Ipsec Roaming Clients With Certificates - D-Link NetDefend DFL-210 User Manual
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
9.2.4. IPsec Roaming Clients with
Certificates
object could be used which specifies the exact range of the pre-allocated IP addresses.
B. IP addresses handed out by NetDefendOS
If the client IP addresses are not known then they must be handed out by NetDefendOS. To do this
the above must be modified with the following:
1.
If a specific IP address range is to be used as a pool of available addresses then:
•
Create a Config Mode Pool object (there can only be one associated with a NetDefendOS
installation) and in it specify the address range.
•
Enable the IKE Config Mode option in the IPsec Tunnel object ipsec_tunnel.
2.
If client IP addresses are to be retrieved through DHCP:
•
Create an IP Pool object and in it specify the DHCP server to use. The DHCP server can be
specified as a simple IP address or alternatively as being accessible on a specific interface.
If an internal DHCP server is to be used then specify the loopback address 127.0.0.1 as the
DHCP server IP address.
•
Create a Config Mode Pool object (there can only be one associated with a NetDefendOS
installation) and associate with it the IP Pool object defined in the previous step.
•
Enable the IKE Config Mode option in the IPsec Tunnel object ipsec_tunnel.
Configuring IPsec Clients
In both cases (A) and (B) above, the IPsec client will need to be correctly configured. The client
configuration will require the following: with as well as the pre-shared key.
•
Define the URL or IP address of the D-Link Firewall. The client needs to locate the tunnel
endpoint.
•
Define the pre-shared key that is used for IPsec security.
•
Define the IPsec algorithms that will be used and which are supported by NetDefendOS.
•
Specify if the client will use config mode.
There are a variety of IPsec client software products available from a number of suppliers and this
manual will not focus on any specific one. The network administrator should use the client that is
best suited to their budget and needs.
9.2.4. IPsec Roaming Clients with Certificates
If certificates are used with IPsec roaming clients instead of pre-shared keys then no Pre-shared
Key object is needed and the other differences in the setup described above are:
1.
The NetDefendOS date and time must be set correctly since certificates can expire.
2.
Load a Gateway Certificate and Root Certificate into NetDefendOS.
3.
When setting up the IPsec Tunnel object, specify the certificates to use under Authentication.
This is done by:
a.
Enable the X.509 Certificate option.
b.
Select the Gateway Certificate.
327
Chapter 9. VPN
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
