Enterprise IP Solutions
This presentation is the property of its rightful owner.
Sponsored Links
1 / 100

OfficeServ 7400 PowerPoint PPT Presentation


  • 141 Views
  • Uploaded on
  • Presentation posted in: General

Enterprise IP Solutions. OfficeServ 7400. Quick Install Guide - Data Server – VPN. Mar, 2006 OfficeServ Lab. Samsung Electronics Co., Ltd. Contents. > VPN Overview > IPSec Settings 1. IPSec Connection Between OS7400s ◆ RSA key ◆ Pre-shared key ◆ X.509 Cert

Download Presentation

OfficeServ 7400

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Officeserv 7400

Enterprise IP Solutions

OfficeServ 7400

Quick Install Guide- Data Server –VPN

Mar, 2006

OfficeServ Lab.

Samsung Electronics Co., Ltd.


Officeserv 7400

Contents

  • > VPN Overview

  • > IPSec Settings

  • 1. IPSec Connection Between OS7400s

    • ◆ RSA key ◆ Pre-shared key ◆ X.509 Cert

  • 2. IPSec Connection Between OS7400 and PC (Remote User)

    • ◆ Pre-shared key ◆ X.509 Cert

  • 3. IPSec Connection Between OS7400 and Cisco Router

  • ◆ Pre-shared key

  • > PPTP/L2TP Settings

  • 4. PPTP/L2TP Configuration on OS7400 System 5. PPTP/L2TP Configuration on PC (Windows 2000/XP)

  • > Application Cases

  • 6. IP Networking (QSIG) Application Cases 7. H.323/SIP Application Cases


  • Officeserv 7400

    IPSec

    PPTP/L2TP

    VPN Overview - GWIMS

    • - System to System

    • - Need GWIMS D-board

    • VPN: Virtual Private Network

    • IPSec: Internet Protocol Security Protocol

    • PPTP: Point to Point Tunneling Protocol

    • L2TP: Layer2 Tunneling Protocol

    IPSec

    • - System to Node or Server to Client (ex: PC)

    • - Don’t need GWIMS D-board

    Branch #1

    Remote User

    Office

    본사

    PPTP, L2TP

    Internet

    VPN Tunneling

    Branch #2

    Serial

    2Mbps

    Serial

    2Mbps

    Private Line


    Officeserv 7400

    payload

    payload

    Internet

    payload

    payload

    payload

    payload

    VPN Overview – IPSec, L2TP/PPTP

    • Tunnel Mode (don’t support Transport mode)

    • Tunnel Protocol (IPSec, L2TP/PPTP)

    • Key Management : IKE, ISAKMAP, X.509, pre-shared

    • Authentication : MD5, SHA-1

    • Encryption : AES,3DES

    • Transform Protocol : AH, ESP

    Mobile

    User

    VPN S/W

    Remoteaccess

    payload

    BusinessPartner

    Headquarters

    Tunnel

    VPN S/W

    Extranet

    encryption

    VPN

    new header

    payload

    payload

    Branch

    VPN

    payload

    Intranet

    payload

    VPN

    payload


    Officeserv 7400

    VPN Overview – VPN Compared


    Officeserv 7400

    IP header

    AH

    IP payload

    Authenticated except for mutable fields in ‘IP header’

    IP header

    ESP header

    IP payload

    ESP trailer

    ESP auth

    Encrypted

    Authenticated

    New IP header

    AH

    IP header

    IP payload

    Authenticated except for mutable fields in ‘New IP header’

    New IP header

    ESP header

    IP header

    IP payload

    ESP trailer

    ESP auth

    Encrypted

    Authenticated

    VPN Overview – IPSec

    • Transport Mode

    • Tunnel Mode


    Officeserv 7400

    VPN Overview – IKE

    • Internet Key Exchange

      • Phase 1

        • Generate IKE key

        • Main mode, aggressive mode

        • Authentication

          • Pre-shared key

          • Digital Signature

          • Public key encryption

          • Revised public key encryption

      • Phase 2

        • Generate IPSEC key

        • Quick mode


    Officeserv 7400

    IKE connection flow

    Crypto & Auth algorithm(SA) proposal

    SA choice

    Responder

    Initiator

    public key exchange(Diffie-Hellman)

    Diffie-Hellman

    Transmit Identity

    confirm and transmit Identity

    SA proposal, public key exchange, transmit identity

    SA choice, public key exchange, transmit identity

    transmit hash value


    Officeserv 7400

    VPN Overview – OS7x00

    • 2. Choose Phase 1 / Phase 2 parameters.

