Home

HotBrick SoHo LB-2 (LB2) Firewall

1. Click to go back Figure 10 LB 2 VPN log with VPN tunnel established HotBrick Microsoft Internet Explorer CES Fie Edit View Favorites Tools Help 3 La P se i i A aa 2 Kaal lan K Back p a ia A Search Favorites Media L j Os Kee F 33 Address http 67 111 37 232 9953 cgi bin loginfaccess py v Go Links 7 Brick Firewall VPN 600 2 A Home Welcome admin Setup Wizard Advanced Setup TE Exit 1 Tunnel Name testtunnel Type IPSec E System Status ersion Local Gateway Remote Gateway 0_1_0515 192 168 3 0 24 67 111 37 232 67 111 37 230 192 168 1 0 24 Serial Number HBO6WDOZNRIPNRTA up since 07 32pm Uptime 32 min CPU Time vpe Ei Seve age bus 25 E a K Nov 29 19 28 38 IKE SI L Tunnel Name testtunnel arr 2 STATE_QUICK_R2 IPsec SA established Lc 32768 KB Nov 29 19 28 38 IKE Notification L Tunnel Name testtunnel Phase 2 responding to Quick Mode Free 15152 KB Nov 29 19 28 37 IKE ISH L Tunnel Name testtunnel Phase 1 STATE_MAIN_R3 sent MR3 ISAKMP SA established Storage Nov 29 19 28 37 IKE Notification L Tunnel Name testtunnel Phase 1 Peer ID is ID_IPV4_ADDR Total 512 KB 67 111 37 230 Free 416 KB Nov 29 19 28 35 Notification Tunnel Name testtunnel Phase 1 responding to Main Mode a Network Status Nov 29 19 27 05 IKE Notification last message repeated 1 times aps Ms Nov 29 19 25 55 IKE Notification Tunnel Name test
2. Hot Brick Donjt Get Hacked Get HotBrick j x _ a E 30 Of ficial le En n camenti UIT better way to get your HotBrick product up and running Firewall HotBrick LB 2 VPN VPN 600 2 How To LB 2 IPSec Tunnel with HotBrick VPN 600 2 Setup Guide Bom biir ean en ree eet Ease eae USA EUROPE BRAZIL in Da e E Miami iL Amste O io Paulo SP brickcom T T www hothrick com hr In Sumorte hothrick com br Rot Brick 2 SA EUROPE BRAZIL Don t GetHacked_Get HotBrick 7243 NW 54th Street Generatorstraat 26 Francisco Tramontano 100 Miami FL 33166 Hengelo 0v 7556 RC Amsterdam 05686 010 Sa0 Paulo SP WWW hothrickicom Netherlands WWW hothrick com br support hothrick com www hothrick nl suporte hothrick com ir LB 2 IPSec Tunnel with HotBrick VPN 600 2 Setup Guide The HotBrick LB 2 is a VPN capable Dual WAN Gateway with industry standard IPsec encryption It provides extremely secure LAN to LAN connectivity over the Internet The LB 2 supports VPN by encryption encapsulation and authentication using the following methods DES 3DES AES MD 5 SHA 1 SHA 2 The maximum tunnels allowed are 10 VPN tunnels This setup guide will help the user establish an IPsec VPN tunnel between an LB 2 VPN and a HotBrick VPN 600 2 or HotBrick 1200 2 The LB 2 must have the VPN upgrade to establish an IPSec Tunnel IPsec Tunnel between an LB 2 VPN and HotBrick VPN 600 2 ADSL Internet Connect
3. a File Edit View Favorites Tools Help pad amp ix a A Search Pp Favorites A media E S gt N LJ 33 Address http 67 111 37 230 8080 l g v Ean Une a i Brick Load Balancer LB 2 Login Time 6 11 P M a Raas Encryption Method 3DES v Advanced Port at m Authentication Method MDS v Advanced Setup ESP Mode Security Management PN Configuration Key Management Global Setting Key Type Autokey IKE lt _ Policy Setup Phase 1 Negotiation Main Mode Aggressive Mode slog Perfect Foward Secrecy No PFS v QoS Configuration Preshared Key 3053980888 k Characters Hex 0x Management Assistant Key Lifetime In Time 57600 Seconds Note 0 for no expiry Network Info In Volume 