6.7. Blacklisting Hosts and Networks
.............................................................
360
7. Address Translation
........................................................................................
363
7.1. Overview
............................................................................................
363
7.2. NAT
..................................................................................................
364
7.3. NAT Pools
..........................................................................................
369
7.4. SAT
...................................................................................................
372
7.4.1. Translation of a Single IP Address (1:1)
.........................................
372
7.4.2. Translation of Multiple IP Addresses (M:N)
....................................
377
7.4.3. All-to-One Mappings (N:1)
.........................................................
379
7.4.4. Port Translation
.........................................................................
381
7.4.5. Protocols Handled by SAT
..........................................................
381
7.4.6. Multiple
SAT
Rule Matches
.........................................................
381
7.4.7.
SAT
and
FwdFast
Rules
..............................................................
382
8. User Authentication
........................................................................................
385
8.1. Overview
............................................................................................
385
8.2. Authentication Setup
.............................................................................
387
8.2.1. Setup Summary
.........................................................................
387
8.2.2. The Local Database
....................................................................
387
8.2.3. External RADIUS Servers
...........................................................
389
8.2.4. External LDAP Servers
...............................................................
389
8.2.5. Authentication Rules
..................................................................
396
8.2.6. Authentication Processing
...........................................................
398
8.2.7. A Group Usage Example
.............................................................
399
8.2.8. HTTP Authentication
.................................................................
399
8.3. Customizing Authentication HTML Pages
................................................
404
9. VPN
.............................................................................................................
409
9.1. Overview
............................................................................................
409
9.1.1. VPN Usage
...............................................................................
409
9.1.2. VPN Encryption
........................................................................
410
9.1.3. VPN Planning
...........................................................................
411
9.1.4. Key Distribution
........................................................................
411
9.1.5. The TLS Alternative for VPN
......................................................
412
9.2. VPN Quick Start
..................................................................................
413
9.2.1. IPsec LAN to LAN with Pre-shared Keys
.......................................
414
9.2.2. IPsec LAN to LAN with Certificates
.............................................
415
9.2.3. IPsec Roaming Clients with Pre-shared Keys
..................................
416
9.2.4. IPsec Roaming Clients with Certificates
.........................................
418
9.2.5. L2TP Roaming Clients with Pre-Shared Keys
.................................
419
9.2.6. L2TP Roaming Clients with Certificates
........................................
421
9.2.7. PPTP Roaming Clients
...............................................................
421
9.3. IPsec Components
................................................................................
423
9.3.1. Overview
.................................................................................
423
9.3.2. Internet Key Exchange (IKE)
.......................................................
423
9.3.3. IKE Authentication
....................................................................
429
9.3.4. IPsec Protocols (ESP/AH)
...........................................................
430
9.3.5. NAT Traversal
..........................................................................
431
9.3.6. Algorithm Proposal Lists
.............................................................
433
9.3.7. Pre-shared Keys
........................................................................
434
9.3.8. Identification Lists
.....................................................................
435
9.4. IPsec Tunnels
......................................................................................
438
9.4.1. Overview
.................................................................................
438
9.4.2. LAN to LAN Tunnels with Pre-shared Keys
...................................
440
9.4.3. Roaming Clients
........................................................................
440
9.4.4. Fetching CRLs from an alternate LDAP server
................................
445
9.4.5. Troubleshooting with
ikesnoop
.....................................................
446
9.4.6. IPsec Advanced Settings
.............................................................
453
9.5. PPTP/L2TP
.........................................................................................
457
9.5.1. PPTP Servers
............................................................................
457
9.5.2. L2TP Servers
............................................................................
458
9.5.3. L2TP/PPTP Server advanced settings
............................................
463
9.5.4. PPTP/L2TP Clients
....................................................................
463
9.6. SSL VPN
............................................................................................
466
User Manual
7