VPNX End Point (VEP) Installation Instructions

Installation of the VEP is very straightforward. The secure SSLVPN system uses the same protocols as would be used by a secure bank website so assuming access can be gained to a bank website and an address will be automatically allocated to connected equipment then there should be no issues installing the VEP.
To connect the VEP, simply:

  • Connect the 'UNTRUST' network port to the main network
  • Connect equipment, that needs secure access, to the 'TRUST' network port
  • Power up the VEP using the supplied power supply

The process to configure the VEP by L3n is automated. The VEP will connect to a management server initially. This is to allow it to register then it will be reconfigured to join it's final VPNX network so expect the VEP to connect for a few minutes, then reload and reconnect. Once this is done the VEP will be ready for use.

Diagnostics

The three LEDs on the front, from left to right, mean:

  • LED1 - Heartbeat - Once the unit is up and running then this LED will pulse with a 'heartbeat' rhythm. This means the unit is successfully running it's operating system
  • LED2 - Untrust Network Activity - This LED will light when the Untrust network port is connected and up - it will flicker with network activity
  • LED3 - Secure Tunnel (VPN) On - This LED will light when the secure tunnel into the VPNX network is up and will flicker with activity. This shows traffic activity to the VPNX network. This means that the VEP has successfully authenticated both ways to the correct VPNX server using RSA certificates and all traffic going into the VPNX network is being strongly encrypted. Note: as a reminder, the 'V' of 'Vpnx' on the front sticker of the VEP 'points' to this LED.

Technical

The technical requirements are as follows:

  • DHCP allocation of IP address - if this is not available then the VEP will need to pre-configured with an appropriate address - contact support@L3n.co.uk for assistance.
  • The SSLVPN uses either UDP port 123 so this traffic needs to be permitted out of from the VEP through any local security devices
  • The VEPs have an emergency 'call home' feature - if the tunnel cannot establish then the VEP will attempt to establish a reverse ssh tunnel to the management server via port 80 - this may cause issues with an IPS for example
  • Security - the VEPs have strong software firewalls onboard - by default only HTTP and HTTPS are allowed through to the Internet from the Trust interface - this can be amended if required

If you have any problems installing the VEP, email support@L3n.co.uk or call 0845 450 4944.