5.
Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
6.
Enter a name for the rule, for example
NATL2TP
7.
Now enter:
•
Action: NAT
•
Service: all_services
•
Source Interface: l2tp_tunnel
•
Source Network: l2tp_pool
•
Destination Interface: wan
•
Destination Network: all-nets
8.
Click OK
IPsec Tunnels with Transport Mode
The encapsulation mode of the IPsec tunnel in the example above is set to
Transport
for L2TP
and this is the recommended setting. Windows™ clients will only function with transport mode.
With transport mode, the following should be noted:
•
IKEv2 only works when using
Tunnel Mode
for IPsec encapsulation. Therefore, IKEv1 must be
used with L2TP.
•
When using transport mode with IKEv1, only the Local Endpoint and Remote Endpoint
properties of the
IPsec Tunnel
object are used by NetDefendOS for tunnel setup. The Local
Network and Remote Network properties are ignored.
•
The Add route statically setting should be disabled. It should be enabled only if the
administrator has an in-depth understanding of how this setting functions with transport
mode.
•
If Add route statically is enabled with transport mode and the OutgoingRoutingTable is
set to the same routing table as the RoutingTable , NetDefendOS will give a warning
message and disable Add route statically automatically.
The reason for this is that if it is allowed, IKE/ESP traffic will be routed into its own tunnel after
tunnel establishment. This means that a traffic loop will be created so that no ESP/IKE packets
will get sent to the tunnel's remote endpoint.
9.5.3. L2TP/PPTP Server Advanced Settings
The following L2TP/PPTP server advanced settings are available to the administrator:
L2TP Before Rules
Pass L2TP traffic sent to the NetDefend Firewall directly to the L2TP Server without consulting
the rule set.
Chapter 9: VPN
736
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...