Articles Articles Most Popular Articles Most Popular Articles Most Helpful Articles Most Helpful Articles
Advanced Search
DrillDown Icon Table of Contents Back
 . . . . . . . . . . . . .
DrillDown Icon What's New
DrillDown Icon Knowledge Base Information
DrillDown Icon Cyberoam UTM
DrillDown Icon Product Literature
DrillDown Icon Best Practices & Policies
DrillDown Icon Protect Your Cyberoam Appliances from Power Fluctuations
DrillDown Icon Version 10.x
DrillDown Icon Cyberoam Maintenance
DrillDown Icon FAQ's
DrillDown Icon How To
DrillDown Icon Anti Spam
DrillDown Icon Anti Virus
DrillDown Icon Authentication
DrillDown Icon Clients
DrillDown Icon Content Filtering
DrillDown Icon Firewall
DrillDown Icon Identity-based Policies
DrillDown Icon IPS
DrillDown Icon Logs & Reports
DrillDown Icon Multiple Gateway - Load Balancing and Failover
DrillDown Icon Quality of Service (QoS)
DrillDown Icon Registration
DrillDown Icon Routing
DrillDown Icon SSL VPN
DrillDown Icon System
DrillDown Icon Users and Groups
DrillDown Icon Virtual LANs
DrillDown Icon VPN
DrillDown Icon VPN Interoperability
DrillDown Icon Route all BO Internet Traffic through HO ISP Gateway
DrillDown Icon Configure a Virtual Host over VPN
DrillDown Icon Configure IPSec VPN Connection with Multiple End Points
DrillDown Icon Bypass IPSec VPN Traffic
DrillDown Icon Allow Clientless SSO (CTAS) Authentication Over VPN
DrillDown Icon Allow Branch Office Users to Authenticate with Head Office Authentication Server
DrillDown Icon Forward GRE Traffic over IPSec VPN Tunnel
DrillDown Icon Create Hub and Spoke IPSec VPN Network with Super Net
DrillDown Icon Manage Cyberoam Through SNMP Over VPN
DrillDown Icon Configure Syslog over VPN in Cyberoam
DrillDown Icon Configure GRE Tunnel on Cyberoam
DrillDown Icon Configure DHCP over VPN in Cyberoam
DrillDown Icon Configure VPN Failover and Failback in Cyberoam
DrillDown Icon Use VPN/MPLS as a Backup(MPLS Scenario)
DrillDown Icon Establish Site-to-Site IPSec Connection using Preshared key
DrillDown Icon Web Application Firewall (WAF)
DrillDown Icon Wireless LAN
DrillDown Icon Configure Wireless WAN
DrillDown Icon TroubleShooting
DrillDown Icon Visio Stencils
DrillDown Icon Glossary
DrillDown Icon Product Technical Support
DrillDown Icon Compatibility
DrillDown Icon Cyberoam Virtual UTM
DrillDown Icon Endpoint Data Protection
DrillDown Icon Cyberoam SSL VPN
DrillDown Icon Cyberoam iView
DrillDown Icon Cyberoam Central Console
DrillDown Icon Cyberoam's On-Cloud Management Service
  Email This ArticlePrintPrint Current Article and All Sub-Articles
  
Allow Branch Office Users to Authenticate with Head Office Authentication Server

Applicable Version:  10.00 onwards
 
Scenario
 
This article describes how Cyberoam can be configured to allow Users in the Branch Office (BO) to authenticate with Head Office (HO) AD Server. The network schema is as shown below.
 
 
 
 

Prerequisites

-         IPSec connection is active and connected.
-         Both Head Office and Branch Office Cyberoam Appliances are integrated with Head Office AD Server. To integrate Cyberoam with AD, refer to the article How To – Integrate Cyberoam with Active Directory.
 
 
Configuration

To allow BO users to authenticate with HO AD server, configure the BO Cyberoam according to steps given below. The configuration is to be done on Cyberoam CLI using Administrator profile.

Step 1: Add IPSec Route

By default, Cyberoam initiated traffic is forwarded to the WAN interface. To ensure that traffic destined for the HO AD Server is forwarded to the IPSec tunnel, we add an IPSec route. To add the route, follow the steps below.

·         Login to Cyberoam CLI

·         Select option 4. Cyberoam Console to access CLI

·         Execute the following command to add an IPSec route
 
     cyberoam ipsec_route add host 172.16.16.2 tunnelname Branch_to_Head
 
 
 
 
 
Step 2: Add Source NAT Policy for Cyberoam Initiated Traffic

By default, the source IP address of Cyberoam initiated traffic is its WAN Interface IP. We need to apply a Source NAT policy on this traffic such that its source IP address is part of the VPN local network. This ensures that it is accepted by the AD Server. This can be done by executing the following command 

console> set advanced-firewall cr-traffic-nat add destination 172.16.16.0 netmask 255.255.255.0 snatip 172.50.50.1
 
 
 
 
 

                                                                                                                                          Document Version: 1.0 – 08/06/2012
Attachments
File Icon How To – Allow Branch Office Users to Authenticate with the Head Office Authentication Server.pdf
Article ID: 2310
   Copyright © 2013 Cyberoam Technologies Pvt. Ltd.
All rights reserved.		 Knowledge Base Software
Powered By: NovoSolutions, Inc.