SnapGear SG565 Router Manual PDF (Setup & Configuration Guide)

Page 146 / 249 Scroll up to view Page 141 - 145

Virtual Private Networking

141

Figure 9-1

PPTP Client Setup

The PPTP client enables the CyberGuard SG appliance to establish a VPN to a remote

network running a PPTP server (usually a Microsoft Windows server).

Select

PPTP VPN Client

from the

VPN

menu and create a new VPN connection by

entering:

•

A descriptive

name

for the VPN connection.

This may describe the purpose for

the connection.

•

The remote PPTP

server IP address

to connect to.

•

A

username

and

password

to use when logging in to the remote VPN.

You may

need to obtain this information from the system administrator of the remote PPTP

server and,

•

Optionally, the remote network’s

netmask

.

This is used to determine which

packets should go the remote network.

•

Click

Add

.

Warning

If you are using Windows 98, you must ensure that Dial Up Networking has been

upgraded to version 1.4 otherwise you will be unable to use MS-CHAPv2 authentication

(the recommended method).

Page 147 / 249

Virtual Private Networking

142

If the remote VPN is already up and running, check

Start Now

to establish the

connection immediately as shown in the following figure:

Figure 9-2

The CyberGuard SG appliance supports multiple VPN client connections.

Additional

connections can be added by following these steps. To set a VPN connection as the

default route for all network traffic, check the

Make VPN the Default Route

checkbox

and click

Apply

.

This option is only available when the CyberGuard SG appliance is

configured with a single VPN connection only.

After adding a new VPN, two new tables are displayed in the

PPTP VPN Client

menu.

VPN Connection Status

provides information about the

State

of the VPN (i.e.

enabled

or disabled) and the

Status

of the connection (i.e.

up or down).

The

VPN Configuration

table provides the ability to enable/disable the VPN, edit the

VPN configuration, delete the VPN entry and edit the advanced routing information.

Page 148 / 249

Virtual Private Networking

143

PPTP Server Setup

The CyberGuard SG appliance includes a PPTP Server, a virtual private network server

that supports up to forty simultaneous VPN tunnels (depending on your CyberGuard SG

appliance model).

The CyberGuard SG PPTP Server allows remote Windows clients to

securely connect to the local network.

To setup a VPN connection:

•

Enable and configure the PPTP VPN server.

•

Set up VPN user accounts on the CyberGuard SG appliance and enable the

appropriate authentication security.

•

Configure the VPN clients at the remote sites.

The client does not require special

software.

The CyberGuard SG PPTP Server supports the standard PPTP client

software included with Windows 95/98, Windows ME, Windows XP, WinNT and

Windows 2000.

The VPN connection is simple to configure using the standard

Dial-Up Networking software.

The CyberGuard SG PPTP Server is also

compatible with Unix PPTP client software.

•

Connect the remote VPN client.

The following sections provide additional detailed instructions.

Page 149 / 249

Virtual Private Networking

144

Enable and configure the PPTP VPN server

The following figure shows the PPTP server setup:

Figure 9-3

To enable and configure your CyberGuard SG appliance’s VPN server, select

PPTP

VPN

Server

from the

VPN

menu on the

Web Management Console

web administration pages.

Page 150 / 249

Virtual Private Networking

145

The following table describes the fields in the VPN Setup screen and the options

available when enabling and configuring VPN access.

Field

Description

Enable PPTP

Server

Check this box to enable PPTP connections to be established to

your CyberGuard SG appliance.

IP Addresses for

the Tunnel End

Points

Enter the IP addresses for the tunnel end-points.

You need to

specify a free IP address on your local network that each VPN

client will use when connecting to the CyberGuard SG

appliance.

Please ensure that the IP addresses listed here are

not in the range the DHCP server can assign.

Ranges are

accepted; for example 192.168.160.250-254.

Authentication

Scheme

PPTP provides an authenticated communication tunnel between

a client and a gateway by using a user ID and password.

The

authentication scheme is the method the CyberGuard SG

appliance uses to challenge users wanting to establish a PPTP

connection to the network.

The remote client must be set up to

use the selected authentication scheme.

•

MSCHAPv2

is the most secure.

MSCHAPv2 plus data

encryption

is strongly recommended.

This keeps your

data private as well as providing secure authentication.

•

CHAP

is less secure

•

PAP

(although more common) is even less secure.

•

None

means that no username/password authentication

is required (not recommended).

Authentication

Database

The authentication database is used to verify the username and

password received from the dialin client.

•

Local

means the PPTP user accounts created on the

CyberGuard SG appliance.

You will need to created

user accounts as described below.

This can be used

with any authentication scheme.

•

RADIUS

means an external RADIUS server.

You will be

prompted to enter the server IP address and password.

This can be used with any authentication scheme,

provided that the RADIUS server also supports it.

•

TACACS+

means an external TACACS+ server.

You

will be prompted to enter the server IP address and

password.

This can only be used with the

PAP

authentication scheme.

Rate

Popular SnapGear Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share