HP BladeSystem bc2000 Cisco VPN Support for HP Thin Clients and Blade PCs
HP BladeSystem bc2000 - Blade PC Manual
View all HP BladeSystem bc2000 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP BladeSystem bc2000 manual content summary:
- HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 1
Cisco VPN Support for HP Thin Clients and Blade PCs Introduction...2 The Components...2 HP PC Client Computing Solutions ...2 Virtual Private Networks...3 Cisco VPN Capabilities ...3 Implementation Prerequisites ...3 The Implementation ...4 VPN Installation ...4 Basic VPN Configuration ...4 VPN 3000 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 2
thin clients based on three operating systems: Windows XPe, Debian Linux, and Windows CE. Each operating system provides protection for the OS image housed within the flash device while creating a partition on that flash device to act as a virtual hard drive. Only an account with administrator - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 3
to their final destination on the private network. The VPN 3000 concentrator supports the most popular VPN tunneling protocols: • PPTP: Point-to-Point consists of HP BladeSystem bc2000 Blade PCs and HP BladeSystem bc2500 Blade PCs running Windows XP SP2. HP Compaq t5720 Thin Clients (t5720) running - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 4
Basic VPN Configuration This paper focuses on the integration of VPN services to HP thin clients and blade PCs. As such, we are exploring only configuration com/en/US/docs/security/vpn3000/vpn3000_47/configuration/config.html. Instructions below step through a basic Virtual-IP VPN configuration from - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 5
emulator at 9600bps, 8 bits, no parity, 1 stop bit (9600,8,N,1). VPN 3000 Appliance Settings 1. Log on to VPN 3000 concentrator (https://10.2.2.2) using an account with administrator privileges. 5 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 6
2. From the initial VPN 3000 setup screen, click Configuration\Interfaces in the left panel. This brings up a graphical configuration window with hyperlinks to facilitate easy setup options. 3. Access private and public interface configuration options by clicking the appropriate links in the - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 7
is shown in the following illustration. Select DHCP Client or Static IP Addressing, as appropriate for the public 10.1.1.2 for routing within the switch. This routing address is entered as the Default Gateway address (also accessible via the Configuration\Interfaces window above). 5. Next, enter - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 8
The HP t5720 XPe-based Thin Client is configured by default with the Sygate firewall actively blocking all ports except those required for basic Web browsing and RDP connections. The HP Compaq t5720 Thin Clients used in this reference white paper also had firewall port exceptions added for - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 9
Firewall Configuration 1. Reboot the t5720 and log on using an account with administrator privileges. This ensures that the thin client is in a known, clean OS state. 2. In the System Tray, right-click the Sygate icon. 3. Select Advanced Rules. 4. Read the warning notification and click OK. 5. - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 10
a specific network interface card or the default, All network interface cards. 9. On the Applications tab, click Clear All to ensure no prior application is selected. 10. Scroll down and select Deterministic Networks. You could also click Browse and browse to c:\windows\system32\drivers\dne2000 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 11
12. On the Ports and Protocols tab in the Protocol list, select UDP. 13. Type 8905,8906 in the Local field. 14. In the Traffic Direction list, select Both. 15. Click OK. 16. Next, let's add a rule for VPN UDP traffic. First, in the Advanced Rules window, click Add. 17. In the Advanced Rule Settings - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 12
19. In the Apply Rule to Network Interface field, ensure that the proper network interface card is selected. 20. On the Ports and Protocols tab in the Protocol list, select TCP. 21. Type 500,1562,8905,8906,62515 in the Remote field. 22. In the Traffic Direction list, select Both. 23. Click OK. 12 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 13
new VPM policies are defined and active. Change Commitment to Enhances Write Filter (EWF) At this point the Clean Access Agent is installed on the HP t5720 Thin Client. Note, however, that these image changes are not permanent. If you wish to permanently enable the agent on the - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 14
3. Log into WebVPN Services with valid VPN credentials. Valid credentials can be stored on an stored on an internal user database on the VPN 3000 concentrator. Upon successful validation of login credentials, a welcome message is displayed. NOTE: while a simple VPN Connection Activated message - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 15
5. Two windows are launched that allow access to Web sites and Web-enabled applications on the private interface. In this reference implementation, a few Web server URLs are preconfigured for one click access: VPN 3000 Configuration, Webmail and Benefit Access. This configuration. For information on - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 16
verify that the private network is accessible, type https://10.2.2.2 into the WebVPN Services window. This should launch the VPN 3000 manager Web page. 7. Now, via WebVPN, the following steps ensure that your t5720 is properly configured. Select Start Application Access to launch a Java - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 17
white paper, the latest t5720-compatible JRE is the 6.2 release, as shown below. Download JRE and proceed with the installation instructions. NOTE: as in the previous configuration changes to the thin client, you must Commit the JRE software update to the saved thin client software image or it will - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 18