10000 Kbytes NetBIOS Broadcast V Enable Check ESP Pad C Enable Keep Alive V Enable Allow Full ECN Cl Enable Anti Replay Cl Enable Copy DF Flag Cl Enable Passive Mode Enable Set DF Flag L Enable Security Association List State Name Security Gateway Remote Site Security Policy Key Type WEAN Status Figure 5 Policy Setup for site one 25 Under Key Management there are two types Autokey IKE or Manual Key 26 If AutoKey IKE your Phase 1 Negotiation can be Main Mode or Aggressive Mode In our example we used Main Mode How To establish an VPN Tunnel with LB 2 VPN to VPN 600 2 Property of HotBrick 2005 5 EUROPE Generatorstraat 26 Hengelo Ov 7556 RE Amsterdam Netherlands WWW hothrick n
4. WWW hothrickicom Netherlands r WWw hothrick com br SuUppOor hothrick com Z www hothrick nl suporte hothrick com bhr 15 Under Traffic Selector for Service Protocol Type select ANY 16 Under Local Security Network for Local Type select subnet 17 The IP address must reflect the entire subnet In Figure 3 and Figure 4 a Site One IP address is 192 168 1 0 and Mask Address 255 255 255 0 b Site Two IP address is 192 168 2 0 and Mask Address 255 255 255 0 c NOTE LAN subnets and IP addresses must be different or there will be overlapping 18 The Port Range can be left at O 0 19 For Remote Security Network for Remote Type select Subnet 20 The IP address must again reflect the entire subnet In our example the remote security network for Site One is 192 168 1 0 and for Site two its 192 168 2 0 Please see Figure 3 and Figure 4 21 For the Remote Security Gateway the gateway type is IP Address unless you have a Domain Name registered for the remote gateway of the other sites LB 2 22 Under Security Level the VPN IPSec Tunnel will always be in ESP Encapsulating Security Payload mode 23 For the Encryption method you can choose from Null DES 3DES or AES In our example we have chosen 3DES Please see figure 5 and figure 6 24 For the Authentication Method you can choose from Null MD5 SHA 1 SHA 2 In our example we have chosen SHA 1 ZA HotBrick Load Balancer LB 2 Microsoft Internet Explorer fe fe x
5. 2 Favorites A media E GS d S L 33 Address http 67 111 37 230 8080 Brick Login Time 6 11 P M Basic Setup Advanced Port Advanced Setup Security Management PN Configuration Global Setting Policy Setup Log QoS Configuration Management Assistant Network Info How To establish an VPN Tunnel with LB 2 VPN to VPN 600 2 v Go Links Load Balancer LB 2 F Encryption Method 3DES Q Authentication Method MDS Q ESP Mode Key Type autokey IKE Phase 1 Negotiation Main Mode Aggressive Mode Perfect Foward Secrecy No PFS v Preshared Key 3053980888 Characters Hex Ox Key Lifetime In Time 57600 lSeconds Note O for no expiry In Volume 10000 Kbytes NetBIOS Broadcast M Enable Check ESP Pad Cl Enable Keep Alive M Enable Allow Full ECN C Enable J Anti Replay Cl Enable Copy DF Flag C Enable Passive Mode Cl Enable Set DF Flag Cl Enable RER Security Association List State Name Security Gateway Remote Site Security Policy Key Type WAN Status z Figure 4 IPSec Traffic Binding for site two Property of HotBrick 2005 BRAZIL Francisco Tramontano 100 05686 010 S 0 Paulo SP WWW hothrick com br suporte hothrick com hr s C pe Hoto 2 SA EUROPE BRAZIL Don t GetHacked Get HotBrick 7243 NW 54th Street Generatorstraat 26 Francisco Tramontano 100 l Miami FL33166 Hengelo 0v 7556 RC Amsterdam 05686 010 S 0 Paulo SP
