Configuring ACL & proxies entries for VPN connections

Configuring ACL & proxies entries for VPN connections

Depending on where you decide to terminate your VPN tunnel, you must ensure that you have the appropriate ACL entries set up to allow ISAKMP traffic and allow/deny the appropriate proxy traffic. At a minimum, you must define and enable an ACL entry that allows ISAKMP traffic from the Internet to the external IP address of Sidewinder.

1.Define (or ensure you have) an ACL entry that allows external-to- external ISAKMP traffic. Select Policy Configuration -> Access Control List. Check for these attributes:

￿Agent = Server

￿Service = ISAKMP

￿Action = Allow

￿Enabled = Enable

￿Source burb = Internet (all source addresses, *)

￿Destination burb = Internet burb (external IP of Sidewinder)

Note 1: Ensure you have defined appropriate network objects/groups. To view the current network object configuration, select Shortcut to Network Objects from the Source/Destination tab.

Note 2: For details about configuring and managing network objects, see Chapter 4 in the Sidewinder Administration Guide.

2.[Configuration dependent] Define (or ensure you have) ACL entries that allow access to and from any virtual burbs you may have. The virtual burb should be specified as either the source or destination burb, depending on the type of ACL entry being defined.

Note: For details about configuring and managing ACL entries, see Chapter 4 in the

Sidewinder Administration Guide.

3.[Configuration dependent] Enable the desired proxies in the appropriate virtual burb(s). Select Services Configuration -> Proxies.

Configuring Sidewinder for Soft-PK Clients

3-3

 

 

Page 33
Image 33
Secure Computing SafeNet, Sidewinder Version 5.1.0.02 manual Configuring ACL & proxies entries for VPN connections