1. Manuals
  2. Brands
  3. Vasco Manuals
  4. Gateway
  5. aXsGUARD Gatekeeper
  6. How to do

Vasco aXsGUARD Gatekeeper How To Do

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
aXsGUARD Gatekeeper
PPTP How To
1.7

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the aXsGUARD Gatekeeper and is the answer not in the manual?

Questions and answers

Related Manuals for Vasco aXsGUARD Gatekeeper

Summary of Contents for Vasco aXsGUARD Gatekeeper

  • Page 1 Gatekeeper PPTP How To...
  • Page 2 Table of Contents 1. Introduction 1.1. Audience and Purpose of this Document 1.2. Available Guides 1.3. What is the aXsGUARD Gatekeeper? 1.4. About VASCO 2. General Concepts 2.1. Overview 2.2. What is a Virtual Private Network? 2.3. What is PPTP? 2.3.1.

  • Page 3: Pptp Client Configuration

    4.4. Windows Vista Configuration 4.5. Windows 7 Configuration 5. Troubleshooting 5.1. Client-Side Troubleshooting 5.2. Server-Side Troubleshooting 6. Support 6.1. Overview 6.2. If you encounter a problem 6.3. Return procedure if you have a hardware failure Alphabetical Index © VASCO Data Security 2011...
  • Page 4 4.22. Connect to a Workplace 4.23. Creating a New Connection 4.24. Creating a New Connection 4.25. PPTP Connection Settings 4.26. PPTP Connection Settings 4.27. PPTP Status 5.1. Include Windows Logon Domain 5.2. PPTP Error 619 © VASCO Data Security 2011...
  • Page 5 List of Tables 3.1. PPTP General Settings 3.2. PPTP User Settings 3.3. User Level Firewall Settings © VASCO Data Security 2011...
  • Page 6 List of Examples 3.1. Restricting access to two LAN servers © VASCO Data Security 2011...
  • Page 7 VASCO customers and has been provided to you and your organization for the sole purpose of helping you to use and evaluate VASCO Products. As such, it does not constitute a license to use VASCO Software or a contractual agreement to use VASCO Products.

  • Page 8: Introduction

    1.1. Audience and Purpose of this Document In this How To, we explain the basic principles of PPTP and how to deploy the aXsGUARD Gatekeeper PPTP server in your network. This documents is intended for technical personnel and network administators.

  • Page 9: What Is The Axsguard Gatekeeper

    The aXsGUARD Gatekeeper is an authentication appliance, intended for small and medium sized enterprises. In addition to strong authentication, the aXsGUARD Gatekeeper has the potential to manage all of your Internet security needs. Its modular design means that optional features can be purchased at any time to support, for example, e-mail and Web access control.

  • Page 10: What Is A Virtual Private Network

    In other words, a VPN allows roaming or remote users to securely connect to corporate LAN resources, such as shared folders, applications, databases or e-mail. Several VPN protocols are available, such as the PPTP protocol explained in this manual. Figure 2.1. VPN Concept © VASCO Data Security 2011...

  • Page 11: What I Pptp?

    PPTP server and back again. The image below shows the structure of a PPTP network packet. Figure 2.2. PPTP Packet 2.3.2. Key Elements of PPTP Security The PPTP protocol provides the following key security elements: © VASCO Data Security 2011...
  • Page 12 If the received response matches, the server acknowledges the authentication; if not, the connection is terminated. • PAP is not supported by the aXsGUARD Gatekeeper because it is insecure. Only MS-CHAP is supported. • VASCO recommends DIGIPASS authentication, as this is the most secure option.

  • Page 13: Standard Pptp Deployment

    PPTP uses the Compression Control Protocol (CCP) used by the PPP protocol. PPP negotiates MPPE (see above) with the aXsGUARD Gatekeeper PPTP server using CCP. 2.4. Standard PPTP Deployment Two hosts are involved in the deployment of PPTP: •...

  • Page 14: Routing Scenarios

    2.5.2. Source and Destination Address in Different IP Ranges The client’s PPP interface has an IP address in a different IP range than the LAN of the PPTP server, as shown in the image below. Standard routing applies. © VASCO Data Security 2011...

  • Page 15: Source And Destination Address In The Same Ip Range

    IP address 10.0.0.1 as its destination. Since this IP address (10.0.0.1) is in a different range than the aXsGUARD Gatekeeper LAN, the packet is automatically routed through the PPP interface (gateway) of the aXsGUARD Gatekeeper. 2.5.3. Source and Destination address in the Same IP Range The client’s PPP interface has an IP address in the same IP range as the LAN IP...