6. RC Amsterdam Netherlands l WWW hothrick ni 1243 NW54th Street Miami FL33166 wWwww hotirickcom support hothrick com 2 HotBrick Load Balancer LB 2 Microsoft Internet Explorer File Edit View Favorites Tools Help Q pad Y amp x a A P Search 5 2 Favorites A media amp Gs es i LJ 3S TR Brick Login Time 6 11 P M Basic Setup Advanced Port Advanced Setup Security Management PN Configuration Global Setting Policy Setup Log QoS Configuration Management Assistant Network Info Address http 67 111 37 230 8080 x Go tnks 55 Load Balancer LB 2 amp HELP YPN Tunnel List Testtunnel Tunnel Name Testtunnel Tunnel IZ Enable WAN Port WaN 1 Y K PPPoE Session Session 1 Service Protocol Type Any Local Type Subnet J Local Security Network IP Address 192 168 1 0 Mask Address 255 255 255 0 Port Range 0 lo Remote Type Subnet v Remote Security Network IP Address 192 168 3 0 Mask Address 255 255 255 0 Port Range 0 o Gateway Type IP Address v Remote Security Gateway IP Address 67 111 37 232 Encryption Method 3DES Authentication Method MDS v v Figure 3 IPSec Traffic Binding for site one HotBrick Load Balancer LB 2 Microsoft Internet Explorer File Edit view Favorites Tools Help ZE Q sad Y QJ x E A pP Search 5
7. S IPSec EEE er et AHT sua T mos ESP Encryption Algorithms IV 3DES V DES ESP Authentication Algorithms M SHA T MDS IP Comp DEFLATE LZS Key Life 57600 Second v Networking No Local Area Network Local Area Network Figure 8 VPN Configure page of HotBrick 600 2 continued Under Networking for the Local Area Network make sure subnet is selected Input the subnet of the HotBrick VPN 600 2 In our example it is 192 168 3 0 and subnet mask 255 255 255 0 Under Remote VPN Gateway IP is the IP address of the LB 2 VPN Make sure Remote Area Network is selected and the subnet is also selected Input the subnet of the LB 2 VPN In our example is 192 168 1 0 with subnet mask 255 255 255 0 Hit Update How To establish an VPN Tunnel with LB 2 VPN to VPN 600 2 Property of HotBrick 2005 8 Rat Brick TRY EUROPE BRAZIL Don t GetHacked Get HotBrick 7243 NW 54th Street Generatorstraat 26 Francisco Tramontano 100 Miami FL 33166 Hengelo 0v 7556 RC Amsterdam 05686 010 Sao0 Paulo SP Www hothrickcom Netherlands WWW hothrick com br Sunpont hothrick com www hothrick nl suporte hothrick com pr 3 HotBrick Microsoft Internet Explorer File Edit View Favorites Tools Help w A O sfc Favori x OO R mE Back gt x a i A Search Favorites w Media L d OS koe 3 Address http 67 111 37 232 9953 cqi binfloginfaccess py vE Links Brick Firewall VPN 600 2 TUC K Basic Netw
8. e Edit View Favorites Tools Help Fia S H O Pe Favori A 2 mE Back gt x a D A Search Favorites a Media E2 os Kee d 3 Address 11 http 67 111 37 232 9953 cgi bin loginfaccess py v Eco Links 7 TR Brick Firewall VPN 600 2 TOC gt Basic Network Setup Network Policy PN WebFilter Intranet System Service Log a Home L jMELP Setup Wizard Advanced Setup Status Configure Certificate PPTP L2TP e Add New Tunnel Tunnel Name testtunnel System Status ersion 0_1_0515 IKE Serial Number eee a HBO6 WDOZNRIPNRTA Authentication Type Pre Shared Key The machine has been String up since i 07 32pm Uptime 32 min 3053980888 CPU Key busy 25 3 A HINT The maximum length of Pre Shared Key is 128 strings RAM RSA Signature Total 32768 KB Free 15152 KB L xso9 Remote ID Storage Total 512 KB Hex Free 416 KB Remote Public Key 2a Network Status WAN1 IP 5 B G PE PA WANZ IP Disable irtual Lan IP 192 168 3 1 HINT The maximum length of Remote Public Key is 512 hex Figure 7 VPN Configure page of HotBrick 600 2 Make sure the key life is 57600 second for the Key life For the IPSec Section make sure that you select ESP Encryption ESP Authentication Make sure that the key life for the IPSec section is 57600 seconds for the key life SO anaes How To establish an VPN Tunnel with LB 2 VPN to VPN 600 2 Pr
