Ipsec Lan To Lan With Certificates - D-Link DFL-1660 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
9.2.2. IPsec LAN to LAN with
Certificates
remote_net.
•
An Allow rule for inbound traffic that has the previously defined ipsec_tunnel object as the
Source Interface. The Source Network is remote_net.
Action
Allow
Allow
The Service used in these rules is All but it could be a predefined service.
6.
Define a new NetDefendOS Route which specifies that the VPN Tunnel ipsec_tunnel is the
Interface to use for routing packets bound for the remote network at the other end of the tunnel.
Interface
ipsec_tunnel
9.2.2. IPsec LAN to LAN with Certificates
LAN to LAN security is usually provided with pre-shared keys but sometimes it may be desirable to
use X.509 certificates instead. If this is the case, Certificate Authority (CA) signed certificates may
be used and these come from an internal CA server or from a commercial supplier of certificates.
Creating a LAN to LAN tunnel with certificates follows exactly the same procedures as the previous
section where a pre-shared key was used. The difference is that certificates now replace pre-shared
keys for authentication.
Two unique sets of two CA signed certificates (two for either end, a root certificate and a gateway
certificate) are required for a LAN to LAN tunnel authentication.
The setup steps are as follows:
1.
Open the management Web Interface for the NetDefend Firewall at one end of the tunnel.
2.
Under Authentication Objects, add the Root Certificate and Host Certificate into
NetDefendOS. The root certificate needs to have 2 parts added: a certificate file and a private
key file. The gateway certificate needs just the certificate file added.
3.
Set up the IPsec Tunnel object as for pre-shared keys, but specify the certificates to use under
Authentication. Do this with the following steps:
a.
Enable the X.509 Certificate option.
b.
Add the Root Certificate to use.
c.
Select the Gateway Certificate.
4.
Open the management Web Interface for the NetDefend Firewall at the other side of the tunnel
and repeat the above steps with a different set of certificates.
Src Interface
Src Network
lan
ipsec_tunnel
remote_net
Note: The system time and date should be correct
The NetDefendOS date and time should be set correctly since certificates have an
expiry date and time.
Dest Interface
lannet
ipsec_tunnel
lan
Network
remote_net
421
Chapter 9. VPN
Dest Network
Service
remote_net
all_services
lannet
all_services
Gateway
<empty>
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