    • 1. Configuration

    • 3. Check status


    Officeserv 7400

    VPN Overview – OS7200 via OS7400

    OS 7200 (v1.12)

    OS 7400

    Lists

    Max. Tunnel

    100 Tunnels

    1024 Tunnels

    H/W Chip

    Hifn 7951

    CN 1120

    IPSec, PPTP, L2TP

    IPSec, PPTP

    Protocol

    Phase 1(main), Phase 2(quick)

    Phase 1(main, aggressive),

    Phase 2(quick)

    ISAKMP

    3DES

    3DES, AES

    Encryption

    RSA, Pre-shared key, X.509

    Authentication


    Officeserv 7400

    IPSec Configuration


    Officeserv 7400

    New Dest IP165.213.89.227

    New Src IP

    165.213.89.238

    Dest IP192.168.0.100

    Src IP

    10.0.0.100

    payload

    Dest IP192.168.0.100

    Dest IP192.168.0.100

    Src IP

    10.0.0.100

    Src IP

    10.0.0.100

    payload

    payload

    1. IPSec Connection Between OS7400s

    VPN of OS7400 allows you to connect different networks.The following figure illustrates basic network settings for using OS7400 VPN:

    Tunneling (IPSec)

    WAN1

    165.213.89.238

    165.213.89.227

    WAN1

    10.0.0.1

    LAN

    192.168.0.1

    LAN

    payload

    PC

    10.0.0.100

    PC

    192.168.0.100


    Officeserv 7400

    • The above figure shows packet forwarding when making communications from PC (10.0.0.100) to the target PC (192.168.0.100) using VPN.

      • ① Create and forward a packet whose dest IP is 192.168.0.100 and whose src IP is 10.0.0.100 from PC (10.0.0.100).

      • ② The original packet is encrypted through the VPN gateway. Add a new IP header (Dest IP: 165.213.87.227, Src IP: 165.213.89.238) to create and forward a new packet.

      • ③ Decrypt the forwarded packet in the VPN gateway. Then, forward the packet to the destination host by referring to the destination IP of the original packet.

      • ④ The PC (192.168.0.100) receives the original packet properly.


    Officeserv 7400

    RSA key (1)

    If you click [VPN] from the main menu, the following window will appear. Click the [Add] button to select a VPN gateway and to determine an authorization method.


    Officeserv 7400

    RSA key (2)

    Set OS7400_1 first. Enter the information on OS7400_1 in Local settings and the information on OS7400_2 in Remote settings. Click “find” button to upload OS7400_2 RSA key. (Click the Management => RSA [Download] button to download the authorization key and to deliver the key to OS7400_2.)


    Officeserv 7400

    RSA key (3)

    Set OS7400_2 in the same method as OS7400_1.

    OS7400_2


    Officeserv 7400

    Pre-shared key (1)

    Set the Pre-shared key field in the same method as the RSA key field. Enter the shared key, which is a password to be used for user authorization, in the Pre-shared key field.


    Officeserv 7400

    Pre-shared key (2)

    Set OS7400_2 in the same method as OS7400_1.


    Officeserv 7400

    X.509 (1)

    Click Certification from the left menus. Once the window below appears, click the [Add] button to create a CA certification.


    Officeserv 7400

    X.509 (2)

    Once a window that prompts you to create a CA certification appears, fill out all of the fields, and click the [OK] button.


    Officeserv 7400

    X.509 (3)

    Once a window that prompts you to create a host certification appears, fill out the fields, and click the [OK] button. Note that you must remember the password.


