•
Password: mypassword
•
Confirm Password: mypassword
5.
Click OK
Now we will setup the IPsec Tunnel, which will later be used in the L2TP section. As we are going to use L2TP,
the Local Network is the same IP as the IP that the L2TP tunnel will connect to, wan_ip. Furthermore, the IPsec
tunnel needs to be configured to dynamically add routes to the remote network when the tunnel is established.
B. Continue setting up the IPsec Tunnel:
CLI
gw-world:/> add Interface IPsecTunnel l2tp_ipsec LocalNetwork=wan_ip
RemoteNetwork=all-nets IKEAlgorithms=Medium
IPsecAlgorithms=esp-l2tptunnel PSK=MyPSK EncapsulationMode=Transport
DHCPOverIPsec=Yes AddRouteToRemoteNet=Yes IPsecLifeTimeKilobytes=250000
IPsecLifeTimeSeconds=3600
Web Interface
1.
Go to Interfaces > IPsec > Add > IPsec Tunnel
2.
Enter a name for the IPsec tunnel, for example l2tp_ipsec
3.
Now enter:
a.
Local Network: wan_ip
b.
Remote Network: all-nets
c.
Remote Endpoint: none
d.
Encapsulation Mode: Transport
e.
IKE Algorithms: High
f.
IPsec Algorithms: esp-l2tptunnel
4.
Enter 3600 in the IPsec Life Time seconds control
5.
Enter 250000 in the IPsec Life Time kilobytes control
6.
Under the Authentication tab, select Pre-shared Key
7.
Select MyPSK in the Pre-shared Key control
8.
Under the Routing tab, check the following controls:
•
Allow DHCP over IPsec from single-host clients
•
Dynamically add route to the remote network when a tunnel is established
9.
Click OK
Now it is time to setup the L2TP Server. The inner IP address should be a part of the network which the clients
are assigned IP addresses from, in this lan_ip. The outer interface filter is the interface that the L2TP server will
accept connections on, this will be the earlier created l2tp_ipsec. Also a ProxyARP needs to be configured for the
IP's used by the L2TP Clients.
C. Setup the L2TP Tunnel:
CLI
gw-world:/> add Interface L2TPServer l2tp_tunnel IP=lan_ip Interface=l2tp_ipsec
ServerIP=wan_ip IPPool=l2tp_pool TunnelProtocol=L2TP
AllowedRoutes=all-nets ProxyARPInterfaces=lan
Web Interface
1.
Go to Interfaces > L2TP Servers > Add > L2TPServer
9.5.2. L2TP Servers
Chapter 9. VPN
366
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...