140 likes | 151 Views
This configuration example helps you set up endpoints for remote users to connect to. It includes features such as push upgrades, custom branding, split tunnels, and ease of use.
E N D
Setting up Client Tunnel Endpoints Lucent Security Products Configuration Example Series
Setting up Client Tunnel Endpoints • This configuration example is to help you set up an endpoint or a series of endpoints for your remote users to connect to. • Remote users can be anyone working from a site other than the office. This includes home offices and working from hotels while traveling. This could also include business partners that require access to your network or customers. • The IP Sec Client will reside on the remote PC’s and create a secure tunnel to the endpoint on your Brick. Lucent Technologies – ProprietaryUse pursuant to company instruction
Setting up Client Tunnel Endpoints • The Alcatel-Lucent IP Sec client has many nice features including: • Push upgrades from the ALSMS • Custom branding • Split tunnels • Personal Firewall • Firewall Logs • Ease of use • Log in Banners • And many more Lucent Technologies – ProprietaryUse pursuant to company instruction
Setting up Client Tunnel Endpoints • As depicted on the right the tunnel has two endpoints, one on the client PC and one on the Brick. • The endpoint on the Brick is usually on an internal interface associated with a rule set. • When you assign a rule set to an interface you have the option of assigning a tunnel endpoint. Lucent Technologies – ProprietaryUse pursuant to company instruction
Setting up Client Tunnel Endpoints • If for instance you had a group of servers or a network on Ethernet 2 that you want your external users to connect to you would terminate their tunnel on that interface rather than on the interface connected to the router or WAN interface. • The first thing that you want to do is determine which interface you want this tunnel endpoint to be on. Ethernet 0 Ethernet 1 Brick Ethernet 2 Ethernet 3 Lucent Technologies – ProprietaryUse pursuant to company instruction
Setting up Client Tunnel Endpoints • From the ALSMS Navigator screen Click on Bricks, and select the Brick that you want this tunnel endpoint on. • From the Brick Editor screen Click on the Policy Assignment Tab. • Determine which interface you want the tunnel to terminate on and Double Click on that interface. Lucent Technologies – ProprietaryUse pursuant to company instruction
Setting up Client Tunnel Endpoints • In the field called Tunnel Endpoint/Virtual Brick Address Fill in the address of your tunnel endpoint. • This is usually a public address so that it can be found from the internet. • This is where your tunnel will terminate. • Also fill in the field called Hosts Behind Tunnel. These are the hosts that your tunneled clients will be able to access. • Click OK, File/Save and Apply. Lucent Technologies – ProprietaryUse pursuant to company instruction
Setting up Client Tunnel Endpoints • From the ALSMS Navigator Screen select Client Tunnel Endpoints. • Right Click and Select New. • Click the Browse button and select your Brick. • Click the Down Arrow on the Tunnel Endpoint and select the tunnel endpoint that we created attached to the In-Side-Zone. • Notice that the Hosts Behind Tunnel field is populated automatically with your Internal-Users-And-Servers host group. Lucent Technologies – ProprietaryUse pursuant to company instruction
Take a look at the other tabs on the Client Tunnel Endpoint Editor. You can set your encryption and other policies here. You might want to keep everything at default until you test your client. After testing you can always modify. You will need to Make a Note of your Pre-Shared Key. You will need this when you set up the IP Sec client. Click on the IKEv1 tab, Unmask the Key write it down. Or you can set the key to something simple like 10 ones, 1111111111. Setting up Client Tunnel Endpoints Lucent Technologies – ProprietaryUse pursuant to company instruction
To Change or view the key Click on the IKEv1 Tab. Unclick Use Group Defaults Click Unmask. Once you have written the key down Click File>Save and Apply You will get a warning here about applying licenses. Go ahead. We will apply licenses next. You may also get a warning if you don’t have any rules in your rule set with an action set to VPN. Click File>Save and Close. Click OK. Setting up Client Tunnel Endpoints Lucent Technologies – ProprietaryUse pursuant to company instruction
Setting up Client Tunnel Endpoints • Notice that your tunnel endpoint is enabled, but your license limit is set to zero. • The ALSMS gives you the option of adding specified numbers of client licenses to any endpoint. • Lets add your licenses to this tunnel endpoint. • Right click on the endpoint and select Allocate Licenses. Lucent Technologies – ProprietaryUse pursuant to company instruction
Setting up Client Tunnel Endpoints • Next Right click on your tunnel endpoint (as seen on the previous slide) and Select Allocate Licenses. • Double Click on System • Fill in Group License Limit with the number of tunnels that you choose • Double Click on your Tunnel • Change your “License Limit” to the number of simultaneous clients that you will allow to terminate on this endpoint. Lucent Technologies – ProprietaryUse pursuant to company instruction
Setting up Client Tunnel Endpoints • Fill in the License Limit here and Click OK. • Click Save and Apply • Close tunnel editor. • This is a two step process as some service providers like to use the same tunnel endpoint for many customers but limit the number of tunnels per customer. • You are now ready to test your IP Sec client. Lucent Technologies – ProprietaryUse pursuant to company instruction
Setting up Client Tunnel Endpoints • For more detailed information on configuring this feature click Help>On Line Product Manuals>Policy Guide • See the section on Client Tunnel Endpoints. • The Product Manuals can also be found on your ALSMS CD. • Also See the Configuration Guide on Using The IP Sec Client Lucent Technologies – ProprietaryUse pursuant to company instruction