No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI SecoClient User Access Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a VPN Connection

Configuring a VPN Connection

The SecoClient supports two VPN connection configuration modes: manual mode and configuration file mode.

The configuration mode depends on whether your enterprise network administrator provides the VPN connection configuration file.

  • If the administrator has provided the configuration file, you can directly import the configuration file to configure the VPN connection. For details, see Configuring a VPN Connection by Importing a Configuration File.
  • If you do not have the configuration file, you can manually configure a VPN connection on the SecoClient.

    When you manually configure a VPN connection, the connection parameters to be configured vary according to the type of the VPN to be connected. Therefore, you need to confirm the type of the VPN to be connected with your enterprise network administrator and obtain necessary connection parameters.

    After specifying the type of the VPN to be connected and obtaining necessary connection parameters, configure the VPN connection by referring to the following sections:

Configuring an SSL VPN Connection

If you have confirmed with your enterprise network administrator that the type of the VPN to be connected is SSL VPN, perform the steps in this section to configure the VPN connection.

Before You Start

Before the configuration, check the following table to ensure that you have obtained the connection parameters required for setting up an SSL VPN connection.

NOTE:

You can also use the configuration and connection templates in Appendix to check whether the obtained connection parameters are complete.

Table 4-1 SSL VPN connection parameters

Check Item

Remarks

Are Proxy Settings needed?

No

If you do not use any proxy server when accessing the Internet, Proxy Settings are unnecessary.

Yes (System proxy is used.)

There are three proxy server scenarios. After selecting a proxy type, enter the address, port number, account, and password. You can obtain this information from your enterprise network administrator.

Yes (HTTP/HTTPS proxy is used.)

Yes (Socks5 proxy is used.)

Connection Name

Identifies an SSL VPN connection. You can set it as required.

Description

Indicates information about the connection, such as the creator, creation time, and connection purpose. You can set the information as required.

Gateway Address

Specifies the IP address of an SSL VPN virtual gateway. Obtain this value from your enterprise network administrator.

Port

Specifies the port number used to establish an SSL VPN tunnel. Obtain this value from your enterprise network administrator.

Tunnel Mode

Reliable transmission mode

  • Confirm the mode with your enterprise network administrator.
  • The reliable transmission mode is recommended when the network environment is unstable. If the network environment is stable, you are advised to use the quick transmission mode to improve data transmission efficiency. If you do not know the network environment condition, select the auto-sensing mode.

Quick transmission mode

Auto-sensing mode

Certificate Authentication

NOTE:

This item is displayed only in the Linux operating system.

If you use certificate authentication to establish an SSL VPN connection, select Certificate Authentication.

After Certificate Authentication is selected, you can select a certificate for certificate authentication.

Password

NOTE:

This item is displayed only in the Linux operating system.

This parameter specifies the login password corresponding to the user name extracted from the certificate during certificate authentication.

This password can be set only when an SSL VPN connection is set up using certificate authentication and Certificate Authentication is selected.

Procedure

  1. Select New Connection from the Connect drop-down list on the main interface of the SecoClient.

  2. In the New Connection dialog box, select SSL VPN from the left navigation tree and set connection parameter values.

  3. After the configurations are complete, click OK to return to the main interface of the SecoClient. You can see that a VPN connection has been created successfully.

Follow-Up Procedure

Configuring an L2TP VPN Connection

If you have confirmed with your enterprise network administrator that the type of the VPN to be connected is L2TP VPN, perform the following steps to configure the VPN connection.

Before You Start

Before the configuration, check the following table to ensure that you have obtained the connection parameters required for setting up the L2TP VPN connection.

NOTE:

You can also use the configuration and connection templates in Appendix to check whether the obtained connection parameters are complete.

Table 4-2 L2TP VPN connection parameters

Check Item

Remarks

Proxy Settings

Are Proxy Settings needed?

No

If you do not use any proxy server when accessing the Internet, Proxy Settings are unnecessary.

Yes (Socks5 proxy is used.)

NOTE:

L2TP VPN tunnels support only the Socks5 proxy.

After setting the proxy type to Socks5 proxy, enter the address, port number, account, and password. You can obtain this information from your enterprise network administrator.

L2TP Configuration

Connection Name

Identifies an L2TP VPN connection. You can set it as required.

