Nokia IP45 Router Manual PDF (Setup & Configuration Guide)

Page 281 / 342 Scroll up to view Page 276 - 280

Downloading the Precompiled Security Policy

Nokia IP45 Security Platform User’s Guide v4.0

281

Viewing IKE Traces

The following procedures describes how to view the IKE traces.

To view IKE traces

1.

Establish a VPN tunnel to the VPN site with which you are experiencing connection

problems.

2.

For information on when and how VPN tunnels are established, see

“Viewing VPN

Tunnels”

on page 279.

3.

Click Reports in the main menu, and click the VPN Tunnels tab.

4.

The VPN Tunnels page opens with a table of open tunnels to VPN sites.

5.

Click Save IKE Trace.

A File Download dialog box appears.

6.

Click Save.

The Save As dialog box appears.

7.

Browse to a destination directory of your choice.

8.

Type a name for the *.elg file and click Save.

The *.elg file is created and saved to the specified directory. This file contains the IKE traces

of all currently-established VPN tunnels.

9.

Use the IKE View tool to open and view the *.elg file.

10.

To clear the current IKE traces, click Clear IKE Traces.

Downloading the Precompiled Security Policy

For traditional policy management solutions, create a customized policy for each individual

customer. You can upload the customized High-Medium-Low *.pfz file from the SmartCenter

server to the Nokia IP45 security platform. The Check Point INSPECT engine enables you to

dynamically update a security policy, adding support for new applications and attaching

signatures to a firewall. The downloading procedure is as follows.

1.

The Check Point policy editor generates an INSPECT code.

Note

The INSPECT library can be manually edited by a network security professional in order

to add support for special applications.

2.

The policy editor adds policy rules to the INSPECT library and compiles a *.pfz (single

compressed signed file) file.

3.

The *.pfz file is then downloaded to the Nokia IP45 security platform by using the CLI.

Page 282 / 342

15

Working with VPNs

282

Nokia IP45 Security Platform User’s Guide v4.0

Use the following commands to download the security policy:

download policy

url urlname

[user

username

]

[password

password

]

Use the following commands to install the security policy manually:

set vpn policy <file name>

filename is the name of the file, downloaded.

VPN Scenarios

The Nokia IP45 security platform supports the following VPN scenarios:

±

Nokia IP45 Security Platform as a VPN Server

±

Nokia IP45 Security Platform as VPN Client

Note

The following sections provide only an introduction to the VPN scenarios supported by the

Nokia IP45 security platform. They

do not

discuss the complete usage scenario. For more

information about usage scenarios, contact the Nokia support site.

Nokia IP45 Security Platform as a VPN Server

Nokia IP45 as a VPN server, supports the following scenario:

SecuRemote to Nokia IP45 Satellite X

(VPN Client to Gateway)

This VPN topology enables Nokia IP45 Tele 8, Nokia IP45 Satellite X, Check Point

SecuRemote, and SecureClient VPN clients to connect to an IP45 Satellite X acting as a VPN

server.

Note

In this configuration, the IP45 Satellite X VPN server must have a static IP address and

domain name.

The following example shows a sample implementation of the VPN client-to-IP45 Satellite X

VPN server solution, in which two IP45 devices, a Check Point SecuRemote and a Check Point

SecureClient act as VPN clients that download topology information from the IP45 Satellite X

VPN server.

Page 283 / 342

VPN Scenarios

Nokia IP45 Security Platform User’s Guide v4.0

283

Figure 12

SecuRemote and SecureClient to Satellite X

Setting Up Nokia IP45 Satellite X

Configure a VPN tunnel between SecuRemote and IP45 Satellite X.

To set up IP45 Satellite X

1.

Add a User.

2.

Enable VPN Access for the user.

3.

Enable a VPN server.

Setting Up SecuRemote

Define your VPN sites as IP45 Satellite X to set up SecuRemote.

For information about how to configure a

remote-to-site VPN between Nokia IP45 Satellite x

and a VPN client by using hybrid mode authentication with a RADIUS server, see

Hybrid mode

authentication of Nokia IP45

whitepaper.

Note

While establishing a remote to site VPN between Nokia IP45 Satellite x and SecuRemote

R55/ R56, ensure that IP45 has a VPN certificate installed in the device.

For more information about how to configure SecuRemote, see

Check Point

Desktop Security

Guide.

IP45Tele

Ext: 66.93.53.4/22°

Int: 192.168.10.1/22

IP45 HUB

Ext: 66.93.53.2/22

Int: 192.168.1.1/22

IP45 Satellite

Ext: 66.93.53.3/22°

Int: 192.168.11.1/22

192.168.10.1/22

SecuRemote

SecureClient

192.168.11.0/22

192.168.1.0/22

Tele - manual-mode VPN

Satellite - automatic-mode VPN

Page 284 / 342

15

Working with VPNs

284

Nokia IP45 Security Platform User’s Guide v4.0

Nokia IP45 Security Platform as VPN Client

IP45 v4.0 supports the following client scenarios.

±

Remote access VPN with another IP45

±

Remote access VPN with Check Point VPN-1

Authentication Methods

The Nokia IP45 v4.0 remote access VPN client supports the following new authentication

methods:

±

X.509 certificates for remote access VPN sites in automatic log-in mode.

To get X.509 support, Choose from the main menu, Services > Connect to connect to the

Check Point management and download a certificate.

±

RSA Secure ID tokens for VPN sites in manual log-in mode.

While authenticating to the VPN site, you must provide a four-digit PIN code and SecureID

passcode. The RSA SecureID token generates a new passcode every minute.

For more information about remote access VPNs, see

“Configuring Remote Access VPNs”

on

page 262.

Setting Up Nokia IP45 Tele 8 as a VPN Client

You can configure the IP45 Tele 8 as a VPN client.

To enable the VPN client functionality in your IP45 device

±

If you have subscribed to security services, then connect with your service provider or

enterprise and receive a security subscription.

±

If you are using the IP45 in a standalone mode, add the license manually.

Adding VPN Sites by Using Nokia IP45 Tele 8

You can define only remote access VPN sites using IP45 Tele 8 licenses. To define site-to-site

VPN gateways, you must have IP45 Satellite X license.

VPN sites represent VPN gateways to which you can connect. You must define VPN sites before

you connect to them.

To add or edit VPN sites

1.

Choose VPN from the IP45 main menu and click VPN Sites.

The VPN Sites page opens, with the list of VPN sites configured.

2.

To add a VPN site, click New Site.

3.

To edit a VPN site, click Edit in the VPN site row.

Page 285 / 342

VPN Scenarios

Nokia IP45 Security Platform User’s Guide v4.0

285

If you click New Site

,

the Nokia VPN Site Wizard opens.

4.

Click Next.

The VPN Gateway Address dialog box appears.

5.

Enter the IP address of the VPN gateway to connect to as given by the network

administrator.

6.

Click Next.

The VPN Network Configuration window opens.

7.

Select one of the following:

±

Download Configuration

—to obtain network configuration from a VPN site. This

option automatically downloads the network topology (gateway information and rules)

from the VPN site.

±

Specify Configuration

—to provide the network configuration manually.

±

Route All Traffic

—to route all network traffic from the VPN site.

Note

You can download the network configuration only if you are connecting to a Check Point

VPN-1 or Nokia IP45 Satellite X VPN Gateway.

Rate

Popular Nokia Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share