How SD-WAN is Managed in Crystal Eye

Overview

Crystal Eye’s SD-WAN allows users to establish encrypted connections between networks. The IPSec VPN app supports IPSec or IKE tunnels in site-to-site configurations between CrystalEye (IPSec VPN) gateways. SSL VPN enables remote users to securely access your internal network resources via an authenticated, encrypted pathway.

IPSec Site to Site VPN

Crystal Eye’s IPSec Site-to-Site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the internet. IPSec Site-to-Site VPN extends the company’s network, making computer resources from one location available to employees at other locations.

Requirement

Employees working in all the four sites namely, Chatswood, Gosford, Charlestown and South Port must be able to access the servers in the data centre.

Solution

Create IPsec tunnel interface between the four sites and the data centre such that the data centre is the hub and the rest of the four sites are spokes connected to the data centre.

Pre-requisites to Establish IpSec VPN

• Crystal Eye appliance or an appliance that supports IPSec VPN must be deployed on all the sites.
• All Crystal Eye appliances must be configured such that the LAN IP subnet for each side of the connection must be unique.
• Each site must have a dedicated internet connection

Network Diagram

Configuration

The following tunnel interfaces must be created to connect all the four sites with the data centre:

Create tunnel interface between: 1) Chatswood and Data Centre 2) Charlestown and Data Centre 2) Gosford and Data Centre 3) South Port and Data Centre

Refer to the following manual link to know how to establish IPsec site to site connection between two sites. Implement the same procedure to create the four tunnel interfaces mentioned above.

https://manual.redpiranha.net/network-control/sd%20-%20wan/ipsec-vpn#ip-sec-site-to-site-vpn...

SSL Certificate Based Remote-access VPN (SSL VPN)

Crystal Eye’s Remote-access VPN is an essential user-centric functionality which allows users to connect with a remote network with the help of secured connections.

Requirement

Connect all the remote employees working from home with the data centre.

Solution

Use the remote-access SSL VPN feature of Crystal Eye to connect remote employees to the data centre.

Configuration

Refer to the following manual link to know how to configure remote-access SSL VPN.

https://manual.redpiranha.net/network-control/sd%20-%20wan/ssl-vpn#ssl-certificate-based-remote...

Monitoring CE’s SSL VPN Users through a Live Dashboard

We are excited to share some major advancement’s in the way SSL VPN users can be monitored in the Crystal Eye. This will be possible through a live dashboard showing information related to SSL VPN users.

SSL VPN application enhancement details:

Please note that the following enhancements will be pushed in the upcoming CE versions.

As shown in the screenshot above, the SSL VPN Clients table will show:

• VPN username • VPN IP • Remote IP • Port used by VPN user • GEO location of the VPN user • Incoming and outgoing traffic (Bytes) from the VPN user • Time since the VPN user is connected • Last ping (date and time) by the VPN user • Overall time the VPN user has been online

The SSL VPN monitoring dashboard also shares vital VPN server related information such as:

• VPN Mode
• Connection Status
• Server Pingable Status (Yes/No)
• Clients connected to the server
• Total Bytes received and transferred (in KiB)
• The date and time since the server was up
• Local IP address of the server