D-Link DFL-800-AV-12 User Manual - Page 232
IPsec Roaming Clients with Pre-shared Keys, A. IP addresses already allocated
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 232 highlights
9.2.2. IPsec Roaming Clients with Pre-shared Keys Chapter 9. VPN the Destination Interface. The rule's Destination Network is the remote network remote_net. • An Allow rule for inbound traffic that has the previously defined ipsec_tunnel object as the Source Interface. The Source Network is remote_net. Action Allow Allow Src Interface lan ipsec_tunnel Src Network lannet remote_net Dest Interface ipsec_tunnel lan Dest Network remote_net lannet Service All All The Service used in these rules is All but it could be a predefined service. 6. Define a new NetDefendOS Route which specifies that the VPN Tunnel ipsec_tunnel is the Interface to use for routing packets bound for the remote network at the other end of the tunnel. Interface ipsec_tunnel Network remote_net Gateway 9.2.2. IPsec Roaming Clients with Pre-shared Keys This section details the setup with roaming clients connecting through an IPsec tunnel with pre-shared keys. There are two types of roaming clients: • A. The IP addresses of the clients is known beforehand. • B. The IP address of clients is not known beforehand and must be handed out by NetDefendOS as they connect. A. IP addresses already allocated The IP addresses may be known beforehand and pre-allocated to the roaming clients before they connect. The client's IP address will be will be manually input into the VPN client software. 1. Set up user authentication. XAuth user authentication is not required with IPsec roaming clients but is recommended (this step could initially be left out to simplify setup). The authentication source can be one of the following: • A Local User DB object which is internal to NetDefendOS. • An external authentication server. An internal user database is easier to set up and is assumed here. Changing this to an external server is simple to do later. To implement user authentication with an internal database: • Define a Local User DB object (let's call this object TrustedUsers). • Add individual users to TrustedUsers. This should consist of at least a username and password combination. The Group string for a user can be specified if its group's access is to be restricted to certain source networks. Group can be specified (with the same text string) in the 232