Description

Indicates information about the connection, such as the creator, creation time, and connection purpose. You can set the information as required.

LNS Server Address

Specifies the IP address of an L2TP VPN gateway. Obtain this value from your enterprise network administrator.

Tunnel Configuration

Tunnel Name

Identifies a device in the tunnel. Obtain this value from your enterprise network administrator.

Authentication Mode

CHAP

Confirm the mode with your enterprise network administrator.

PAP

Enable Tunnel Authentication

Deselected

  • Confirm this option with your enterprise network administrator.
  • If Enable Tunnel Authentication is selected, you need to enter the tunnel authentication password. Obtain the password from your enterprise network administrator.

Selected

Route Settings

  • Confirm the settings with your enterprise network administrator.
  • There are three configuration options:
    • Deselect Allow Internet access after connection.

      You can access intranet resources but cannot access the Internet.

    • Select Allow Internet access after connection, but no IP address is added to the IP address list.

      You can access the intranet resources that are on the same network segment as the intranet address allocated by the peer gateway, the Internet, and LAN.

    • Select Allow Internet access after connection and add IP addresses to the IP address list.

      You can access the enterprise intranet resources set in the IP address list, intranet resources in the same network segment as the intranet IP address allocated by the peer gateway, the Internet, and LAN.

      Obtain the IP addresses to be added to the IP address list from your enterprise network administrator.

Procedure

  1. Select New Connection from the Connect drop-down list on the main interface of the SecoClient.

  2. In the New Connection dialog box, select L2TP/IPSec from the left navigation tree and set connection parameter values.

  3. After the settings are complete, click OK to return to the main interface of the SecoClient. You can see that a VPN connection has been created successfully.

Follow-Up Procedure

Configuring an L2TP over IPSec VPN Connection

If you have confirmed with your enterprise network administrator that the type of the VPN to be connected is L2TP over IPSec VPN, perform the following steps to configure the VPN connection.

Before You Start

Before the configuration, check the following table to ensure that you have obtained the connection parameters required for setting up the L2TP over IPSec VPN connection.

NOTE:

You can also use the configuration and connection templates in Appendix to check whether the obtained connection parameters are complete.

Table 4-3 L2TP over IPSec VPN connection parameters

Check Item

Remarks

Proxy Settings

Are Proxy Settings needed?

No

If you do not use any proxy server when accessing the Internet, Proxy Settings are unnecessary.

Yes (Socks5 proxy is used.)

NOTE:

L2TP over IPSec VPN tunnels support only the Socks5 proxy.

After setting the proxy type to Socks5 proxy, enter the address, port number, account, and password. You can obtain this information from your enterprise network administrator.

L2TP Configuration

Connection Name

Identifies an L2TP over IPSec VPN connection. You can set it as required.

Description

Indicates information about the connection, such as the creator, creation time, and connection purpose. You can set the information as required.

LNS Server Address

Specifies the IP address of an L2TP VPN gateway. Obtain this value from your enterprise network administrator.

Tunnel Configuration

Tunnel Name

Identifies a device in the tunnel. Obtain this value from your enterprise network administrator.

Authentication Mode

CHAP

Confirm the mode with your enterprise network administrator.

PAP

Enable Tunnel Authentication

Deselected

  • Confirm the settings with your enterprise network administrator.
  • If Enable Tunnel Authentication is selected, you need to enter the tunnel authentication password. Obtain the password from your enterprise network administrator.

Selected

Enable IPSec Protocol

This option is mandatory for L2TP over IPSec VPN connections.

IPSec Identity Authentication Mode

Pre-shared Key

If you select this mode, the pre-shared key is required. Obtain this value from your enterprise network administrator.

USB Key Digital Signature Authentication

NOTE:

This option is supported only in the Windows OS.

If you select this mode, the USB PIN code is required. Obtain this value from your enterprise network administrator.

IPSec Configuration

IPSec Server Address

  • Specifies the IP address of an IPSec VPN gateway. Obtain this value from your enterprise network administrator.
  • If the L2TP VPN gateway and IPSec VPN gateway are the same, select Use LNS server address.

Encapsulation Mode

Tunnel Mode

Confirm the mode with your enterprise network administrator.

Transmission Mode

ESP Authentication Algorithm

The value can be MD5, SHA1, or SHA2-256. Confirm the algorithm with your enterprise network administrator.

