Fujitsu eLux NG S26361-F2600-L134 User Manual
Product codes
S26361-F2600-L134
www.
myelux
.com
eLux
®
NG
Build # 27
99
3.17 VPN
A virtual private network (VPN) is a system that allows two or more private networks to be connected
over a publicly accessible network, such as the Internet. These systems use encryption and other
security mechanisms to ensure that only authorized users can access the network and that the data
cannot be intercepted. A VPN can be used to exchange critical information between employees
working remotely or to securely deliver information between business partners.
eLux NG can be used with Cisco VPN.
over a publicly accessible network, such as the Internet. These systems use encryption and other
security mechanisms to ensure that only authorized users can access the network and that the data
cannot be intercepted. A VPN can be used to exchange critical information between employees
working remotely or to securely deliver information between business partners.
eLux NG can be used with Cisco VPN.
3.17.1 Cisco VPN Client **
The Cisco VPN client is used to connect to a Cisco VPN device to create a secure connection
between the Thin Client and a private network. It uses Internet Key Exchange (IKE) and IP
Security (IPSec) tunneling protocols to establish and manage the secure connection. You can
connect using LAN, DSL or ISDN to one of the following:
• Cisco IOS devices that support Easy VPN server functionality
• VPN 3000 Series Concentrators
• Cisco PIX Firewall Series
The following describes how to configure the VPN client via shell and start a session using
preshared keys. Configuration takes place locally on each Thin Client that will access the
private network. It is assumed that the initial configuration takes place in the company’s
Ethernet network before the device is transferred to a remote workplace using Ethernet,
ADSL, ISDN or WLAN.
Each Thin Client must have the configuration parameters saved to the file:
/setup/ciscovpn/sample.pcf
between the Thin Client and a private network. It uses Internet Key Exchange (IKE) and IP
Security (IPSec) tunneling protocols to establish and manage the secure connection. You can
connect using LAN, DSL or ISDN to one of the following:
• Cisco IOS devices that support Easy VPN server functionality
• VPN 3000 Series Concentrators
• Cisco PIX Firewall Series
The following describes how to configure the VPN client via shell and start a session using
preshared keys. Configuration takes place locally on each Thin Client that will access the
private network. It is assumed that the initial configuration takes place in the company’s
Ethernet network before the device is transferred to a remote workplace using Ethernet,
ADSL, ISDN or WLAN.
Each Thin Client must have the configuration parameters saved to the file:
/setup/ciscovpn/sample.pcf
.
This section assumes you are familiar with defining a local shell, setting network hardware
settings and using the UNIX text editor vi.
settings and using the UNIX text editor vi.
Firewall Issues
If you are running a firewall, the following types of traffic must be allowed through:
• Port 500 for UDP
• Port 10000 for UDP (or any other port number being used for IPSec/UDP)
• IP protocol 50 (ESP)
• TCP port configured for IPSec/TCP
• NAT-T (Standards-Based NAT Transparency) port 4500
If you are running a firewall, the following types of traffic must be allowed through:
• Port 500 for UDP
• Port 10000 for UDP (or any other port number being used for IPSec/UDP)
• IP protocol 50 (ESP)
• TCP port configured for IPSec/TCP
• NAT-T (Standards-Based NAT Transparency) port 4500
Required Information
The following information is necessary for the configuration (see your VPN system
administrator):
• Hostname or IP address of the secure gateway you are connecting to
• IPSec group name
• IPSec group password
• Username and password if authenticating through:
The following information is necessary for the configuration (see your VPN system
administrator):
• Hostname or IP address of the secure gateway you are connecting to
• IPSec group name
• IPSec group password
• Username and password if authenticating through:
~ the secure gateway’s internal server
~ an authentication, authorization and accounting (AAA) server, either RADIUS or
TACACS+
~ an authentication, authorization and accounting (AAA) server, either RADIUS or
TACACS+
• The hostnames or IP addresses of the backup servers, if configuring backup server
connections