9. ion VPN IPSec Tunnel Ti Internat Connection SDSL Internet Connection L Q gt Cable Internet Connection HotBrick LB 2 VPN HotBrick VPN 600 2 Site One Site Two Figure 1 LB 2 VPN and HotBrick VPN 600 2 IPSec Tunnel The picture above displays two sites that are joined by a VPN IPsec tunnel between two LB 2 VPN and a VPN 600 2 For the setup below we will be joining the two LAN subnets through the VPN IPSec tunnel Here is the setup 1 Login to your firewall 2 Go to Advanced Setup 3 VPN Configuration 4 Global Policy please see picture below for the global policy for site one How To establish an VPN Tunnel with LB 2 VPN to VPN 600 2 Property of HotBrick 2005 2 G iat z D d g j P lt TT E 5i ich USA EUROPE BRAZIL Don t GetHacked Get HotBrick 7243 NW 54th Street ALU Gee Led lt Francisco Tramontano 100 S Miami FL33166 Hengelo Ov 7556RC Amsterdam 05686 010 Sao Paulo SP WWW hothrickicom Netherlands WWW hothrick com br SuUppoOrm hothrick com WWW hothrick nl suporte hothrick com tr 4 HotBrick Load Balancer LB 2 Microsoft Internet Explorer fe fe x File Edit Yiew Favorites Tools Help w Q pad Y QJ x a A po Search 52 Favorites A Media 4 3 La S L 33 Address http 67 111 37 230 8080 vE co Une 1 oi Brick Load Balancer LB 2 Login I 1 Time 6 11 P M Basic Setup IKE Global Setting C imeu Advanced Port Global Paramete
10. l BRAZIL Francisco lramontano 100 05686 010 Sa0 Paulo SP WWW Hothrick com br suporte hothrick com hr D lad La i SrICK USA 7243 NW 54th Street Miami FL 33166 WWW hothrickicom support hothrick com Dont GetHacked Get hotBrick 27 For Perfect Forward Secrecy you can choose to enable it or not In our example we have not 28 The Preshared Key must be characters and or hexadecimal units The preshared key entered in our example is 3053980888 29 The Key life time can be set in seconds with zero indicating no expirations In our example we used 57600 seconds or eight hours 30 In Volume is default 10000 Kbytes it is also optional to input 0 zero Kbytes 31 Since we wanted to browse our network we have enabled Netbios Traffic under Options and we enabled keep alive for our Alive Indicator 32 Once all these values all entered you click on Add HotBrick VPN 600 2 Setup 1 Please go to Advanced Setup then VPN 2 Under the Status page make sure that Tunnel Status is at Enable 3 Hit Update HotBrick Microsoft Internet Explorer File Edit View Favorites Tools Help w Q peck Y x a A pO search 5 2 Favorites A Media 4 c c L 33 v EJ co Links 5 Address E http 67 111 37 232 9953 cqi bin loginjaccess py Brick Home Firewall VPN 600 2 TOC Basic Network Setup Network Policy YPN WebFilter Intranet System Service Log A PN Setup Wizard Statu