  • Page 16: Firewalls And Pptp

    IP address 192.168.250.100 as its destination. Since this address is within the same IP range as the aXsGUARD Gatekeeper LAN, the contacted server "thinks" it can reply directly via the LAN using ARP. This is not the case, since the reply needs be routed back to the originating client and not the LAN.
  • Page 17 LAN through the hijacked computer’s PPTP connection. Recommendations • Create strict, separate aXsGUARD Gatekeeper Firewall Policies for PPTP VPN access on a user / group basis in agreement with your company policies, as explained above. The aXsGUARD Gatekeeper PPTP Firewall configuration is explained in Section 3.6, “PPTP Firewall...

  • Page 18: Pptp Server Configuration

    Before you can access the PPTP configuration settings, you must activate the PPTP feature on the aXsGUARD Gatekeeper. 1. Log on to the aXsGUARD Gatekeeper as explained in the System Administration How To. 2. Navigate to System ⇒ Feature Activation.

  • Page 19: General Configuration Settings

    3.3. General Configuration Settings 1. Log on to the aXsGUARD Gatekeeper as explained in the System Administration How To. 2. Navigate to VPN & RAS ⇒ PPTP ⇒ General. A screen as shown below is displayed. 3. Configure the settings as explained in the table below.
  • Page 20 This is required when using Directory Services password Naming authentication (see note below). Server (WINS) Table 3.1. PPTP General Settings The aXsGUARD Gatekeeper itself is not a WINS server. The WINS server is usually the primary domain controller in your windows domain. © VASCO Data Security 2011...

  • Page 21: Authentication Settings

    Administrator Tool. 3.4.3. Configuring the Authentication Method To set or adjust the authentication settings for the PPTP service: 1. Log on to the aXsGUARD Gatekeeper with an administrator account. 2. Navigate to Authentication ⇒ Services. 3. Select the PPTP VPN service.

  • Page 22: User Settings

    To adjust a user’s VPN settings: 1. Navigate to Users & Groups ⇒ Users. 2. Select the appropriate user name. 3. Select the Remote Access tab and adjust the settings as explained in the table below. © VASCO Data Security 2011...
  • Page 23 This field only appears when the option above is checked. Enter the VPN password twice for verification. PPTP Check to enable PPTP access for the user. Uncheck to disable (VPN) PPTP access. Table 3.2. PPTP User Settings © VASCO Data Security 2011...

  • Page 24: Pptp Firewall Settings

    Figure 3.5. Firewall Configuration 3.6.2. Allowing PPTP Traffic PPTP traffic must be allowed by the aXsGUARD Gatekeeper for clients to successfully connect to the PPTP service. The int-pptp-1 and int-pptp-2 rules are automatically added to the stat-int (system-wide) Firewall Policy when the PPTP service is activated via System ⇒...
  • Page 25 • To implement even stricter Firewall Policies than the system default policies. A list of aXsGUARD Gatekeeper Firewall Rules that are active by default is available in the Firewall How To. This document can be accessed via the on- screen Documentation button in the Administrator Tool. You can also click on a Firewall Rule / Policy to view its contents.

  • Page 26: Example Of Firewall Settings For Pptp

    2. Search for the fwd-access-lan Rule and click to view its contents. 3. Click on the Edit as New button. 4. Provide a name and description for the new Rule. 5. Check the enabled option. 6. Do not specify a Source IP. © VASCO Data Security 2011...

  • Page 27: Logging

    Administrator Tool. 3.7. Logging To access the PPTP logs 1. Log on to the aXsGUARD Gatekeeper as explained in the System Administration How To. 2. Navigate to VPN & RAS ⇒ Logs ⇒ PPTP. 3. Click on the appropriate log file.
  • Page 28 • The public IP address of the remote client • The PPP IP address used by the remote client • The authentication information • Information about encryption • The type of compression • Useful error messages for troubleshooting © VASCO Data Security 2011...

  • Page 29: Pptp Client Configuration

    4.2. Client-Side Firewall As mentioned in Section 2.6, “Firewalls and PPTP”, VASCO recommends the use of a strong client-side Firewall. Ensure that PPTP VPN pass-through is allowed on the client Firewall, otherwise you will not be able to connect to the aXsGUARD Gatekeeper PPTP server.
  • Page 30 Figure 4.1. Windows XP Network Connections 3. Select Connect to the network at my workplace and click on Next. Figure 4.2. Connecting to the Network at my Workplace 4. Select Virtual Private Network Connection and click on Next. © VASCO Data Security 2011...
  • Page 31 Figure 4.3. Virtual Private Connection 5. Enter a Connection Name and click on Next. Figure 4.4. Connection Name © VASCO Data Security 2011...
  • Page 32 6. Enter the public IP address or the public FQDN of the aXsGUARD Gatekeeper PPTP server and click on Next. Afterwards click on Finish. Figure 4.5. VPN Server Selection 7. In the connection screen, click on Properties. © VASCO Data Security 2011...
  • Page 33 Figure 4.6. PPTP VPN Properties 8. Select the Security Tab and check the Require data encryption option. Click on OK to continue. © VASCO Data Security 2011...