    Officeserv 7400

    X.509 (4)

    Click the [Download] button from the window below to download a certification.


    Officeserv 7400

    X.509 (5)

    Click Config from the left menus, and then select Local Certificate. And click OK. Select X.509 Cert and click the [OK] button.


    Officeserv 7400

    X.509 (6)

    Then ‘Local Certificate’ and ‘Local ID’ are displayed. Enter the password used for creating a host certification in ‘Password’ and ‘Remote ID’ value. In this case, Remote ID value is OS7400_2’s Local ID that is acquired in the same method as OS7400_1.


    Officeserv 7400

    X.509 (7)

    In [Management] from the left menu, select external device and click [ok] button.If Activity is set to Stopped, click the [Run] button. (If Activity is set to Running, click the [Stop] button, and then click the [Run] button again.)


    Officeserv 7400

    X.509 (8)

    Click Status from the left menu to check the current status and log of VPN connections.

    OS7400_1

    “OS7400_1”

    “OS7400_1”

    “OS7400_1”

    “OS7400_1”

    “OS7400_1”


    Officeserv 7400

    Tunneling (IPSec, PPTP, L2TP)

    2. IPSec Connection Between OS7400s and PC (Remote User)

    Remote User

    165.213.109.101

    Internet

    WAN1

    165.213.89.245

    192.168.0.1

    LAN

    PC

    192.168.0.100


    Officeserv 7400

    Pre-Shared key (1)

    Enter information on PC in Remote settings. (Since a PC does not have subnet, leave the fields on subnet blank.)


    Officeserv 7400

    Pre-Shared key - VPN Client (1)

    If you select [Start] -> [Run], and run ‘mmc’, the window below will appear. Select [File] -> [Add/Remove Snap-In] from the Console window.


    Officeserv 7400

    Pre-Shared key - VPN Client (2)

    If you click the [Add] button from the <Add Standalone Snap-in> window, the window below will appear. Select ‘IP Security Policy Management’ from the snap-in list, and click the [Add] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (3)

    Once the window below appears, select ‘Local computer’, and click the [Finish] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (4)

    If you move the <Console> window, the ‘IP Security Policies on Local Computer’ submenu is created under ‘Console Root’. Right-click the submenu to select [Create IP Security Policy].


    Officeserv 7400

    Pre-Shared key - VPN Client (5)

    Enter the name of description of the IP security policy in the <IP Security Policy Wizard> window, and click the [Next] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (6)

    Clear the ‘Activate the default response rule’ checkbox, and click the [Next] button. Once the window below appears, select the ‘Edit Properties’ checkbox, and click the [Finish] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (7)

    If the <XP IPSec Properties> window appears, the created item will be displayed. Clear the checkbox, and click the [Add] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (8)

    Once <Security Rule Wizard> starts, click the [Next] button to select ‘The tunnel endpoint is specified by this IP address:’. Enter the WAN interface IP address (165.213.89.245), and click the [Next] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (9)

    If you select ‘ Local Area Network[lan]’ from the <Network Type> window and click the [Next] button, the <Authentication Method> window will appear. Select the ‘Use this string to protect the key exchange [preshared key]:’ checkbox, and enter the user password registered with the firewall. Click the [Next] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (10)

    If you click the [Add] button from the <IP Filter List> window, the window below will appear. Enter ‘outbound’ in the Name field, and click the [Add] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (11)

    If you click the [Next] button from the <IP Filter Wizard> window, the window below will appear. Select ‘My IP address’ in the Source Address option, and click the [Next] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (12)

    Select ‘A specific IP Subnet’ in the Destination address option. Enter the address of the internal network (192.168.0.0) and subnet mask (255.255.255.0), and click the [Next] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (13)

    Select ‘Any’ from IP Protocol Type, and click the [Next] button. Select the ‘Edit properties’ checkbox, and click the [Finish] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (14)

    If you click the [OK] button, the outbound option will be created as shown in the figure below. Click the [Add] button to create the ‘inbound’ option. Enter 192.168.0.0 and 255.255.255.0 in ‘A specific IP Subnet’ of Source Address. Select ‘My IP Address’ from Destination Address. The next settings are the same as the previous ones.


