Allied Telesis AR450S Manuel d'utilisateur télécharger pdf

C613-16034-00 REV D

www.alliedtelesyn.com

Introduction

This document describes how to provide secure remote access through IP security (IPSec)

Virtual Private Networks (VPNs). The solution allows for IPsec NAT Traversal, which is an

enhancement to IPsec and ISAKMP protocols that lets VPN clients communicate through

Network Address Translation (NAT) gateways over the Internet.

For example, business travellers commonly use IPsec on their laptop to gain remote VPN access

to the central office. When working off-site, these users sometimes need to connect to the

Internet through a NAT gateway such as from a hotel. NAT gateways are often part of a

company’s firewall and let its Local Area Network (LAN) appear as one IP address to the world.

For more information about NAT gateways, refer to RFC 1631”The IP Network Address Translator

(NAT)”, and to the Network Address Translation section in the Internet Protocol chapter of your

device’s Reference Manual.

This VPN solution is suitable for any business deployment and provides your office with secure

Internet access and firewall protection, plus remote encrypted VPN access for your travelling

staff. The solution may be combined with an office-to-office VPN solution with NAT-Traversal

(NAT-T) support if required. NAT-T is designed to solve the problems inherent in using IPSec

with NAT.

Please refer to the Configuration Examples section in your device’s Reference Manual, release

2.6.4 or later.

What information will you find in this document?

This document is divided in to the following sections:

• Typical network scenario‚ on page 2

• Solution requirements‚ on page 3

• Hardware and software versions used during the setup‚ on page 5

• Security advice‚ on page 6

• Loading the NAT-T update to Windows XP‚ on page 7

• Configuring the VPN client‚ on page 8

• Configuring the AR450S or other ATI VPN router‚ on page 15

• VPN Testing, Verification and Troubleshooting‚ on page 20

Configure Microsoft® Windows XP

Virtual Private

Network (VPN) client interoperability with NAT-T support

How To |

1 2 3 4 5 6 ... 21 22

Résumé du contenu

Page 1 - How To

C613-16034-00 REV Dwww.alliedtelesyn.comIntroductionThis document describes how to provide secure remote access through IP security (IPSec) Virtual Pr

Page 2 - Typical network scenario

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 10If you do not have a modem installed you

Page 3 - Solution requirements

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 11You have now completed creating the conne

Page 4

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 12Connect to the Head OfficeNote: The pre-

Page 5

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 13This opens the Head Office Properties win

Page 6 - Security advice

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 14You are now back to the Head Office Prope

Page 7

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 15Configuring the AR450S or other ATI VPN r

Page 8 - Configuring the VPN client

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 16The configuration starts here and ends on

Page 9

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 17# To cater for dynamic creation of incomi

Page 10

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 18# Rule 3 becomes the L2TP tunnel allow ru

Page 11 - 11. Click Finish

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 19# If the "internet" permit poli

Page 12 - Connect to the Head Office

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 2Typical network scenarioFigure 1: Typical

Page 13

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 20VPN Testing, Verification and Troubleshoo

Page 14

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 21Troubleshooting an IPSec tunnelIf problem

Page 15 - AR450S Configuration

USA Headquarters | 19800 North Creek Parkway | Suite 200 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895European Headquarters | V

Page 16

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 3Solution requirementsNAT-T is available fr

Page 17

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 4Other solution requirements and things to

Page 18

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 5Hardware and software versions used during

Page 19 - Support Limits

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 6Security adviceSince this Windows VPN solu

Page 20

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 7Loading the NAT-T update to Windows XPTo e

Page 21

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 8Configuring the VPN clientCreating a VPN t

Page 22 - C613-16034-00 REV D

Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 93. Select Virtual Private Network Connecti