Upload
greenbow
View
77
Download
0
Embed Size (px)
DESCRIPTION
Step by step IPSec VPN install and configuration for the Huawei Secoway SVN2260 Gateway and GreenBow VPN client. For more VPN configuration guides, tutorial and howto, go to http://www.thegreenbow.com/vpn_gateway.html
Citation preview
TheGreenBow VPN
& SVN2260
VPN WebSite: Contact: http://www.thegreenbow.com [email protected]
IPSec VPN
Property of TheGreenBow Sistech SA - Sistech 2001-2012
1/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
1 .............................................................................................................................................................. 3 1.1 1.2 1.3 1.4 2 3 ............................................................................................................................................ 3 VPN .......................................................................................................................................... 3 Secoway SVN2260 VPN ........................................................................ 3 Secoway SVN2260 VPN ...................................................... 3
Secoway SVN2260 VPN VPN .............................................................. 4 VPN ....................................................................................................................................... 6 3.1 3.2 3.3 VPN IKE ................................................................................... 6 VPN IPSec .............................................................................. 8 IPSec VPN .................................................................................................................... 8
4
............................................................................................................................................10 4.1 Wireshark........................................................................................ 10
5
IPSec VPN ..............................................................................................................................11 5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8 ( 1 ) ................................................................................... 11 COOKIE ............................................................................................................... 11 no keystate .................................................................................................................... 11 ID .................................................................................... 11 no proposal chosen .................................................................................................... 12 ID ............................................................................................................. 12 , .......................................................................... 12 VPN Ping ............................................................................. 12
6
....................................................................................................................................................14
IPSec VPN
Property of TheGreenBow Sistech SA - Sistech 2001-2012
2/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
1 1.1 TheGreenBow VPN Secoway SVN2260 VPN VPN
1.2 VPN VPN IPSec VPN Secoway SVN2260 VPN VPN VPN DSL IP IPSec VPN LAN 192.168.1.1192.168.0.1
IPSec VPN 192 168 1 2
Internet SVN2260 192.168.0.3
192.168.0.78
1.3 Secoway SVN2260 VPN Secoway SVN2260 VPN V200R001C00SPC200
1.4 Secoway SVN2260 VPN Secoway SVN2260 VPN Secoway SVN2260 VPN www.huawei.com/cn/products/security-storage/security-product/svn/svn3000/index.htmIPSec VPN Property of TheGreenBow Sistech SA - Sistech 2001-2012 3/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
2 Secoway SVN2260 VPNVPN Secoway SVN2260 VPN VPN 1) SVN2260 "VPN", "IPsec" "IKE Negotiation", phase1
2) phase 1 , "Main Mode" Negotiation Mode, Pre-Shared Key, NAT Traversal
IPSec VPN
Property of TheGreenBow Sistech SA - Sistech 2001-2012
4/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
3) phase 2, Tunnel Mode Encapsulation Mode, DH-Group2 PFS
4) IPsec Policy , IPsec Rule
IPSec VPN
Property of TheGreenBow Sistech SA - Sistech 2001-2012
5/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
3 VPN VPN Secoway SVN2260 VPN VPN TheGreenBow IPSec VPN http://www.thegreenbow.com/vpn_down.html
3.1 VPNIKE
VPN IP DNS
123456
1
IPSec VPN
Property of TheGreenBow Sistech SA - Sistech 2001-2012
6/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
1
IPSec VPN
Property of TheGreenBow Sistech SA - Sistech 2001-2012
7/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
3.2 VPN IPSec
IP
LAN IP
2
3.3 IPSec VPN Secoway SVN2260 VPN IPSec VPN VPN IPSec 1 VPN 2 IPSec VPN 3 VPN 4 IPSec VPN IPSec VPN IPSec VPN Secoway SVN2260 VPN IPSec VPN
