Multitech RFIPSC-50, RFIPSC-10 quick start SSH IPSec Client Setup, Host to Net Setup

Page 22

PN 82013151

SSH IPSec Client Setup

The RouteFinder supports VPN (Virtual Private Networking), which provides the ability to encrypt IP network traffic.

Host 1 <----> Router <----

> Internet <----

> Router <----> Host 2

<-----------------

encrypted -------------------

>

All communication between the hosts uses strong encryption, so that nobody is able to listen to this communication. As discussed earlier, the three methods of VPN setup are Host to Host, Host to Net, and Net to Net. This section covers the client-side aspects of a Host to NET connection using SSH Sentinel 1.1.1 (Static IP) to connect to a RouteFinder using Pre Shared Keys (PSK)

Host to Net Setup

This is one of the most common setups, and is often used for the roadwarrior setup. This setup lets the Host access an Internet connection that is encrypted and authenticated.

An example of a Host to Net setup is a sales representative that dials into the Internet and establishes a VPN connection to the company RouteFinder, and gains with that an encrypted and authenticated connection to the corporate LAN or DMZ or E-mail server.

HOST <----

> Router <----> Internet <----

> Router <----> VPN-Gateway <----> NET

<-------------------

encrypted -----------------

>

 

 

 

Note: Make sure that all routers between both SSH IPSec ends can route IP protocol 50 (IPSec). Sometimes routers are configured to route only TCP (protocol 6), UDP (protocol 17) and ICMP (protocol 1) and drop all other protocols. Routers configured that way won't work for VPN with IPSec!

Host to NET using SSH Sentinel 1.1.1 (Static IP) to connect to a RouteFinder using Pre Shared Keys (PSK)

This section describes how to set up a Host to Net connection between a Sentinel SSH version 1.1.1 client and a RouteFinder using IKE, PSK and static IPs. The setup involves 1) RouteFinder Configuration steps, and 2) Sentinel Configuration steps.

192.168.3.0/255.255.255.0

←→ 212.6.145.2

←→ 212.6.145.3

DMZ Network

←→ external VPN Gateway IP ←→ Sentinel Client IP

 

 

 

22

Image 22
Contents Quick Start Guide Page Trademarks Page Contents Figures Introduction Product DescriptionInternet Protocol IP Internet Protocol Security IPSecShip Kit Contents About this Manual and Related ManualsPage Pre-Installation Requirements IntroductionStarting the SSH Sentinel Installation Licensing Agreement Authentication Key Generation Generating the Authentication Key Identity Information Choose the Enrollment Method Sentinel usesCA Server Address B Online Enrollment InformationEnrollment Protocol a CA Certificate CKey F Advanced button DReference Number E Key Identifier Off-line Certification RequestEncryption Speed Diagnostics Completing the Installation SSH IPSec Client Setup Host to Net SetupRouteFinder Configuration Define and enable the following Packet Filter rulesSentinel Configuration Click Add to create a new Authentication Key Enter the Preshared Key Information and click OK Select VPN Connection and click OK Screen is displayed Rfipsc Quick Start Guide Click on the Advanced tab Click Details Verify the connection details information and click Close Rfipsc Quick Start Guide Page SSH Sentinel Installation Notes SSH Sentinel v1.2.0.15 Release NotesUpdating SSH Sentinel Removing SSH SentinelLimited Warranty On-line Warranty RegistrationRecording RouteFinder Information Contacting Tech Support via E-mailService Multi-Tech on the Internet Ordering AccessoriesSupplyNet On-line Ordering Instructions Appendix a RFIPSC-5/10/50 Client Software CD Page Rfipsc Quick Start Guide Page Appendix B Multi-User Software License Agreement Licensee also agrees to the following Multi-User Limited Warranty and License Agreement Page Register Your Software Page Register Your Software Page Rfipsc Quick Start Guide 82013151 B