    Officeserv 7400

    Pre-Shared key - VPN Client (15)

    If you click the [OK] button, the window below will appear. Select the ‘outbound’ option, and click the [Next] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (16)

    Select the ‘Request Security (Optional)’ option, and click the [Edit] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (17)

    Select ‘Negotiate security’, and then select an option from each of ‘AH Integrity (None)’, ‘ESP Confidentiality (3DES)’, and ‘ESP Integrity (MD5)’ in Security Method Priority. Click the [Move Up] button to move to the top. Select the ‘Session key perfect forward security (PFS)’ checkbox, and click the [OK] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (18)

    If you select the ‘Edit Properties’ checkbox, and click the [Finish] button, the outbound option will be created as shown in the figure below. Click the [Add] button to create the inbound option.


    Officeserv 7400

    Pre-Shared key - VPN Client (19)

    Once <Security Rule Wizard> starts, click the [Next] button to select the ‘The tunnel endpoint is specified by this IP address’ checkbox, and enter the Remote User IP address (165.213.109.101). Click the [Next] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (20)

    If you select ‘Local area network[LAN]’ from the <Network Type> window and click the [Next] button, the <Authentication Method> window will appear. Select the ‘Use this string to protect the key exchange (preshared key):’ checkbox, and enter the user password registered with the firewall. Click the [Next] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (21)

    If you click the [OK] button, the <IP filter list> window will appear. Select ‘inbound’ from the window, and select the [Next] button. The next settings are the same as the previous ones.


    Officeserv 7400

    Pre-Shared key - VPN Client (22)

    Select the [General] tab from the <XP IPSec Properties> window, and click the [Advanced] button. Once the <Key Exchange Settings> window appears, select the ‘Master key perfect forward security (PFS)’ checkbox, and click the [Method] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (23)

    Select an option from each of ‘Encryption (3DES)’, ‘Integrity (MD5)’, and ‘Diffie-Hellman (Medium(2))’ of the <Key Exchange Security Methods> window, and click the [Move Up] button to move to the top. Click the [OK] button.


    Officeserv 7400

    Pre-Shared key - VPN Client (24)

    Select the ‘IP Security Policy of Local Computer’ submenu from the <Console> window. Right-click the newly created item at the right window, and select the ‘Assign’ menu. The policy assignment is set to ‘Yes’.


    Officeserv 7400

    Pre-Shared key - VPN Client (25)

    Select [Start]->[Programs]->[Administrative Tools]->[Services] from the Windows taskbar. Right-click ‘IPSEC Services’, and click ‘Restart’.


    Officeserv 7400

    Pre-Shared key - VPN Client (26)

    Check connection status of the internal IP address (192.168.0.1) by executing ping at the command prompt. If a response is made as shown in the figure below, it means that the connection has been successfully made.


    Officeserv 7400

    X.509(1)

    Enter information on OS7400 and PC in the same method as the pre-shared key settings. Select X.509 Cert, and set values requested.


    Officeserv 7400

    X.509(2)

    Create an additional host certificate to authorize a PC.


    Officeserv 7400

    X.509(3)

    Download a new PC certificate, and deliver it to the PC.


    Officeserv 7400

    X.509 - VPN Client (1)

    If you select [Start]-> [Run] from the Windows taskbar and run ‘mmc’, the window below will appear. Select [File]->[Add/Remove Snap-in] from the Console window.


    Officeserv 7400

    X.509 - VPN Client (2)

    If you click the [Add] button from the <Add/Remove Snap-in> window, the window below will appear. Select ‘Certificates’ from the snap-in list, and click the [Add] button.


    Officeserv 7400

    X.509 - VPN Client(3)

    Select ‘Computer account’, and click the [Next] button.


    Officeserv 7400

    X.509 - VPN Client(4)

    Select ‘Local computer: (the computer this console is running on)’, and click the [Finish] button.


