DOCSLIB.ORG

Cisco Anyconnect Secure Mobility Client Administrator Guide, Release 4.9 Americas Headquarters Cisco Systems, Inc

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.9 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version. Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R) © 2021 Cisco Systems, Inc. All rights reserved. CONTENTS CHAPTER 1 Deploy AnyConnect 1 Before You Begin Deployment 1 AnyConnect Deployment Overview 1 Preparing the Endpoint for AnyConnect 4 Using Mobile Broadband Cards with AnyConnect 4 Add the ASA to the List of Internet Explorer Trusted Sites on Windows 4 Block Proxy Changes in Internet Explorer 5 Configure How AnyConnect Treats Windows RDP Sessions 5 Configure How AnyConnect Treats Linux SSH Sessions 6 DES-Only SSL Encryption on Windows 7 Using NVM on Linux 7 Prerequisites to Build the AnyConnect Kernel Module 7 Package NVM with Prebuilt AnyConnect Linux Kernel Module 8 Predeploying AnyConnect 8 AnyConnect Module Executables for Predeploy and Web Deploy 10 Locations to Predeploy the AnyConnect Profiles 10 Guidelines for Cloning VMs With AnyConnect (Windows Only) 12 Predeploying AnyConnect Modules as Standalone Applications 13 Deploying Stand-Alone Modules with an SMS on Windows 13 Deploying AnyConnect Modules as Standalone Applications 13 User Installation of Stand-Alone Modules 13 Predeploying to Windows 14 Distributing AnyConnect Using the zip File 14 Contents of the AnyConnect zip File 15 Distributing AnyConnect Using an SMS 15 Windows Predeployment Security Options 17 Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.9 iii Contents AnyConnect Module Installation and Removal Order on Windows 17 Predeploying to macOS 18 Install and Uninstall AnyConnect on macOS 18 Installing AnyConnect Modules on macOS as a Standalone Application 18 Restrict Applications on macOS 20 Predeploying to Linux 20 Installing Modules for Linux 20 Uninstalling Modules for Linux 20 Manually Installing/Uninstalling NVM on a Linux Device 21 Certificate Store for Server Certificate Verification 21 Manually Installing DART on a Linux Device 21 Web Deploying AnyConnect 22 Configuring Web Deployment on the ASA 23 Download the AnyConnect Package 23 Load the AnyConnect Package on the ASA 23 Enable Additional AnyConnect Modules 24 Create a Client Profile in ASDM 24 Configuring Web Deployment on ISE 25 Prepare AnyConnect Files for ISE Upload 26 Configure ISE to Deploy AnyConnect 26 Configuring Web Deployment on FTD 27 Updating AnyConnect Software and Profiles 29 Disabling AnyConnect Auto Update 30 Prompting Users to Download AnyConnect During WebLaunch 31 Allowing Users to Defer Upgrade 31 Set the Update Policy 34 Update Policy Overview 34 Authorized Server Update Policy Behavior 34 Unauthorized Server Update Policy Behavior 35 Update Policy Guidelines 36 Update Policy Example 36 AnyConnect Reference Information 37 Locations of User Preferences Files on the Local Computer 37 Port Used by AnyConnect 38 Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.9 iv Contents CHAPTER 2 Customize and Localize the AnyConnect Client and Installer 39 Modify AnyConnect Installation Behavior 39 Disable Customer Experience Feedback 39 Modify Installation Behavior, Windows 40 Windows Installer Properties That Customize Client Installations 40 Windows Installer Properties for AnyConnect Modules 41 Import a Customized Installer Transform to the Adaptive Security Appliance 42 Localize the AnyConnect Installer Screens 44 Import a Localized Installer Transform to the Adaptive Security Applicance 44 Modify Installation Behavior, macOS 46 Customize Installer Behavior on macOS with ACTransforms.xml 46 Disable the Customer Experience Feedback Module 46 Modify Installation Behavior, Linux 47 Customizing Installer Behavior on Linux with ACTransform.xml 47 Enable DSCP Preservation 47 Set Public DHCP Server Route 48 Customize the AnyConnect GUI Text and Messages 48 Add or Edit the AnyConnect Text and Messages 50 Import Translation Tables to the Adaptive Security Appliance 52 Create Message Catalogs for Enterprise Deployment 53 Merge New Messages into a Customized Translation Table on the ASA 54 Select the Default Language for Windows on the Client 55 Create Custom Icons and Logos for the AnyConnect GUI 55 Replace AnyConnect GUI Components 56 AnyConnect Icons and Logos for Windows 57 AnyConnect Icons and Logos for Linux 60 AnyConnect Icons and Logos for macOS 62 Create and Upload an AnyConnect Client Help File 62 Write and Deploy Scripts 63 Write, Test, and Deploy Scripts 64 Configure the AnyConnect Profile for Scripting 65 Troubleshoot Scripts 65 Write and Deploy Custom Applications with the AnyConnect API 66 Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.9 v Contents Use the AnyConnect CLI Commands 67 Launch the Client CLI Prompt 67 Use the Client CLI Commands 67 Prevent a Windows Popup Message When ASA Terminates a Session 69 Prepare AnyConnect Customizations and Localizations for ISE Deployment 70 Prepare an AnyConnect Localization Bundle 70 Prepare an AnyConnect Customization Bundle 72 CHAPTER 3 The AnyConnect Profile Editor 75 About the Profile Editor 75 Add a New Profile from ASDM 75 The AnyConnect VPN Profile 76 AnyConnect Profile Editor, Preferences (Part 1) 76 AnyConnect Profile Editor, Preferences (Part 2) 80 AnyConnect Profile Editor, Backup Servers 85 AnyConnect Profile Editor, Certificate Matching 86 AnyConnect Profile Editor, Certificate Enrollment 89 AnyConnect Profile Editor, Certificate Pin 90 Certificate Pinning Wizard 90 AnyConnect Profile Editor, Mobile Policy 91 AnyConnect Profile Editor, Server List 91 AnyConnect Profile Editor, Add/Edit a Server List 91 AnyConnect Profile Editor, Mobile Settings 93 NVM Profile Editor 95 The AnyConnect Local Policy 100 Local Policy Preferences 100 Change Local Policy Parameters Manually 100 Enable Local Policy Parameters in an MST File 101 CHAPTER 4 Configure VPN Access 103 Connect and Disconnect to a VPN 103 AnyConnect VPN Connectivity Options 103 Configure VPN Connection Servers 105 Automatically Start Windows VPN Connections Before Logon 106 Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.9 vi Contents About Start Before Logon 106 Limitations on Start Before Logon 107 Configure Start Before Logon 107 Troubleshoot Start Before Logon 108 Automatically Start VPN Connections When AnyConnect Starts 109 Configure Start Before Logon (PLAP) on Windows Systems 109 Automatically Restart VPN Connections 109 Use Trusted Network Detection to Connect and Disconnect 110 About Trusted Network Detection 110 Guidelines for Trusted Network Detection 110 Configure Trusted Network Detection 111 Require VPN Connections Using Always-On 113 About Always-On VPN 113 Limitations of Always-On VPN 113 Guidelines for Always-On VPN 114 Configure Always-On VPN 114 Configure Always-On
Recommended publications
  • Shell Scripting with Bash

