Nortel Contivity 1010 VPN Router... How to setup VPN for home users?

Hello,

I'm having a hard time configuring the Nortel Contvity 1010 VPN Router. I have setup the firewall part and that works, but now I want to setup the VPN part, but I don't know how to do it. I have read the manuals, which are very unclear to me. The info is scattered all over the manuals and there are no clear examples with step-by-step information.

I also want to setup https management, but then I need to make a SSL certificate first. I tried by using the Certificate Service in Windows 2003 to make certificates, but then the Contivity 1010 complains that there is a CA mismatch. I imported the CA certificate, which is accepted, but then when I try to import the certificate for the unit (I made a PKCS#10 request and made a certificate using the CA website on the Windows 2003 server) it fails. I did like in manual CG030503 but then with Windows 2003 CA instead of Entrust VPNConnector (which I don't have).

I hope someone can help me out with this. I need help badly to get me going!

Kind Regards, Arlé

Reply to
Arlé Mooldijk
Loading thread data ...

Contact your vendor - They should be able to help you.

Reply to
Nortec in MN

No, they cannot help because they only sell it and don't know how to configure it. I was hoping someone here could get me going.

Kind Regards, Arlé

Reply to
Arlé Mooldijk

I have the certificate part working now, I can establish a https management connection from the LAN (Private connection). Now I need to do the same for certain sites on the WAN (Public connection), how do I do that as the management IP is on the Private LAN?

And I want to know if someone knows how to make the VPN part working for home users? I made a group under \Base called VPNGroup and made an account for myself. I don't see where I can put in a Pre-Shared-Key or how to make sure only certified users can connect...

BTW, the firmware is version V05_00.136. I have seen newer versions of it, is upgrading advised? Does it make things easier? I can't download the newer version just yet, Nortel has to accept my request to download software...

Help is very welcome!

Kind Regards, Arlé

Reply to
Arlé Mooldijk

I would advise the upgrade but in will not make setup easier. The pre-shared key is used when you are setting up a Branch office tunnel, which means a tunnel from one contivity to another contivity. For the VPN side, install the VPN client on a remote PC and enter your public ip address. the user Id and the password that you setup for your self would go into the field on the VPN client software and it should connect. By the way make should the User IP address Default pool is setup. because this is what will assign your remote computer an ip address on the network. and then you will be able to hit the managment interface from the remote computer. Not sure if you are getting this but what ever you do not understand. just post back.

Arl=E9 Mooldijk wrote:

Reply to
spanton

In news: snipped-for-privacy@e56g2000cwe.googlegroups.com, spanton typed: [put your answer below]

There's no way to make the VPN tunnel for home users more secure by adding certificates?

I also want to be able to access the management interface through https when I'm not connected by VPN, from a certain ip-range that is connected to the public interface (not being the internet directly). How can this be done, otherwise I see no point in having the options to enable https, ssh and so on services on the public interface? I enabled it, but how can I connect as the management ip is on the private interface? Do I need to make a NAT entry for it, so a certain public ip-address is NAT-ed to the internal management ip-address?

BTW when trying to access the 1010 by ssh (from the private side), I can't get in, while the standard rules seem to enable this. Is there anything special for this? HTTPS management is more important though, but it would be nice to get this working as well.

Hope to hear from you soon!

Thanks!

Kind Regards, Arlé

Reply to
Arlé Mooldijk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.