manualshive.com logo in svg

Vasco Personal aXsGUARD, Installation And Configuration Manual

The Vasco Personal aXsGUARD is a comprehensive security solution for personal use. Ensure smooth operation with the Installation And Configuration Manual, available for free download from our website. This essential manual provides step-by-step guidance for setting up and optimizing your aXsGUARD for maximum protection.

Share
Download
background image

Personal aXsGUARD - 7.7.1

Chapter 4. Server-Side Configuration

© VASCO Data Security 2013

16

Figure 4.3. PAX Network Settings

Parameter

Description

Remote LAN IP – Address Netmask

This is the LAN IP address and subnet mask to be assigned to the PAX.
Use the CIDR notation, e.g. 

10.0.0.1/24

. Use the IP address specified

here to access the web-based Administrator Tool of the PAX (explained in

Chapter 5, Client-Side Configuration

).

Do  not  use  the  aXsGUARD  DNS
Servers

(See  note  below)  Leave  this  option  unchecked  if  you  want  to  use  the
aXsGUARD Gatekeeper DNS server while the VPN tunnel is up. Check
this  option  if  you  are  using  another  DNS  server  (not  the  aXsGUARD
Gatekeeper), e.g. an Active Directory DNS server. You can specify one or
multiple DNS servers using the Add button.

DNS Server IP list

(See note below ) If the Do not use the aXsGUARD DNS Servers option is
selected, this field becomes available so you can enter the IP address(es) of
the DNS server(s) to be used while the VPN tunnel is up, i.e. DNS servers
other than the aXsGUARD Gatekeeper. Use the Add button to enter the IP
address(es).

Route all traffic through Tunnel

If this option is selected, all traffic leaving the PAX’s client is routed via the
VPN tunnel, including traffic towards the Internet. As a result, the corporate
aXsGUARD Gatekeeper acts as an Internet / network Gateway If this option
is unchecked, traffic towards the Internet is routed via the default gateway
of the PAX’s client.

Routing 

towards 

the 

following

networks

Specify  the  networks  which  must  be  accessible  via  the  VPN  connection.
By default, the IP address of the aXsGUARD Gatekeeper’s primary LAN
interface is already provided. You must manually add the network address
of any other networks that must be accessible via the VPN connection. Use
the  CIDR  notation,  e.g. 

192.168.230.0/24

.  Use  the  Add  button  to

enter the network address(es).

Enable WAN to LAN in NAT setup

Check  this  option  if  the  WAN  interface  of  your  PAX  is  connected  to  a
NAT’d network segment and you wish to grant access to the PAX’s LAN
from  hosts  of  this  NAT’d  segment,  as  explained  in 

Section  3.4,  “NAT

Traversal”

.

Allow  access  from  these  networks  to
LAN

If the option Enable LAN access from WAN is enabled, you must specify the
network address of the NAT’d network segment which is allowed to connect
the PAX’s LAN (see 

Section 3.4, “NAT Traversal”

 for more details). Use

the CIDR notation to specify the network, e.g. 

172.16.0.0/24

. Use

the Add button to enter the network addresses.

Table 4.3. PAX Client Settings - Network Tab

Summary of Contents for Personal aXsGUARD

Page 1: ...Personal aXsGUARD Installation and Configuration Guide 7 7 1...

Page 2: ...ou May Need 6 3 2 Central Management and PKI 6 3 3 Security Recommendations 7 3 4 NAT Traversal 8 3 4 1 Purpose and Definition 8 3 4 2 UPnP and NAT PMP 8 3 4 3 DNAT and Port Forwarding 8 3 4 4 SNAT an...

Page 3: ...boot Procedure 26 6 Status Logging and Diagnostics 27 6 1 Overview 27 6 2 Checking the Status 27 6 2 1 On the aXsGUARD Gatekeeper 27 6 2 2 On the Personal aXsGUARD 27 6 3 Checking the Logs 27 6 3 1 On...

Page 4: ...RES LIABILITY DESPITE THE FOREGOING EXCLUSIONS AND LIMITATIONS Intellectual Property and Copyright VASCO Products contain proprietary and confidential information VASCO Data Security Inc and or VASCO...

