A common problem with setting up PPTP is that a router and/or switch in a network is blocking
TCP port 1723 and/or IP protocol 47 before the PPTP connection can be made to the NetDefend
Firewall. Examining the log can indicate if this problem occurred, with a log message of the
following form appearing:
Error PPP lcp_negotiation_stalled ppp_terminated
Example 9.10. Setting up a PPTP server
This example shows how to setup a PPTP Network Server. The example assumes that certain address objects in
the NetDefendOS address book have already been created.
It is necessary to specify in the address book, the IP address of the PPTP server interface, an outer IP address
(that the PPTP server should listen to) and an IP pool that the PPTP server will use to give out IP addresses to
the clients from.
Command-Line Interface
gw-world:/> add Interface L2TPServer MyPPTPServer
ServerIP=lan_ip
Interface=any
IP=wan_ip
IPPool=pp2p_Pool
TunnelProtocol=PPTP
AllowedRoutes=all-nets
Web Interface
1.
Go to: Interfaces > PPTP/L2TP Servers > Add > PPTP/L2TP Server
2.
Enter a name for the PPTP Server, for example MyPPTPServer
3.
Now enter:
•
Inner IP Address: lan_ip
•
Tunnel Protocol: PPTP
•
Outer Interface Filter: any
•
Outer Server IP: wan_ip
4.
Under the PPP Parameters tab, select pptp_Pool in the IP Pool control
5.
Under the Add Route tab, select all_nets from Allowed Networks
6.
Click OK
Use User Authentication Rules is enabled as default. To be able to authenticate the users using the PPTP
tunnel it is required to configure NetDefendOS Authentication Rules but that will not be covered in this example.
9.5.2. L2TP Servers
Layer 2 Tunneling Protocol (L2TP) is an IETF open standard that overcomes many of the problems
of PPTP. Its design is a combination of Layer 2 Forwarding (L2F) protocol and PPTP, making use
of the best features of both. Since the L2TP standard does not implement encryption, it is usually
implemented with an IETF standard known as L2TP/IPsec, in which L2TP packets are encapsulated
by IPsec.
The client communicates with a Local Access Concentrator (LAC) and the LAC communicates
across the Internet with a L2TP Network Server (LNS). The NetDefend Firewall acts as the LNS.
The LAC tunnels data, such as a PPP session, using IPsec to the LNS across the Internet. In most
cases the client will itself act as the LAC.
L2TP is certificate based and therefore is simpler to administer with a large number of clients and
9.5.2. L2TP Servers
Chapter 9. VPN
464
Содержание NetDefend DFL-1660
Страница 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Страница 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Страница 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Страница 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Страница 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Страница 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Страница 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Страница 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Страница 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Страница 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Страница 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Страница 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Страница 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Страница 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...