    Shell Scripting with Bash

    Introduction to Shell Scripting with Bash Charles Jahnke Research Computing Services Information Services & Technology Topics for Today ● Introductions ● Basic Terminology ● How to get help ● Command-line vs. Scripting ● Variables ● Handling Arguments ● Standard I/O, Pipes, and Redirection ● Control Structures (loops and If statements) ● SCC Job Submission Example Research Computing Services Research Computing Services (RCS) A group within Information Services & Technology at Boston University provides computing, storage, and visualization resources and services to support research that has specialized or highly intensive computation, storage, bandwidth, or graphics requirements. Three Primary Services: ● Research Computation ● Research Visualization ● Research Consulting and Training Breadth of Research on the Shared Computing Cluster (SCC) Me ● Research Facilitator and Administrator ● Background in biomedical engineering, bioinformatics, and IT systems ● Offices on both CRC and BUMC ○ Most of our staff on the Charles River Campus, some dedicated to BUMC ● Contact: [email protected] You ● Who has experience programming? ● Using Linux? ● Using the Shared Computing Cluster (SCC)? Basic Terminology The Command-line The line on which commands are typed and passed to the shell. Username Hostname Current Directory [username@scc1 ~]$ Prompt Command Line (input) The Shell ● The interface between the user and the operating system ● Program that interprets and executes input ● Provides: ○ Built-in commands ○ Programming control structures ○ Environment
  • Lattice-Based Cryptography - a Comparative Description and Analysis of Proposed Schemes

