Global eXchange Services

spongehousesΑσφάλεια

3 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

47 εμφανίσεις


Global eXchange Services

VPN User Guide

Release 1.2



August 2003


© 2003 Global eXchange Services



Disclaimer:

Information in this document is subject to change without notice. Global
eXchange Services reserves the right to change (upgrade) data to p
rovide the
most accurate, reliable quality product available. Specific mention of a product
in this document is not a guarantee by Global eXchange Services of complete
hardware and software compatibility with your data processing system. If you
have ques
tions about hardware and / or software compatibility, please contact
your Global eXchange Services representative.





Trademarks:

SecuRemote is a trademark of Check Point Software.

All product names and corporations mentioned in this document may be
trad
emarks, registered trademarks, or copyrighted by their respective owners.














Table of Contents


VPN


Security Service

................................
................................
................................
...........
3

Overview

................................
................................
................................
............................
3

Downloadi ng and Installing VPN Soft ware
................................
................................
.............
3

After Compl eting the Install ation
................................
................................
........................
3

Confi guri ng Your VPN Software

................................
................................
...........................
3

Defini ng Interchange Services as a Site

................................
................................
............
4

Establishing a Secure Connection

................................
................................
.....................
7

Using the VPN
-
Security Service

................................
................................
...........................
8

Startup

................................
................................
................................
............................
9

Shutdown

................................
................................
................................
........................
9

Non
-
Modem Connected Workstations

................................
................................
.................

10



VPN


Security Service

Overview

Global eXchange Services’ (GXS) VPN
-
Security enables you to conduct secure and private
communications with GXS over untr
usted networks, such as the Internet, by encrypting and
decrypting information entering and leaving your PC. This user guide provides the basic
information you need to quickly start using the GXS’ VPN
-
Security on Microsoft® Windows©.

Before starting to
use this Job Aid regarding the GXS’ VPN
-
Security, please be sure you have the
GXS Welcome Letter. This letter will provide several important pieces of information required for
successful implementation.

Downloading and Installing VPN
Software

Follow the

steps below to download the VPN software.

1

Exit all running programs except for your web browser.

2

Use your web browser to access any web page on the Internet. This will confirm that
TCP/IP is working properly on your PC.

3

Using your web browser, connect to

https://support.vpn.gxs.com


4

Log on to the GXS VPN Software Distribution Web site using your User ID, and
password.

5

Follow the instructions on the Web site to download a copy of VPN SecuRemote that
works with y
our PC’s Operating System. The supported Windows Operating Systems
include Windows 98/ME, Windows NT, Windows 2000 and Windows XP Professional
Edition.

Create a temporary directory for installation, such as C:
\
TEMP.

Save the .EXE file to your temporary di
rectory.

6

Exit from your web browser.

7

Open the Start menu and Run the .EXE located in the newly created temporary directory
(i.e., C:
\
TEMP)

8

Use default settings for all installation options. Simply click on Next until the installation is
complete.

9

When t
he installation is complete, click Finish to reboot.


After Completing the Installation

You may want to delete the downloaded .EXE file in your temporary directory.

Configuring Your VPN Software

To configure VPN SecuRemote, open the site window by clicking

on the envelope located on the
Window taskbar. After SecuRemote is installed on your PC, you must define the GXS VPN
gateway as the site that handles the remote encryption/decryption. You can find the Site Name in
the GXS Welcome Letter.

The VPN Site Na
me for GXS VPN gateway can be a resolvable name; for example,
xxx.xxx.gxs.com, or an IP address equivalent.

Once your configuration is complete, you may close the site window. You do not need to have
the site window open for SecuRemote to function.









Envelope

Defining GXS VPN gateway as a Site

1

Open the SecuRemote Sites window by clicking the SecuRemote icon in the Windows
system tray.




2

Alternatively, you can open the Windows Start menu and choose SecuRemote from the
SecuRemote program group.

3

Select “Create New” Site from the Sites menu, or Click on the Create New Site icon in the
toolbar.