    Officeserv 7400

    X.509 - VPN Client(5)

    Select ‘IP Security Policy Management’ from the snap-in list, and click the [Add] button.


    Officeserv 7400

    X.509 - VPN Client(6)

    Select ‘Local computer’ from the Select Computer or Domain window, and click the [Finish] button to complete.


    Officeserv 7400

    X.509 - VPN Client(7)

    Right-click the Private submenu under the Certificate menu of the Console window, and select ‘All Tasks’ -> ‘Import’ in sequence.


    Officeserv 7400

    X.509 - VPN Client(8)

    Once a window that prompts you to start Certificate Import Wizard appears, click the [Next] button, and find a file to be imported by clicking the [Browse] button. If you find the file, click the [Next] button.


    Officeserv 7400

    X.509 - VPN Client(9)

    Enter the password used for creating a host certificate, and click the [Next] button.


    Officeserv 7400

    X.509 - VPN Client (10)

    Select ‘Automatically select the certificate store based on the type of certificate’, and click the [Next] button to exit the wizard.


    Officeserv 7400

    X.509 - VPN Client(11)

    If you click the Certificate submenu under the Private menu from the Console window, the saved certificate will appear at the right of the window. Double-click the certificate.


    Officeserv 7400

    X.509 - VPN Client (12)

    Enter like the information in ‘Subject’ from the ‘Details’ tab in the Remote ID field for OS7400 settings.


    Officeserv 7400

    X.509 - VPN Client (13)

    Right-click ‘IP Security Policy of Local Computer’ under the Console Route menu of the Console window, and click the [Create IP Security Policy]. The next settings are the same as pre-shared key settings.


    Officeserv 7400

    X.509 - VPN Client (14)

    Select ‘Use a certificate from the certification authority (CA)’ in the Authentication Method window. Then, select a certificate by using the [Browse] button. (Set outbound and inbound in the same method.)


    Officeserv 7400

    X.509 - VPN Client(15)


    Officeserv 7400

    New Dest IP165.213.87.227

    New Src IP

    165.213.89.238

    Dest IP192.168.0.100

    Src IP

    10.0.0.100

    payload

    Dest IP192.168.0.100

    Dest IP192.168.0.100

    Src IP

    10.0.0.100

    Src IP

    10.0.0.100

    payload

    payload

    3. IPSec Connection Between OS7400 and Cisco Router

    VPN of OS7400 allows you to connect different networks.The following figure illustrates basic network settings for using OS7400 VPN:

    Tunneling (IPSec)

    WAN1

    165.213.89.238

    165.213.87.227

    WAN1

    10.0.0.1

    LAN

    192.168.0.1

    LAN

    payload

    PC

    10.0.0.100


    Officeserv 7400

    • The above figure shows packet forwarding when making communications from PC (10.0.0.100) to the target PC (192.168.0.100) using VPN.

      • Cisco Router configuration

      • 1) NAT configure, create Access Rule for NAT, and add routing table

      • 2) Create Keys for IKE and IPSec, and create site-to-site VPN

      • 2. OS 7400 configuration

      • 1) Create connection Mod.

      • 2) Select Pre-Shared Authentication Method.

      • 3) Choose Phase 1 / Phase 2 parameters.

      • 4) running vpn and check status.


    Officeserv 7400

    • Cisco Router configuration

    • 1) NAT configure, create Access Rule for NAT, and add routing table.

    • . Outside : GigabiEthernet 0 - 165.213.87.227

    • . Inside : Vlan1 - 192.168.0.1/24

  • (Example)

    • interface GigabitEthernet0

    • ip address 165.213.87.227 255.255.255.0

    • ip nat outside

    • !

    • interface Vlan1

    • ip address 192.168.0.1 255.255.255.0

    • ip nat inside

    • !

    • ip nat pool natOutIpPool 165.213.87.225 165.213.87.225 netmask 255.255.255.252

    • ip nat inside source list 111 pool natOutIpPool overload

    • !

    • access-list 111 permit ip 192.168.0.0 0.0.0.255 any

    • !

