Configure Basic VPN Settings, Cert, Client Networks:
1. Go to CONFIGURATION -> Configuration Tree -> Box -> Virtual Servers -> <Virtual Server Name> -> Assigned Services -> VPN Service -> VPN Settings
2. Lock the VPN Settings.
3. Select "Click here for Server Settings?"
4. Under "Default Server Certificate" select "Ex/Import"
5. Select "New/Edit Certificate"
6. Have customer Fill out all the info under "Subject" in the "Certificate View" window.
1. For "Sub/alt Name" if they are using an IP use the following syntax - IP:<IP address>
Under "Default Key" Click on "Ex/Import"
Select "New 2048-bit RSA Key"
Select "Yes" on the pop up window.
1. The Key and Cert should now match and be GREEN
Select "OK" to close the "Server Settings Window"
Select the "Server Certificate
Click the "Client Networks" tab
Right-Click in the table and select "New Client Network", this will open a "Client Network" window.
Configure the following fields:
1. Name - Descriptive name for the network
2. Network Address - the Base network for the VPN clients (An address that is NOT being used currently on the network.
3. Network Mask - the subnet mask for the VPN client networks
4. Gateway - Enter the gateway network address (most of the time this is the NG Firewall IP)
Type - Select "Routed (Static Route)"
Click on "Service Certificates/Keys"
Right-click the table and select "New Key"
Enter a name for the key (Usually use 'server' for simplicity)
Select "Send Changes"
Select "Activation Pending?" , then select "Activate"
Configure The Group Policy:
1. Navigate to Configuration Tree -> Box -> Virtual Servers -> <Virtual Server Name> -> Assigned Services -> VPN Service -> Client to Site
2. Select The "External CA" Tab
3. Click on "Lock"
Select "Click here for options?"
5. Change "Authentication Scheme" to the desired setting.
6. Select "Ok"
7. after the authentication scheme is selected, it needs to be configured. Box>>Infrastructure services>>Authentication service.
8. Right-Click in the Table and select "New Group Policy?"
9. In the "Edit Group Policy" window fill out the following:
1. Name - Simple Name for the Group Policy
2. Common Settings - click on the drop-down menu and it should fill in with the same name as you entered in the "Name" field.
3. Network - select the network associated with this policy
4. DNS - enter the DNS that you want to use for this VPN
5. Network Routes - add each network that the VPN clients should have access to in 0.0.0.0/0 notation.
6. Group Policy Condition - double click in table, place cursor in "Group Pattern", and press "Ok"
7. Barracuda tab default settings are fine.
8. IPSec tab, can configure if desired or disable all together if IPSec is not needed.
1. To disable IPSec do the following:
1. Click checkbox In the pull down menu.
2. Select the "disabled" checkbox that is under "IPSec Phase II - Settings"
3. Select "Disable" from the pull down menu next to the checkbox.
Click "OK" to close the "Edit Group Policy" window
Send Changes and Activate
Configure the Firewall Rule (If needed):
1. Navigate to Configuration Tree -> Box -> Virtual Servers -> <Virtual Server Name> -> Assigned Services -> Firewall -> Forwarding Rules
2. Lock The Screen
3. Create a New Rule with the following info:
2. Name : VPNCLIENTS-2-LAN
3. Source: <explicit-src> - Enter IP range of the VPN client Network.
4. Service: ALL
5. Destination: Trusted LAN
6. Authenticated User: Any
7. Policy: leave at defaults or adjust as desired
8. Connection Method: No Src NAT[Client] or NO SNAT
Position the Rule so that it is above or the BLOCKALL Rule.