D-Link DFL-260E User Manual for DFL-260E - Page 458
L2TP Servers, LNS. The NetDefend Firewall acts as the LNS.
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 458 highlights
9.5.2. L2TP Servers Chapter 9. VPN A common problem with setting up PPTP is that a router and/or switch in a network is blocking TCP port 1723 and/or IP protocol 47 before the PPTP connection can be made to the NetDefend Firewall. Examining the log can indicate if this problem occurred, with a log message of the following form appearing: Error PPP lcp_negotiation_stalled ppp_terminated Example 9.10. Setting up a PPTP server This example shows how to setup a PPTP Network Server. The example assumes that certain address objects in the NetDefendOS address book have already been created. It is necessary to specify in the address book, the IP address of the PPTP server interface, an outer IP address (that the PPTP server should listen to) and an IP pool that the PPTP server will use to give out IP addresses to the clients from. Command-Line Interface gw-world:/> add Interface L2TPServer MyPPTPServer ServerIP=lan_ip Interface=any IP=wan_ip IPPool=pp2p_Pool TunnelProtocol=PPTP AllowedRoutes=all-nets Web Interface 1. Go to: Interfaces > PPTP/L2TP Servers > Add > PPTP/L2TP Server 2. Enter a name for the PPTP Server, for example MyPPTPServer 3. Now enter: • Inner IP Address: lan_ip • Tunnel Protocol: PPTP • Outer Interface Filter: any • Outer Server IP: wan_ip 4. Under the PPP Parameters tab, select pptp_Pool in the IP Pool control 5. Under the Add Route tab, select all_nets from Allowed Networks 6. Click OK Use User Authentication Rules is enabled as default. To be able to authenticate the users using the PPTP tunnel it is required to configure NetDefendOS Authentication Rules but that will not be covered in this example. 9.5.2. L2TP Servers Layer 2 Tunneling Protocol (L2TP) is an IETF open standard that overcomes many of the problems of PPTP. Its design is a combination of Layer 2 Forwarding (L2F) protocol and PPTP, making use of the best features of both. Since the L2TP standard does not implement encryption, it is usually implemented with an IETF standard known as L2TP/IPsec, in which L2TP packets are encapsulated by IPsec. The client communicates with a Local Access Concentrator (LAC) and the LAC communicates across the Internet with a L2TP Network Server (LNS). The NetDefend Firewall acts as the LNS. The LAC tunnels data, such as a PPP session, using IPsec to the LNS across the Internet. In most cases the client will itself act as the LAC. L2TP is certificate based and therefore is simpler to administer with a large number of clients and 458