Compatible Systems 2+ manual Basic Configuration Guide Set up VPN Group Configurations

Page 51

Chapter 6 - Basic Configuration Guide

45

 

 

7. Set up VPN Group Configurations.

This is where tunneling profiles for a group of one or more IntraPort 2/2+ users are defined.

Use configure VPN Group Name to create a VPN Group section and set the following keywords in the section you just created:

BindTo-Specifies which interface on the device will act as the local end point for the tunnels defined by this configuration.

MaxConnections-Used to limit the number of client connections for this VPN Group configuration.

StartIPAddress-Specifies the first IP address to be assigned to cli-

ent sessions under this configuration. This address will be incremented by one for each new client session, until the Max- Connections value is reached. Since the MaxConnections value is 30 for this VPN Group, then the StartIPAddress must be the first in a block of at least 30 unused IP addresses.

For this very basic setup, it is recommended that these addresses be on the internal TCP/IP network (i.e., on the same network as Ethernet 0 or a subinterface thereof). Also, they cannot conflict with those used for any other VPN Groups.

ϖNote: For large numbers of users (i.e., over 50), it’s recommended that the block of addresses be specified as a Local IP Net because address administration is easier. Using a Start IP Address is recommended for smaller numbers of users because the routing setup is simpler. See the Text-Based Configuration and Command Line Management Reference Guide for more information on the difference between the StartIPAddress and the LocalIPNet.

LocalIPXNet-Specifies the first IPX address assigned to an incom- ing Client tunnel session. The LocalIPXNet also works with the MaxConnections value, which means you must have at least 30 consecutive unused IPX addresses available. The IPX network number entered here must not be the same network number as any other IPX network on your network and you must choose a network number which will not overlap as Cli- ent sessions are established. In this example, the first client to connect will be assigned the IPX network CAFEB00. The next client which connects concurrently will be assigned the IPX network CAFEB01, and so on.

IPNet-Specifies a range of IP addresses which will be reachable by clients using this configuration. THIS IS A VERY IMPOR- TANT SETTING. If you enter the internal network (in the dual

Page 50 Page 52
Image 51
Page 50 Page 52
Contents Page Page Getting Started Network InstallationGetting Help with the IntraPort 2/2+ VPN Access Server IntroductionBasic Configuration Guide Appendix a Shipping DefaultsParameters Pin Outs for DB-25 Male to DB-25 Female RS-232 Data InformationSystems Appendix F Terms and ConditionsPage Introduction About the IntraPort 2/2+ VPN Access ServerIntraPort 2/2+ VPN Access Server Installa- tion Overview IntroductionBasic Configuration Guide Network InstallationCompatiView Software Installation Command Line PreparationAppendices Introduction Alternate Protocols and Security ParametersPage Few Notes Warranty and ServiceGetting Help with the IntraPort 2/2+ VPN Access Server Getting StartedSupplied with the IntraPort 2/2+ VPN Access Server Needed for InstallationWhat You Will Need To Get Started VPN Client Software Requirements Ethernet Connection RequirementsPage Network Installation Connecting the Server to the EthernetPlacing the Server Powering Up the Server Connecting a Management ConsoleSystem Requirements CompatiView for WindowsTransport Protocols and CompatiView Installation and OperationCompatiView Software Installation Page Out-of-Band Command Line Management Command Line ManagementSetting Up Telnet Operation Temporarily Reconfiguring a Host for Command Line ManagementIP Ethernet 0 section Page Setup Options Basic Configuration GuideDiagram of Dual-Ethernet Setup Diagram of Dual-Ethernet SetupDiagram of Single Ethernet Setup Diagram of Single-Ethernet SetupConfiguration Using CompatiView VPN Client Tunnel SettingsTurn off AppleTalk and IPX optional Dual Ethernet Single Ethernet TCP/IP Routing Ethernet Dual Ethernet Set basic IP parameters for Ethernet Single Ethernet Turn IP off on EthernetIP Connection Ethernet Basic Configuration Guide Set an IP Gateway for Ethernet IP Static RoutesDual Ethernet Static Route Single Ethernet Static Route Basic Configuration Guide IPSec Gateway Basic Configuration Guide Set an IPSec GatewayIKE Policy Set an IKE PolicyVPN Group Configuration General Tab Basic Configuration Guide Set up VPN Group ConfigurationsVPN Group Configuration IKE Configuration Tab IKE Configuration Transform List Basic Configuration Guide Basic Configuration Guide VPN Group Configuration IPX Connection Tab Basic Configuration Guide Set up VPN Users VPN User ConfigurationVPN User Save the configuration to a file and download to the device Tunnel Partner VPN # Set up the Tunnel PartnerAdd a VPN Port Add VPN PortIKE Key Management Set up Key ManagementIKE Configuration Transform List Save the configuration to a file and download to the device Example Basic Configuration Using Command Line Single Ethernet Setup Example Edit IP Static Append Configure general Basic Configuration Guide Set up VPN Group Configurations Configure vpn group basic vpn config Save the Configuration and download it to the device Use the configure command to add a VPN Port Configure tunnel partner vpn IPX Protocol Required for IPXSuggested for IPX Required for AppleTalk Setting up Radius AuthenticationSetting the IntraPort for a Radius Server AppleTalk ProtocolRadius Server User Authentication Settings Setting up SecurID Authentication ACE/Server Settings Setting the IntraPort for an ACE/ServerSaving a Configuration File to Flash ROM Page Ethernet Interfaces Appendix a Shipping DefaultsAppendix B Connector and Cable Pin Outs Appendix B Connector and Cable Pin OutsAppendix C Security Dynamics ACE/Server Information Page IntraPort 2/2+ VPN Access Servers LED Patterns Appendix D LED Patterns and Test Switch Settings IntraPort 2 Connections/Users LEDsIntraPort 2+ Connections/Users LEDs IntraPort 2/2+ VPN Access Server Switch Settings IntraPort 2 Special IndicatorsIntraPort 2+ Special Indicators Page Compatible Systems WWW Server Appendix E Downloading Software From Compatible SystemsPage Appendix F Terms and Conditions Appendix F Terms ConditionsPage Appendix F Terms and Conditions
Top Page Image Contents