4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration
Access Preparation: There are 2 methods for entering the Eagle for the first time. Static ARP entry HiDiscovery (self explanatory) Static ARP entry is achieved by opening a command prompt on the configuration PC while attached to the secure port of the Eagle. EX. Arp –s The arp entry is transmitted in the direction of the Eagle and intercepted by the Eagle allowing WEB Eagle
Access Preparation: There are 2 methods for entering the Eagle for the first time. Static ARP entry Eagle
Access Login via Web Interface: Ex. Note the use of HTTPS in other words "encrypted" web access Eagle
Access Login via Web Interface: Makes Sure to accept the certificate Eagle
(private) Access Login via Web Interface: User Name and Login same as switches Admin / Private Eagle
Because it is necessary to build/establish an L2TP/IPSec VPN from the "unsecured" port of the Eagle, it is necessary to establish some rules for access to the unit before we begin. Incoming Firewall rules HTTPS access from "outside" SNMPv3 Access for encrypted login Eagle
Configuration Firewall: Select "Firewall"
Eagle Configuration Firewall: Select "Incoming" or "Untrusted"
Eagle Select "New"
Eagle Select either an IP range or individual address Both incoming and outgoing Select which protocols to be allowed in Then select OK
Because it is necessary to build/establish an L2TP/IPSec VPN from the "unsecured" port of the Eagle, it is necessary to establish some rules for access to the unit before we begin. Incoming Firewall rules HTTPS access from "outside" SNMPv3 Access for encrypted login Eagle
Configuration External HTTPS: Select "Access" Eagle
Configuration External HTTPS: Select "HTTPS" Eagle
Select "Yes" Eagle
Select "New" then "OK" Eagle
Because it is necessary to build/establish an L2TP/IPSec VPN from the "unsecured" port of the Eagle, it is necessary to establish some rules for access to the unit before we begin. Incoming Firewall rules HTTPS access from "outside" SNMPv3 Access for encrypted login Eagle
Configuration External SNMP: Select "Access" Eagle
Configuration External SNMP: Select "SNMP" Eagle
Select "Yes" in both places Eagle
Select "New" then "OK" Eagle
Because it is necessary to build/establish an L2TP/IPSec VPN from the "unsecured" port of the Eagle, it is necessary to establish some rules for access to the unit before we begin. Incoming Firewall rules HTTPS access from "outside" SNMPv3 Access for encrypted login Eagle
L2TP/IPSec VPN Goal: To establish an encrypted communication between VPN client software and the Eagle TX/TX with VPN Suggestions: IP address scheme Access list (IP or User) in other words how many devices(users) will have access to how many other devices(users). Eagle
HIRSCHMANN VPN Tunnel Untrusted Port xxx Trusted Port L2TP/IPSec VPN The diagram illustrates the machines, connections and addresses involved in the configuration
L2TP/IPSec VPN (Certificates) There are a total of 4 (x.509) certificates necessary to build the intended VPN tunnel. There are 2 "Machine" certificates with (.p12) file extensions Windows-Certificate e.g. WinMaCert.p12 Eagle-Certificate e.g EagleMaCert.p12 There are 2 "Trusted" or "connection" certificates with (.cer or.crt) extensions CA-Certificate (trusted) e.g TrustedCA.crt Windows-Connection e.g WinCoCert.crt It is extremely important that these 4 certificates be allocated to the proper locations. Any discrepancy in the location of these certificates will result in a security negotiation failure. Eagle
L2TP/IPSec VPN (Certificates) Configuration of the Windows Management Console for importing of certificates... Start -> Run, enter mmc and click OK. Select Console -> Add/Remove Snap-in and click Add. Select Certificates from the list and click Add. Select Computer Account and click Next. Select Local Computer and select Finish. Close the "Add Stand alone Snap-In" window. The entry Certificates (local computer) should appear in the list, Click OK. Select Console -> Save. Select Desktop from the Save In field. (Name it something Familiar to YOU!!!) and click save. Close MMC by selecting Console -> Exit from the menu. You should now have an icon on your desktop for direct access into the MMC Eagle
L2TP/IPSec VPN (Certificates) Import of the TrustedCA certificates... Double-Click the MMC icon on your desktop Right click Personal and select All Tasks -> Import Select Next Select Browse. Select the option X.509 Certificate (*.cer, *.crt) from Type of Files and select TrustedCA. Select Open and click Next. Select the option Place all certificates in the following store and click Next. Select Finish. Eagle
L2TP/IPSec VPN (Certificates) Import of the Machine certificates... Double-Click the MMC icon on your desktop Right click Trusted Root Certificate Authority and select All Tasks -> Import Select Next Select Browse. Select the option Personal Information Exchange (*.pfx, *.p12) from Type of Files and select windows machine certificate. Select Open and click Next. Enter the password, which protects the certificate against unauthorized usage and click next. Select the option Place all certificates in the following store and click Next. Select Finish. Eagle
L2TP/IPSec VPN Configuration of Eagle VPN settings. From the secure side under Router, assign an IP address to the "External Port"... This is the address that we will be connecting to from our VPN client...
