D-Link NetDefendOS User Manual page 679

• When all-nets is the destination network, as is the case here, the advanced setting option
Add route statically must also be disabled. This setting is enabled by default.
5. Define an PPTP/L2TP Server object (let's call this object l2tp_tunnel) with the following
parameters:
• Set Inner IP Address to lan_ip.
• Set Tunnel Protocol to L2TP.
• Set Outer Interface Filter to ipsec_tunnel.
• Set Outer Server IP to wan_ip.
• Set the Microsoft Point-to-Point Encryption setting to None only. Since IPsec
encryption is already used, double encryption will degrade throughput.
• Set IP Pool to l2tp_pool.
• Enable Proxy ARP on the lan interface to which the internal network is connected.
• Under the Virtual Routing tab, make this interface a member of a specific routing table so
that routes are automatically added to that table. Normally the main table should be
selected.
6. For user authentication:
• Define a Local User DB object (let's call this object TrustedUsers).
• Add individual users to TrustedUsers. This should consist of at least a username and
password combination.
The Group string for a user can also be specified. This is explained in the same step in
the IPsec Roaming Clients section above.
• Define a User Authentication Rule:
Agent Auth Source
PPP Local
7. To allow traffic through the L2TP tunnel the following rules should be defined in the IP rule
set:
Action Src Interface
Allow l2tp_tunnel
NAT l2tp_tunnel
The second rule would be included to allow clients to surf the Internet via the lan interface on
the NetDefend Firewall. The client will be allocated a private internal IP address which must be
NATed if connections are then made out to the public Internet via the NetDefend Firewall.
8. Set up the client. Assuming Windows XP, the Create new connection option in Network
Connections should be selected to start the New Connection Wizard. The key information to
enter in this wizard is the resolvable URL of the NetDefend Firewall or alternatively its
wan_ip IP address.
Then choose Network > Properties. In the dialog that opens choose the L2TP Tunnel and
Src Network
all-nets
Src Network Dest Interface
l2tp_pool any
l2tp_pool ext
679
Chapter 9: VPN
Interface Client Source IP
l2tp_tunnel all-nets (0.0.0.0/0)
Dest Network Service
int_net all_services
all-nets all_services