Page 156 / 249
Scroll up to view Page 151 - 155
Virtual Private Networking
151
Double-click
Make New Connection
from the main windows.
Click
Next
to show the
Network Connection Type
window:
Figure 9-9
Select
Connect to a private network through the Internet
and click
Next
.
This displays the
Destination Address
window:
Figure 9-10
Enter the CyberGuard SG PPTP server’s IP address or fully qualified domain name and
click
Next
.
Select the
Connection Availability
you require on the next window and click
Next
to display the final window:
Page 157 / 249
Virtual Private Networking
152
Figure 9-11
Enter an appropriate name for your connection and click
Finish
.
Your VPN client is now set up and ready to connect.
Windows XP
Log in as
Administrator
or with Administrator privileges.
From the
Start
menu, select
Settings
and then
Network Connections
.
Click
Create New Connection
from the
Network Tasks
menu to the left.
Select
Connect to the network at my workplace
and click
Next
.
Select
Virtual Private
Network connection
and click
Next
.
Choose a
Connection Name
for the VPN connection, such as your company name or
simply
Office
.
Click
Next
.
If you have set up your computer to connect to your ISP using dial up, select
Automatically dial this initial connection
and your dial up account from the pull down
menu.
If not, or you wish to manually establish your ISP connection before the VPN
connection, select
Do not dial the initial connection
.
Click
Next
.
Enter the CyberGuard SG PPTP server’s IP address or fully qualified domain name and
click
Next
.
Select whether you wish make this connect available to all users and whether
you wish to add a shortcut to your desktop and click
Finish
.
Your VPN client is now set up and ready to connect.
Page 158 / 249
Virtual Private Networking
153
Connecting the remote VPN client
Verify that you are connected to the Internet, or have set up your VPN connection to
automatically establish an initial Internet connection.
Select the connection for the CyberGuard SG appliance VPN.
Enter a username and password added in the
Configuring user accounts for VPN server
section and click
Connect
.
A PPTP status icon will appear in the system tray on the bottom right hand side of your
computer, informed you that you are connected.
You can now check your e-mail, use the office printer, access shared files and and
computers on the network as if you were physically on the LAN.
Note
Depending on how your remote network is set up, some additional configuration may be
required to enable browsing the network (aka
Network Neighborhood
or
My Network
Places
).
Please refer to the following knowledge base article for further details:
To disconnect, right click the PPTP Status system tray icon and select
Disconnect
.
You can then disconnect from the Internet if you wish.
Page 159 / 249
Virtual Private Networking
154
IPSec Setup
CyberGuard SG appliance to CyberGuard SG appliance
There are many possible configurations in creating an IPSec tunnel.
The most common
and simplest will be described in this section.
Additional options will also be explained
throughout this example, should it become necessary to configure the tunnel with those
settings.
For most applications to connect two offices together, a network similar to the
following will be used.
Figure 9-12
To combine the Headquarters and Branch Office networks together, an IPSec tunnel
must be configured on both CyberGuard SG appliances.
Set up the Branch Office
Enabling IPSec
Click the IPSec link on the left side of the
Web Management Console
web administration
pages.
A window similar to the following will be displayed.
Page 160 / 249
Virtual Private Networking
155
Figure 9-13
Check the
Enable IPSec
checkbox.
Select the type of IPSec endpoint the CyberGuard SG appliance has on its Internet port.
The CyberGuard SG appliance can either have a
static IP
,
dynamic IP
or
DNS
hostname
address
.
If a dynamic DNS service is to be used or there is a DNS hostname
that resolves to the IP address on the Internet port, then the DNS hostname address
option should be selected.
In this example, select
dynamic IP address
.
The Maximum Transmission Unit (
MTU
) of the IPSec interface can be configured by
checking the
Set the IPSec MTU to be
checkbox and filling in the desired MTU value.
For most applications this need not be configured, however if it is set, the MTU value
should be between 1400 and 1500.
In this example leave the checkbox unchecked.
Click the
Apply
button to save the changes.
19216811.live