Application Notes SL1000/500 VPN with SafeNet SoftRemote VPN Client Version 1.3 Copyright 2005, ASUSTek Computer, Inc.
Revision History Version Author Date 1.0 Julian Chang 08/20/2003 1.1 Nicole Lin 12/02/2004 1.2 Martin Su 06/27/2005 Copyright 2005, ASUSTek Computer, Inc.
Table of Contents Revision History.................................................................................................................................... ii Table of Contents................................................................................................................................. iii 1 Introduction.................................................................................................................................... 1 2 Network Setup ..........................
1 Introduction This application note will detail all of the steps to create a working IKE IPSec VPN tunnel between an ASUS SL1000 device (also be applied to SL500) and SafeNet SoftRemote VPN Client. All setting and screen dumps contained within this application notes are taken from a SafeNet SoftRemote running version 10.3.5(build 6), and a SL1000 device running firmware 1.1.68A.410. 2 Network Setup: Figure 2.1 Overview of Network Connections 2.
Figure 2.3 Self Access Rule Allowing Remote Users to Login Copyright 2005, ASUSTek Computer, Inc.
2.1.2 Configuring SL1000/500 VPN Policies for Aggressive Mode Remote Access Aggressive Mode remote access with Xauth is a mechanism where the remote access client is prompted for an additional login (the Xauth login). This form of remote access is more secure since an intruder cannot access the corporate resources through a connected Laptop, which belongs to a valid employee.
Figure 2.4 VPN policy configuration page Copyright 2005, ASUSTek Computer, Inc.
Figure 2.5 VPN policy configuration page(cont.) Step 2: Verify VPN policies added for groups “Group1” Figure 2.6 Verify VPN policy added for the group “Group1” Copyright 2005, ASUSTek Computer, Inc.
Step 3: Verify Virtual IP Address for user “User1” Figure 2.7 Configure virtual IP address for remote user “User1” Step 4: Adding Firewall specific policies for group “Group1” Field Purpose Value Action Allow Rule Type Inbound User Group Group1 Source IP ANY Destination IP Subnet: 192.168.2.0/24 VPN Enable Table 2.2 Adding firewall policy for group “Group1” Copyright 2005, ASUSTek Computer, Inc.
Figure 2.8 Firewall group policy configuration page 2.1.2.2 Steps to configure Remote Client Each of the remote PC’s should have VPN client software installed. The following configuration steps described assuming SafeNet SoftRemote 10.3.5 (Build 6) is installed in each of the user’s PC. Step 1: SafeNet Configuration for User1 Open the Security Policy Editor. 1. Addition of policy 9 Use options My Connections -> (right click) -> Add -> Connection Figure 2.
9 9 Use options My Connection -> New Connection -> (right click) -> Rename The connection name will become editable. Edit it to SL1000 Figure 2.9 SoftRemote configuration for “SL1000” as My Connection (cont.) 9 9 9 In Remote Party Identity and Address block, select IP Subnet in ID Type and specify subnet 192.168.2.0 and mask 255.255.255.0 in the text box. Check Connect using and select Secure Gateway Tunnel. In ID Type, select IP Address and type 220.135.200.51 as remote VPN gateway. Figure 2.
Figure 2.11 Setup pre-shared secret and local ID type 9 Click on the Enter Key button to enable the text box. Enter 12345678 into the text box and click on OK. Figure 2.102 Enter pre-shared key Copyright 2005, ASUSTek Computer, Inc.
9 9 Use options My Connection -> SL1000 -> Security Policy Choose Aggressive Mode Figure 2.113 Configure IKE phase 1 negotiation mode as “Aggressive mode” 9 9 Use option sequence: My Connection -> SL1000 -> Security Policy -> Authentication (Phase 1) -> Proposal 1 On the right hand side, select Diffie-Hellman Group 2 option from the Key Group dropdown list. Figure 2.124 Configuration IKE phase 1 authentication method and algorithms 9 Save the configuration. Copyright 2005, ASUSTek Computer, Inc.
2.1.2.3 Establishing VPN connection Step 1: Activate IPSec Dial Client In remote PC, right click the SafeNet SoftRemote Icon on the right bottom corner of desktop. Choose “Activate Security Policy”. Left click the Icon again. Now choose “Connect” and connect to “My Connection\SL1000”. A popup window appears on PC1 asking for the XAUTH username and password. Enter User1 as username and 1234 as password. Figure 2.
Figure 2.17 User login for “User1” Type User1 into the User Name text box and 1234 into the Password text box and click OK. Then, browser will display successful login message along with Logout button as shown. Figure 2.18 Successful login message for “User1” Step 3: Verify Connection On the SL1000/500 system side, Use options Remote Access -> Remote Access User You will see the details of the users logged in as below: Copyright 2005, ASUSTek Computer, Inc.
Figure 2.19 Remote Users Login Details Ping from PC1 to PC4. See that the tunnel gets established. Figure 2.20 Verify VPN connection by using Ping command Copyright 2005, ASUSTek Computer, Inc.
