Technical Guide
alliedtelesis.com
x
How To |
C613-16180-00 REV A
Introduction
This document describes how to provide secure remote access through IP security (IPsec)
Virtual Private Networks (VPNs), with an emphasis on using an AlliedWare Allied Telesis
router at a head
office and roaming Android clients. This VPN solution is suitable for any
business
deployment and provides your office with secure Internet access and firewall
protection, plus
remote encrypted VPN access for your travelling staff.
The solution allows for IPsec NAT Traversal, which permits VPN clients to communicate
through Netw
ork Address Translation (NAT) gateways over the Internet. For example,
business travellers (road warriors) commonly use IPsec on their phones or tablets to gain
remote VPN access to the central office. When working off-site, these users sometimes
need to connect to the Internet through a NAT gateway such as from a hotel, or a client’s
premises. Also, NAT gateways are often part of a company’s firewall and let its Local Area
Network (LAN) appear as one IP address to the world.
What information will you find in this How To Note?
This How To Note starts with the instructions for configuring a head office router on page 3.
This allows the head office to create concurrent VPN tunnels with:
Android roaming clients. The configuration for these starts on page 7.
Roaming clients using PCs running Windows, MacOS, or Linux and roaming clients using
mobile devices powered by iOS.
This How to Note does not include the configuration for these. For instruction on
finding other relevant How to Notes that supply details on interoperation with those
devices, see "Related How To Notes" on page 2.
This How to Note ends with a section on ho
w to set up a VPN Client on the Android
device, on page 7.
Create a VPN between an Allied Telesis AlliedWare
Router
and an Android Client, with or
without NAT-T
Introduction
Page 2 | Create a VPN between an Allied Telesis AlliedWare Router and an Android Client, with or without NAT-T
Related How To Notes
Allied Telesis offers How To Notes with a wide range of VPN solutions, from quick and
simple
solutions for connecting home and remote offices, to advanced multi-feature setups.
Notes
also describe how to create a VPN between an Allied Telesis router and equipment
from a
number of other vendors.
For a complete list of VPN How To Notes:
Go to: http://www.alliedtelesis.com/support/documentation
Enter key word: VPN
Which products and software version does this apply to?
This How To Note applies to the following routers and switches, running AlliedWare
software
version 291-08 or later:
AR400 Series routers
AR750S and AR770S routers
Rapier i Series switches
AT-8800 Series switches
It requires firewall and 3DES licenses. If these licenses are
not already installed on your
device, you can purchase them from your Allied Telesis distributor.
Contents
Introduction............................................................................................................................................................................. 1
What information will you find in this How To Note?.......................................................................... 1
Related How To Notes..............................................................................................................
.............................2
Which products and software version does this apply to?................................................................. 2
Network diagram ...................................................................................................................
.................................... 3
Configure the head office router................................................................................................
................................ 3
Initial security setup ..........................................................................................................
......................................... 3
Configuration template ...........................................................................................................
................................ 5
Configure an Android client ......................................................................................................
.................................... 7
Create the connection............................................................................................................
................................. 7
Connect.........................................................................................................................
................................................ 10