Page 5: ...and connect the Personal aXsGUARD with the corporate aXsGUARD Gatekeeper starting with the factory default settings In Chapter 6 Status Logging and Diagnostics we explain how to access the Personal aX...

Page 6: ...r design means that optional features can be purchased at any time to support for example e mail and Web access control The aXsGUARD Gatekeeper can easily be integrated into existing IT infrastructure...

Page 7: ...tional in service appliance requires the following steps 1 Logging on to the aXsGUARD Gatekeeper as the default sysadmin user and changing the sysadmin password 2 Creating a new user with full adminis...

Page 8: ...Warranty Notice Do not press the reset button on the back panel of the AG 1296 model Removal of the protective seal automatically voids the product warranty and will necessitate a replacement Figure...

Page 9: ...Hz Signal Rate 5GHz Up to 450Mbps 2 4GHz Up to 300Mbps EIRP 20dBm Reception Sensitivity 300M_2 4G 70dBm 270M_2 4G 70dBm 195M_2 4G 71dBm 130M_2 4G 74dBm 54M_2 4G 79dBm 6M_2 4G 94dBm 450M_5G 64dBm 405M_...

Page 10: ...tually a hardware OpenVPN client 3 2 Central Management and PKI The hosts client and server involved in an SSL VPN connection use digital certificates for identification and encryption purposes In ter...

Page 11: ...ept ICMP traffic and VASCO remote support connections Figure 3 2 PAX Firewall Scenarios The stat sec Firewall Policy and dynamic policies configured for PPTP L2TP or OpenVPN do not apply to the PAX Al...

Page 12: ...he PAX UPnP basically allows a program to open ports that are necessary for its operation without any warning or intervention from the system administrator For this reason there is a security risk ass...

Page 13: ...ows traffic from the NAT d WAN to traverse the PAX s firewall while incoming Internet traffic remains blocked Figure 3 3 WAN to LAN Option in NAT Environment 3 4 4 SNAT and Masquerading Source Network...

Page 14: ...ly try an alternate IP address in case the primary VPN connection is failing Failover can also be applied at the protocol level since the PAX supports UDP and TCP see Section 3 7 TCP or UDP The defaul...

Page 15: ...s such your PAX becomes a secured wireless access point for your corporate network This requires some minor configuration on the client side Consult the documentation of the client s operating system...

Page 16: ...and IP address es of aXsGUARD Gatekeeper VPN server s on the Internet The user level is limited to stopping and starting the VPN connection initiating a remote support connection and rebooting the PA...

Page 17: ...f the PAX settings on the server side 4 2 Feature Activation Before you can access the menu to configure your PAX settings you need to activate the feature on the aXsGUARD Gatekeeper 1 Log on to the a...

Page 18: ...ersonal aXsGUARD Client 2 Click on Add New 3 Enter the common settings as explained in the table below 4 Enter the settings per tab Each tab is explained separately Section 4 5 General Settings to Sec...

Page 19: ...matically initiated after the PAX has completed its boot procedure If the option is unchecked the VPN must be started manually by accessing the Administrator Tool of the PAX PAX admin password The pas...

Page 20: ...c leaving the PAX s client is routed via the VPN tunnel including traffic towards the Internet As a result the corporate aXsGUARD Gatekeeper acts as an Internet network Gateway If this option is unche...

Page 21: ...fied as the DNS suffix a query for www would result in a DNS query for www mydomain com Start IP Address Netmask The first IP address of the DHCP range using the CIDR notation e g 10 0 0 30 24 End IP...

Page 22: ...y detect this SSID automatically when they are within a proper range Encryption Type The type of encryption to be used for the wireless communication between the client and the PAX See Section 3 6 Wir...

Page 23: ...aining rules of the type through the aXsGUARD Gatekeeper are valid These policies define access to services on the Internet when the VPN tunnel is down Tunnel Firewall Policies only fwd dynamic polici...

Page 24: ...ctivate NAT see Section 4 10 1 Activating NAT 1 Check Enable Automated NAT 2 Select the desired NAT type Figure 4 8 UPnP and NAT PMP 4 10 3 DNAT and Port Forwarding In this section we explain how to c...