4

In the Site window, type the IP address of the site, for example, 204.90.187.149 (GXS US
VPN gateway) and click OK. You can find the IP address or name

of the GXS VPN
gateway you should connect to in the GXS Welcome letter.




5

Authenticate yourself when you are asked to do so.




6

You will be prompted to verify the VPN site certificate fingerprint. Click OK to continue.




7

An authentication confirmatio
n window will be displayed once you are successfully
authenticated to the GXS VPN gateway. Click OK to continue.




8

You can click OK to save the VPN site date








9

You now should have the GXS VPN site properly defined.




Establishin
g a Secure Connection

When you connect to GXS for the first time in an application session, SecuRemote prompts you
for a user name and password, as shown below. Enter your VPN userID and password and click
OK.



Your password for the current connection w
ill be remembered by the VPN SecuRemote until you:



Terminate SecuRemote



Reboot your system



Your password expires in 18 hours automatically



You erase your password in SecuRemote


If you wish to erase your password, simply open the Password menu and select I
nvalidate
Password.



Note: Network connectivity issues, PC hardware problems or software conflicts may also
affect the frequency required to authenticate. VPN SecuRemote software is not to be used
as a 24x7 unattended solution.


Using the VPN
-
Security Se
rvice

Your VPN software, SecuRemote, is active when the small envelope is displayed on the taskbar.
When SecuRemote is encrypting traffic, the envelope will close momentarily as the data is
transmitted.

The envelope stays open when your system is not tra
nsmitting or receiving data,
which is usually most of the time, and if you place your cursor over the envelope it displays a
small box stating that it is idle.

When a SecuRemote user asks for a connection to GXS, the SecuRemote software intercepts
the ou
tgoing data packet and compares the destination to a list of secured networks/hosts. Since
the GXS application servers are identified to be in the Security Domain of the VPN Gateway,
SecuRemote automatically encrypts your data being exchanged with GXS.

The SecuRemote PC then begins to establish an encrypted link to the VPN Gateway. It prompts
you for a valid userID and password. The VPN Gateway checks with the Authentication Server to
see if you are permitted to connect to GXS. Once you are authentica
ted, an encrypted link is
established. When you communicate with computers that are not defined in the Security Domain,
the SecuRemote program passes the data without encryption.

Startup

SecuRemote starts automatically each time your PC boots up. If you
end SecuRemote, you may
manually start it up.

Open the Start menu → Programs → Checkpoint VPN
-
1 SecuRemote and click on the
SecuRemote program icon. When SecuRemote starts, a small envelope appears on the taskbar.

Shutdown

To shutdown the SecuRemote program, right click on the envelope icon located o
n the taskbar.
A pop
-
up menu appears. Click “Stop VPN
-
1 SecuRemote” to disable SecuRemote. You will not
be able to communication with sites that require encryption once SecuRemote is disabled.

You may also shut down SecuRemote by opening the Site window
, opening the File menu, and
selecting “Stop VPN
-
1 SecuRemote”.

Non
-
Modem Connected
Workstations

If you are not using a dial
-
up modem or other private Internet connection to access your Internet
Service Provider (ISP), but are instead connecting via your
company’s local are network (LAN) to
access the Internet, then you need to consult with your network administrator before attempting to
use VPN
-
SecuRemote software.

In order to connect in this manner, your network administrator must perform the following s
teps.

Verify whether the PC on which you are going to install SecuRemote is not behind a NAT
(Network Address Translation) device. If it is, make sure the following ports are open on the
NAT device:






TCP Port 264

Site Download



TCP/UDP Port 500

User Auth
entication



UDP Port 2746

IPSec UDP encapsulation



UDP Port 259

VPN Gateway availability check


If the computer is NOT behind a NAT device, make sure the following ports are open
between the PC and the GXS VPN gateway:




TCP Port 264

Site Download



TCP/UDP Por
t 500

User Authentication



Protocol 50


IPSec ESP



UDP Port 259

VPN Gateway availability check