ESP Encryption Algorithm

The value can be DES, 3DES, or AES. Confirm the algorithm with your enterprise network administrator.

IKE Basic Configuration

Negotiation Mode

Main Mode

Confirm the mode with your enterprise network administrator.

Aggressive Mode

ID Type

  • Indicates the identity authentication type for IKE negotiation. The ID can be an IP address or name.
  • Confirm the type with your enterprise network administrator.

Local Name

  • This parameter is mandatory when ID Type is set to Name.
  • Confirm the names with your enterprise network administrator.

Security Gateway Name

Authentication Algorithm

The value can be MD5, SHA1, or SHA2-256. Confirm the algorithm with your enterprise network administrator.

Encryption Algorithm

The value can be DES-CBC, 3DES-CBC, or AES-128/192/256. Confirm the algorithm with your enterprise network administrator.

DH Group ID

The value can be Group1, Group2, or Group5. Confirm the algorithm with your enterprise network administrator.

IKE Advanced Configuration

Enable PFS

  • Indicates that the Perfect Forward Secrecy (PFS) function is used during IKE negotiation.
  • After this function is enabled, you need to set security parameters, including Group1, Group2, and Group5.
  • Confirm the configuration with your enterprise network administrator.

SA Lifetime

  • Specifies an interval at which the IKE SA is updated, which reduces the risk of IKE SA cracking and improves security.
  • Confirm the value with your enterprise network administrator.

IPSec Advanced Configuration

SA Lifetime

  • Specifies an interval at which the IPSec SA is updated, which reduces the risk of IPSec SA cracking and improves security.
  • Confirm the value with your enterprise network administrator.

Route Settings

Mode Config

After the Mode Config parameter is set, the actual effect depends on whether the peer gateway supports Mode Config (also called the tunnel separation mode).

  • If the peer gateway supports and is configured with the Mode Config mode:
  • You can access intranet resources, the Internet, and LAN.
  • If the peer gateway does not support the Mode Config mode or the Mode Config mode is not configured:
  • You can access intranet resources but cannot access the Internet or LAN.

Confirm the configuration with your enterprise network administrator.

Allow Internet access after connection

You can use either of the following methods to set the parameters for accessing the Internet after the connection is set up:

  • Select Allow Internet access after connection, but no IP address is added to the IP address list:

    You can access the intranet resources that are on the same network segment as the intranet address allocated by the peer gateway, the Internet, and LAN.

  • Select Allow Internet access after connection and add IP addresses to the IP address list:

    You can access the enterprise intranet resources set in the IP address list, intranet resources in the same network segment as the intranet IP address allocated by the peer gateway, the Internet, and LAN.

    Obtain the IP addresses to be added to the IP address list from your enterprise network administrator.

Confirm the configuration with your enterprise network administrator.

Procedure

  1. Select New Connection from the Connect drop-down list on the main interface of the SecoClient.

  2. In the New Connection dialog box, select L2TP/IPSec from the left navigation tree and set connection parameter values.

    1. Set L2TP parameters.

    2. Set IPSec parameters.

  3. After the settings are complete, click OK to return to the main interface of the SecoClient. You can see that a VPN connection has been created successfully.

Follow-Up Procedure

Configuring a VPN Connection by Importing a Configuration File

The configuration file is an .ini file generated by your enterprise network administrator using the configuration file export function of the SecoClient. The file contains all parameters required for creating a specific VPN connection. After obtaining the configuration file, you can import the configuration file to the SecoClient client to generate the configured VPN connection. This simplifies your configuration.

Before You Start

Confirm with your enterprise network administrator about the integrity and accuracy of the configuration file. If some content in the configuration file is missing or incorrect, the VPN connection cannot be set up.

Procedure

  1. Select New Connection from the Connect drop-down list on the main interface of the SecoClient.

  2. In the New Connection dialog box, select Import from the left navigation tree.

  3. Click Import in the right pane, select the prepared configuration file, and click Open.
  4. Click OK to return to the main interface of the SecoClient. You can see that a VPN connection has been created successfully.

Follow-Up Procedure

Translation
Download
Updated: 2019-02-22

Document ID: EDOC1100025211

Views: 29009

Downloads: 921

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next