How to Setup a Site-to Site-Network with CloudConnexa

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
all right [Music] in this video we're looking at how to set up a side-to-site networking with cloud connectsa as you can see on this slide we have our headquarter with the subnet of 192.168.1.024 and we got our branch office with the different subnets in each location we need to install a connector which we're going to install it on a Linux machine specifically Ubuntu but it can be on any other operating system as well or even on the compatible routers and so on we do have file servers in each location and we got office staff in each location they need to have access to uh specific files and folders and applications on each office in order to do the configuration we need to head out to our admin user interface or admin portal of our Cloud connectsa as you can see I'm on the admin portal right now the first thing we need to do we need to add our networks to Cloud connect so I already added my headquarter to the cloud connector so we're going to go ahead and add our branch office so click on ADD Network it is a side to side so we select that and we're going to give it a name here for our Network so we can distinguish between the different networks that we have so we call it branch office and then for the connector I'll just call it Branch connector and then we need to uh oops let me fix this and then we need to add our region where the branch offices or Branch offices in Chicago so I select that and click on next now this is where we're going to deploy our connector we need to choose uh where the connector is going to be installed obviously it's going to be on a Linux machine in our branch office Ubuntu as you saw it on the slide earlier this is the script that we need to run on our machine so I'm gonna bring up here let me Elevate the Privileges here and then we're gonna paste that command here we go so I'm going to paste the command to install the connector fast forward through this a little bit okay we're done here we need to enter our token so if we head back to the admin UI you're going to see there's a button to generate token so I'm going to click on that and then I'm going to copy the token here head back to my Linux machine and then paste that token hit it into um okay we're done here there are a couple of things that we need to do here first we need to enable routing uh on our Linux machine and enable Nat now if we head out to the um to our website openvpn.net and click on search and type enable routing yeah enable right in the very first results uh you can click on that and scroll down to see enable routing and Linux this is the command that you need to type it in I'm gonna copy this and go back and paste it in my terminal here we go and as you can see IP forwarding is enabled now now one more thing we need to do scroll down on this page until you see what it says enable net net on Linux again I'm gonna copy this these commands here and paste it in my terminal now if you're using other operating system the instruction is on this page you can go to those uh part of the instruction and follow the steps so we enable Nat here and we're gonna head back to our admin UI okay we're done with the installation of our connector click on next and as you can see the connector is connected again click on next and we can see our network configuration click on next and the next step is where we can Define access to our resources either public or private using your domain name by adding an application here so I'm going to go ahead click on ADD application we do have a shared folder on our server in our branch office so I'm going to type shared and the domain here ovnlab.local and then for the application type or protocols this is going to be an SMB Port so that we need to open so I'm going to choose custom and then for the TCP it's going to be a 139 and 445 and then for the UDP it's going to be 137 and 138 and then click on submit and then you can add it if you have other application you can add it here otherwise you're going to click on next to get to the IP routes and IP services the next screen is going to be the add-in routes IP routes or IP services this is where you can route Define the public or private IP routes we're not going to do anything here the next screen is creating access access group this is where we're going to create access policy basically so I'm going to create one for our headquarter and one for branch office from headquarter I want to give access to the shared folders on branch office so I'm so I'm going to select that and click on Create and then I'm going to click create another access group for branch office let me name it site to site I'm going to call it Branch here office and then from branch office I want to give access to the time card app oops let me change that to the secure one and I'm select the answer okay so we're going to give access to that click on create so we're done with creating our access policies or access group and then we're going to click on finish our branch office is added let's go to networks I'm going to refresh this page right now so it shows online here we go so both branches are online headquarters and branch office next step is adding DNS records expand settings DNS DNS vectors and we're going to click on the plus sign to add so this is where we're going to add all our application or shared applications uh DNS record here so for me it's share.ov and the ovnlab.local and then the IP address and click on create any other applications we're gonna add them here as well one thing to remember since we're using application domain-based routing it is important that the cloud connects a DNS server can be reached from the computers and other resources on the network so either manually or using a DHCP server the DNS server