D-Link DFL-260 Product Manual - Page 411
Tunnels Based on CA Server Certificates, Certificate Services
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 411 highlights
9.4.3. Roaming Clients Chapter 9. VPN Tunnels Based on CA Server Certificates Setting up client tunnels using a CA issued certificate is largely the same as using Self-signed certificates with the exception of a couple of steps. It is the responsibility of the administrator to acquire the appropriate certificate from an issuing authority for client tunnels. With some systems, such as Windows 2000 Server, there is built-in access to a CA server (in Windows 2000 Server this is found in Certificate Services). For more information on CA server issued certificates see Section 3.7, "Certificates". Example 9.6. Setting up CA Server Certificate based VPN tunnels for roaming clients This example describes how to configure an IPsec tunnel at the head office NetDefend Firewall for roaming clients that connect to the office to gain remote access. The head office network uses the 10.0.1.0/24 network span with external firewall IP wan_ip. Web Interface A. Upload all the client certificates: 1. Go to Objects > Authentication Objects > Add > Certificate 2. Enter a suitable name for the Certificate object 3. Select the X.509 Certificate option 4. Click OK B. Create Identification Lists: 1. Go to Objects > VPN Objects > ID List > Add > ID List 2. Enter a descriptive name, for example sales 3. Click OK 4. Go to Objects > VPN Objects > ID List > Sales > Add > ID 5. Enter the name for the client 6. Select Email as Type 7. In the Email address field, enter the email address selected when you created the certificate on the client 8. Create a new ID for every client that you want to grant access rights according to the instructions above C. Configure the IPsec tunnel: 1. Go to Interfaces > IPsec > Add > IPsec Tunnel 2. Now enter: • Name: RoamingIPsecTunnel • Local Network: 10.0.1.0/24 (This is the local network that the roaming users will connect to) • Remote Network: all-nets • Remote Endpoint: (None) • Encapsulation Mode: Tunnel 3. For Algorithms enter: • IKE Algorithms: Medium or High • IPsec Algorithms: Medium or High 4. For Authentication enter: 411