This section explains how to use a VPN tunnel to connect a client-based remote computer to an internal network. For more about using Mobile Access to connect remote devices to internal resources, see Remote Access to the Network.
Note - For each VPN gateway, you must configure an existing gateway as a default gateway. |
The IPsec VPN Software Blade lets the Firewall overcome connectivity challenges for remote clients. Use VPN connectivity modes to make sure that remote users can connect to the VPN tunnels. These are some examples of connectivity challenges:
Office Mode
Remote users can be assigned the same or non-routable IP addresses from the local ISP. Office Mode solves these routing problems and encapsulates the IP packets with an available IP address from the internal network. Remote users can send traffic as if they are in the office and do not have VPN routing problems.
Visitor Mode
Remote users can be restricted to use HTTP and HTTPS traffic only. Visitor Mode lets these users tunnel all protocols with a regular TCP connection on port 443.
Use SmartDashboard to enable and configure the Security Gateway for remote access VPN connections. Then add the remote user information to the Security Management Server: create and configure an LDAP Account Unit or enter the information in the SmartDashboard user database. You can also configure the Firewall to authenticate the remote users. Define the Firewall access control and encryption rules. Create the LDAP group or user group object that is used for the Firewall rules. Then create and configure the encryption settings for the VPN community object. Add the access rules to the Firewall Rule Base to allow VPN traffic to the internal networks.
|
|
Enable remote access VPN |
|
|
|
|
|
|
|
Configure LDAP |
LDAP |
Manage Users? |
Smart |
Configure users in SmartDashboard database |
|
|
|
||
Configure user authentication |
|
|
|
Configure user authentication |
|
|
|
||
Create LDAP user |
Create VPN Community |
Create user |
||
|
|
|
|
|
|
|
Configure rules for VPN access in Firewall Rule Base |
|
|
|
|
|
|
|
|
|
Install policy |
|
|
This release includes limited IPv6 support for IPsec VPN communities:
These VPN features are not supported for IPv6: