considered adequate.
Two self-signed certificates are required and the same two are used at either end of the tunnel but
their usage is reversed. In other words: one certificate is used as the root certificate at one end, call
it Side A, and as the host certificate at the other end, call it Side B. The second certificate is used in
the opposite way: as the host certificate at Side A and the root certificate at Side B.
No CA server considerations are needed with self-signed certificates since CA server lookup does
not take occur.
9.2.3. IPsec Roaming Clients with Pre-shared Keys
This section details the setup with roaming clients connecting through an IPsec tunnel with
pre-shared keys. There are two types of roaming clients:
A. The IP addresses of the clients are already allocated.
B. The IP addresses of clients are not known beforehand and must be handed out by NetDefendOS
as the clients connect.
A. IP addresses already allocated
The IP addresses may be known beforehand and have been pre-allocated to the roaming clients
before they connect. The client's IP address will be manually input into the VPN client software.
1.
Set up user authentication. XAuth user authentication is not required with IPsec roaming clients
but is recommended (this step could initially be left out to simplify setup). The authentication
source can be one of the following:
•
A Local User DB object which is internal to NetDefendOS.
•
An external authentication server.
An internal user database is easier to set up and is assumed here. Changing this to an external
server is simple to do later.
To implement user authentication with an internal database:
•
Define a Local User DB object (let's call this object TrustedUsers).
•
Add individual users to TrustedUsers. This should consist of at least a username and
password combination.
9.2.3. IPsec Roaming Clients with
Pre-shared Keys
Chapter 9. VPN
390
Содержание DFL-1600 - Security Appliance
Страница 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Страница 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Страница 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Страница 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Страница 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Страница 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Страница 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Страница 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Страница 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Страница 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Страница 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Страница 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Страница 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Страница 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Страница 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...