======Funk AdmitOne VPN client for PDA configuration with Superstack 3 Firewall====== This document explains the configuration settings for the AdmitOne VPN client from Funk Software (this is an OEM VPN client from SafeNet). This VPN client should work with the Superstack 3 firewall running Agent 6.02 or higher. - **Settings on the Superstack 3 firewall** * VPN SA Name: Any descriptive name. In this example we use the name: vpnclient * IKE support onlyIKE Preshared key: needs to be the same on both client and SA * Remote IPSEC Gateway: 0.0.0.0 * Encryption Scheme: DES or 3DES. This example we use 3DES. * Authentication Scheme : SHA-1 or MD5. In this example we use MD5. * DH Group: Use DH group 1. As of agent 6.3 you can use other DH groups. Need to be the same on both SA and VPN client * VPN Destination network: Needs to be the virtual IP address of the VPN client. In this example we use IP address: 10.1.1.254/255.255.255.255 - 2 **Settings on the Admitone VPN client:** * After installation of the VPN client software, you have to configure a profile. The Policy is secured by a username/password combination. Launch the A1 VPN client. {{ :firewall:configuration:vpn:dsgn9.png?nolink&600 |}} * After login, on the main window of the VPN client, go to “Secure Connections” and create a new Connection definition by doubleclicking “New Connection”. {{ :firewall:configuration:vpn:dsgn_10.png?nolink&600 |}} **Following information is required:** * Tunnel gateway IP address is the WAN IP address of the Superstack 3 firewall * Uncheck “Use IP address as identity”. * User’s Identity is the name of the SA that is confugured on the firewall * Shared Secret is identical to the Shared Secret that is set on the firewall Click ** “Advanced”** on bottom left and uncheck “Auto IKE?IPSec setup”. {{ :firewall:configuration:vpn:dsgn_11.png?nolink&300 |}} * Now, the IKE setup and Ipsec options are enabled. First. Select the IKE setup option and use the settings as shown in the diagram below (3DES, MD5, DH Group 1 , No PFS). Click “OK” to confirm. {{ :firewall:configuration:vpn:dsgn_12.png?nolink&300 |}} * Now, select the IPsec setup in the Advanced configuration. Use the settings as shown in the diagram below. (3DES, MD5, no compression algorithm, no NAT Traversal). Click “OK” to confirm settings. {{ :firewall:configuration:vpn:dsgn_13.png?nolink&300 |}} * Now, you can click the “**Next**” button on the configuration screen. We now need to configure a Virtual adapter. Enter the IP address that corresponds with the IP address that is entered in the Subnet information on the Superstack 3 firewall. Click the “Next” button. {{ :firewall:configuration:vpn:dsgn_14.png?nolink&600 |}} * On the final configuration screen, we create an IP address range that requires encryption. Click the “**New**” button and enter an IP address range (see right screen below). * Click “**OK**” on the IP address Range screen and then “Finish” when you are done configuring secure subnets. {{ :firewall:configuration:vpn:dsgn_15.png?nolink&300 |}} {{ :firewall:configuration:vpn:dsgn_16.png?nolink&300 |}} ======Establishing a VPN connection with the Admitone VPN client:====== You can now select the configured VPN profile to connect. Normally, there is a Ping utility included with the adapter for testing the VPN connection. You can also verify the Firewall log or VPN screens to see whether a VPN has been established. Alternatively, you can use a browser to test connectivity by opening a connection to the LAN IP address of the firewall). //**Notes:**// • SA lifetime of the Admitone VPN client is 3600 seconds. • The Admitone VPN client will renegotiate VPN connectivity after reaching 40% of the SA lifetime. • NAT Traversal is not supported because the standards are not ratified yet. • XAUTH will be supported in the next release of VPN client --- //[[nce@itclatam.com|David Gonzalez]] 2021/03/30 10:24//