Table of Contents
Advertisement
could also be performed by a RADIUS server.
5.
Define an IPsec tunnel object using the default proposal lists and with the following
properties:
i.
Local Network: all-nets
ii.
Remote Network: all-nets
iii.
Remote Endpoint: None
iv.
Encapsulation mode: Tunnel
v.
IKE Config Mode Pool: Select the static IP pool
vi.
Authentication: Select the PSK defined above.
vii. Select XAuth authentication for inbound tunnels
viii. Allow DHCP over IPsec from single-host clients
ix.
Enable the option to Dynamically add a route to the remote network when tunnel is
established
x.
IP Addresses: Specify manually to be the local tunnel endpoint address
xi.
Security Assocation: Per Host
xii. Disable the option Add route to remote network
6.
Place the tunnel last in the list of IPsec tunnels. Also be aware that this tunnel cannot coexist
with a PSK tunnel for L2TP/IPsec.
7.
Create a User Authentication Rule with the following properties:
i.
Authentication Agent: XAuth
ii.
Authentication Source: Local (or RADIUS)
iii.
Originator IP: all-nets
iv.
Local User DB: The local user database
8.
Add IP rules for the client traffic. Typical rules will be Allow rules that permit clients to access
protected resources and NAT rules to reach the public Internet via the tunnel.
682
Chapter 9: VPN
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