    Lattice-Based Cryptography - a Comparative Description and Analysis of Proposed Schemes

    Lattice-based cryptography - A comparative description and analysis of proposed schemes Einar Løvhøiden Antonsen Thesis submitted for the degree of Master in Informatics: programming and networks 60 credits Department of Informatics Faculty of mathematics and natural sciences UNIVERSITY OF OSLO Autumn 2017 Lattice-based cryptography - A comparative description and analysis of proposed schemes Einar Løvhøiden Antonsen c 2017 Einar Løvhøiden Antonsen Lattice-based cryptography - A comparative description and analysis of proposed schemes http://www.duo.uio.no/ Printed: Reprosentralen, University of Oslo Acknowledgement I would like to thank my supervisor, Leif Nilsen, for all the help and guidance during my work with this thesis. I would also like to thank all my friends and family for the support. And a shoutout to Bliss and the guys there (you know who you are) for providing a place to relax during stressful times. 1 Abstract The standard public-key cryptosystems used today relies mathematical problems that require a lot of computing force to solve, so much that, with the right parameters, they are computationally unsolvable. But there are quantum algorithms that are able to solve these problems in much shorter time. These quantum algorithms have been known for many years, but have only been a problem in theory because of the lack of quantum computers. But with recent development in the building of quantum computers, the cryptographic world is looking for quantum-resistant replacements for today’s standard public-key cryptosystems. Public-key cryptosystems based on lattices are possible replacements. This thesis presents several possible candidates for new standard public-key cryptosystems, mainly NTRU and ring-LWE-based systems.
  • Microsoft DNS

    Microsoft DNS

    1 a. Domain Name Service (DNS) encompassing Microsoft DNS From Wikipedia, the free encyclopedia Jump to: navigation, search Microsoft DNS is the name given to the implementation of domain name system services provided in Microsoft Windows operating systems. Contents [hide] 1 Overview 2 DNS lookup client o 2.1 The effects of running the DNS Client service o 2.2 Differences from other systems 3 Dynamic DNS Update client 4 DNS server o 4.1 Common issues 5 See also 6 References 7 External links [edit] Overview The Domain Name System support in Microsoft Windows NT, and thus its derivatives Windows 2000, Windows XP, and Windows Server 2003, comprises two clients and a server. Every Microsoft Windows machine has a DNS lookup client, to perform ordinary DNS lookups. Some machines have a Dynamic DNS client, to perform Dynamic DNS Update transactions, registering the machines' names and IP addresses. Some machines run a DNS server, to publish DNS data, to service DNS lookup requests from DNS lookup clients, and to service DNS update requests from DNS update clients. The server software is only supplied with the server versions of Windows. [edit] DNS lookup client Applications perform DNS lookups with the aid of a DLL. They call library functions in the DLL, which in turn handle all communications with DNS servers (over UDP or TCP) and return the final results of the lookup back to the applications. 2 Microsoft's DNS client also has optional support for local caching, in the form of a DNS Client service (also known as DNSCACHE). Before they attempt to directly communicate with DNS servers, the library routines first attempt to make a local IPC connection to the DNS Client service on the machine.
  • The Linux Command Line

