D-Link DFL-260E User Manual for DFL-260E - Page 435
Identification Lists, add PSK MyPSK Type=HEX PSKHex=<enter the key here>
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 435 highlights
9.3.8. Identification Lists Chapter 9. VPN gw-world:/> add PSK MyPSK Type=HEX PSKHex= Now apply the Pre-shared Key to the IPsec tunnel: gw-world:/> set Interface IPsecTunnel MyIPsecTunnel PSK=MyPSK Web Interface First create a Pre-shared Key: 1. Go to: Objects > Authentication Objects > Add > Pre-shared key 2. Enter a name for the pre-shared key, for example MyPSK 3. Choose Hexadecimal Key and click Generate Random Key to generate a key to the Passphrase textbox 4. Click OK Then, apply the pre-shared key to the IPsec tunnel: 1. Go to: Interfaces > IPsec 2. Select the target IPsec tunnel object 3. Under the Authentication tab, choose Pre-shared Key and select MyPSK 4. Click OK 9.3.8. Identification Lists When certificates are used as authentication method for IPsec tunnels, the NetDefend Firewall will accept all remote devices or VPN clients that are capable of presenting a certificate signed by any of the trusted Certificate Authorities. This can be a potential problem, especially when using roaming clients. A Typical Scenario Consider the scenario of travelling employees being given access to the internal corporate networks using VPN clients. The organization administers their own Certificate Authority, and certificates have been issued to the employees. Different groups of employees are likely to have access to different parts of the internal networks. For example, members of the sales force need access to servers running the order system, while technical engineers need access to technical databases. The Problem Since the IP addresses of the travelling employees VPN clients cannot be known beforehand, the incoming VPN connections from the clients cannot be differentiated. This means that the firewall is unable to control the access to various parts of the internal networks. The ID List Solution The concept of Identification Lists presents a solution to this problem. An identification list contains one or more identities (IDs), where each identity corresponds to the subject field in a certificate. Identification lists can thus be used to regulate what certificates that are given access to what IPsec tunnels. 435