our new L2TP T unnel Filter filte[...]

  • Page 21

    Configuring the VPN client > Create an IP Filter Page 21 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 11. Click Next . This completes the Rule wizar d. Leav e the Edit properties box uncheck ed, as sho wn in the following figur e . 12. Click Finish , then on the T o Head Office Pr oper ties window , click C[...]

  • Page 22

    Configuring the VPN client > Create an IP Filter Page 22 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 13. Click and then right-click on T o Head Office , and select Assign . The policy is now assigned or enabled on y our PC host, indica ted by Ye s in the Polic y Assigned column, as shown in the following f[...]

  • Page 23

    Configuring the VPN client > Configure the connection Page 23 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T Configur e the connection 1. On your desktop , click Star t > Settings > Control P anel . 2. Double-click the Network and Dial-Up Connection fold er . This opens the window sh own in th e followi[...]

  • Page 24

    Configuring the VPN client > Configure the connection Page 24 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 5. Click Next . The next window lets you assign an associated dialled call or select Do not dial the initial connection . Selecting Do not dial the initial connection is appr opriate if you will ha ve [...]

  • Page 25

    Configuring the VPN client > Configure the connection Page 25 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 7. Click Next . This opens the Connection Availability window . Select Only for m yself , as shown in the follo wing figure. 8. Click Next . Enter the name for y our connection (e .g. Vir tual Private [...]

  • Page 26

    Configuring the VPN client > Configure the connection Page 26 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 9. Click Finish . This opens the Connection Window . Enter y our user name and passw ord as shown in the following figur e . These are the user name and passw ord that ar e (or will be) configured on t[...]

  • Page 27

    Configuring the VPN client > Configure the connection Page 27 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T 11. Click OK . This completes the configuration of the L2TP client. T o connect to the office, click Connect . Note that the connection will fail if th e router has not y et been configured. If the con[...]

  • Page 28

    T esting the tunnel > Checking the connection from the Windows client Page 28 | AlliedW are™ OS Ho w T o Note: VPNs with Windo ws 2000 clients, without NA T -T T esting the tunnel The simplest wa y to tell if traffic is passing th rough the tunnel is to perform a tr acer ou te from the Windows 20 00 client to a PC in the r outer’ s LAN. T o [...]

  • Page 29

    USA Headq u ar ters | 19800 Nor th Cr eek Parkwa y | S u ite 200 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895 E u r opea n Headq u ar ters | Via Motta 24 | 6830 Chiasso | Switzerla n d | T: +41 91 69769.00 | F: +41 91 69769.11 Asia-Paci f ic Headq u ar ters | 11 T ai Se ng Li n k | Si ng apor e | 534182 | T : +65 6383 3832 |[...]