Importing and exporting VPN configurations to a device
Issue 4 May 2005 285
●When creating an “alien Group,” which is a group that includes IP address/mask pairs
residing within an importing administrator’s network, the exporting administrator
associates each alien Group with an extranet device.
In the Group configuration, the IP address of the importing administrator’s security gateway
must be specified if any tunnel mode VPNs include this security gateway.
●After creating the VPN, the exporting administrator exports the VPN configuration file and
delivers it, along with the password used to protect the file, to the importi ng admini strators.
●The importing administrators import the VPN configuration file using the supplied
password.
●Finally, the importing administrators edit the alien Group, modif ying the security gateway
association appropriately.
The Export VPN screen appears allowing you to select the VPN to be exported.
Once you have entered the password, click OK. The new VPN file decodes and is entered into
the VPNmanager server and the new VPN objects appear.
If any pair in the “Current IP Network/Mask Pairs” list represents a network under your
management control, associate the Group with the appropriate security gateway by modifying
the “Associate this Group with security gateway” picklist.
For Groups with network/mask pairs that are not under your management control, leave the
“Associate this Group with security gateway” picklist as an extranet device and confirm that t he
“Extranet IP Address” entry field contains the correct IP address, especially if any tunnel mode
VPNs include this security gateway.
Repeat this step for all Groups in the imported VPN.
Note:
Note: For any Certificate Based IKE extranet VPNs, verify that the proper certificates
are installed on all devices.
Exporting RADIUSThe Export RADIUS function is used to export VPN information to an existing RADIUS
database. This is primarily for backwards compatibility, but also useful if you wish to convert
your existing VPN (using local security gateway-based user authentication) into a dynamic VPN
for future scalability. It is, however, expected that LDAP will be the preferred method of building
dynamic VPNs.
In this procedure, your existing client configuration information is migrated to the RADIUS
database through a RADIUS-compatible export file. The Export RADIUS pane appears with a
list of all users you wish to include in the export. When you click OK, VPNmanager creates a
text file.
The saved text file consists of entries that must be added to the RADIUS server “users” file.