Tunnels Based on CA Server Certificates
Setting up client tunnels using a CA issued certificate is largely the same as using Self-signed
certificates with the exception of a couple of steps.
It is the responsibility of the administrator to acquire the appropriate certificate from an issuing
authority for client tunnels. With some systems, such as Windows 2000 Server, there is built-in
access to a CA server (in Windows 2000 Server this is found in Certificate Services). For more
information on CA server issued certificates see Section 3.7, “Certificates”.
Example 9.6. Setting up CA Server Certificate based VPN tunnels for roaming clients
This example describes how to configure an IPsec tunnel at the head office NetDefend Firewall for roaming
clients that connect to the office to gain remote access. The head office network uses the 10.0.1.0/24 network
span with external firewall IP wan_ip.
Web Interface
A. Upload all the client certificates:
1.
Go to Objects > Authentication Objects > Add > Certificate
2.
Enter a suitable name for the Certificate object
3.
Select the X.509 Certificate option
4.
Click OK
B. Create Identification Lists:
1.
Go to Objects > VPN Objects > ID List > Add > ID List
2.
Enter a descriptive name, for example sales
3.
Click OK
4.
Go to Objects > VPN Objects > ID List > Sales > Add > ID
5.
Enter the name for the client
6.
Select Email as Type
7.
In the Email address field, enter the email address selected when the certificate was created on the client
8.
Create a new ID for every client that is to be granted access rights, according to the instructions above
C. Configure the IPsec tunnel:
1.
Go to Interfaces > IPsec > Add > IPsec Tunnel
2.
Now enter:
•
Name: RoamingIPsecTunnel
•
Local Network: 10.0.1.0/24 (This is the local network that the roaming users will connect to)
•
Remote Network: all-nets
•
Remote Endpoint: (None)
•
Encapsulation Mode: Tunnel
3.
For Algorithms enter:
•
IKE Algorithms: Medium or High
•
IPsec Algorithms: Medium or High
4.
For Authentication enter:
9.4.3. Roaming Clients
Chapter 9. VPN
417
Содержание NetDefend DFL-260E
Страница 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27...
Страница 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79...
Страница 146: ...3 9 DNS Chapter 3 Fundamentals 146...
Страница 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227...
Страница 241: ...5 4 IP Pools Chapter 5 DHCP Services 241...
Страница 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339...
Страница 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360...
Страница 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382...
Страница 386: ...The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386...
Страница 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439...
Страница 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450...
Страница 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488...
Страница 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503...
Страница 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510...
Страница 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533...