Re: Nortel Contivity 1010 VPN Router... How to setup VPN for home users?
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by Arlé Mooldijk on March 18, 2006, 8:01 am
Please log in for more thread options I have the certificate part working now, I can establish a https management connection from the LAN (Private connection). Now I need to do the same for certain sites on the WAN (Public connection), how do I do that as the management IP is on the Private LAN? And I want to know if someone knows how to make the VPN part working for home users? I made a group under \Base called VPNGroup and made an account for myself. I don't see where I can put in a Pre-Shared-Key or how to make sure only certified users can connect... BTW, the firmware is version V05_00.136. I have seen newer versions of it, is upgrading advised? Does it make things easier? I can't download the newer version just yet, Nortel has to accept my request to download software... Help is very welcome! Kind Regards, Arlé | |||||||||||||
|
Posted by spanton on March 25, 2006, 11:55 pm
Please log in for more thread options pre-shared key is used when you are setting up a Branch office tunnel, which means a tunnel from one contivity to another contivity. For the VPN side, install the VPN client on a remote PC and enter your public ip address. the user Id and the password that you setup for your self would go into the field on the VPN client software and it should connect. By the way make should the User IP address Default pool is setup. because this is what will assign your remote computer an ip address on the network. and then you will be able to hit the managment interface from the remote computer. Not sure if you are getting this but what ever you do not understand. just post back. Arl=E9 Mooldijk wrote: > > Hello,
> > > > I'm having a hard time configuring the Nortel Contvity 1010 VPN > > Router. I have setup the firewall part and that works, but now I want > > to setup the VPN part, but I don't know how to do it. I have read the > > manuals, which are very unclear to me. The info is scattered all over > > the manuals and there are no clear examples with step-by-step > > information. > > I also want to setup https management, but then I need to make a SSL > > certificate first. I tried by using the Certificate Service in > > Windows 2003 to make certificates, but then the Contivity 1010 > > complains that there is a CA mismatch. I imported the CA certificate, > > which is accepted, but then when I try to import the certificate for > > the unit (I made a PKCS#10 request and made a certificate using the > > CA website on the Windows 2003 server) it fails. I did like in manual > > CG030503 but then with Windows 2003 CA instead of Entrust > > VPNConnector (which I don't have). >
nt
> I have the certificate part working now, I can establish a https manageme= > connection from the LAN (Private connection). Now I need to do the same f=
or
> certain sites on the WAN (Public connection), how do I do that as the
wer
> management IP is on the Private LAN? > > And I want to know if someone knows how to make the VPN part working for > home users? I made a group under \Base called VPNGroup and made an account > for myself. I don't see where I can put in a Pre-Shared-Key or how to make > sure only certified users can connect... > > BTW, the firmware is version V05_00.136. I have seen newer versions of it, > is upgrading advised? Does it make things easier? I can't download the ne= > version just yet, Nortel has to accept my request to download software...
>=20 > Help is very welcome! >=20 > Kind Regards, > Arl=E9 | |||||||||||||
|
Posted by Arlé Mooldijk on March 26, 2006, 4:00 am
Please log in for more thread options [put your answer below]
> Arlé Mooldijk wrote:
>>> Hello,
>>> >>> I'm having a hard time configuring the Nortel Contvity 1010 VPN >>> Router. I have setup the firewall part and that works, but now I >>> want to setup the VPN part, but I don't know how to do it. I have >>> read the manuals, which are very unclear to me. The info is >>> scattered all over the manuals and there are no clear examples with >>> step-by-step information. >>> I also want to setup https management, but then I need to make a SSL >>> certificate first. I tried by using the Certificate Service in >>> Windows 2003 to make certificates, but then the Contivity 1010 >>> complains that there is a CA mismatch. I imported the CA >>> certificate, which is accepted, but then when I try to import the >>> certificate for the unit (I made a PKCS#10 request and made a >>> certificate using the CA website on the Windows 2003 server) it >>> fails. I did like in manual CG030503 but then with Windows 2003 CA >>> instead of Entrust VPNConnector (which I don't have). >>
>> I have the certificate part working now, I can establish a https >> management connection from the LAN (Private connection). Now I need >> to do the same for certain sites on the WAN (Public connection), how >> do I do that as the management IP is on the Private LAN? >> >> And I want to know if someone knows how to make the VPN part working >> for home users? I made a group under \Base called VPNGroup and made >> an account for myself. I don't see where I can put in a >> Pre-Shared-Key or how to make sure only certified users can >> connect... >> >> BTW, the firmware is version V05_00.136. I have seen newer versions >> of it, is upgrading advised? Does it make things easier? I can't >> download the newer version just yet, Nortel has to accept my request >> to download software... > I would advise the upgrade but in will not make setup easier. The
> pre-shared key is used when you are setting up a Branch office tunnel, > which means a tunnel from one contivity to another contivity. For the > VPN side, install the VPN client on a remote PC and enter your public > ip address. the user Id and the password that you setup for your self > would go into the field on the VPN client software and it should > connect. By the way make should the User IP address Default pool is > setup. because this is what will assign your remote computer an ip > address on the network. and then you will be able to hit the managment > interface from the remote computer. Not sure if you are getting this > but what ever you do not understand. just post back. There's no way to make the VPN tunnel for home users more secure by adding certificates? I also want to be able to access the management interface through https when I'm not connected by VPN, from a certain ip-range that is connected to the public interface (not being the internet directly). How can this be done, otherwise I see no point in having the options to enable https, ssh and so on services on the public interface? I enabled it, but how can I connect as the management ip is on the private interface? Do I need to make a NAT entry for it, so a certain public ip-address is NAT-ed to the internal management ip-address? BTW when trying to access the 1010 by ssh (from the private side), I can't get in, while the standard rules seem to enable this. Is there anything special for this? HTTPS management is more important though, but it would be nice to get this working as well. Hope to hear from you soon! Thanks! Kind Regards, Arlé | |||||||||||||
>
> I'm having a hard time configuring the Nortel Contvity 1010 VPN
> Router. I have setup the firewall part and that works, but now I want
> to setup the VPN part, but I don't know how to do it. I have read the
> manuals, which are very unclear to me. The info is scattered all over
> the manuals and there are no clear examples with step-by-step
> information.
> I also want to setup https management, but then I need to make a SSL
> certificate first. I tried by using the Certificate Service in
> Windows 2003 to make certificates, but then the Contivity 1010
> complains that there is a CA mismatch. I imported the CA certificate,
> which is accepted, but then when I try to import the certificate for
> the unit (I made a PKCS#10 request and made a certificate using the
> CA website on the Windows 2003 server) it fails. I did like in manual
> CG030503 but then with Windows 2003 CA instead of Entrust
> VPNConnector (which I don't have).