SnapGear SG565 Router Manual PDF (Setup & Configuration Guide)

Page 196 / 249 Scroll up to view Page 191 - 195

Virtual Private Networking

191

Create the GRE tunnel.

Select

GRE Tunnels

from the left hand menu.

For the Slough

end enter the IP addresses below.

Leave

Local Internal Address

blank, and check

Place on Ethernet Bridge

.

Figure 9-29

GRE Tunnel Name:

to_bris

Remote External Address:

10.254.0.2

Local External Address:

10.254.0.1

Local Internal Address:

Place on Ethernet Bridge:

Checked

For the Brisbane end enter the IP addresses below.

Leave

Local Internal Address

blank, and check

Place on Ethernet Bridge

.

GRE Tunnel Name:

to_slough

Remote External Address:

10.254.0.1

Local External Address:

10.254.0.2

Local Internal Address:

Place on Ethernet Bridge:

Checked

Reboot the unit if prompted to do so.

Page 197 / 249

Virtual Private Networking

192

Troubleshooting

•

Symptom:

Cannot ping a host on the other side of the GRE tunnel.

Ensure that there is a route set up on the GRE tunnel to the remote network.

Ensure that there is a route on the remote GRE endpoint to the network at this end of

the GRE tunnel.

Check that there is a GRE interface created on the device.

To do this, go into

Advanced Networking

and scroll to the bottom.

There should be an interface called

gre

X

created.

gre

X

is the same as the

Interface Name

specified in the table of

current GRE tunnels.

Also ensure that the required routes have been set up on the GRE interface.

This

might not occur if you have the same route specified on different GRE tunnels, or on

different network interfaces.

Ensure that the remote GRE endpoint is reacheable. Do this by using the ping utility

on the

Advanced Networking

page.

•

Symptom:

Cannot ping the remote GRE end point.

Ensure that the remote GRE end point responds to pings.

Note that by default no

packets will be routed across the GRE tunnel unless there is a route setup on the

GRE tunnel.

Page 198 / 249

Virtual Private Networking

193

L2TP

The

Layer Two Tunneling Protocol

was developed by Microsoft and Cisco as a multi-

purpose network transport protocol.

Many DSL ISPs use L2TP over ATM to create tunnels across the Internet backbone.

The CyberGuard SG L2TP implementation can only run L2TP over Ethernet since it

doesn't have an ATM adapter.

L2TP packets are encapsulated in UDP packets on port

1701 and sent over Ethernet to the L2TP server.

L2TP VPN client

The CyberGuard SG L2TP VPN client is configured and operates in a similar way to the

PPTP VPN Client.

Figure 9-30

Page 199 / 249

Virtual Private Networking

194

L2TP server

The L2TP Server runs in a similar way to the PPTP Server.

A range of IP addresses is

allocated, and then username and password pairs are created to allow users to log on.

Note

To increase security, L2TP VPN connections from Windows PCs are also run through an

IPSec tunnel.

This means an IPSec connection must be configured and enabled on the

CyberGuard SG appliance as well as the L2TP server before Windows clients can

connect.

The default way for the IPSec connection to be authenticated is to use x.509/RSA

certificates.

The CyberGuard SG appliance therefore needs to have IPSec configured

with both a CA and local certificate before connections can be established.

The Windows

machine needs to have a copy of the CA certificate used to sign the CyberGuard SG

appliance's local certificate, and similarly, the CyberGuard SG appliance needs a copy of

the CA of the Windows certificate.

The default way for the IPSec connection to be authenticated is to use x.509/RSA

certificates.

Alternatively, more recent versions of Windows (XP) can use

Preshared

Secrets

.

On the

Security

tab of the

VPN Properties

dialog, the

Key

can be entered

under

IPSec Settings

.

To use Certificates, the CyberGuard SG appliance needs to have IPSec configured with

both a CA and local certificate before connections can be established. The Windows

machine needs to have a copy of the CA certificate used to sign the CyberGuard SG

appliance's local certificate, and similarly, the CyberGuard SG appliance needs a copy of

the CA of the Windows certificate.

For instructions on how to create certificates and install them on Windows PCs, please

see the

Creating certificates

in the

Certificate management

section of the chapter entitled

Virtual Private Networking

.

Page 200 / 249

USB

195

10.

USB

Note

SG565 only.

The CyberGuard SG565 has two USB (Universal Serial Bus) ports, to which you can

attach USB storage devices (e.g. hard drives, flash drives, card readers), USB printers,

USB network devices and USB narrowband (non-DSL) modems.

A USB hub can be

used if you need to attach more than two USB devices simultaneously.

Note

USB DSL modems are not supported at this time.

The following walks you through configuring your CyberGuard SG appliance to use the

aforementioned USB devices, and how to share printers and network attached storage

with a Windows network.

Attach the USB device

Ensure that the USB device is connected using a USB cable, and that the device is

powered on.

Some USB devices, such as USB flash drives, draw their power directly

from the USB port.

Select

USB

from the

System

menu.

The device’s name and manufacturer should be

listed.

The CyberGuard SG appliance will automatically associate the appropriate driver with the

USB device, provided the driver is loaded.

By default, the CyberGuard SG565 has

drivers loaded for

USB Mass Storage

devices

and

USB Network devices

.

Rate

Popular SnapGear Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share