How to configure a VPN security device in three steps

Source: Internet
Author: User

With the gradual popularization of the network, more and more enterprises begin to establish their own branches in multiple places. However, because many internal applications of enterprises involve business privacy, therefore, how to make the branch structure securely and smoothly use these applications becomes a topic of concern to every enterprise network administrator. Generally, we can use VPN security devices to implement remote user or branch access services, verify the remote access permission through VPN. So how should we set up VPN security devices? The following describes how to configure a VPN security device in three steps based on my years of practical application and experience in setting up multiple VPN security devices for IT168 readers. (1)

498) this. style. width = 498; "border = 0>


I. Functions of VPN security devices:

Before configuring a VPN security device, we need to know what it can do for us, so that we can better understand why we need to set certain configurations and parameters.

VPN is short for Virtual Private Network, also known as Virtual Private Network, it is a communication method commonly used to connect a large enterprise or a private network between a group and a group. Messages from a virtual private network are transmitted through a public network architecture (such as the Internet) over the Intranet.

Through VPN, we can connect the Internet or remote branch structure to the intranet of an enterprise, obtain the IP address of the same network segment as other computers on the Intranet, and use intranet-related services and network applications. However, to make the VPN run properly, we need to first set up the corresponding account with the Remote Access VPN device, and then assign the intranet application service categories allowed to connect according to the account permissions, you must know that a high-performance VPN device cannot only provide access without assigning access permissions, by dividing permissions, we can ensure that the VPN can be remotely connected to the Intranet and prohibit unauthorized access. At the same time, the various network parameters of the VPN device must be reasonably configured. The following describes how to set up a VPN security device based on the configurations of multiple VPNs.

 

2. Three Steps to configure a VPN security device:

I have been working as a network administrator for six years. During this period, I started the VPN service on windows 2003 and made relevant settings on multiple dedicated VPN security devices. Aside from the VPN established between systems and software such as windows 2003, because the VPN performance and security set up by the software are not as good as professional VPN security access equipment, the lack of performance narrow the application scope. Therefore, we will introduce the configuration of professional VPN security devices as an example. I will summarize the configuration of VPN security devices as three major steps.

(1) set the network parameters of VPN security devices:

The network parameters of any VPN security device must be set in advance. The default information is definitely not in line with our enterprise's actual application. The network parameters involved here mainly include the Intranet IP address and Internet IP address of the VPN security device. Next, let's take a look at how to configure the network parameters of the VPN security device from the first step.

Step 1: first use the default Management address of the VPN to access the management interface. Generally, a vendor plug-in is automatically installed. (2)

498) this. style. width = 498; "border = 0>

Step 2: after entering the management interface, the corresponding configuration menu is displayed on the left. The VPN security devices are different, but there will be an option similar to "quick configuration, with this option, we can configure the basic information and network parameters of the VPN device. (3)

498) this. style. width = 498; "border = 0>

Step 3: configure the Intranet interface of the VPN security product. You only need to enter the Intranet IP address of the enterprise. Remember not to conflict with the IP address of other computers, the subnet mask information is also filled in according to the actual situation. (4)

498) this. style. width = 498; "border = 0>

Step 4: Set the Internet interface. Generally, VPN security products support dynamic IP addresses, static IP addresses, and pppoe adsl dialing methods. We can set them according to the actual situation of the enterprise, note that when setting static IP addresses and other information, do not forget to write the DNS address and default gateway address. (5)

498) this. style. width = 498; "border = 0>

TIPS:

Generally, VPN devices are placed on the outermost layer of the enterprise network, so DHCP servers are rarely installed on the outer layer. Therefore, for VPN security devices, there are few ways to dynamically obtain WAN interfaces, generally, it is not used.

Step 5: Set the connection IP address of the VPN Server. This address is very important. When the client connects to the server through the VPN access program, you must enter this address and the corresponding port, generally, the IP address must be the same as the WAN interface IP address of the VPN security device. (6)

498) this. style. width = 498; "border = 0>

TIPS:

The IP address used by the VPN Server, especially the port information, is not static. Because the Enterprise Intranet has a firewall, the custom server application port function cannot be missing. You can find the option to modify the VPN listening port in the Basic settings of the VPN. (7)

498) this. style. width = 498; "border = 0>

For the VPN Server address, port, and LAN interface of the VPN device, After configuring the WAN interface IP address, we have completed the first step, next, configure the VPN access account and permission information.

(2) set the VPN access account information:

For enterprises, we can classify VPN access security by setting VPN access accounts with different permissions for different user groups to achieve multi-layer management of enterprise remote access. However

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.