Deploy the Barracuda NextGen Firewall X-Series as a remote access gateway for VPN traffic. The Remote Access Gateway wizard takes you through the necessary steps to configure a client-to-site VPN and enable SSL VPN with support for CudaLaunch. A remote access premium subscription is required.
Before you begin
Make sure you have the following information on hand:
- If you are using Active Directory as your method of authentication, you need to have the Active Directory configuration information.
- The network that the client-to-site VPN clients will be assigned to (client network).
- The networks that will be available to the client-to-site VPN clients (published networks).
Step 1. Complete the Remote Access Gateway wizard
This wizard allows you to configure the Barracuda X-Series Firewall as a remote access gateway that can work in conjunction with your existing firewall.
- To launch the wizard, go to Advanced > Wizards and click Start next to Remote Access Gateway.
- Enter the VPN IP address(es) for the VPN service. Click + after each entry.
- Click Next.
- Select the authentication Type for the VPN service. When choosing Local Authentication,
- Enter Username and Password.
- When choosing Active Directory, specify the following settings:
- Domain Controller Name – Enter the fully qualified name of the domain controller.
- Domain Controller IP – Enter the IP address of the domain controller.
When using SSL, the name should be used instead of the IP address.
- Searching User – Enter the username of the MSAD searching user.
- Searching User Password – Enter the password for the MSAD searching user.
- Base DN – Enter the Distinguished Name (DN) at which to start the search in the LDAP database, specified as a sequence of Relative Distinguished Names, connected with commas, with or without blank spaces. Make the base DN as specific as possible in order to speed the lookup and avoid timeouts. For example, if your domain is yourcompany.com, your search base DN might be as follows:
DC=yourcompany, DC=com, OU=sales
- Cache MSAD Groups – Enable caching of MSAD groups.
- Offline Sync – Enable offline synchronization.
- Use SSL – Select to use SSL for connections to the authentication server.
- Click Next.
- Configure the settings for client–to–site VPN:
- Enter a VPN Policy Name. This name is referred to as group name (iOS) or IPsec identifier (Android) on mobile VPN clients.
- In the Client Network field, enter an unused network in CIDR notation (e.g., 192.168.222.0/24). IP addresses from this network will be assigned to connected VPN clients. Ensure that this network is not already defined on the NETWORK > IP Configuration page.
- Enter a Shared Key to authenticate the client.
- In the Published Networks field, enter all of the networks that the VPN clients will be able to access. Enter IP addresses and networks in CIDR format (
X.X.X.X⁄X)and click + after each entry.
- Click Next.
- Configure the settings for SSL VPN:
- Enable CudaLaunch to give end users remote access to corporate resources.
- (optional) Customize the Welcome Message for the SSL VPN portal.
- (optional) Customize the Help Text to be displayed to the user. Only ASCII characters are allowed in the Welcome Message and Help Text fields.
- Click Next. The summary screen opens.
- (optional) Click Print.
- Review your configuration settings and click Apply Now.
Step 2. Configure administrator IP/range
If administrators always use the same IP range, you can restrict access to the web interface of the Barracuda Firewall by specifying a range of allowed IP addresses or networks to increase security.
- Go to BASIC > Administration.
- In the ADMINISTRATOR IP/RANGE section, enter the IP⁄Network Address and Netmask for the networks allowed to access the web interface. For a single IP address, set the Netmask field to
- Click Add.
Configure the SSL VPN resources: For more information, see SSL VPN.