Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

User Manual Description of VPN
Server
(S) If a Flytrap has a VPN Link with status “Up”, then an Icon Terminal (connected to
the proper Cisco VPN “profile”) can be used to gain access to the Flytrap and any
clients on the Flytrap’s LAN/WLAN. The blue arrows in Figure 3 show the path from
the Icon Terminal to the CB-VPN, which can then reach the Flytrap and LAN/WLAN
clients through the VPN tunnel. To gain access to the VPN Link tunnel, establish a
“VPN Link Terminal” as follows:
(S) Note: the “CB VPN ASA” Cisco VPN profile has been removed due to sponsor
concerns related to linking two sponsor networks via a VPN tunnel. As such, in order
to establish a “VPN Link Terminal”, a server on the CB VPN Server’s subnet must be
used to route to the CB VPN Server and access the tunnel. The following technique
uses the CB CC slave server as the server that routes to the CB VPN Server and from
which the VPN Link tunnel can be established:
Establish a CB Server “root” Console/Terminal to the master CB CC
slave server (i.e., the slave Cherry Tree server) see the CB Installation
Guide for instructions and server IP addresses (at time of writing [30 December
2010] the CB CC slave server IP address was 172.24.5.18). This step requires an
Icon terminal.
Add a route to the CB VPN Server – from the “root” console, execute:
route add –net 10.128.0.0/9 gateway <CB_VPN_SERVER_IP>
where <CB_VPN_SERVER_IP> is the IP address of the CB VPN Server (see the CB
Installation Guide – at time of writing [30 December 2010] the CB VPN server IP
address was 172.24.5.21).

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh