span with external firewall IP wan_ip.
Web Interface
A. Create a Self-signed Certificate for IPsec authentication:
The step to actually create self-signed certificates is performed outside the Web Interface using a suitable
software product. The certificate should be in the PEM (Privacy Enhanced Mail) file format.
B. Upload all the client self-signed certificates:
1.
Go to: Objects > Authentication Objects > Add > Certificate
2.
Enter a suitable name for the Certificate object
3.
Select the X.509 Certificate option
4.
Click OK
C. Create Identification Lists:
1.
Go to: Objects > VPN Objects > ID List > Add > ID List
2.
Enter a suitable name, for example sales
3.
Click OK
4.
Go to: Objects > VPN Objects > ID List > Sales > Add > ID
5.
Enter the name for the client
6.
Select Email as Type
7.
In the Email address field, enter the email address selected when the certificate was created on the client
8.
Create a new ID for every client that is to be granted access rights, according to the instructions above
D. Configure the IPsec tunnel:
1.
Go to: Interfaces > IPsec > Add > IPsec Tunnel
2.
Now enter:
•
Name: RoamingIPsecTunnel
•
Local Network: 10.0.1.0/24 (This is the local network that the roaming users will connect to)
•
Remote Network: all-nets
•
Remote Endpoint: (None)
•
Encapsulation Mode: Tunnel
3.
For Algorithms enter:
•
IKE Algorithms: Medium or High
•
IPsec Algorithms: Medium or High
4.
For Authentication enter:
•
Choose X.509 Certificate as authentication method
•
Root Certificate(s): Select all client certificates and add them to the Selected list
•
Gateway Certificate: Choose the newly created firewall certificate
•
Identification List: Select the ID List that is to be associated with the VPN Tunnel. In this case, it will be
sales
5.
Under the Routing tab:
•
Enable the option: Dynamically add route to the remote network when a tunnel is established.
6.
Click OK
9.4.3. Roaming Clients
Chapter 9. VPN
448
Summary of Contents for NetDefend DFL-1660
Page 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Page 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Page 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Page 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Page 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Page 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Page 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Page 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Page 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Page 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Page 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Page 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Page 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Page 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...