    • ip classless

    • ip route 0.0.0.0 0.0.0.0 165.213.87.1


  • Officeserv 7400

    • 2) Create Keys for IKE and IPSec , and create site-to-site VPN

    • !--create isakmp policy, pre-shared key is cisco123

      • crypto isakmp policy 2

      • encr 3des

      • hash md5

      • authentication pre-share

      • group 5

      • crypto isakmp key cisco123 address 165.213.89.238

      • !

      • !--- Create an IPSec transform set named "myset". Use 3DES for ESP

      • !--- and ESP with the MD5 (HMAC variant) authentication algorithm

      • !--- with transport mode

      • crypto ipsec transform-set myset esp-3des esp-md5-hmac

      • !

      • !--- Create a crypto map "newmap" and assign sequence number 10.

      • crypto map newmap 10 ipsec-isakmp

      • set peer 165.213.89.238

      • set transform-set myset

      • match address 100

      • ! -- add crypto map to interface

      • interface GigabitEthernet0

      • crypto map newmap


    Officeserv 7400

    • 2) Create Keys for IKE and IPSec , and create site-to-site VPN (cont’d)

    • !-- add nat rule for route-map

    • ip nat inside source route-map newmap pool natoutIpPool

    • !

    • ! Create route-map

    • route-map SDM_RMAP_1 permit 1

    • match ip address 111

    • !

    • ! – create access list for VPN

    • access-list 100 remark SDM_ACL Category=4

    • access-list 100 remark IPSec Rule

    • access-list 100 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255

    • !


    Officeserv 7400

    • 2) Create Keys for IKE and IPSec , and create site-to-site VPN (cont’d)

    • !--create isakmp policy, pre-shared key is cisco123

      • crypto isakmp policy 2

      • encr 3des

      • hash md5

      • authentication pre-share

      • group 5

      • crypto isakmp key cisco123 address 165.213.89.238

      • !

      • !--- Create an IPSec transform set named "myset". Use 3DES for ESP

      • !--- and ESP with the MD5 (HMAC variant) authentication algorithm

      • !--- with transport mode

      • crypto ipsec transform-set myset esp-3des esp-md5-hmac

      • !

      • !--- Create a crypto map "newmap" and assign sequence number 10.

      • crypto map newmap 10 ipsec-isakmp

      • set peer 165.213.89.238

      • set transform-set myset

      • match address 100


    Officeserv 7400

    • 2. OS 7400 configuration

    • 1) Create connection Mod.

    • 2) Select Pre-Shared Authentication Method.


    Officeserv 7400

    • 3) Choose Phase 1 / Phase 2 parameters.


    Officeserv 7400

    • 4) running VPN and check status.


    Officeserv 7400

    PPTP Configuration


    Officeserv 7400

    4. PPTP Configuration at OS7400 System

    1. Click [PPTP]->[Config] from the left menu. If you click the [Add] button to add a PPTP user, the window below will appear. Enter the user ID and password, and select a method of assigning a user IP (Auto/static).


    Officeserv 7400

    2. Click Management from the left menu. If Activity is set to Stopped, click the [Run] button. (If Activity is set to Running, click the [Stop] button, and then click the [Run] button again.)


    Officeserv 7400

    5. PPTP Configuration on PC (Windows 2000/XP)

    1. Run [Start]->[Settings]->[Control Panel]->[Network Connections]->[Create a new connection] on the Windows taskbar. Once the New Connection Wizard starts, click the [Next] button.


    Officeserv 7400

    2. Select ‘Connect to the network at my workplace’ from Network Connection Type and ‘Virtual Private Network connection’ in Network Connection. Click the [Next] button.