PC software image. Provided that JRE is installed with administrative privileges, the software is added to the image on the blade. IPSEC VPN Access IPSEC VPN Access requires the installation of Cisco Clean Access agent (CCA) for both thin client and blade PC. IPSEC access to the private network - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 19
Thin Client and Blade PC IPSEC Access 1. Launch the CCA VPN client previously installed by clicking Start Æ All Programs Æ Cisco System VPN Client Æ VPN Client, as shown below. 2. Click on New icon within the VPN Client status window. 19 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 20
is not provided here, the user is required to enter both group name/password and user name/password. NOTE: thin client consideration: Please Commit the Connection entry with Group Authentication onto the thin client permanent software image via the EWF prior. Refer to Change Commitment to Enhances - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 21
5. Enter a username and password authorized to access VPN 3000 concentrator. As in the case of WebVPN above, the user is greeted with a configurable banner screen upon successful connection. For - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 22
may not be accessible while the VPN tunnel is active. This is actually a preferred feature to prevent inadvertently bridging public and private networks by any client. 22 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 23
log uptime no service password-encryption ! hostname Switch ! no aaa new-model vtp mode transparent ip subnet-zero ip routing ip dhcp excluded-address 10.5.5.1 10.5.5.5 ip dhcp excluded-address 10.6.6.1 10.6.6.5 ! ip dhcp pool DHCP network 10.5.5.0 255.255.255.0 default-router 10.5.5.2 ! ip - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 24
! interface FastEthernet0/10 description **CAS CLIENT INTERFACE** switchport access vlan 5 snmp trap mac-notification added spanning-tree portfast ! interface FastEthernet0/11 switchport access vlan 6 switchport mode access snmp trap mac-notification added spanning-tree portfast ! interface Vlan1 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 25
HP thin clients or any other HP product, contact your HP Authorized Reseller or visit these online locations to learn more about HP products, services, and support: HP Links: • HP home page: www.hp.com/sbso/busproducts.html • HP desktop, blade PC or thin client information: www.hp.com/desktops • HP
Cisco VPN Support for HP Thin Clients
and Blade PCs
Introduction
.........................................................................................................................................
2
The Components
..................................................................................................................................
2
HP PC Client Computing Solutions
.....................................................................................................
2
Virtual Private Networks
....................................................................................................................
3
Cisco VPN Capabilities
....................................................................................................................
3
Implementation Prerequisites
.................................................................................................................
3
The Implementation
..............................................................................................................................
4
VPN Installation
...............................................................................................................................
4
Basic VPN Configuration
..................................................................................................................
4
VPN 3000 Appliance Settings
.......................................................................................................
5
End-Point Configuration
....................................................................................................................
8
Thin Client Firewall Exceptions
.......................................................................................................
8
Identifying required firewall modifications (Ports to open)
..................................................................
8
Firewall configuration
...................................................................................................................
9
Change Commitment to Enhances Write Filter (EWF)
......................................................................
13
SSL VPN Access
.............................................................................................................................
13
Thin Client SSL Access
................................................................................................................
13
Blade PC SSL Access
..................................................................................................................
18
IPSEC VPN Access
.........................................................................................................................
18
Software Installation
...................................................................................................................
18
Thin Client and Blade PC IPSEC Access
........................................................................................
19
Appendix A – CISCO 3560 Switch Configuration
.................................................................................
23
For more information
..........................................................................................................................
25
HP Links:
.......................................................................................................................................
25
CISCO VPN Links:
.........................................................................................................................
25
Sun Microsystems Links:
..................................................................................................................
25