1. Home
    2. /
  2. Manuals
    3. /
  3. Nokia
    4. /
  4. IP45
    5. /
  5. 59
Page 291 / 342 Scroll up to view Page 286 - 290
Nokia IP45 Tele 8 to Check Point NG AI
Nokia IP45 Security Platform User’s Guide v4.0
291
Note
You can also use Check Point FP3 or FP4 in place of NG AI.
Nokia Satellite X to Nokia Satellite X
(VPN Gateway-to-Gateway)
The VPN configuration between Nokia IP45 Satellite X and another Nokia IP45 Satellite X
enables you to establish site-to-site VPN connections between two Nokia IP45 site-to-site VPN
gateways.
Note
In this configuration, both Nokia IP45 Satellite X site-to-site VPN gateways must have a
static IP address.
Figure 14
on page 291 shows a sample implementation of the Satellite X to Satellite X solution
with three Satellite X devices. Each Nokia IP45 device acts as a Site-to-Site VPN gateway for a
fully secure network. The networks communicate through VPN connections.
Figure 14
Nokia IP45 Satellite X to Nokia IP45 Satellite X
Setting Up Nokia IP45 Satellite X
Configure a VPN tunnel between two Nokia IP45 Satellite X devices (site-to-site VPN).
To set up the IP45 Satellite X
1.
Specify the IP address of Nokia IP45 Satellite X on the remote Nokia IP45 Satellite X.
2.
Enter the shared secret (a password that is known to both the IP45 Satellite X devices).
Satellite
Ext: 66.93.53.4/22°
Int: 192.168.10.1/22
Satellite
Ext: 66.93.53.5/22
Int: 192.168.20.1/22
Satellite
Ext: 66.93.53.3/22°
Int: 192.168.12.1/22
192.168.10.1/22
192.168.12.0/22
192.168.20.0/22
Page 292 / 342
15
Working with VPNs
292
Nokia IP45 Security Platform User’s Guide v4.0
To set up the remote Nokia IP45 Satellite X
1.
Specify the IP address of your IP45 Satellite X.
2.
Enter the shared secret (a password that is known to both the IP45 Satellite X devices.)
Nokia IP45 Satellite X in NAT and Bypass NAT Modes
VPN configuration allows you to choose how your VPN should function. Use of NAT and No-
NAT modes offer great flexibility.
NAT mode allows you to define VPNs at peer gateway sites without knowing the protected
network behind the IP45 devices.
To access a resource that is protected by a VPN in NAT mode, you must contact the hiding
(Internet) address of the VPN gateway. Your request is then forwarded to the correct computer in
the protected network according to the defined security rules.
To access a resource that is protected by a VPN in bypass-NAT mode, you must contact the IP
address of the last computer in the destination network that you want to reach.
Note
You can establish VPN tunnels between a combination of NAT and no-NAT devices. This
possibility is not discussed in this guide.
NAT Mode
Use NAT mode in site-to-site VPNs, where bidirectional initiation of traffic between networks
using public IP addresses is required.
Note
The IP45 NAT engine allows multiple PPTP/IPSec clients to communicate simultaneously
through the firewall even when NAT is in use.
Figure 15
shows two instances of site-to-site VPN gateways in NAT mode.
Figure 15
NAT Mode
Page 293 / 342
Nokia IP45 Tele 8 to Check Point NG AI
Nokia IP45 Security Platform User’s Guide v4.0
293
Solution A: Nokia IP45 Satellite X to VPN-1 (Site-to-Site VPN)
Hosts on Network 1 establish the TCP/IP connection to the external IP address of the IP45
Satellite X site-to-site VPN gateway. The IP45 Satellite X device is configured through the IP45
GUI Security page to port forward the inbound traffic to the defined host.
Solution B: Nokia IP45 Satellite X to Satellite X (Site-to-Site VPN)
IP45 Satellite X supports the creation of site-to-site VPN connections between two or more IP45
Satellite X devices. Hosts on either network can directly initiate traffic to hosts on the peer
network. The IP45 Satellite X is configured through the IP45 GUI Security page to port forward
the inbound traffic to the defined host.
Bypass NAT
The Nokia IP45 security platform supports the bypass NAT option. When this feature is enabled,
NAT is not performed on the internal network for authenticated remote users.
