D-Link DFL-260-IPS-12 Product Manual - Page 409
Self-signed Certificate based client tunnels, 4.3. Roaming Clients
View all D-Link DFL-260-IPS-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 409 highlights
9.4.3. Roaming Clients Chapter 9. VPN Example 9.4. Setting up a PSK based VPN tunnel for roaming clients This example describes how to configure an IPsec tunnel at the head office NetDefend Firewall for roaming clients that connect to the office to gain remote access. The head office network uses the 10.0.1.0/24 network span with external firewall IP wan_ip. Web Interface A. Create a pre-shared key for IPsec authentication: 1. Go to Objects > Authentication Objects > Add > Pre-Shared Key 2. Now enter: • Name: Enter a name for the key, for example SecretKey • Shared Secret: Enter a secret passphrase • Confirm Secret: Enter the secret passphrase again 3. Click OK B. Configure the IPsec tunnel: 1. Go to Interfaces > IPsec > Add > IPsec Tunnel 2. Now enter: • Name: RoamingIPsecTunnel • Local Network: 10.0.1.0/24 (This is the local network that the roaming users will connect to) • Remote Network: all-nets • Remote Endpoint: (None) • Encapsulation Mode: Tunnel 3. For Algorithms enter: • IKE Algorithms: Medium or High • IPsec Algorithms: Medium or High 4. For Authentication enter: • Pre-Shared Key: Select the pre-shared key created earlier 5. Under the Routing tab: • Enable the option: Dynamically add route to the remote network when a tunnel is established. 6. Click OK C. Finally configure the IP rule set to allow traffic inside the tunnel. Self-signed Certificate based client tunnels The following example shows how a certificate based tunnel can be set up. Example 9.5. Setting up a Self-signed Certificate based VPN tunnel for roaming clients This example describes how to configure an IPsec tunnel at the head office NetDefend Firewall for roaming clients that connect to the office to gain remote access. The head office network uses the 10.0.1.0/24 network span with external firewall IP wan_ip. 409