needs to be set to Tunnel gateway address of the connector as you can see on this slide we have the tunnel IP address of our branch office node it here and then the IP address of our headquarter also and the gateways but how can we find these IP addresses or this information in order to do that we need to head out to the admin portal once an admin portal expand networks and click on connectors this is where you can see the tunnel IP address of each of the connector for me for the branch office and the headquarter and the Gateway actually is basically one address before the tunnel IEP address so if my tunnel IP address ends with 18 my Gateway ends with 17 and the same for my headquarter if it ends with 114 my Gateway is one one three so again uh either manually or using the sap the DNS server needs to be set to Tunnel gateway address of the connector and we just saw how we can find the gateway address and the tunnel IP address of each connector for each site I must add one side note here the configuration steps so far have been relatively simple the complexity comes in when dealing with firewalls security filtering options and altering routing tables in routers and internet gateways obviously every network is unique depending on the router's internet gateway and other appliances that they're using with all these different brands and models out there it will be really hard to cover everything in this video but for proper writing you need to add study routes to the network routers on both sides or if you have more than two sites on each site basically static routes needs to be configured so that the next hub is set as the connector's IP address for the destinations that are in the WPC subnet range the connector basically act as a router and routes the packets received from the office Network to Cloud connect so make sure to consult with your router's manufacturer manual to find the proper instructions on how to configure the routing table as you can see on this slide here we have the IP address for our connector we have the IP address for our headquarter and I do have the subnet for the WPC and domain routing so how where did I find this information let's head back to the admin portal and I can show you where to get the WPC subnet and domain rather than subnet if you expand settings and go to WPC you're going to see towards the bottom of the page there are two sections one for WPC subnet and one for domain routing subnet this is where you can get those IP ranges that you can add to your routing table again make sure you consult with your appliances manufacturer manuals to find the right instructions on how to configure your routing tables for example if you have a Cisco routers you may have to enter these commands into your CLI to configure your routing table now it's time to test our site to site connectivity again as you see on this slide we got our headquarter on the left side we've got our branch on the right side two different subnets we have a pass server and the headquarter which is hosting our uh our time card app that we need to have people from branch office to be able to access and we have a fast server in our branch office with all our shared folders and files for the company which we want to make sure that our office staff from headquarter can access to these folders so first we're going to look at to make sure or test that our office is staffed in headquarter they can access our shared folders so let me bring up uh one of our servers in uh our headquarter this is uh one of the machines in headquarter and let's double check I'm going to do an ipconfig and as you can see this is a subnet in our headquarter so let's uh open up our run command and see if we can access or shoot folder in our branch office let me go ahead type run here and here we go and you already have the address here so click OK and if everything is set correctly we should be able to access our shared folder here we go this is our shared folder if I double click I have access to other folders and files based on the permissions so uh our connection is good on this site let's go back to this slide so we got the connection now we want to make sure that our offices start from a branch office can access the time card app which is hosted on the file server uh in the headquarter so I'm going to go bring up a machine that is in our branch office here we go again we're going to do an ipconfig to make sure that we're connected to the right machine uh let me type here and here we go this is the Subnet in our branch office now um a timecard app uh it's uh we can access it through a browser let me go ahead type the address here timecard.lab.local and uh we should be able to access it here we go we are connected to our time card okay in this video we saw how we set up our side to side uh networking with uh Cloud connect so we connected our offices to Cloud connector we added our shared applications to the portal or uh to the environment uh we also installed our connectors in each location we created our access group or access policy for a different site they have access to different things in each location we added our DNS record for shared applications uh you saw the steps on that and we also uh saw how to get information about our WPC subnet and domain routing subnet for our writing tables I hope you enjoyed this video and you got enough information on from this video so you can set up your own site to site with Cloud connectsa uh thank you very much we'll see you on the next videos [Music] foreign [Music]
Info
Channel: OpenVPN
Views: 5,183
Rating: undefined out of 5
Keywords: openvpn, vpn, cloudconnexa, sase, ztna, security, network, secure network, cyber security
Id: F9jGyraI604
Channel Id: undefined
Length: 13min 49sec (829 seconds)
Published: Fri Jun 23 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.