Bypass Firewall
When the bypass firewall feature is enabled, firewall rules are not applied to the internal network
for authenticated remote users.
To enable bypass NAT or bypass firewall
1.
Choose VPN from the IP45 main menu.
The VPN Server page opens.
2.
To disable NAT, select Bypass NAT.
3.
To disable firewall rules, select Bypass Firewall.
4.
Click Apply.
Defining a Backup VPN Gateway
You can define a backup VPN gateway to support the main or primary VPN gateway. If the
primary VPN gateway fails, the backup gateway takes over.
To define a backup VPN Gateway
1.
Choose VPN from the IP45 main menu, and click the VPN Sites tab.
2.
Click New Site at the bottom of the page.
The VPN Site wizard appears.
3.
Select Site-to-Site VPN, and click Next.
The VPN Gateway address window opens.
4.
Enter the IP address of the primary Check Point management station with enforcement
module, and click Next.
The VPN Network Configuration window opens.
Page 294 / 342
15
Working with VPNs
294
Nokia IP45 Security Platform User’s Guide v4.0
5.
In the Destination Network text box 1, enter the network address behind the primary Check
Point management station with enforcement module.
Select 255.255.255.0/24 as the subnet mask.
6.
In the Destination Network text box 2, enter the network address behind the secondary
Check Point management station with enforcement module.
Select 255.255.255.0/24 as the subnet mask.
7.
Enter the IP address of the secondary Check Point management station in the Backup
Gateway field.
For information about how to configure the primary and secondary Check Point management
stations, see
Check Point Multiple Entry Point
document.
Nokia IP45 Satellite X to VPN-1 (Site-to-Site VPN)
Nokia IP45 Satellite X to VPN-1 or Check Point v4.1, FP1, FP2, FP3, NG, or NG AI
configuration enables you to establish site-to-site VPN connections between an IP45 Satellite X
site-to-site VPN gateway and a VPN-1 site-to-site VPN gateway.
Note
In this solution model, both the VPN-1 and IP45 Satellite X site-to-site VPN gateways must
have a static IP address.
Figure 16
shows an implementation of the IP45 Satellite X to Check Point VPN-1 solution, in
which two IP45 Satellite X devices are connected to a VPN-1 site-to-site VPN gateway.
Figure 16
Nokia IP45 Satellite X to VPN-1
Satellite
Ext: 66.93.53.4/22°
Int: 192.168.10.1/22
VPN-1 (Hub)
Ext: 66.93.53.2/22
Int: 192.168.1.1/22
Check Point
Firewall-1 NG
Satellite
Ext: 66.93.53.3/22°
Int: 192.168.11.1/22
192.168.10.0/22
192.168.11.0/22
192.168.1.0/22
Page 295 / 342
Nokia IP45 Tele 8 to Check Point NG AI
Nokia IP45 Security Platform User’s Guide v4.0
295
Setting Up Nokia IP45 Satellite X
Configure a VPN tunnel between a Nokia IP45 Satellite X and Check Point VPN-1 server or
gateway.
To configure Nokia IP45 Satellite X
1.
Specify the IP address of Nokia IP45 Satellite X on the VPN-1 server.
2.
Enter the shared secret (a password that is known to both the IP45 Satellite X and the VPN-
1 Server).
Note
For information about how to set up VPN-1, see the
Check Point Virtual Private Network
documentation.
Nokia IP45 Satellite X to Check Point FP3 or DAIP
You can use Nokia IP45 Satellite X as a VPN server to establish a VPN connectivity with Check
Point FP3 server by using a Check Point FP3 DAIP object.
Setting Up Check Point FP3
Configure a VPN tunnel between an IP45 Satellite X and Check Point FP3 server.
To set up Check Point FP3
1.
Define a DAIP object.
2.
Enable IKE.
3.
Use the VPN export tool to create a .p12 certificate from the internal certificate defined for
the DAIP object.
4.
Configure a rule, set with the following parameters:
Source: internal network of the IP45 DAIP object
Destination: internal network of FP3
Select Encrypt.
5.
Push the policy onto the FP3 firewall object.
6.
Import the certificate to the computer to which the IP45 Satellite X is connected.
Use FTP or a floppy disk to import the certificate.

Rate

3.5 / 5 based on 2 votes.

Popular Nokia Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top