11. operty of HotBrick 2005 7 Rot Brick Z USA EUROPE BRAZIL GerHotBrick 7243 NW 54th Street HATA GLO UE ELCAN Francisco Tramontano 100 Miami FL 33166 Hengelo 0v 7556 RC Amsterdam 05686 010 Sao Paulo SP WWW hothrickicom Netherlands WWW hothrick com br support hothrickicom www hothrick nl suporte hothrick com ir 3 HotBrick Microsoft Internet Explorer File Edit Yiew Favorites Tools Help ae pad Y QJ D a A Search 5 2 Favorites RL media 4 C d lan 3 Address F http 67 111 37 232 9953 cqi bin loginjaccess py kd gt Go Links Brick Firewall VPN 600 2 P System Status ersion 01 0515 Serial Number HBO6BWDOZNRIPNRTA The machine has been up since 07 32pm Uptime 32 min CPU a 78 RAM Total 32768 KB Free 15152 KB Storage Total 512 KB Free 416 KB 23 Network Status WANI IP 67 111 37 232 WAN2 IP Disable irtual Lan IP 192 168 3 1 10 11 12 13 14 15 Home Setup Wizard TOC gt Basic Network Setup Network Policy PN WebFilter Intranet System Service Log HINT The maximum length of Remote Public Key is 512 hex DH Group DH Groupi DH Group2 DH Groups Algorithms Encryption Algorithms 3DES DES Authentication Algorithms M SHA Iv MDS T Key Life 57600 Second ae Advanced Setup Exit M To issue IKE negotiation actively Phase2 Proposals LAH MIESP Encryption VJESP Authentication LJIP Comp PF
12. ork Setup Network Policy YPN WebFilter Intranet System Service Log Home Networking Setup Wizard Advanced Setup Exit ats No Local Area Network Local Area Network On L J fd System Status hae g Er M Version Hoteick prear dZ Subner 192 168 3 L 255 255 255 0 M 0_1_0515 Serial Number Local YPN Gateway IP HBO6BWDOZNRIPNRTA The machine has been i up since 07 32pm Uptime 32 min Router Ta CPU e ae RAM Total 32768 KB Free 15152 KB Remote VEN Gateway TP Storage 67 l 111 37 230 Total 512 KB Hot Brick Firewall VPN Free 416 KB No Remote Area Network 23 Network Status Remote Area Network WANI IP Orn D i ia 67 111 37 232 WANZ IP subnet 192 168 ft L y 255 255 255 0 v Disable irtual Lan IP 192 168 3 1 Figure 9 VPN Configure page of HotBrick 600 2 continued 16 When you have finished click connect on the LB 2 VPN The Figures 10 shows the log with all the phases of the IPSec tunnel established Figure 11 shows the VPN established on the Home Page of the HotBrick VPN 600 2 How To establish an VPN Tunnel with LB 2 VPN to VPN 600 2 Property of HotBrick 2005 9 E L dia B JIP AN V2 ar TIG USA EUROPE BRAZIL Don t GCetHacked GetHotBrick 7243 NW 34th Street Generatorstraat 26 Francisco Tramontano 100 Miami FLd3166 Hengelo Ov 7556 RC Amsterdam 05686 010 Sa0 Paulo SP WWW hoth
13. rick com Netherlands WWW hothrick com hr SUppor hothrick com www hothrick nl suporte hothrick com br 4 HotBrick Load Balancer LB 2 Microsoft Internet Explorer ala File Edit View Favorites Tools Help LA Q pad Y QJ D a Le ps Search Pp Favorites A media 4 62 gt N L 33 Address http 67 111 37 230 8080 v Eco uke i Qi Brick Load Balancer LB 2 Basic Setup VPN Log Message Status 78 messages a VPN Configuration z ISAKMP SA 67 111 37 230 500 67 111 37 232 500 established with spi Global Setting 7 02 53 42 info isakmp L S00 500 p Advanced Port Advanced Setup isakmp 6d45709a2bbc7f44 30e18e51ab6ed63d Policy Setup 7 02 53 42 Phasel Identity Protection Log 7 02 53 42 Phase 1 Responder Main 3rd Tee 7 02 53 42 Phase 1 Initiator Main 3rd QoS Configuration s taz n 7 02 53 41 Phase 1 Initiator Main 2nd Management Assistant B 92 53 40 phase Initiator Main 1st Network Info 7 02 53 40 Start with Identity Protection mode m 7 02 53 40 Start phase 1 negotiation 67 111 37 230 500 67 111 37 232 500 7 02 53 40 Phasel SA not found IPsec SA request for 67 111 37 232 queued 7 02 53 40 Info isakmp IPsec SA acquire PID 4 7 02 53 40 Start keying IKE Phase1 with remote gateway 67 111 37 232 thru Wani 7 02 53 27 Info isakmp JIKE Phase 2 remote gateway 67 111 37 232 Interface Wan1 Previous page Refresh Mo Next Page Clear all