    The Linux Command Line

    The Linux Command Line Fifth Internet Edition William Shotts A LinuxCommand.org Book Copyright ©2008-2019, William E. Shotts, Jr. This work is licensed under the Creative Commons Attribution-Noncommercial-No De- rivative Works 3.0 United States License. To view a copy of this license, visit the link above or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042. A version of this book is also available in printed form, published by No Starch Press. Copies may be purchased wherever fine books are sold. No Starch Press also offers elec- tronic formats for popular e-readers. They can be reached at: https://www.nostarch.com. Linux® is the registered trademark of Linus Torvalds. All other trademarks belong to their respective owners. This book is part of the LinuxCommand.org project, a site for Linux education and advo- cacy devoted to helping users of legacy operating systems migrate into the future. You may contact the LinuxCommand.org project at http://linuxcommand.org. Release History Version Date Description 19.01A January 28, 2019 Fifth Internet Edition (Corrected TOC) 19.01 January 17, 2019 Fifth Internet Edition. 17.10 October 19, 2017 Fourth Internet Edition. 16.07 July 28, 2016 Third Internet Edition. 13.07 July 6, 2013 Second Internet Edition. 09.12 December 14, 2009 First Internet Edition. Table of Contents Introduction....................................................................................................xvi Why Use the Command Line?......................................................................................xvi
  • Shell Variables

    Shell Variables

    Shell Using the command line Orna Agmon ladypine at vipe.technion.ac.il Haifux Shell – p. 1/55 TOC Various shells Customizing the shell getting help and information Combining simple and useful commands output redirection lists of commands job control environment variables Remote shell textual editors textual clients references Shell – p. 2/55 What is the shell? The shell is the wrapper around the system: a communication means between the user and the system The shell is the manner in which the user can interact with the system through the terminal. The shell is also a script interpreter. The simplest script is a bunch of shell commands. Shell scripts are used in order to boot the system. The user can also write and execute shell scripts. Shell – p. 3/55 Shell - which shell? There are several kinds of shells. For example, bash (Bourne Again Shell), csh, tcsh, zsh, ksh (Korn Shell). The most important shell is bash, since it is available on almost every free Unix system. The Linux system scripts use bash. The default shell for the user is set in the /etc/passwd file. Here is a line out of this file for example: dana:x:500:500:Dana,,,:/home/dana:/bin/bash This line means that user dana uses bash (located on the system at /bin/bash) as her default shell. Shell – p. 4/55 Starting to work in another shell If Dana wishes to temporarily use another shell, she can simply call this shell from the command line: [dana@granada ˜]$ bash dana@granada:˜$ #In bash now dana@granada:˜$ exit [dana@granada ˜]$ bash dana@granada:˜$ #In bash now, going to hit ctrl D dana@granada:˜$ exit [dana@granada ˜]$ #In original shell now Shell – p.
  • Sleep 2.1 Manual

    Sleep 2.1 Manual

    Sleep 2.1 Manual "If you put a million monkeys at a million keyboards, one of them will eventually write a Java program. The rest of them will write Perl programs." -- Anonymous Raphael Mudge Sleep 2.1 Manual Revision: 06.02.08 Released under a Creative Commons Attribution-ShareAlike 3.0 License (see http://creativecommons.org/licenses/by-sa/3.0/us/) You are free: • to Share -- to copy, distribute, display, and perform the work • to Remix -- to make derivative works Under the following conditions: Attribution. You must attribute this work to Raphael Mudge with a link to http://sleep.dashnine.org/ Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under the same, similar or a compatible license. • For any reuse or distribution, you must make clear to others the license terms of this work. The best way to do this is with a link to the license. • Any of the above conditions can be waived if you get permission from the copyright holder. • Apart from the remix rights granted under this license, nothing in this license impairs or restricts the author's moral rights. Your fair use and other rights are in no way affected by the above. Table of Contents Introduction................................................................................................. 1 I. What is Sleep?...................................................................................................1 II. Manual Conventions......................................................................................2 III.
  • Netstat Statistics Comparison with Perl by Noah Davids

