7. Address Translation
........................................................................................
334
7.1. Overview
............................................................................................
334
7.2. NAT
..................................................................................................
335
7.3. NAT Pools
..........................................................................................
340
7.4. SAT
...................................................................................................
343
7.4.1. Translation of a Single IP Address (1:1)
.........................................
343
7.4.2. Translation of Multiple IP Addresses (M:N)
....................................
348
7.4.3. All-to-One Mappings (N:1)
.........................................................
350
7.4.4. Port Translation
.........................................................................
350
7.4.5. Protocols Handled by SAT
..........................................................
351
7.4.6. Multiple
SAT
Rule Matches
.........................................................
351
7.4.7.
SAT
and
FwdFast
Rules
..............................................................
352
8. User Authentication
........................................................................................
355
8.1. Overview
............................................................................................
355
8.2. Authentication Setup
.............................................................................
357
8.2.1. Setup Summary
.........................................................................
357
8.2.2. The Local Database
....................................................................
357
8.2.3. External RADIUS Servers
...........................................................
359
8.2.4. External LDAP Servers
...............................................................
359
8.2.5. Authentication Rules
..................................................................
366
8.2.6. Authentication Processing
...........................................................
368
8.2.7. A Group Usage Example
.............................................................
369
8.2.8. HTTP Authentication
.................................................................
369
8.3. Customizing HTML Pages
.....................................................................
373
9. VPN
.............................................................................................................
377
9.1. Overview
............................................................................................
377
9.1.1. VPN Usage
...............................................................................
377
9.1.2. VPN Encryption
........................................................................
378
9.1.3. VPN Planning
...........................................................................
378
9.1.4. Key Distribution
........................................................................
379
9.1.5. The TLS Alternative for VPN
......................................................
379
9.2. VPN Quick Start
..................................................................................
381
9.2.1. IPsec LAN to LAN with Pre-shared Keys
.......................................
382
9.2.2. IPsec LAN to LAN with Certificates
.............................................
383
9.2.3. IPsec Roaming Clients with Pre-shared Keys
..................................
384
9.2.4. IPsec Roaming Clients with Certificates
.........................................
386
9.2.5. L2TP Roaming Clients with Pre-Shared Keys
.................................
387
9.2.6. L2TP Roaming Clients with Certificates
........................................
388
9.2.7. PPTP Roaming Clients
...............................................................
389
9.3. IPsec Components
................................................................................
391
9.3.1. Overview
.................................................................................
391
9.3.2. Internet Key Exchange (IKE)
.......................................................
391
9.3.3. IKE Authentication
....................................................................
397
9.3.4. IPsec Protocols (ESP/AH)
...........................................................
398
9.3.5. NAT Traversal
..........................................................................
399
9.3.6. Algorithm Proposal Lists
.............................................................
401
9.3.7. Pre-shared Keys
........................................................................
402
9.3.8. Identification Lists
.....................................................................
403
9.4. IPsec Tunnels
......................................................................................
406
9.4.1. Overview
.................................................................................
406
9.4.2. LAN to LAN Tunnels with Pre-shared Keys
...................................
408
9.4.3. Roaming Clients
........................................................................
408
9.4.4. Fetching CRLs from an alternate LDAP server
................................
413
9.4.5. Troubleshooting with
ikesnoop
.....................................................
414
9.4.6. IPsec Advanced Settings
.............................................................
421
9.5. PPTP/L2TP
.........................................................................................
425
9.5.1. PPTP Servers
............................................................................
425
9.5.2. L2TP Servers
............................................................................
426
9.5.3. L2TP/PPTP Server advanced settings
............................................
430
9.5.4. PPTP/L2TP Clients
....................................................................
431
9.6. CA Server Access
................................................................................
434
9.7. VPN Troubleshooting
...........................................................................
437
9.7.1. General Troubleshooting
.............................................................
437
User Manual
7