Scribd
Upload
29 views20 pages

IPTL - Network Extension

This document provides instructions for setting up a point-to-point network extension between two locations using IpTL 75 devices. It details the physical connections, configuration steps, and testing procedures for establishing an encrypted TLS tunnel between the devices to bridge their local networks.

Uploaded by

Ahmed Khaled
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views20 pages

IPTL - Network Extension

This document provides instructions for setting up a point-to-point network extension between two locations using IpTL 75 devices. It details the physical connections, configuration steps, and testing procedures for establishing an encrypted TLS tunnel between the devices to bridge their local networks.

Uploaded by

Ahmed Khaled
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Network Communications Simplified™

Point-to-Point Network Extension


over ADSL with the IpTL 75
What you can do with this Guide.
 Setup two Model 75’s FastLane devices across an ADSL & IP
network.
 Stub at the main office (e.g. “extends”
the PC from the Main office to the
remote office.)
 Inline at the Remote office (e.g. all Remote LAN traffic is to/from the main
office LAN…including any default Internet gateway.)
 Securely Bridge together two LANs (office/HQ and remote office.)

IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 2
Prerequisites, Assumptions, and Givens
 Two Model 75 devices running software rev. 1.2.4 or later.
 A DHCP server running on at the Main Office/HQ with at least one lease/address available
(used for the far-end PC at the remote office)
 If the Model 75 at the Main Office/HQ site is behind a NAT router…
 You will need a Static IP/Mask (can be RFC1918 address) for the uplink Ethernet port
Model 75.
 Forwarding of UDP 1194 from the Router public IP to the Private address of the Model
75.
 If the Model 75 at the Main Office/HQ site will be installed with a Globally Addressable IP
(e.g. Valid IP)…
 The Static IP/mask for the uplink Ethernet port
 No port forwarding needed (directly accessible from the IP network)

IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 3
Reference Architecture

Ethernet

Ethernet

Ethernet

 Laptop/PC “B” will be connected to the Main Office/HQ LAN.


 From a logical Ethernet point of view, PC A and PC B are “on the same wire
and on the same LAN.
IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 4
Reference Architecture - Protocol View

DHCP from ADSL Static IP for Tunnel

TLS Encrypted Tunnel Established Between M75 endpoints

Bridged Ethernet Frames Sent between M75’s

IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 5
Main Site Setup – Physical Connections

 Connect the power adapter to the power input on the back of


the M75.
 Connect the M75 to the Local Area Network by connecting the
uplink port to the LAN Ethernet switch.

 NOTE: If using PoE, connect the


M75 uplink port to the Ethernet
switch supply PoE. This will provide
power and LAN connectivity.
(yes, you can do the whole application with one connection!)

IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 6
Main Site Model 75 Configurations
 Set the unit IP address
 Log into the M75
 Select Networki ->
 Un-Check the DHCP radio-button
 Input the Static IP, Mask, Default
Gateway, and DNS servers
 to input your changes.
 Be sure to save your changes!

You may leave the Secondary IP as-is to provide an alternative access to the unit.
If needed, the DNS servers of [Link] and [Link] are Google Public DNS servers.
IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 7
Main Site Model 75 Configurations…continued
 Select ->
 Under Tunnel Options ensure the
following are set and submit
 Tunnel Mode = Local
 Protocol = UDP
 Cipher = AES 256
 Compression = enabled
 Pass TOS Field = disabled

 Under Server Options ensure the


following are set and submit
 Listen Port = 1194
 Keepalive sent = 10
 Restart after = 30
 Client-to-Client = enable This function is to permit/deny
remote traffic hair-pin from one tunnel to another.
Note this setting only important for multiport units
(e.g. Model 78/72/79) and has no effect for Model 75.

IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 8
Main Site Model 75 Configurations…continued

 Select ->
 Ensure that there are NO check boxes selected.
 Uncheck any check boxes that are active and
 Note: It is the factory default to Block Traffic Uplink <->
Tunnel and Block Traffic Local <-> Uplink

IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 9
Main Site Network Integration Setup

 UDP Port 1194 must be statically


mapped from the public IP side
to the Private Side address of the
M75. (e.g. [Link])
 This permits any INBOUND
requests from the public IP 1194
(e.g. [Link]) to be forwarded
to the M75 for termination.
Note: This is only required on server/local side setup. NOT needed on Remote/Clients
Note: If the M75 has a public IP address then there is NO static mapping.

IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 10
Examples of Port Mapping

 Cisco IOS Entry


ip nat inside source static udp [Link] 1194 [Link] 1194

 Linksys WRT160
 Port forwarding is found under
Applications and Gaming

IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 11
Only If you have a dynamic IP at the Main Site Router

 Use DynDns to support a dynamic IP at the main site


 Register a free account at [Link]

 Select ->
 Enter in your DynDNS
credentials
 Username
 Password
 Hostname
 Sub to implement
IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 12
Remote Site Setup – Physical Connections

 Connect the power adapter to the power input on the back


of the M75.
 Connect the M75 to the ADSL NTU by connecting the uplink
port to Ethernet LAN Port of the NTU
 Connect one of the Local ports on the M75 to the Local
Area Network of the Remote office.
Note: All three Local ports are connected
To the bridge group and do not function
as an Ethernet mini-switch.
IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 13
Remote Site Model 75 Configurations
 Set the unit IP address
 Log into the M75
 Select Networ ->
 Ensure the DHCP radio-button is
checked
You may leave the Secondary IP
as-is to provide an alternative
method to access to the unit.
IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 14
Remote Site Model 75 Configurations…continued
 Select Tunnel- ->
 Under Tunnel Options ensure the
following are set and
 Tunnel Mode = remote
 Protocol = UDP
 Cipher = Blowfish
 Compression = enabled
 Pass TOS Field = enabled

 Under Client Options ensure the


following are set and t
 Remote IP: <the Public IP of your Server>
 Remote Port: 1194
Note: These are the factory default settings
IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 15
Remote Site Model 75 Configurations…continued
 Select IP Filt->
 Ensure that the following check boxes ARE selected:
 Block Traffic Uplink <-> Tunnel – This prevents Tunnel Ethernet Traffic and
WAN/Uplink port Ethernet Traffic from bridging to each other.
 Block Traffic Local <-> Uplink – This prevents the Local Ethernet and the Uplink
Ethernet from bridging to each other.
 This ensures ONLY tunnel Ethernet traffic available to the remote site.

IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 16
Remote Site Model 75 Configurations…continued

 Select DHCP
 Ensure that the DHCP server within
the M75 is unchecked
 This will permit DHCP requests
to traverse the tunnel and
be controlled by the Main Site
DHCP server.

IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 17
Status of the Connection

 There is NO PORT Mapping required at the remote sites.


 No DynDNS required…IP addresses can change without affecting connectivity.
 The Remote Site M75 will continuously attempt an outbound connection to
the Server Main Site M75 unit.
 Once both the Main Site and Remote Sites are configured the tunnel and
Ethernet bridging will be established automatically.
 The Front Panel TUNNEL indicator will show tunnel status of a successful link.
 All Laptops/PC’s and Hosts a the remote will
DHCP their addresses from the Main Site
DHCP server.

IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 18
Testing and Use

 To test the link – have the Laptop/PC B “ping” a host at the central site or have
Laptop/PC A ping a host at the remote site.
 All traffic at the Remote Site will traverse the tunnel to the Main Site…including any
default gateways to the Internet (allows for acls’s and control of ALL network traffic!).
 Split tunneling can be implemented by removing the Local <-> Uplink block.
IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 19
Simplified Networking Products for Connectivity Anywhere

IP Technology Labs, LLC.


3470 Olney-Laytonsville Rd#313 Network Communications Simplified™
Olney MD 20832 USA
E: support@[Link]
W: [Link]
T:+1 301 570 6611
F:+1 301 570 8049

Thank You for your Attention!


IPTL Corporate Confidential – Covered Under NDA – No prior use without authorization 20

You might also like