Eagle L2TP/IPSec VPN Configuration of Eagle VPN settings. From the secure side, we must change the Eagle "Network Mode" to Router... This will cause a reboot on the Eagle...
L2TP/IPSec VPN Configuration of Eagle VPN settings. It is important to remember now to set the PC you are connecting from to the same IP scheme and subnet as the unsecure port on the Eagle... Log back into the Eagle from the UN-secure port of the Eagle and select VPN from the menu structure then "L2TP"... Select "Yes" in the "Start L2TP Server for IPSec/L2TP" line then click ok... Eagle
L2TP/IPSec VPN Configuration of Eagle VPN settings. Select "Connections" then click New and name the connection. Select OK then click Edit... Eagle
L2TP/IPSec VPN Configuration of Eagle VPN settings. This is the most important section on the EDIT page as it will determine where the VPN will originate, from where we will allow the connection as well as what type of connection will be used Make sure the connection is enabled... Enter the IP address from where the connection will be allowed (%any) means from any address, Select "Transport (L2TP SSH Sentinel) if you have WinXP or the XP client.. Then select "Wait for connection from..." Eagle
L2TP/IPSec VPN Configuration of Eagle VPN settings. For L2TP/IPSec VPN connection from a software client, the authentication method may only be X.509. This setting along with all the others are the defaults and can be left alone with the exception of PFS. PFS must be set to "NO"!!! All of the other criteria on this page can be left as default!!! Select OK... Eagle
L2TP/IPSec VPN Configuration of Eagle VPN settings. Click the configure button!
L2TP/IPSec VPN Configuration of Eagle VPN settings. Select Browse... Eagle
L2TP/IPSec VPN Configuration of Eagle VPN settings. Select the proper certificate and click Open...
Eagle L2TP/IPSec VPN Configuration of Eagle VPN settings. The file location should populate the field. Select Import
Eagle L2TP/IPSec VPN Configuration of Eagle VPN settings. The current certificate is shown ***You must select the Back button here before going any further...!!!
Eagle L2TP/IPSec VPN Configuration of Eagle VPN settings. Then Select OK to save to the Eagle.
Eagle L2TP/IPSec VPN Configuration of Eagle VPN settings. Next select machine certificate from the menu Select browse
Eagle L2TP/IPSec VPN Configuration of Eagle VPN settings. Select the Eagle Machine Certificate Click Open
L2TP/IPSec VPN Configuration of Eagle VPN settings. The file location should populate the field. Enter the pre-assigned password Select Import Then select OK!!! Eagle
L2TP/IPSec VPN Connection from the Windows VPN Client Under "Network Connection" from your PC, select "Create New Connection" Eagle
L2TP/IPSec VPN Connection from the Windows VPN Client Under "Network Connection" from your PC, select "Create New Connection" Eagle
L2TP/IPSec VPN Connection from the Windows VPN Client
Eagle L2TP/IPSec VPN Connection from the Windows VPN Client
Eagle L2TP/IPSec VPN Connection from the Windows VPN Client
Eagle L2TP/IPSec VPN Connection from the Windows VPN Client
Eagle L2TP/IPSec VPN Connection from the Windows VPN Client
Eagle L2TP/IPSec VPN Connection from the Windows VPN Client
Eagle L2TP/IPSec VPN Connection from the Windows VPN Client
Eagle L2TP/IPSec VPN Connection from the Windows VPN Client
Eagle L2TP/IPSec VPN Connection from the Windows VPN Client
Eagle L2TP/IPSec VPN Connection from the Windows VPN Client
Eagle L2TP/IPSec VPN Connection from the Windows VPN Client
Eagle L2TP/IPSec VPN Connection from the Windows VPN Client
Eagle L2TP/IPSec VPN Connection from the Windows VPN Client
L2TP/IPSec VPN Functioning Tunnel If you rememeber earlier when we turned the "L2TP Service" On, there was a connection range of IP addresses. These addresses are assigned to the remote PC that authenticates or tunnels to the Eagle... Eagle