1
00:00:00,210 --> 00:00:05,310
Hello and welcome to this lecture in this lecture we configure the four key firewall for the remote

2
00:00:05,310 --> 00:00:06,460
access VPN.

3
00:00:06,870 --> 00:00:12,660
So how we will do it we'll do it through going it's simpler and it's faster.

4
00:00:12,660 --> 00:00:19,650
So let's navigate now to Chrome let's say admin no password.

5
00:00:19,650 --> 00:00:27,200
Just say later later in the left side we have the VPN menu.

6
00:00:27,200 --> 00:00:34,640
So we have to click on VPN by the way by the way before that the virtual machine is running in evaluation.

7
00:00:34,640 --> 00:00:40,880
So this means that not all of the features are available or as you will see not all of the encryption

8
00:00:40,910 --> 00:00:45,970
and authentication algorithms are available but it doesn't matter for testing purposes.

9
00:00:45,980 --> 00:00:47,870
It's absolutely perfect.

10
00:00:47,870 --> 00:00:57,830
So navigate to a VPN then let's go to IP SEC wizard and here we can select from from some predefined

11
00:00:57,830 --> 00:00:59,500
templates to say so.

12
00:00:59,540 --> 00:01:03,430
So we have set aside remote access was the remote device.

13
00:01:03,440 --> 00:01:04,420
Is it the 48.

14
00:01:04,430 --> 00:01:06,670
Is it a Cisco and so on.

15
00:01:06,770 --> 00:01:13,740
For now we will say remote access and the remote device it's using for the client.

16
00:01:13,980 --> 00:01:19,280
So as you can see either it's a phone or a laptop or a tablet.

17
00:01:19,280 --> 00:01:20,050
It doesn't matter.

18
00:01:20,090 --> 00:01:21,200
It's using for decline.

19
00:01:21,200 --> 00:01:23,090
So this is what we will use.

20
00:01:23,090 --> 00:01:31,010
You can also configure the remote device to to use the Cisco the Cisco VPN plan the any clinic plan.

21
00:01:31,130 --> 00:01:38,490
But in this in this course we will use the the vendor specific for the client planned so let's name

22
00:01:38,490 --> 00:01:51,490
it something let's say remote access VPN for the client too many courtrooms it's not OK.

23
00:01:51,530 --> 00:01:57,450
Remote access VPN 40 and I will say now next.

24
00:01:57,560 --> 00:02:00,060
Now the traffic is coming inside.

25
00:02:00,080 --> 00:02:06,710
So it's going in in the land side and private segment through what interface and it's coming through

26
00:02:06,710 --> 00:02:15,170
the when port once selected will use appreciate key and they will say the pressure key is fortunate.

27
00:02:15,170 --> 00:02:22,060
And so again fortunate and we need to define the user group so we don't have a user group here.

28
00:02:22,070 --> 00:02:24,590
I will just click on the plus and create new

29
00:02:27,460 --> 00:02:38,330
and I will say remote access group and I will I will live the type as firewall because this is what's

30
00:02:38,330 --> 00:02:46,370
going to to be and for the user let's say I want a user

31
00:02:48,970 --> 00:02:55,980
local user so we don't use any external servers like radios or TAC X or held up anyway.

32
00:02:55,990 --> 00:02:58,690
So a local user defined on the firewall.

33
00:02:58,690 --> 00:03:04,770
So click Next the user will be user with password user.

34
00:03:05,700 --> 00:03:16,480
And next e-mail address lets the user and company that come next.

35
00:03:16,480 --> 00:03:20,800
These are account is enabled and is going to be in the user group

36
00:03:27,390 --> 00:03:28,830
let's say submit now

37
00:03:31,930 --> 00:03:33,240
and.

38
00:03:33,290 --> 00:03:38,870
OK let's go home and go to user and device

39
00:03:41,440 --> 00:03:45,400
user and device user groups

40
00:03:51,150 --> 00:03:54,030
so remote access group I will say.

41
00:03:54,030 --> 00:04:04,400
Edit and members is going to be user and OK so now we have these remote access group with one member

42
00:04:05,060 --> 00:04:07,440
the member is user.

43
00:04:08,030 --> 00:04:13,580
So let's navigate here again and do a refresh

44
00:04:17,280 --> 00:04:19,360
we have to type all over again.

45
00:04:19,380 --> 00:04:22,890
Remote access VPN 40.

46
00:04:23,280 --> 00:04:26,950
This is a remote access we are using clan based for the client.

47
00:04:27,830 --> 00:04:31,260
Next incoming interface Pt. 1.

48
00:04:31,330 --> 00:04:42,580
Pretty sure key is 40 Net User Group is remote access group and next local interface so port number

49
00:04:42,580 --> 00:04:49,690
2 is our private facing interface or going to the private land space one and 2 ones except one that

50
00:04:49,710 --> 00:04:59,700
one so I will select port to local address we don't have any objects that that refer to our private

51
00:04:59,700 --> 00:05:07,980
space or why we defined now one so I click on plus create new and Clay create an address the name will

52
00:05:07,980 --> 00:05:11,520
be HQ land.

53
00:05:11,970 --> 00:05:22,820
This is a subnet and the subnet is 1 9 2 that once exceed that one 0 and the slash 24 interface board

54
00:05:22,840 --> 00:05:26,450
number two and.

55
00:05:26,540 --> 00:05:28,710
OK.

56
00:05:28,920 --> 00:05:32,590
So this is the local address EU land.

57
00:05:32,730 --> 00:05:38,730
Now when the client will try to connect so the remote the remote plane the remote worker it will be

58
00:05:38,730 --> 00:05:40,590
assigned an IP address.

59
00:05:40,920 --> 00:05:47,880
So we have to specify here what is the address range so range meaning that if I define a 10 IP addresses

60
00:05:47,880 --> 00:05:56,820
range 10 remote workers are are going to be able to connect to our firewall so let's say 1 9 2 1 6 say

61
00:05:56,820 --> 00:06:09,220
that 1 the 200 up to 1 and 2 the 1 6 say that 1 2 0 9 which means 10 addresses starting from 0 going

62
00:06:09,220 --> 00:06:20,200
up to 9 and the subnet mask is a slash 24 please note that this IP address range XYZ now it's from the

63
00:06:20,430 --> 00:06:33,400
the from the same subnet that we have on our LAN so I will say next and save the password auto connect.

64
00:06:33,490 --> 00:06:42,680
Okay just some some other options I will leave it the default and say create so I can click on short

65
00:06:42,680 --> 00:06:50,840
tunnel list and it moves here in the basic tunnels so this is a so the template being used dial up for

66
00:06:50,840 --> 00:06:58,490
declined for Windows macros and unread the status is inactive interface bindings so the traffic is coming

67
00:06:58,490 --> 00:07:03,140
inside through port number one and this is the naming.

68
00:07:03,140 --> 00:07:08,390
So basically we have now finished the configuration of the remote access VPN on the HQ for the gate

69
00:07:08,390 --> 00:07:16,310
firewall in the next section we will concentrate on downloading the 40 the client VPN software for the

70
00:07:16,310 --> 00:07:19,200
Windows 10 machine and then the installation.

71
00:07:19,250 --> 00:07:21,670
So thanks a lot and see you in the next lecture.