D-Link DFL-260-IPS-12 Product Manual - Page 413
Fetching CRLs from an alternate LDAP server, IP Validation
View all D-Link DFL-260-IPS-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 413 highlights
9.4.4. Fetching CRLs from an alternate LDAP server Chapter 9. VPN Web Interface 1. Go to Objects > VPN Objects > IKE Config Mode Pool 2. The Config Mode Pool object properties web page now appears 3. Select Use a predefined IPPool object 4. Choose the ip_pool1 object from the IP Pool drop-down list 5. Click OK After defining the Config Mode object, the only remaining action is to enable Config Mode to be used with the IPsec Tunnel. Example 9.8. Using Config Mode with IPsec Tunnels Assuming a predefined tunnel called vpn_tunnel1 this example shows how to enable Config Mode for that tunnel. Web Interface • Go to Interfaces > IPsec • Select the tunnel vpn_tunnel1 for editing • Select IKE Config Mode drop down list • Click OK IP Validation NetDefendOS always checks if the source IP address of each packet inside an IPsec tunnel is the same as the IP address assigned to the IPsec client with IKE Config Mode. If a mismatch is detected the packet is always dropped and a log message generated with a severity level of Warning. This message includes the two IP addresses as well as the client identity. Optionally, the affected SA can be automatically deleted if validation fails by enabling the advanced setting IPsecDeleteSAOnIPValidationFailure. The default value for this setting is Disabled. 9.4.4. Fetching CRLs from an alternate LDAP server A Root Certificate usually includes the IP address or hostname of the Certificate Authority to contact when certificates or CRLs need to be downloaded to the NetDefend Firewall. Lightweight Directory Access Protocol (LDAP) is used for these downloads. However, in some scenarios, this information is missing, or the administrator wishes to use another LDAP server. The LDAP configuration section can then be used to manually specify alternate LDAP servers. Example 9.9. Setting up an LDAP server This example shows how to manually setup and specify an LDAP server. Command-Line Interface gw-world:/> add LDAPServer Host=192.168.101.146 Username=myusername Password=mypassword Port=389 413