VPN

VPN Troubleshooting

1. How do I connect my Branch Office Networks using XGate VPN Service?

Important Note: The following procedure applies when you have a XGate Device at your head office and branch offices. For details on how to connect using other devices please read FAQ 3.

We will take a scenario where the head office is located in London and the Branch office is located in Manchester. The following diagram gives the necessary information to configure the VPN between the two offices.

These are the following details required to establish a VPN Connection:

	London Office	Manchester Office
LAN Network	IP Address: 192.168.2.1 Subnet : 255.255.255.0 Marked as 1	IP Address: 192.168.3.1 Subnet: 255.255.255.0 Marked as 4
Public WAN IP Address	84.54.77.123 Marked as 2	84.65.25.89 Marked as 3

To configure the VPN in the London office:

· On the Main screen, click VPN

· On the VPN Manager screen, click the New Policy Button.

· Enter the details below:

Field	Value
Policy Name	Manchester
Policy Type	Site-to-Site
Remote IP Address	84.65.25.89
Remote Subnet	192.168.3.1 / 255.255.255.0
Pre-shared Key	connect-to-me (This is an example; you can have any other string as a shared secret.)
Encryption and Authentication Type	3DES-MD5

· Press the Save button.

· The VPN Policy will be listed in the Define Policy section of the VPN Screen.

· Press the Start button.

Now configure the VPN Policy in the Manchester Office:

· On the Main screen, click VPN Server

· On the VPN Manager screen, click the New Policy Button.

· Enter the details below:

Field	Value
Policy Name	London
Policy Type	Site-to-Site
Remote IP Address	84.54.77.123
Remote Subnet	192.168.2.1 / 255.255.255.0
Pre-shared Key	connect-to-me (This is an example; you can have any other string as a shared secret.)
Encryption and Authentication Type	3DES-MD5

· Press the Save button.

· The VPN Policy will be listed in the Define Policy section of the VPN Screen.

· Press the Start button.

Now the VPN connection will be established between London office and the Manchester office.

2. How do I connect to my office network when I am roaming with my Laptop?

XGate VPN feature supports mobile VPN connections with the XGate VPN Client Manager software. This software is installed when the XGate Sensor is installed on your computer (Laptop). You can also use third-party Mobile VPN connectivity software like SafeNet VPN Client. However, the procedure described below is only for the XGate VPN Client Manager Software.

The first step in configuring Mobile VPN connectivity is to create Mobile User accounts. To configure the Mobile User Accounts (L2TP settings):

A. Mobile User configuration (L2TP Settings)

1. On the main screen, click VPN

2. Press the L2TP Settings tab.

3. In the Server IP Address field, enter 192.168.2.1.

4. In the Start IP Address Field, enter 192.168.2.4.

5. In the End IP Address Field, enter 192.168.2.5.

6. Click the Add button to open the User Accounts window.

7. In the User Name field, enter the name that will be used to identify you (e.g. Fred).

8. In the Password field, enter the password. (e.g. password).

9. Re-enter the password for confirmation.

10. Press OK to save.

11. Press the Save button.

This account will be used in the XGate VPN Client Manager software.

The second step is to create a Mobile VPN Policy.

B. Create a Mobile VPN Policy

1. On the main screen, click VPN

2. Click New Policy Button.

3. In the Policy Name field, enter a name that will be used to identify the VPN Connection (i.e. Fred Home VPN)

4. In the Policy Type field, select Mobile.

5. In the Pre-shared Key Field, enter ‘connect-to-me’.

6. Press the Save button.

Now we are ready to access the Office network remotely from the Home computer.

C. Connecting from the Home using the XGate VPN Client Manager.

In your Home Computer:

1. Right-click on the XGate Sensor icon in the Task Bar.

2. In the context menu, select VPN Client.

3. XGate VPN Client manager application will be launched.

4. Click the New Connection button.

5. In the Connection Name field, enter Mobile VPN.

6. In the Connection type field, select L2TP/IPSEC.

7. In the Remote Host Name/ IP Address Field, enter the WAN IP Address of the XGate Device, i.e. 85.65.140.23 (Refer the illustration)

8. In the User Name field enter the user name entered in step A, i.e., ‘Fred’

9. In the Password field enter the password entered in Step A, i.e., ‘password’

10. In the Shared Secret field, enter the Shared Secret vale entered in Step B, i.e., ‘connect-to-me’.

11. Click the OK button to save the changes.

The connection is added to the main screen. Under the Action column, click the Connect button. This will create the VPN connection between your computer and your office network

3. My branch office does not have a XGate device. It has another vendor’s device that supports VPN. Will I be able to connect my branch office using VPN?

The XGate VPN Server is capable of connecting to various vendor’s VPN devices. The example given below lists the steps necessary to connect the XGate device with a NETGEAR ADSL Firewall Router DG834.

Important Note: Please note that different devices may require slight changes and tunings in their configuration to make them work. Contact the user manual of the respective device

For example, we will take the same scenario described in FAQ 1.

The London office has a XGate device. The Manchester Office has a NETGEAR device.

To configure the XGate VPN in the London office:

· On the main screen, click VPN

· Click New Policy Button.

· Use the following table to enter the details

Field Name	Value
Policy Name	Manchester
Policy Type	Site-to-Site
Remote IP Address	84.65.25.89
Remote Subnet	192.168.3.1 / 255.255.255.0
Pre-Shared Key	connect-to-me (This is an example; you can have something else as the pre-shared key.)
Encryption and Authentication Type	3DES-SHA1

· Press the Save button.

· The VPN Policy will be listed in the Define Policy section of the VPN Screen.

· Press the Start button.

To configure the NETGEAR VPN in the Manchester Office:

· Logon to the NETGEAR configuration pages using the browser.

· Select the Advanced – VPN > VPN Policies section.

· It should look like the screen below:

Use the details below to configure the Netgear:

Section	Field Name	Value
General
	Policy Name	London
	Address Type	Fixed IP Address
	Address Data	84.54.77.123 (WAN IP Address assigned to the London Office XGate device)
	NetBIOS Enabled	Selected
	IKE Keep Alive	Selected
	Ping IP Address	192.168.2.5 (This could be any computer’s IP Address in the remote network)
Local LAN
	IP Address	Subnet Address (Select from the Combo box)
	Single / Start Address	192.168.3.1
	Finish Address	Nil
	Subnet Mask	255.255.255.0
Remote LAN
	IP Address	Subnet Address (Select from the Combo box)
	Single / Start Address	192.168.2.1
	Finish Address	Nil
	Subnet Mask	255.255.255.0
IKE
In this section, you need not change any of the default values.
Parameters
	Encryption Algorithm	3DES
	Authentication Algorithm	SHA-1
	Pre-Shared Key	Connect-to-me (This is same as configured in the London Office)
	SA Life Time	3600

After enter these settings, click the Apply button in the bottom. The VPN connection will be established. You can verify the status of the connection by selecting VPN Status on the left.