XP Road Warrior Connection

Download Report

Transcript XP Road Warrior Connection

XP Road Warrior Connection
By: Darren Critchley
What is Road Warrior?
Remote client such as a salesperson who
needs to connect to the main office LAN
resources
 Sometimes referred to as a Host to Net VPN
or VPN Client

What is needed on the client
end?
XP has the client built in, but complicated to
configure
 Free offerings such as Linsys
 Commercial offering Safenet Softremote

XP Service Pack 2 and the
Windows Firewall
Make sure your XP is up to date and
patched!
 Firewall necessary to protect Roadwarrior
 Should not interfere with VPN
 Hotfix may be required to allow ping across
the VPN


http://support.microsoft.com/?kbid=889527
Set up a connection on the
NetSentron




NOTE: Due to the method in which the VPN identifies a connection,
you can only have one Pre-Shared Key Roadwarrior
From VPN page click Add
Select “Host-to-Net Virtual Private Network (RoadWarrior)” and click
Add
Give the VPN a name






Adjust local subnet if necessary
Remote Host/IP you can optionally limit the connection to a specific IP
or Hostname
Enter a Remark – describes this VPN Connection
Dead Peer Detection action



Cannot start with a number
Cannot contain spaces or non-alphanumeric items
Choose Clear as the connection is a Roadwarrior
Check Enabled
Enter a Pre-Shared key or have the NetSentron generate one for you
Connect an XP Roadwarrior using
the free Linsys Program





The Linsys Client is really a nice wrapper that is
for configuring the IPSec policies on Windows.
download the Linsys utility from
http://www.netsentron.com/utilities.html
install the program
start the program
The first time you run the program, it may
complain that a necessary patch is missing. If you
wish to let the program find, download and install
the patch, then click yes, otherwise you can
search for it on your own.
Name the VPN, enter a name for the VPN in
the empty box next to the IPSec Profile
Name
 If you have more than one Network card in
your PC, you can select which one you wish
to use from the Interface drop down list
 Once you select a network card, the IP
Address for the Local side of the Tunnel will
automatically be filled in for you.

Enter the information for the Remote
Side of the Tunnel




Enter VPN Gateway (hostname / ip) – this is the RED (WAN)
address of the NetSentron
Enter the Remote Internal IP – this is the GREEN (LAN) address of
the NetSentron
Enter the Private Address/Network Mask – this is the subnet on the
GREEN (LAN) side of the NetSentron, insure that it matches the
local subnet entry on the VPN connection on the NetSentron
Enter information into the IPSec Options area






Select Pre-Shared Key for Authentication Method
Enter your Pre-Shared Key that you entered into the NetSentron into
the text area
insure that the rest of the settings are: 3DES, MD5, PFS (checked),
3500, 50000
Click on the Other Options Tab and then make sure Debug Enabled
is checked
Click on Ipsec Profiles Tab
Save your connection by clicking the Disk Icon in the upper part of
the Linsys client
Test the Connection

Before we connect, bring up log

Right click on the Linsys icon in the Task Bar,
select View Log
Now click connect – if all is well, you should
see the log with a connection message and
the Linsys Icon should turn green
 Verify connection by pinging the NetSentron
Green (LAN) Address
