To allow BO users to authenticate with HO AD server, configure the BO Cyberoam according to steps given below. The configuration is to be done on Cyberoam CLI using Administrator profile.
Step 1: Add IPSec Route
By default, Cyberoam initiated traffic is forwarded to the WAN interface. To ensure that traffic destined for the HO AD Server is forwarded to the IPSec tunnel, we add an IPSec route. To add the route, follow the steps below.
· Login to Cyberoam CLI
· Select option 4. Cyberoam Console to access CLI
· Execute the following command to add an IPSec route
cyberoam ipsec_route add host 172.16.16.2 tunnelname Branch_to_Head
Step 2: Add Source NAT Policy for Cyberoam Initiated Traffic
By default, the source IP address of Cyberoam initiated traffic is its WAN Interface IP. We need to apply a Source NAT policy on this traffic such that its source IP address is part of the VPN local network. This ensures that it is accepted by the AD Server. This can be done by executing the following command
console> set advanced-firewall cr-traffic-nat add destination 172.16.16.0 netmask 255.255.255.0 snatip 126.96.36.199
Document Version: 1.0 – 08/06/2012