    Officeserv 7400

    3. Enter a company name and the IP address of the VPN server. Click the [Next] button.


    Officeserv 7400

    4. Completing the New Connection Wizard, and Attempt to connect to the corporate VPN server.


    Officeserv 7400

    - Example -

    (VoIP Service Using VPN)


    Officeserv 7400

    Network Environment

    VoIP Connection Without VPN

    Internet

    WAN1

    165.213.89.238

    165.213.89.227

    WAN1

    Tunneling (IPSec, L2TP, PPTP)

    10.0.0.1

    VoIP Connection Using VPN

    LAN

    192.168.0.1

    LAN

    MCP: 10.0.0.10/24

    MGI: 10.0.0.20/24

    MCP: 192.168.0.10/24

    MGI: 192.168.0.20/24

    2010

    2050

    Site A(Node 0)

    Site B(Node 1)


    Officeserv 7400

    Conditions

    • Set NAT from [Firewall/Network] of GWIM. Then, set

    • network information as shown in the figure below.

    • 2. Set the external port of MGI to No. 20000.

    • 3. Pre-set static NAPT on MCP and MGI.

    • 4. Set IPSec between Site A and Site B.

    • E.g.) Refer to the [OfficeServ 7400]Quick Install Guide(VoIP Service) file.


    Officeserv 7400

    6. H.323/SIP Application Case

    ▶ CASE I: H.323/SIP Call Connection Using NAPT

    Site A MMC Configuration

    -. MMC 830 IP:10.0.0.10 / GW:10.0.0.1 / Netmask: 255.255.255.0 /

    Public Port: 1719 / Public IP: 165.213.89.238

    System IP Type: Private with Public

    -. MMC 831

    IP:10.0.0.20 / GW:10.0.0.1 / Netmask:255.255.255.0 /

    Public Port: 20000 / Public IP: 165.213.89.238

    System IP Type: Private with Public

    -. MMC 724

    Enter an MGI Dial No. (E.g. 3801 ~ 3816).

    -. MMC 615

    Enter a VoIP trunk and a public IP trunk (E.g. 3801 ~ 3816).

    -. MMC 838

    10.0.0.255 (80)

    -. MMC 833

    165.213.87.227 (Site B WAN IP address)


    Officeserv 7400

    Site B MMC Configuration

    -. MMC 830 IP:192.168.0.10 / GW:192.168.0.1 / Netmask:255.255.255.0 /

    Public Port: 1719 / Public IP: 165.213.87.227

    System IP Type: Private with Public

    -. MMC 831

    IP:192.168.0.20 / GW: 192.168.0.1 / Netmask: 255.255.255.0 /

    Public Port: 20000 / Public IP: 165.213.87.227

    System IP Type: Private with Public

    -. MMC 724

    Enter an MGI Dial No. (E.g. 3801 ~ 3816).

    -. MMC 615

    Enter a VoIP trunk and a public IP trunk (E.g. 3801 ~ 3816).

    -. MMC 838

    192.168.0.255 (80)

    -. MMC 833

    165.213.89.238 (Site A WAN IP address)


    Officeserv 7400

    ▶ CASE II: H.323/SIP Call Connection Using IPSec

    Site A MMC Configuration

    -. MMC 830 IP:10.0.0.10 / GW:10.0.0.1 / Netmask:255.255.255.0 /

    System IP Type:Private

    -. MMC 831

    IP:10.0.0.20 / GW:10.0.0.1 / Netmask:255.255.255.0 /

    System IP Type:Private

    -. MMC 724

    Enter an MGI Dial No. (E.g. 3801 ~ 3816).

    -. MMC 615

    Enter a VoIP trunk and a IP trunk (E.g. 3801 ~ 3816).

    -. MMC 838

    192.168.0.255 (79)

    10.0.0.255 (80)

    -. MMC 833

    192.168.0.10 (Site B MCP private IP address)


    Officeserv 7400

    Site B MMC Configuration

    -. MMC 830 IP:192.168.0.10 / GW:192.168.0.1 / Netmask:255.255.255.0 /

    System IP Type:Private

    -. MMC 831

    IP:192.168.0.20 / GW:192.168.0.1 / Netmask:255.255.255.0 /

    System IP Type:Private

    -. MMC 724

    Enter an MGI Dial No. (E.g. 3801 ~ 3816).

    -. MMC 615

    Enter a VoIP trunk and a IP trunk (E.g. 3801 ~ 3816).