  • Page 34: Windows Vista Configuration

    Connect button. The connection should be up after a few seconds. You can verify the status of the VPN connection by navigating to the Network Connections screen (see step 1). 4.4. Windows Vista Configuration 1. From the Start button, select Connect To. © VASCO Data Security 2011...
  • Page 35 Figure 4.8. Windows Vista PPTP Setup 2. Select Set up a connection or network. © VASCO Data Security 2011...
  • Page 36 Figure 4.9. Set up a Connection or Network 3. Select Connect to a workplace. 4. Click on Next. Figure 4.10. Connect to a Workplace © VASCO Data Security 2011...
  • Page 37 No, create a new connection and click on Next. 6. In the Internet Address field, type the external IP address or the FQDN of the aXsGUARD Gatekeeper PPTP server. 7. In the Destination Name field, type a description for your PPTP VPN Connection.
  • Page 38 Figure 4.12. Connection IP and Description 9. Enter the username and password provided by your system administrator. Do not enter a password if you are using DIGIPASS authentication. © VASCO Data Security 2011...
  • Page 39 Figure 4.13. User Name and Password Screen 10. Click on the Create button and then the Close button. Figure 4.14. Final Configuration Step © VASCO Data Security 2011...
  • Page 40 12. Select the VPN connection in the window and click on Connect. Figure 4.15. Connecting to the PPTP Server 13. Enter the user name and password provided by your system administrator and click on the Connect button. The connection should be up after a few seconds. © VASCO Data Security 2011...
  • Page 41 Network Icon in the lower right corner of your Windows desktop (see the image below). Figure 4.17. PPTP Connection Status 4.5. Windows 7 Configuration 1. Click on the Start button and navigate to the Control Panel. © VASCO Data Security 2011...
  • Page 42 Figure 4.18. Windows 7 Control Panel 2. In the Control Panel, select Network and Internet. © VASCO Data Security 2011...
  • Page 43 Figure 4.19. Windows 7 Control Panel 3. Select Network and Sharing Center. Figure 4.20. Windows 7 Network and Sharing Center 4. Click on Set up a new connection or network. © VASCO Data Security 2011...
  • Page 44 Figure 4.21. Set up a New Connection or Network 5. Select Connect to a Workplace and click on Next. Figure 4.22. Connect to a Workplace 6. Select the first option (create a new connection) as shown below and click on Next. © VASCO Data Security 2011...
  • Page 45 Figure 4.23. Creating a New Connection 7. Click on Use my Internet connection. Figure 4.24. Creating a New Connection © VASCO Data Security 2011...
  • Page 46 8. Enter the external IP address or FQDN of the aXsGUARD Gatekeeper PPTP server you are connecting to (e.g. 62.58.227.146 vpn.mydomain.com and enter a name for the connection (e.g. office). 9. Leave the other options open and click on Next.
  • Page 47 Internet connection. You can verify the status of the VPN connection by clicking on the Network Icon in the lower right corner of your Windows desktop (see the image below). © VASCO Data Security 2011...
  • Page 48 Figure 4.27. PPTP Status © VASCO Data Security 2011...

  • Page 49: Client-Side Troubleshooting

    2. Check if the connecting PC is in a Windows domain. If this is the case, check the properties of your VPN connection and ensure that the Include Windows logon domain option is unchecked (see image below). © VASCO Data Security 2011...
  • Page 50 PPTP Error 678: There was no answer. See error 769 above. PPTP Error 619: the specified port is not connected. If you see the following message: © VASCO Data Security 2011...

  • Page 51: Server-Side Troubleshooting

    AD user account isn’t locked. If the user is not present or locked, authentication fails. • A WINS server is required. The aXsGUARD Gatekeeper needs to be able to resolve the domain/workgroup to the AD IP (see Section 3.4.2, “Supported...
  • Page 52 1. Log on to the aXsGUARD Gatekeeper Administrator Tool as explained in the Command Line Interface How To. 2. Use the tcpdump command on the Internet device. PPTP log Error GRE: read(fd=7,buffer=8056b60,len=8260) from network failed: status = -1 error = Protocol not available 1.

  • Page 53: Support

    6.2. If you encounter a problem If you encounter a problem with a VASCO product, follow the steps below: 1. Check whether your problem has already been solved and reported in the Knowledge Base at the following URL: http://www.vasco.com/support...
  • Page 54 Alphabetical Index Authentication, Supported Authentication Methods aXsGUARD Gatekeeper, What is the aXsGUARD Gatekeeper? CHAP, Key Elements of PPTP Security Control channel, Standard PPTP Deployment Data channel, Standard PPTP Deployment Documentation, Available Guides Encapsulation, Protocol Description Firewall rights, Firewall Rights GRE,...
  • Page 55 Routing, Overview Support, Support Troubleshooting, Troubleshooting Tunneling, Protocol Description Virtual private network, What is a Virtual Private Network? VPN, What is a Virtual Private Network? © VASCO Data Security 2011...

Table of Contents