Saturday, June 12, 2010

Polo Factory Store Dallas

VPN Firewall Zyxel USG-100

Hello guys,

How many of you know the material on the Internet about the configuration of this type of VPN and 'virtually absent. In fact, in order to open an extension of the corporate network and you '"induced, conveyed" to the client licenses already beautiful set.

But if you do not want to pay anything? All

and 'began when the general manager asked me: "Mark ... I want you to configure on my home PC access VPN to see the cam and to access the server" ......... .... panic ....... : Mc:

Non ho potuto che dire "Ma certo direttore, le mando per email le credenziali di accesso".

E qui inizia l'incubo.  :help: Su internet  il nulla, manuali Zyxel ? niente da fare !

Il tempo stringe e le notti si fanno corte.
dopo 4 nottate sono riuscito a configurare una VPN
con questo bel giocattolo che e' lo Zyxel USG-100.

Per prima cosa fate un bel backup del dispositivo, non si sa mai.
  1. Avviate il Wizard e selezionate VPN setup
  2. Usiamo il metodo Express
  3. Scegliamo Remote Access (Server Role) in questo modo accederemo da qualsiasi client
  4. Immettiamo una PreShared Key complessa ( anche se non la useremo )
  5. In Local policy inseriamo un ip interno della LAN Aziendale ad esempio 172.16.11.100/255.255.0.0
  6. In Local policy inseriamo un ip interno della LAN Aziendale ad esempio 172.16.11.100/255.255.0.0, Questo e' importante perche l'assegnazione dell' IP al client che richiede l'apertura del tunnel
  7. Cliccare SAVE per generare lo script VPN
A questo punto la VPN IpSec e' stata creata, ma dobbiamo configurare l'utente che dovrà accedere alla VPN, quindi :
  1. Andiamo su Object->User/Group
  2. Creiamo un utente ad esempio MARCO appartenente al User Tupe USER, ( non si puo' accedere alla VPN se si e' amministratori o Limited admin)
  3. Come on Object-> Address
  4. Create a new address where we can decide what needs to be seen who connects. Xxx If you enter the IP of a machine in our LAN, just logged on to the VPN, the client will ping only the address xxx. If we set a range will see 'only what etc, and then choose what you allow.
  5. Come on VPN> SSL VPN
  6. On Tab Access Privilege create a new rule
  7. Enable check "Enable Policy" and we remove "Join SSL_VPN Zone" from the list of User
  8. insert the user previously created
  9. not add any "SSL Application List"
  10. Enabled "Network Extension"
  11. on "Assign IP Pool" you must enter the address of any machine on the LAN. This is to ensure that the firewall vpn client checks an address belonging to the class of the corporate LAN. Then just enter the address / range created in step 4. For example, if the address xxx '172.16.11.134/255.255.0.0, as soon as you connect to the VPN firewall's DHCP will assign 172.16.0.1/255.255.0.0 and so on
  12. on Network List or tax instead of the url addresses / range that we want to allow to be achieved when connected to VPN (can be different for example to allow access to 4 machines with non-contiguous IP, of course you must first create them or when clicking the small button "Create New Address Object")
  13. Confirm and then log off the firewall

Here comes the most 'simple.

from home or from anywhere as long as outside the corporate LAN,
open Internet Explorer (only works with IE> = ver.6)
address and set [url] https: / / indirizzopubblicoadslaziendale [/ url] and that ' stood at FIREWALL ZYXEL USG-100 Vs.

set on the template you created in step 2 (second list)
password and voitla '(do you spell that) you will be asked to install (one time) that an ActiveX Vs firewall to the client and distribute the newly activated
Vs LAN card will add a new address in the class of the corporate LAN Vs as indicated in paragraph 11. Good Job

0 comments:

Post a Comment