IPSec VPN
Property of TheGreenBow Sistech SA - Sistech 2001-2012
8/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
IPSec VPN
Property of TheGreenBow Sistech SA - Sistech 2001-2012
9/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
4 IPSec VPN VPN VPN
4.1 WiresharkWiresharkIPTCP http://www.wireshark.org (http://www.wireshark.org/docs/)
IPSec VPN
Property of TheGreenBow Sistech SA - Sistech 2001-2012
10/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
5 IPSec VPN5.1 ( 1 )114920 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [SA][VID] 114920 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [NOTIFY] 114920 Default exchange_run: exchange_validate failed 114920 Default dropped message from 195.100.205.114 port 500 due PAYLOAD_MALFORMED 114920 Default SEND Informational [NOTIFY] with PAYLOAD_MALFORMED error
to
notification
type
[SA] VPN
5.2 COOKIE 115933 Default message_recv: invalid cookie(s) 5918ca0c2634288f 7364e3e486e49105 115933 Default dropped message from 195.100.205.114 port 500 due to notification type INVALID_COOKIE 115933 Default SEND Informational [NOTIFY] with INVALID_COOKIE error
COOKIE VPN SA VPN
5.3 no keystate 115315 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [SA][VID] 115317 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [SA][VID] 115317 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [KEY][NONCE] 115319 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [KEY][NONCE] 115319 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY] 115319 Default ipsec_get_keystate: no keystate in ISAKMP SA 00B57C50
ID VPN
5.4 ID 120348 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [SA][VID] 120349 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [SA][VID] 120349 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [KEY][NONCE] 120351 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [KEY][NONCE] 120351 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY] 120351 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [ID][HASH][NOTIFY] 120351 Default ike_phase_1_recv_ID: received remote ID other than expected [email protected]
ID
IPSec VPN
Property of TheGreenBow Sistech SA - Sistech 2001-2012
11/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
5.5 no proposal chosen 115911 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [SA][VID] 115913 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [SA][VID] 115913 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [KEY][NONCE] 115915 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [KEY][NONCE] 115915 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY] 115915 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [ID][HASH][NOTIFY] 115915 Default phase 1 done: initiator id c364cd70: 195.100.205.112, responder id c364cd72: 195.100.205.114, src: 195.100.205.112 dst: 195.100.205.114 115915 Default (SA CNXVPN1-CNXVPN1-P2) SEND phase 2 Quick Mode [SA][KEY][ID][HASH][NONCE] 115915 Default RECV Informational [HASH][NOTIFY] with NO_PROPOSAL_CHOSEN error 115915 Default RECV Informational [HASH][DEL] 115915 Default CNXVPN1-P1 deleted
no proposal chosen 2 1 115911 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [SA][VID] 115911 Default RECV Informational [NOTIFY] with NO_PROPOSAL_CHOSEN error
5.6 ID 122623 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [SA][VID] 122625 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [SA][VID] 122625 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [KEY][NONCE] 122626 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [KEY][NONCE] 122626 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [ID][HASH][NOTIFY] 122626 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [ID][HASH][NOTIFY] 122626 Default phase 1 done: initiator id c364cd70: 195.100.205.112, responder id c364cd72: 195.100.205.114, src: 195.100.205.112 dst: 195.100.205.114 122626 Default (SA CNXVPN1-CNXVPN1-P2) SEND phase 2 Quick Mode [SA][KEY][ID][HASH][NONCE] 122626 Default RECV Informational [HASH][NOTIFY] with INVALID_ID_INFORMATION error 122626 Default RECV Informational [HASH][DEL] 122626 Default CNXVPN1-P1 deleted
ID 2 ID ( IP ) ID
5.7 , VPN IKE IPSec UDP 500 ESP
5.8 VPNPing VPN ping 2 VPN LAN VPN IP VPN ESP ESP VPN ESP IPSec VPN Property of TheGreenBow Sistech SA - Sistech 2001-2012 12/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
VPN VPN ISP ESP ping VPN LAN ping VPN LAN LAN
Ethereal
ping Wireshark (http://www.wireshark.org) LAN LAN IP
ping
IPSec VPN
Property of TheGreenBow Sistech SA - Sistech 2001-2012
13/14
Doc.Ref Doc.version VPN version
tgbvpn_cg-huawei-secoway-svn2260-zh 1.0 Mar 2012 5.13.002
6 TheGreenBow http://www.thegreenbow.com/zh/ [email protected] [email protected]
IPSec VPN
Property of TheGreenBow Sistech SA - Sistech 2001-2012
14/14