    Netstat Statistics Comparison with Perl by Noah Davids

    Netstat Statistics Comparison with Perl By Noah Davids Comparing sets of numeric output can be tiresome. Using the output from the netstat command helps diagnose problems. Over time, the changes in the statistics reported can be very informative.This article explains how this network specialist and Perl novice decided to write a program to do the comparison for him. INTRODUCTION THE SCRIPT Comparing sets of numeric output can be tedious, especially when The script expects as input a file with the following format: the numbers are large and there are a lot of them. Unfortunately it is Some number of random lines something I have to do fairly often. As a network support specialist, I Line with unique string indicating start of data set 1 often use the output from the netstat command to help diagnose Some fixed number of lines with the format: problems. Changes in the statistics reported over time can be very enlightening. In addition, as part of the support process, I have to LABEL NUMBER LABEL NUMBER LABEL include those differences in my written analysis. Punching the long numbers into a calculator and copying the answer back out is a drag. Some number of random lines Using cut and paste helps only marginally. Line with the same unique string indicating start of data 2 To make my life simpler, I decided to write a program to do the Some fixed number of lines with the format: comparison for me. However, I support four different operating sys- tems, and while each has a netstat command, the format and content LABEL NUMBER LABEL NUMBER LABEL of the output varies with each OS.
  • ANSWERS ΤΟ EVEN-Numbered

    ANSWERS ΤΟ EVEN-Numbered

    8 Answers to Even-numbered Exercises 2.1. WhatExplain the following unexpected are result: two ways you can execute a shell script when you do not have execute permission for the file containing the script? Can you execute a shell script if you do not have read permission for the file containing the script? You can give the name of the file containing the script as an argument to the shell (for example, bash scriptfile or tcsh scriptfile, where scriptfile is the name of the file containing the script). Under bash you can give the following command: $ . scriptfile Under both bash and tcsh you can use this command: $ source scriptfile Because the shell must read the commands from the file containing a shell script before it can execute the commands, you must have read permission for the file to execute a shell script. 4.3. AssumeWhat is the purpose ble? you have made the following assignment: $ person=zach Give the output of each of the following commands. a. echo $person zach b. echo '$person' $person c. echo "$person" zach 1 2 6.5. Assumengs. the /home/zach/grants/biblios and /home/zach/biblios directories exist. Specify Zach’s working directory after he executes each sequence of commands. Explain what happens in each case. a. $ pwd /home/zach/grants $ CDPATH=$(pwd) $ cd $ cd biblios After executing the preceding commands, Zach’s working directory is /home/zach/grants/biblios. When CDPATH is set and the working directory is not specified in CDPATH, cd searches the working directory only after it searches the directories specified by CDPATH.
  • Scalable Verification for Outsourced Dynamic Databases Hwee Hwa PANG Singapore Management University, Hhpang@Smu.Edu.Sg

    Scalable Verification for Outsourced Dynamic Databases Hwee Hwa PANG Singapore Management University, [email protected]

    Singapore Management University Institutional Knowledge at Singapore Management University Research Collection School Of Information Systems School of Information Systems 8-2009 Scalable Verification for Outsourced Dynamic Databases Hwee Hwa PANG Singapore Management University, [email protected] Jilian ZHANG Singapore Management University, [email protected] Kyriakos MOURATIDIS Singapore Management University, [email protected] DOI: https://doi.org/10.14778/1687627.1687718 Follow this and additional works at: https://ink.library.smu.edu.sg/sis_research Part of the Databases and Information Systems Commons, and the Numerical Analysis and Scientific omputC ing Commons Citation PANG, Hwee Hwa; ZHANG, Jilian; and MOURATIDIS, Kyriakos. Scalable Verification for Outsourced Dynamic Databases. (2009). Proceedings of the VLDB Endowment: VLDB'09, August 24-28, Lyon, France. 2, (1), 802-813. Research Collection School Of Information Systems. Available at: https://ink.library.smu.edu.sg/sis_research/876 This Conference Proceeding Article is brought to you for free and open access by the School of Information Systems at Institutional Knowledge at Singapore Management University. It has been accepted for inclusion in Research Collection School Of Information Systems by an authorized administrator of Institutional Knowledge at Singapore Management University. For more information, please email [email protected]. Scalable Verification for Outsourced Dynamic Databases HweeHwa Pang Jilian Zhang Kyriakos Mouratidis School of Information Systems Singapore Management University fhhpang, jilian.z.2007, [email protected] ABSTRACT receive updated price quotes early could act ahead of their com- Query answers from servers operated by third parties need to be petitors, so the advantage of data freshness would justify investing verified, as the third parties may not be trusted or their servers may in the computing infrastructure.
  • System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1

