HP BladeSystem bc2000 Cisco VPN Support for HP Thin Clients and Blade PCs
HP BladeSystem bc2000 - Blade PC Manual
View all HP BladeSystem bc2000 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP BladeSystem bc2000 manual content summary:
- HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 1
Cisco VPN Support for HP Thin Clients and Blade PCs Introduction...2 The Components...2 HP PC Client Computing Solutions ...2 Virtual Private Networks...3 Cisco VPN Capabilities ...3 Implementation Prerequisites ...3 The Implementation ...4 VPN Installation ...4 Basic VPN Configuration ...4 VPN 3000 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 2
RDP. A remote user can present credentials to the HP Session Allocation Management (SAM) service and be connected to a computing session on a blade PC with access to network resources such as applications and data. Unlike Terminal Services-, Citrix-, or VDI-hosted computing sessions, CCI computing - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 3
it does not formally support those clients. Implementation Prerequisites For the purpose of this white paper, we assume a basic network infrastructure is already in place. The reference implementation consists of HP BladeSystem bc2000 Blade PCs and HP BladeSystem bc2500 Blade PCs running Windows XP - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 4
VPN Configuration This paper focuses on the integration of VPN services to HP thin clients and blade PCs. As such, we are exploring only configuration settings /en/US/docs/security/vpn3000/vpn3000_47/configuration/config.html. Instructions below step through a basic Virtual-IP VPN configuration from - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 5
) was initially used to set 10.2.2.2 as the private interface address. The terminal server is running on the private interface to a terminal or PC running terminal emulator at 9600bps, 8 bits, no parity, 1 stop bit (9600,8,N,1). VPN 3000 Appliance Settings 1. Log on to VPN 3000 concentrator (https - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 6
2. From the initial VPN 3000 setup screen, click Configuration\Interfaces in the left panel. This brings up a graphical configuration window with hyperlinks to facilitate easy setup options. 3. Access private and public interface configuration options by clicking the appropriate links in the - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 7
information by clicking the appropriate links on the Configuration\Interfaces window. NOTE: These settings can also be set via System\Servers\DNS and System\IP routing\Default Gateways, etc. For full configurations options for VPN 3000 concentrator information, refer to CISCO documentation. 7 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 8
is configured by default with the Sygate firewall actively blocking all ports except those required for basic Web browsing and RDP connections. The HP Compaq t5720 Thin Clients used in this reference white paper also had firewall port exceptions added for RGS, which accelerates graphics in a manner - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 9
t5720 and log on using an account with administrator privileges. This ensures that the thin client is in a known, clean OS state. 2. In the System Tray, right-click the Sygate icon. 3. Select Advanced Rules. 4. Read the warning notification and click OK. 5. In the Advanced Rules window, click Add - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 10
8. Select a specific network interface card or the default, All network interface cards. 9. On the Applications tab, click Clear All to ensure no prior application is selected. 10. - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 11
12. On the Ports and Protocols tab in the Protocol list, select UDP. 13. Type 8905,8906 in the Local field. 14. In the Traffic Direction list, select Both. 15. Click OK. 16. Next, let's add a rule for VPN UDP traffic. First, in the Advanced Rules window, click Add. 17. In the Advanced Rule Settings - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 12
19. In the Apply Rule to Network Interface field, ensure that the proper network interface card is selected. 20. On the Ports and Protocols tab in the Protocol list, select TCP. 21. Type 500,1562,8905,8906,62515 in the Remote field. 22. In the Traffic Direction list, select Both. 23. Click OK. 12 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 13
Filter (EWF) At this point the Clean Access Agent is installed on the HP t5720 Thin Client. Note, however, that these image changes are not permanent client, please select Commit on the EWF taskbar icon or in the Control Panel EWF applet. After restarting the thin client, the changes are permanent - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 14
3. Log into WebVPN Services with valid VPN credentials. Valid credentials can be stored on an internal database on the VPN 300 concentrator or on an internal user database or - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 15
5. Two windows are launched that allow access to Web sites and Web-enabled applications on the private interface. In this reference implementation, a few Web server URLs are preconfigured for one click access: VPN 3000 Configuration, Webmail and Benefit Access. This configuration. For information on - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 16
as configured on the VPN console via private interface) is allowed. To verify that the private network is accessible, type https://10.2.2.2 into the WebVPN Services window. This should launch the VPN 3000 manager Web page. 7. Now, let's return to the WebVPN console. While this white paper does not - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 17
compatible JRE is the 6.2 release, as shown below. Download JRE and proceed with the installation instructions. NOTE: as in the previous configuration changes to the thin client, you must Commit the JRE EWF). The application access window is shown below once system is properly configured with JRE. 17 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 18
