Billion Electric Company CO1 user manual Local and Remote ID

Page 24

Billion BiGuard VPN Client

~Aggressive Mode: If checked, the VPN client will used aggressive mode as negotiation mode with the remote router.

~IKE port: Negotiation port for IKE. Default value is 500.

~Redundant GW: This allows the VPN Client to open an IPSec tunnel with an alternate gateway in case the primary gateway is down or not responding. Enter either the IP address or the url of the Redundant Gateway (e.g. router.dyndns.com).

BiGuard VPN Client will contact the primary gateway to establish a tunnel. If it fails after several tries (default is 5 tries, configurable in "Parameters" panel then modify "Retransmissions" field to modify this default value) the Redundant Gateway is used as the new tunnel endpoint. Delay between two retries is about 10 seconds.

In case primary gateway can be reached but tunnel establishment fails (e.g. VPN configuration problems) then the VPN Client won't try to establish tunnels with the redundant gateway. Configurations need modifications.

If a tunnel is successfully established to the primary gateway with DPD feature (i.e. Dead Peer Detection) negotiated on both sides, when the primary gateway stops responding (e.g. DPD detects non-responding remote gateways) the VPN Client immediately starts opening a new tunnel with the redundant gateway.

The exact same behaviour will apply to the redundant gateway. This means that the VPN Client will try to open primary and redundant gateway until the user exits software or click on “Save & Apply”.

X-Auth:Define the login and password of an X-Auth IPSec negotiation. If "X-Auth popup" is selected, a popup window asking for a login and a password will appear each time an authentication is required to open a tunnel with the remote gateway. The end user has 20 seconds to enter its login and password before X-Auth authentication fails.

If X-Auth authentication fails then the tunnel establishment will fail too.

(Please see the “Appendix A” – the Compatible table of Billion VPN enabled devices and BiGuard VPN Client).

Local and Remote ID

~Local ID: Local ID is the identity the BiGuard VPN client is sending during Phase 1 to VPN gateway.

This identity can be: an IP address (type = IP address), for example: 195.100.205.101

an domaine name (type = DNS); an email address (type = Email); a string (type = KEY ID);

a certificate issuer (type=DER ASN1 DN) (About X509 certificates, please see Appendix A).

If this identity is not set, VPN client’s IP address is used.

~Remote ID: Remote ID is the identity the BiGuard VPN client is expecting to receive during Phase 1 from the VPN gateway.

This identity can be: an IP address (type = IP address);

an domaine name (type = DNS); an email address (type = Email); a string (type = KEY ID);

a certificate issuer (type=DER ASN1 DN) (About X509 certificates, please see Appendix A).

21

Chapter 4: VPN Configuration

Page 23 Page 25
Image 24
Page 23 Page 25
Contents BiGuard C01 Version ReleaseTable of Contents Troubleshooting Features IntroductionIntroduction to BiGuard VPN Client Configuration building Invisible User InterfaceInstalling BiGuard VPN Client Software installationSoftware Evaluation Activation WizardTwo easy step Wizard 2 Enter License Number Error codes Error messages Error explanations Software Uninstallation Navigation the User Interface Navigation the user interfaceSystem Tray Navigation the User Interface Main Window Main MenusStatus Bar Windows AboutVPN Client start mode Hidden InterfaceWizards PreferencesMiscellaneous VPN Configuration Configuration WizardFour easy step Wizard VPN Configuration VPN Configuration VPN Tunnel Configuration How to create a VPN Tunnel?Multiple Authentication or IPSec Configuration Phase Authentication or Phase Advanced Features What is Phase 1? Phase 1 Settings Description IKEPhase 1 Advanced configuration Advanced featuresLocal and Remote ID IPSec Configuration or Phase What is Phase 2?Phase 2 Settings Description Phase 2 Advanced configuration ESPVPN Configuration Global Parameters Global Settings Description Lifetime secVPN Tunnel View How to view opened tunnels? MiscellaneousUSB Mode What is USB Mode?How to set USB Mode on? How to enable a new USB Stick? How to configure IPSec VPN Client with Certificates? Additional support documentsVPN Configuration Configuration Tools Console and Logs Console WindowsPlcy Policy not used Troubleshooting VPN IPSec TroubleshootingIntroduction Tools in case of trouble« no keystate » error « received remote ID other than expected » error« no Proposal Chosen » error « Invalid ID Information » error No response for phase 1 requestsSEND, Recv and that is all No response to phase 2 requests Clicked on Open tunnel, but nothing happensVPN tunnel is up but I can’t ping MD5 SHA1 Appendix B Product Support and Contact Information
Top Page Image Contents