Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

VPN Specifications

advertisement 
Managed by
HealthInsight
VPN Specifications
Your VPN Contact
Axolotl VPN Contact
Name:
Technical Services
Company: Axolotl Corp.
Phone:
1.408.920.0800 x280
Email:
support@axolotl.com
Name:
Company:
Phone:
Email:
All VPN requests must be approved by an Axolotl Account or Project Manager
Name of Axolotl Account/Project Manager = Farhan Rana
Customer name = (Example ‘Laboratories of XXX’)
RHIO/Governing body name = HealtHIE Nevada
Axolotl VPN peer IPs = 208.37.137.4 (PRIMARY Peer) 8.8.32.11 (SECONDARY Peer)
Customer VPN peer IP = * Required
Customer Firewall (Make/Model/Version):
TEMPORARY pre-shared key for use for initial configuration = F$iijexCC2Vvi@FQI4XqvgA!
(The key will be changed before any network traffic is allowed to pass other than ICMP ping
tests)
Phase 1 Transform-set:
DH Group 2—ESP—3DES—SHA1—Lifetime 86400 seconds (24 hours)
Phase 2 Transform-set:
No PFS—ESP—3DES—SHA1—Lifetime 28800 seconds (8 hours)
Axolotl interesting traffic endpoint IP address (es). Provided below is the initial host that is
required for the VPN setup. Additional hosts will be provided later as they are specific per
customer/data provider.
IP Addresses
(Axolotl Endpoints)
Traffic/ports
to allow
Description
1) 209.119.87.254
ICMP
VPN HEALTH MONITOR
2) 65.105.172.23
ICMP/TCP
Data Feed
855-4-THE-HIE
www.healtHIEnevada.org
Pa
Page |1
Managed by
HealthInsight
Customer interesting traffic endpoint IP addresses (es). Please provide host addresses
below. No subnets please. If you are unable to provide public IPs for the hosts, we will
require that you NAT to a 172.28.x.x – 172.30.x.x address. To obtain the appropriate
NAT IP’s for your network, please email netops@axolotl.com and request NAT addresses for
each server that does not have a PUBLIC IP. Failure to request a range of NAT IP’s, or
provide PUBLIC IP’s for each endpoint may result in a delay processing this vpn request.
IP Addresses
(INDIVIDUAL /32
IP’s of Endpoint
Data Feeds/Servers)
* PUBLIC IP
If IP is not PUBLIC –
We will return the
form to you with
172.28.x.x –
172.30.x.x NAT IP’s
in this column.
Description /
Remarks
(Data Feed/Server)
Operating System
(Linux/Windows
200x, AS/400,
Custom)
NOTES:





A site-to-site VPN cannot be configured without all the required fields.
If this is a VPN modification request, please ensure that all your existing endpoints are
on the form and make a remark that indicates that these endpoints are either existing
or new.
This form contains all the information necessary to do the initial VPN configuration on
the customer side. Subsequent data will be exchanged during a scheduled conference
call to finalize all settings, perform testing and complete the process. These include
both the production site and the DR site. Please see the attached diagram.
If your current infrastructure technology does not allow for any of the requirements
indicated here, we can provide a Cisco ASA5505CPE that will enable you to achieve
interoperability. Please contact your Account Manager or Project Manager to proceed
with this option.
A client based, mutually authenticated SSL VPN using certificates is also an option.
Please fill-out the “Operating System” column so we can assess if this is feasible in
your environment. The current client based VPN is OS dependent.
855-4-THE-HIE
www.healtHIEnevada.org
Pa
Page |2
Managed by
HealthInsight
Additional Comments or requests:
BASIC SITE-TO-SITE VPN CONFIGURATION
For HIE Data Sources
Version 1.0
Production Data Center
Customer Side
Node 1
IP address 1
Node 2
IP Address 2
NMS
Socket Server 1
Production
Customer VPN
Appliance
Socket Server 2
Production
Node 3
IP Address 3
VPN Appliance
VPN Appliance
DR Data Center
NOTES:







The IP addresses of the nodes that are required to communicate through the
tunnel should be translated (NAT) to either a public IP address or an Axolotl
assigned private IP address.
The VPN tunnels on the customer-end need to be configured so that the failover or the secondary tunnel will take-over when the primary tunnel fails and
revert back when the primary tunnel becomes available.
The VPN appliance need to comply with the encryption and fail-over standards
set by Axolotl. This Customer Premise Equipment (CPE) can be provided by
Axolotl.
The IP address of the Socket servers and the Network Management Server
(NMS), or the interesting traffic destination, will be the same on both data
centers.
The NMS should be allowed to ping (ICMP) to a defined IP address in the
customer side for VPN up/down monitoring.
When in production mode, the DR site will prevent the tunnel to be established
to itself thereby preventing unwanted traffic to terminate to the inactive node.
When a DR failover is initiated, Axolotl will make the changes to enable the
VPN to be established on the DR site and prevent on the production site. This
should allow for an automatic reroute of the traffic to the DR site socket servers.
855-4-THE-HIE
Socket Server 2
DR
Socket Server 1
DR
www.healtHIEnevada.org
NMS
Pa
Page |3
Related documents
Peplink SpeedFusion
Peplink SpeedFusion
CSUN CECS Information Systems JD1112 x3919 Page 2
CSUN CECS Information Systems JD1112 x3919 Page 2
Establishment of the VPN connection with the
Establishment of the VPN connection with the
End of Chapter Solutions Template
End of Chapter Solutions Template
4896 Network Admin for US AFA Colorado Springs Summit
4896 Network Admin for US AFA Colorado Springs Summit
3.3d - mr-damon.com
3.3d - mr-damon.com
Download
advertisement