7. Address Translation ........................................................................................ 340
7.1. Overview ............................................................................................ 340
7.2. NAT .................................................................................................. 341
7.3. NAT Pools .......................................................................................... 346
7.4. SAT ................................................................................................... 349
7.4.1. Translation of a Single IP Address (1:1) ......................................... 349
7.4.2. Translation of Multiple IP Addresses (M:N) .................................... 354
7.4.3. All-to-One Mappings (N:1) ......................................................... 356
7.4.4. Port Translation ......................................................................... 356
7.4.5. Protocols Handled by SAT .......................................................... 357
7.4.6. Multiple SAT Rule Matches ......................................................... 357
7.4.7. SAT and FwdFast Rules .............................................................. 358
8. User Authentication ........................................................................................ 361
8.1. Overview ............................................................................................ 361
8.2. Authentication Setup ............................................................................. 363
8.2.1. Setup Summary ......................................................................... 363
8.2.2. The Local Database .................................................................... 363
8.2.3. External RADIUS Servers ........................................................... 365
8.2.4. External LDAP Servers ............................................................... 365
8.2.5. Authentication Rules .................................................................. 372
8.2.6. Authentication Processing ........................................................... 374
8.2.7. A Group Usage Example ............................................................. 375
8.2.8. HTTP Authentication ................................................................. 375
8.3. Customizing HTML Pages ..................................................................... 379
9. VPN ............................................................................................................. 383
9.1. Overview ............................................................................................ 383
9.1.1. VPN Usage ............................................................................... 383
9.1.2. VPN Encryption ........................................................................ 384
9.1.3. VPN Planning ........................................................................... 384
9.1.4. Key Distribution ........................................................................ 385
9.1.5. The TLS Alternative for VPN ...................................................... 385
9.2. VPN Quick Start .................................................................................. 387
9.2.1. IPsec LAN to LAN with Pre-shared Keys ....................................... 388
9.2.2. IPsec LAN to LAN with Certificates ............................................. 389
9.2.3. IPsec Roaming Clients with Pre-shared Keys .................................. 390
9.2.4. IPsec Roaming Clients with Certificates ......................................... 392
9.2.5. L2TP Roaming Clients with Pre-Shared Keys ................................. 393
9.2.6. L2TP Roaming Clients with Certificates ........................................ 394
9.2.7. PPTP Roaming Clients ............................................................... 395
9.3. IPsec Components ................................................................................ 397
9.3.1. Overview ................................................................................. 397
9.3.2. Internet Key Exchange (IKE) ....................................................... 397
9.3.3. IKE Authentication .................................................................... 403
9.3.4. IPsec Protocols (ESP/AH) ........................................................... 404
9.3.5. NAT Traversal .......................................................................... 405
9.3.6. Algorithm Proposal Lists ............................................................. 407
9.3.7. Pre-shared Keys ........................................................................ 408
9.3.8. Identification Lists ..................................................................... 409
9.4. IPsec Tunnels ...................................................................................... 412
9.4.1. Overview ................................................................................. 412
9.4.2. LAN to LAN Tunnels with Pre-shared Keys ................................... 414
9.4.3. Roaming Clients ........................................................................ 414
9.4.4. Fetching CRLs from an alternate LDAP server ................................ 419
9.4.5. Troubleshooting with ikesnoop ..................................................... 420
9.4.6. IPsec Advanced Settings ............................................................. 427
9.5. PPTP/L2TP ......................................................................................... 431
9.5.1. PPTP Servers ............................................................................ 431
9.5.2. L2TP Servers ............................................................................ 432
9.5.3. L2TP/PPTP Server advanced settings ............................................ 436
9.5.4. PPTP/L2TP Clients .................................................................... 437
9.6. CA Server Access ................................................................................ 440
9.7. VPN Troubleshooting ........................................................................... 443
9.7.1. General Troubleshooting ............................................................. 443
User Manual
7
Содержание NetDefend DFL-260E
Страница 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27...
Страница 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79...
Страница 146: ...3 9 DNS Chapter 3 Fundamentals 146...
Страница 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227...
Страница 241: ...5 4 IP Pools Chapter 5 DHCP Services 241...
Страница 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339...
Страница 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360...
Страница 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382...
Страница 386: ...The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386...
Страница 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439...
Страница 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450...
Страница 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488...
Страница 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503...
Страница 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510...
Страница 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533...