    System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1

    SUSE Linux Enterprise Server 15 SP1 System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1 An administrator's guide for problem detection, resolution and optimization. Find how to inspect and optimize your system by means of monitoring tools and how to eciently manage resources. Also contains an overview of common problems and solutions and of additional help and documentation resources. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xii 1 Available Documentation xiii
  • Vyatta-VPN 6.5R1 V01.Pdf

    Vyatta-VPN 6.5R1 V01.Pdf

    VYATTA, INC. | Vyatta System VPN REFERENCE GUIDE Introduction to VPN IPsec Site‐to‐Site VPN Virtual Tunnel Interfaces Remote Access VPN OpenVPN Vyatta Suite 200 1301 Shoreway Road Belmont, CA 94002 vyatta.com 650 413 7200 1 888 VYATTA 1 (US and Canada) COPYRIGHT Copyright © 2005–2012 Vyatta, Inc. All rights reserved. Vyatta reserves the right to make changes to software, hardware, and documentation without notice. For the most recent version of documentation, visit the Vyatta web site at vyatta.com. PROPRIETARY NOTICES Vyatta is a registered trademark of Vyatta, Inc. Hyper‐V is a registered trademark of Microsoft Corporation. VMware, VMware ESX, and VMware server are trademarks of VMware, Inc. XenServer, and XenCenter are trademarks of Citrix Systems, Inc. All other trademarks are the property of their respective owners. RELEASE DATE: October 2012 DOCUMENT REVISION. 6.5R1 v01 RELEASED WITH: 6.5R1 PART NO. A0‐0222‐10‐0016 iii Contents Quick List of Commands . xi List of Examples . xvi Preface . xvii Intended Audience . xviii Organization of This Guide . xviii Document Conventions . xix Vyatta Publications . xx Chapter 1 Introduction to VPN . 1 Types of VPNs . 2 Supported Solutions . 3 Site‐to‐Site with IPsec . 3 Virtual Tunnel Interface. 4 Remote Access Using PPTP . 4 Remote Access Using L2TP and IPsec. 5 Site‐to‐Site and Remote Access Using OpenVPN . 5 Comparing VPN Solutions. 6 PPTP. 7 L2TP/IPsec. 7 Pre‐shared keys (L2TP/IPsec) . 8 X.509 certificates (L2TP/IPsec) . 8 VPNs and NAT . 8 Chapter 2IPsec Site‐to‐Site VPN. 9 IPsec Site‐to‐Site VPN Configuration . 10 IPsec Site‐to‐Site VPN Overview.
  • Vyos Documentation Release Current

    Vyos Documentation Release Current

    VyOS Documentation Release current VyOS maintainers and contributors Jun 04, 2019 Contents: 1 Installation 3 1.1 Verify digital signatures.........................................5 2 Command-Line Interface 7 3 Quick Start Guide 9 3.1 Basic QoS................................................ 11 4 Configuration Overview 13 5 Network Interfaces 17 5.1 Interface Addresses........................................... 18 5.2 Dummy Interfaces............................................ 20 5.3 Ethernet Interfaces............................................ 20 5.4 L2TPv3 Interfaces............................................ 21 5.5 PPPoE.................................................. 23 5.6 Wireless Interfaces............................................ 25 5.7 Bridging................................................. 26 5.8 Bonding................................................. 27 5.9 Tunnel Interfaces............................................. 28 5.10 VLAN Sub-Interfaces (802.1Q)..................................... 31 5.11 QinQ................................................... 32 5.12 VXLAN................................................. 33 5.13 WireGuard VPN Interface........................................ 37 6 Routing 41 6.1 Static................................................... 41 6.2 RIP.................................................... 41 6.3 OSPF................................................... 42 6.4 BGP................................................... 43 6.5 ARP................................................... 45 7