D-Link DFL-260E User Manual for DFL-260E - Page 421
L2TP Roaming Clients with Certificates, 9.2.7. PPTP Roaming Clients, New Connection Wizard
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 421 highlights
9.2.6. L2TP Roaming Clients with Certificates Chapter 9. VPN Connections should be selected to start the New Connection Wizard. The key information to enter in this wizard is: the resolvable URL of the NetDefend Firewall or alternatively its ip_ext IP address. Then choose Network > Properties. In the dialog that opens choose the L2TP Tunnel and select Properties. In the new dialog that opens select the Networking tab and choose Force to L2TP. Now go back to the L2TP Tunnel properties, select the Security tab and click on the IPsec Settings button. Now enter the pre-shared key. 9.2.6. L2TP Roaming Clients with Certificates If certificates are used with L2TP roaming clients instead of pre-shared keys then the differences in the setup described above are as follows: • The NetDefendOS date and time must be set correctly since certificates can expire. • Load a Gateway Certificate and Root Certificate into NetDefendOS. • When setting up the IPsec Tunnel object, specify the certificates to use under Authentication. This is done by: i. Enable the X.509 Certificate option. ii. Select the Gateway Certificate. iii. Add the Root Certificate to use. • If using the Windows XP L2TP client, the appropriate certificates need to be imported into Windows before setting up the connection with the New Connection Wizard. The step to set up user authentication is optional since this is additional security to certificates. Also review Section 9.7, "CA Server Access", which describes important considerations for certificate validation. 9.2.7. PPTP Roaming Clients PPTP is simpler to set up than L2TP since IPsec is not used and instead relies on its own, less strong, encryption. A major secondary disadvantage is not being able to NAT PPTP connections through a tunnel so multiple clients can use a single connection to the NetDefend Firewall. If NATing is tried then only the first client that tries to connect will succeed. The steps for PPTP setup are as follows: 1. In the Address Book define the following IP objects: • A pptp_pool IP object which is the range of internal IP addresses that will be handed out from an internal network. • An int_net object which is the internal network from which the addresses come. • An ip_int object which is the internal IP address of the interface connected to the internal network. Let us assume that this interface is int. • An ip_ext object which is the external public address which clients will connect to (let's assume this is on the ext interface). 421