Page 25: ...r SMTP traffic Destination IP The IP address of the host to which traffic is forwarded Only one IP address may be entered e g 192 168 1 100 Destination Port The port number to which traffic must be fo...

Page 26: ...packets matching the specified source address e g 80 90 100 200 If left empty any source IP is assumed and the rule applies to all packets Interface LAN WAN The network device that handles the traffic...

Page 27: ...68 1 1 Netmask 255 255 255 0 DHCP Server Enabled admin login password login admin password admin all lower cases user login password login user password user all lower cases URL to access the PAX Admi...

Page 28: ...gs of your Internet browser before you start The PAX Administrator Tool may not be accessible if a proxy server is configured 1 Configure your client s network interface so that it uses the PAX DHCP s...

Page 29: ...FQDN or IP address e g if the client needs a VPN connection to several sites or in a failover situation VPN Protocol Type Auto Use this option to automatically detect the VPN protocol type used by the...

Page 30: ...a valid client certificate is present 5 5 Reboot Procedure 1 Log on to the PAX as explained in Section 5 4 Installation Instructions 2 Click on Reboot Now Figure 5 4 Rebooting the PAX The reboot proc...

Page 31: ...Administrator Tool 2 Navigate to VPN RAS Status Personal aXsGUARD Figure 6 1 Status Information Screen aXsGUARD Gatekeeper administrators can easily reboot any connected PAX by clicking on the reboot...

Page 32: ...ines Any event that is logged after reaching the threshold will replace the oldest entry 1 Log on to the PAX Administrator Tool as explained in Section 5 4 Installation Instructions 2 Click on Logging...

Page 33: ...es in the status screen If the load is persistently high try rebooting the PAX If rebooting doesn t solve the problem contact VASCO Support 6 5 Initiating a Remote Support Connection To initiate a rem...

Page 34: ...s of your Internet browser If a proxy server is configured you may not be able to access the PAX Administrator Tool Clear the settings and try again Consult your browser s documentation if necessary V...

Page 35: ...nd reported in the Knowledge Base at the following URL http www vasco com support 2 If there is no solution in the Knowledge Base please contact the company which supplied you with the VASCO product 3...

Page 36: ...4 2 PAX Client Settings 14 4 3 PAX Network Settings 16 4 4 PAX Client DHCP Settings 17 4 5 PAX Wireless Settings 18 4 6 PAX Firewall Configuration 19 4 7 Activating NAT 20 4 8 UPnP and NAT PMP 20 4 9...

Page 37: ...General Tab 15 4 3 PAX Client Settings Network Tab 16 4 4 PAX Client DHCP Tab 17 4 5 PAX Wireless Settings Tab 18 4 6 Firewall Settings Tab 19 4 7 PAX NAT Settings Tab 21 4 8 PAX SNAT and Masquerading...

Page 38: ...Personal aXsGUARD 7 7 1 VASCO Data Security 2013 xxxiv List of Examples 3 1 Maintenance of master in HA cluster 11 3 2 Selecting UDP as the VPN protocol 11...

Page 39: ...n 7 18 L Licensed appliance 3 Logging 27 M Masquerading 21 N NAT 8 21 NAT Port Mapping 8 NAT PMP 8 Network Address Translation 8 21 21 R Reboot 26 Remote support 12 S SNAT 21 Spare unit 2 SSID 18 Stat...

Reviews:

No comments

Related manuals for Personal aXsGUARD

Abocom BM200 Specification Sheet preview
BM200
Brand: Abocom Pages: 3
Arista DCA-NDR-A5 Quick Start Manual preview
DCA-NDR-A5
Brand: Arista Pages: 34
Fortinet FortiGate 1000A Administration Manual preview
FortiGate 1000A
Brand: Fortinet Pages: 412
PaloAlto Networks PA-5400 Series Hardware Reference Manual preview
PA-5400 Series
Brand: PaloAlto Networks Pages: 92
D-Link NetDefend DFL-860E Datasheet preview
NetDefend DFL-860E
Brand: D-Link Pages: 6
BESTEK NSP-10H6 User Manual preview
NSP-10H6
Brand: BESTEK Pages: 41

Brands by name

Popular brands

Load more brands