14. rs WANI WAN2 a E Advanced Setup Security Management PN Configuration Phase 1 DH Group DH Group 2 Y DH Group 2w Global Setting Phase 1 Encryption Method oes CS CS lt Policy Setup Phase 1 Authentication Method MDS lt MDS lt Maxtime to complete Phase 2 300 Seconds 300 Seconds Log Level Log Level Infomation v Figure 2 Global Setting for Site One 5 Under the Global Setting make sure you enable the interface that you want to Global setting to negotiate at 6 If you choose to do a redundant tunnel than you can enable both WAN1 and WAN2 7 Since we are connecting to LB 2s via IPsec the default settings are sufficient 8 Hit Submit 9 The LB 2 will be restarted and refreshed to save the settings 10 After the settings are refreshed click on Policy Setup 11 Under IPSec Traffic Binding input a name for Tunnel Name In Figures 3 and 4 below we have the tunnel name TestLab 12 Make sure you check the enable box for Tunnel 13 For WAN port you can bind the tunnel to WAN1 WAN2 or ANY If you wish to establish a redundant tunnel then choose ANY 14 If you have multiple PPPoE sessions on the WAN ports make sure you select the appropriate session How To establish an VPN Tunnel with LB 2 VPN to VPN 600 2 Property of HotBrick 2005 3 ITE FICK Don t Get ET C Get HotBrick EUROPE Generatorstraat26 Hengelo Ov 7556
15. s Configure Certificate PPTP L2TP Advanced Setup pee Tunnel Type IPSec OPPTP L2TP System Status Version Tunnel Status 0_1_0S15 IPSec Section Serial Number l HBO6WDOZNRIPNRTA Enable Disable The machine has been Page Section up since 07 32pm Uptime 32 min CPU i RAM Total 32768 KB Free 15152 KB Storage Total 512 KB Free 416 KB 23 Network Status WAN IP Ss Ba a ee ass Fg WAN2 IP Disable irtual Lan IP 192 168 3 1 aaia 1 l Auto Data Refresh per 20 seconds 2 Show R tunnels per page IPSec Status 1 1 Tunnel Name test tunnel Type IPSec Status enable i 5 ith E TAE S A S S Enable lb Edit 192 168 3 0 24 192 168 1 0 24 ULU Remote Gateway 67 111 37 230 Local Gateway 67 111 37 232 Figure 6 VPN Status page of HotBrick 600 2 Click on the Configure Tab at Input a name for the Tunnel Our example is testtunnel 6 Input the Pre Shared Key Our example is 3053980888 How To establish an VPN Tunnel with LB 2 VPN to VPN 600 2 Property of HotBrick 2005 6 D D YARN Brick USA EUROPE BRAZIL Don t Get Hacked GetHotBrick 7243 NW 54th Street HALAERE ELCA Francisco Tramontano 100 Miami FL 33166 Hengelo 0v 7556 RC Amsterdam 05686 010 Sa0 Paulo SP WWW hothrick com Netherlands WWW hothrick com pr support hothrick com www hothrick nl suiporte hothrick com br 4 HotBrick Microsoft Internet Explorer Fil
16. tunnel Phase 1 initiating Main Mode WAN2 IP Disable irtual Lan IP 192 168 3 1 Nov 29 19 24 45 azula Information IPSec Configuration 4dd a Tummel testtunnel Noy 29 19 24 45 IK Soufcana Tunnel Name iat Phase 1 initiating Main Mode z Figure 11 Home Page of VPN 600 2 with VPN tunnel established How To establish an VPN Tunnel with LB 2 VPN to VPN 600 2 Property of HotBrick 2005 10

HotBrick SoHo LB-2 (LB2) Firewall

Contents

Download Pdf Manuals

Related Search

Related Contents