Tikiwiki Assistant
Thank you for installing Tikiwiki!
Click the :: options in the Menu for more options.
Please, also see TikiMovies for more setup details.
|
Interoperable Devices
- Step 1
- Create an Interoperable Device for every SOHO VPN Router. The Interoperable Device object is similar to the Externally Managed Gateway object. Enter the FQDN for the SOHO VPN User int he name field of the Interoperable Device. Use the FQDN in as many fields as possible. The Openswan templates and shell scripts look for the FQDN. Check the Dynamic Address box. Enter a comment. Select a color.
 | | Figure 1: Interoperable Devices, General Properties |
- Step 2
- Select Topology from the left menu.
 | | Figure 2: Interoperable Devices, Topology |
- Step 3
- Click Add to add the Lan interface details. Enter the IP Address and subnet mask of the SOHO VPN Router's Lan Interface. Figure 3 shows the IP Address for soho-user-a.dyndns.info.
 | | Figure 3: Interoperable Devices, Topology, Interface Properties, General, Lan |
- Step 4
- Select the Topology tab. Select "Internal (leads to the local network). Select Specific. Select the network object for soho-user-a. Click OK.
 | | Figure 4: Interoperable Devices, Topology, Interface Properties, Topology, Lan |
- Step 5
- Click Add to add the Wan interface details. Enter the IP Address and subnet mask of the SOHO VPN Router's Wan Interface. Figure 5 shows the IP Address for soho-user-a.dyndns.info. Check "Dynamic IP".
 | | Figure 5: Interoperable Devices, Topology, Interface Properties, General, Wan |
- Step 6
- Select the Topology tab. Select "External (leads to the local network). Select Specific. Select the network object for soho-user-a. Click OK.
 | | Figure 6: Interoperable Devices, Topology, Interface Properties, Topology, Wan |
- Step 7
- Select "Manually Defined VPN Domain". Select the network object for soho-user-a.dyndns.info.
| | Figure 7: Interoperable Devices, Topology |
- Step 8
- Select VPN from the left menu.
 | | Figure 8: Interoperable Devices, VPN |
- Step 9
- Click Add to add the Interoperable Device to a VPN Community. Select OpenWRT (the name of the VPN Community. Click OK.
 | | Figure 9: Interoperable Devices, VPN, Select VPN Community |
- Step 10
- Select Satellite Gateways. Click OK.
 | | Figure 10: Interoperable Devices, VPN, Star Community Choice |
- Step 11
- Click the "Matching Criteria" button (Figure 8). Select internal_ca under "Gateway mush present a certificate issued by CA:". Enter the Distinguished Name for soho-user-a in the "The certificate should match the following: DN" field. The Distinguished Name for soho-user-a is "CN=soho-user-a.dyndns.info,O=Location-A Inc.,L=Miami,ST=FL,C=US". You can press search with no criteria in the ICA Management Tool to display a list of certificates. The certificate details contain the user's DN. See Check Point Certificates Figure 3. Figure 12 shows the certificate details after a certificate is selected in the ICA Management Tool search results.
 | | Figure 11: Interoperable Devices, VPN, Certificate Matching Criteria |
 | | Figure 12: ICA Management Tool, Certificate Details |
- Step 12
- Select VPN Advanced from the left menu. Accept the default settings.
 | | Figure 13: Interoperable Devices, VPN, VPN Advanced |
- Step 13
- Select Link Selection from the left menu. Select "Use DNS resolving". Select "Full Hostname". Enter the FQDN of the SOHO VPN Device. Enter "soho-user-a.dyndns.info" for User-A. (It looks like Check Point checks for a new IP address every 10 minutes.) Click OK to save the Interoperable Device Object.
 | | Figure 14: Interoperable Devices, VPN, Link Selection |
- Step 14
- Save your work often. Select Policy, Install after every 10 new objects. I have had Smart Dashboard crash several times after entering 20-30 new objects without installing.
Created by: system
last modification: Tuesday 08 of May, 2007 [19:28:47 UTC] by kpalmer
|
|
![[hide]](javascript:icntoggle('mod-mnu_application_menu','mo.png');)
Wiki