blade PC. IPSEC access to the private network actually allows full IP level access to the private network, with no architectural restrictions on applications and network services on the private network that can be accessed from the public interface. Software Installation 1. Ensure that the system - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 19
Thin Client and Blade PC IPSEC Access 1. Launch the CCA VPN client previously installed by clicking Start Æ All Programs Æ Cisco System VPN Client Æ VPN Client, as shown below. 2. Click on New icon within the VPN Client status window. 19 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 20
3. Type a name and host IP address for this connection (MyVPN and 10.1.1.1 for this reference implementation). Select Group Authentication as configured above and type the group name/password. NOTE: while group information is entered, authentication is still required from the user. If the group - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 21
5. Enter a username and password authorized to access VPN 3000 concentrator. As in the case of WebVPN above, the user is greeted with a configurable banner screen upon successful connection. For this reference, a simple VPN Connection Ac message is used. NOTE: this message provides an excellent - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 22
7. At this point, the internal network is fully accessible via IP tunnel. We can validate this initially by pinging an address from the private network. For this reference implementation, there is a Cisco NAC appliance at 10.3.3.3., so let's make sure there is connectivity by opening a command - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 23
! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname router 10.6.6.2 ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 2 name Vlan2 ! vlan 3 - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 24
spanning-tree portfast ! interface FastEthernet0/10 description **CAS CLIENT INTERFACE** switchport access vlan 5 snmp trap mac-notification added spanning-tree portfast ! interface FastEthernet0/11 switchport access vlan 6 switchport mode access snmp trap mac-notification added spanning-tree - HP BladeSystem bc2000 | Cisco VPN Support for HP Thin Clients and Blade PCs - Page 25
, services, and support: HP Links: • HP home page: www.hp.com/sbso/busproducts.html • HP desktop, blade PC or thin client information: www.hp.com/desktops • HP workstations information: www.hp.com/workstations • HP security: www.hp.com/go/security • HP notebook information: www.hp.com/notebooks • HP
Cisco VPN Support for HP Thin Clients
and Blade PCs
Introduction
.........................................................................................................................................
2
The Components
..................................................................................................................................
2
HP PC Client Computing Solutions
.....................................................................................................
2
Virtual Private Networks
....................................................................................................................
3
Cisco VPN Capabilities
....................................................................................................................
3
Implementation Prerequisites
.................................................................................................................
3
The Implementation
..............................................................................................................................
4
VPN Installation
...............................................................................................................................
4
Basic VPN Configuration
..................................................................................................................
4
VPN 3000 Appliance Settings
.......................................................................................................
5
End-Point Configuration
....................................................................................................................
8
Thin Client Firewall Exceptions
.......................................................................................................
8
Identifying required firewall modifications (Ports to open)
..................................................................
8
Firewall configuration
...................................................................................................................
9
Change Commitment to Enhances Write Filter (EWF)
......................................................................
13
SSL VPN Access
.............................................................................................................................
13
Thin Client SSL Access
................................................................................................................
13
Blade PC SSL Access
..................................................................................................................
18
IPSEC VPN Access
.........................................................................................................................
18
Software Installation
...................................................................................................................
18
Thin Client and Blade PC IPSEC Access
........................................................................................
19
Appendix A – CISCO 3560 Switch Configuration
.................................................................................
23
For more information
..........................................................................................................................
25
HP Links:
.......................................................................................................................................
25
CISCO VPN Links:
.........................................................................................................................
25
Sun Microsystems Links:
..................................................................................................................
25