    -. MMC 838

    10.0.0.255 (79)

    192.168.0.255 (80)

    -. MMC 833

    10.0.0.10 (Site A MCP private IP address)


    Officeserv 7400

    7. IP Networking (Qsig) Application Case

    ▶ CASE III: IP Networking (Qsig) Call Connection Using NAPT

    Site A MMC Configuration

    -. MMC 830 IP:10.0.0.10 / GW:10.0.0.1 / Netmask:255.255.255.0 /

    Public Port: 6100 / Public IP: 165.213.89.238

    System IP Type:Private or Public

    -. MMC 831

    IP:10.0.0.20 / GW:10.0.0.1 / Netmask:255.255.255.0 /

    Public Port: 20000 / Public IP: 165.213.89.238

    System IP Type:Private or Public

    -. MMC 724

    Enter an MGI Dial No. (E.g. 3801 ~ 3816).

    -. MMC 615

    Enter a VoIP trunk and a public IP trunk (E.g. 3801 ~ 3816).

    -. MMC 838

    10.0.0.255 (80)

    -. MMC 820

    SELF LINK ID:0 / Signal GW:10.0.0.10

    SYS01 LINK ID:1 / Signal GW:165.213.87.227 / IP Type:Public


    Officeserv 7400

    Site B MMC Configuration

    -. MMC 830 IP:192.168.0.10 / GW:192.168.0.1 / Netmask:255.255.255.0 /

    Public Port: 6100 / Public IP: 165.213.87.227

    System IP Type:Private or Public

    -. MMC 831

    IP:192.168.0.20 / GW:192.168.0.1 / Netmask:255.255.255.0 /

    Public Port: 20000 / Public IP: 165.213.87.227

    System IP Type:Private or Public

    -. MMC 724

    Enter an MGI Dial No. (E.g. 3801 ~ 3816).

    -. MMC 615

    Enter a VoIP trunk and a public IP trunk (E.g. 3801 ~ 3816).

    -. MMC 838

    192.168.0.255(80)

    -. MMC 820

    SELF LINK ID:1 / Signal GW:192.168.0.10

    SYS01 LINK ID:0 / Signal GW:165.213.89.238 / IP Type:Public


    Officeserv 7400

    ▶ CASE IV: IP Networking (Qsig) Call Connection Using IPSec

    Site A MMC Configuration

    -. MMC 830 IP:10.0.0.10 / GW:10.0.0.1 / Netmask:255.255.255.0 /

    System IP Type:Private

    -. MMC 831

    IP:10.0.0.20 / GW:10.0.0.1 / Netmask:255.255.255.0 /

    System IP Type:Private

    -. MMC 724

    Enter an MGI Dial No. (E.g. 3801 ~ 3816).

    -. MMC 615

    Enter a VoIP trunk and a IP trunk (E.g. 3801 ~ 3816).

    -. MMC 838

    192.168.0.255 (79)

    10.0.0.255 (80)

    -. MMC 820

    SELF LINK ID:0 / Signal GW:10.0.0.10

    SYS01 LINK ID:1 / Signal GW:192.168.0.10 / IP Type:Private


    Officeserv 7400

    Site B MMC Configuration

    -. MMC 830 IP:192.168.0.10 / GW:192.168.0.1 / Netmask:255.255.255.0 /

    System IP Type:Private

    -. MMC 831

    IP:192.168.0.20 / GW:192.168.0.1 / Netmask:255.255.255.0 /

    System IP Type:Private

    -. MMC 724

    Enter an MGI Dial No. (E.g. 3801 ~ 3816).

    -. MMC 615

    Enter a VoIP trunk and a IP trunk (E.g. 3801 ~ 3816).

    -. MMC 838

    10.0.0.255(79)

    192.168.0.255(80)

    -. MMC 820

    SELF LINK ID:1 / Signal GW:192.168.0.10

    SYS01 LINK ID:0 / Signal GW:10.0.0.10 / IP Type:Private


    Officeserv 7400

    Thank you !


  • Login