background image
Chapter 11. Configuring Remote Access
Internet Security Router User
’s Manual
118
11.7 Configure VPN for Remote Access
Remote Access VPN is used primarily by telecommuters/road-warriors to securely access resources behind
the Internet Security Router located at a head-office or a central site. The steps required for configuring the
Internet Security Router and the VPN client on a remote user
’s machine to provide remote access are
explained in the following sections. A typical deployment in a small office (see Figure 11.10) is taken as an
example to demonstrate the Remote Access VPN features of the Internet Security Router. In this example,
remote users Richard and Gloria are allowed to have secure access to the LAN (192.168.1.0/24) protected by
the Internet Security Router. However, you may change this configuration to have a finer control over the
secure access for Richard and Gloria. For example, you can limit Richard to gain secure access to a group of
computers in the LAN while Gloria to have secure access to a different group of computers in the LAN.
Note that third party VPN client software, such as SafeNet SoftRemote 9.0, is required to use the VPN remote
access feature in the Internet Security Router.
Two modes, main mode and aggressive mode, are supported for VPN remote access.
11.7.1 Main Mode Remote Access
Main Mode remote access is a mechanism where identity protection is provided for the communicating entities.
Normal HTTP login by the remote user is used to instantiate appropriate policies in the Internet Security Router.
Once these policies are instantiated, then the remote user is allowed secure access by the Internet Security
Router. Follow the instructions below to configure for main mode remote access.
1.
Create remote access user group and users for Richard and Gloria. For details on how to do this,
please refer to section 11.2 Manage User Groups and Users. Figure 11.11 shows the settings for
adding Gloria into RoadWarrior user group.
Figure 11.11. Main Mode Remote Access Example
– Create a User Group and Add Two Users into the
Group
2.
Set the Virtual Network Address to 192.168.221.0 and assign virtual IP address for Richard and
Gloria.