D-Link DFL-260E User Manual for DFL-260E - Page 420
Define a User Authentication Rule, Enable Proxy ARP on
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 420 highlights
9.2.5. L2TP Roaming Clients with Pre-Shared Keys Chapter 9. VPN • Set Encapsulation Mode to Transport. • Select the IKE and IPsec algorithm proposal lists to be used. • Enable the IPsec tunnel routing option Dynamically add route to the remote network when tunnel established. • When all-nets is the destination network, as is the case here, the advanced setting option Add route for remote network must also be disabled. This setting is enabled by default. 5. Define an PPTP/L2TP Server object (let's call this object l2tp_tunnel) with the following parameters: • Set Inner IP Address to ip_int. • Set Tunnel Protocol to L2TP. • Set Outer Interface Filter to ipsec_tunnel. • Set Outer Server IP to ip_ext. • Select the Microsoft Point-to-Point Encryption allowed. Since IPsec encryption is used this can be set to be None only, otherwise double encryption will degrade throughput. • Set IP Pool to l2tp_pool. • Enable Proxy ARP on the int interface to which the internal network is connected. • Make the interface a member of a specific routing table so that routes are automatically added to that table. Normally the main table is selected. 6. For user authentication: • Define a Local User DB object (let's call this object TrustedUsers). • Add individual users to TrustedUsers. This should consist of at least a username and password combination. The Group string for a user can also be specified. This is explained in the same step in the IPsec Roaming Clients section above. • Define a User Authentication Rule: Agent PPP Auth Source Local Src Network all-nets Interface l2tp_tunnel Client Source IP all-nets (0.0.0.0/0) 7. To allow traffic through the L2TP tunnel the following rules should be defined in the IP rule set: Action Allow NAT Src Interface l2tp_tunnel ipsec_tunnel Src Network l2tp_pool l2tp_pool Dest Interface any ext Dest Network int_net all-nets Service all_services all_services The second rule would be included to allow clients to surf the Internet via the ext interface on the NetDefend Firewall. The client will be allocated a private internal IP address which must be NATed if connections are then made out to the public Internet via the NetDefend Firewall. 8. Set up the client. Assuming Windows XP, the Create new connection option in Network 420