D-Link NetDefendOS User Manual page 8

8.2.1. Setup Summary ......................................................................... 610
8.2.2. Local User Databases .................................................................. 610
8.2.3. External RADIUS Servers ............................................................. 614
8.2.4. External LDAP Servers ................................................................ 616
8.2.5. Authentication Rules .................................................................. 624
8.2.6. Authentication Processing .......................................................... 626
8.2.7. HTTP Authentication .................................................................. 627
8.2.8. Brute Force Protection ................................................................ 630
8.3. ARP Authentication .............................................................................. 633
8.4. Customizing Authentication HTML ......................................................... 635
8.5. Policies Requiring Authentication ........................................................... 639
8.6. User Identity Awareness ........................................................................ 641
8.7. Multi Factor Authentication ................................................................... 650
8.8. Radius Relay ........................................................................................ 652
8.9. RADIUS Accounting .............................................................................. 659
8.9.1. Overview .................................................................................. 659
8.9.2. RADIUS Accounting Messages ..................................................... 659
8.9.3. Interim Accounting Messages ...................................................... 661
8.9.4. Configuring RADIUS Accounting .................................................. 661
8.9.5. RADIUS Accounting Security ....................................................... 663
8.9.6. RADIUS Accounting and High Availability ...................................... 663
8.9.7. Handling Unresponsive RADIUS Servers ........................................ 663
8.9.8. Accounting and System Shutdowns ............................................. 664
8.9.9. Limitations with NAT .................................................................. 664
8.9.10. Advanced RADIUS Settings ........................................................ 664
9. VPN .............................................................................................................. 667
9.1. Overview ............................................................................................ 667
9.1.1. VPN Usage ................................................................................ 667
9.1.2. VPN Encryption ......................................................................... 668
9.1.3. VPN Planning ............................................................................ 669
9.1.4. Key Distribution ......................................................................... 669
9.1.5. The TLS Alternative for VPN ......................................................... 670
9.2. VPN Quick Start .................................................................................... 671
9.2.1. IPsec LAN-to-LAN with Pre-shared Keys ......................................... 672
9.2.2. IPsec LAN-to-LAN with Certificates ............................................... 673
9.2.3. IPsec Roaming Clients with Pre-shared Keys ................................... 674
9.2.4. IPsec Roaming Clients with Certificates ......................................... 677
9.2.5. L2TP/IPsec Roaming Clients with Pre-Shared Keys ........................... 678
9.2.6. L2TP/IPsec Roaming Clients with Certificates ................................. 680
9.2.7. PPTP Roaming Clients ................................................................. 680
9.2.8. iOS Setup ................................................................................. 681
9.3. IPsec Components ............................................................................... 683
9.3.1. Overview .................................................................................. 683
9.3.2. Internet Key Exchange (IKE) ......................................................... 683
9.3.3. IKE Authentication ..................................................................... 690
9.3.4. IPsec Protocols (ESP/AH) ............................................................. 691
9.3.5. NAT Traversal ............................................................................ 693
9.3.6. Algorithm Proposal Lists ............................................................. 694
9.3.7. Pre-shared Keys ......................................................................... 696
9.3.8. Using ID Lists with Certificates ..................................................... 697
9.3.9. DiffServ with IPsec ..................................................................... 699
9.4. IPsec Tunnels ....................................................................................... 701
9.4.1. Overview .................................................................................. 701
9.4.2. LAN-to-LAN Tunnels with Pre-shared Keys ..................................... 704
9.4.3. Roaming Clients ........................................................................ 708
9.4.4. IKEv2 Support ........................................................................... 713
9.4.5. IKEv2 Client Setup ...................................................................... 714
9.4.6. Fetching CRLs from an alternate LDAP server ................................. 719
9.4.7. The IPsec Tunnel Selection Process ............................................... 720
9.4.8. IPsec Tunnel Monitoring ............................................................. 721
9.4.9. IPsec Advanced Settings ............................................................. 723
8
User Manual