the setup described above are:
1.
The NetDefendOS date and time must be set correctly since certificates can expire.
2.
Load a Gateway Certificate and Root Certificate into NetDefendOS.
3.
When setting up the IPsec Tunnel object, specify the certificates to use under Authentication.
This is done by:
a.
Enable the X.509 Certificate option.
b.
Select the Gateway Certificate.
c.
Add the Root Certificate to use.
4.
If using the Windows XP L2TP client, the appropriate certificates need to be imported into
Windows before setting up the connection with the New Connection Wizard.
The step to set up user authentication is optional since this is additional security to certificates.
Also review Section 9.6, “CA Server Access”, which describes important considerations for
certificate validation.
9.2.7. PPTP Roaming Clients
PPTP is simpler to set up than L2TP since IPsec is not used and instead relies on its own, less
strong, encryption.
A major secondary disadvantage is not being able to NAT PPTP connections through a tunnel so
multiple clients can use a single connection to the D-Link Firewall. If NATing is tried then only the
first client that tries to connect will succeed.
The steps for PPTP setup are as follows:
1.
In the Address Book define the following IP objects:
•
A pptp_pool IP object which is the range of internal IP addresses that will be handed out
from an internal network.
•
An int_net object which is the internal network from which the addresses come.
•
An ip_int object which is the internal IP address of the interface connected to the internal
network. Let us assume that this interface is int.
•
An ip_ext object which is the external public address which clients will connect to (let's
assume this is on the ext interface).
2.
Define a PPTP/L2TP object (let's call it pptp_tunnel) with the following parameters:
•
Set Inner IP Address to ip_net.
•
Set Tunnel Protocol to PPTP.
•
Set Outer Interface Filter to ext.
•
Set Outer server IP to ip_ext.
•
For Microsoft Point-to-Point Encryption it is recommended to disable all options except
128 bit encryption.
•
Set IP Pool to pptp_pool.
9.2.7. PPTP Roaming Clients
Chapter 9. VPN
330
Summary of Contents for 800 - DFL 800 - Security Appliance
Page 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Page 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Page 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Page 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Page 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Page 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Page 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Page 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Page 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Page 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Page 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Page 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Page 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Page 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Page 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...