1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

Setting Up A Ca Server Issued Certificate Based Vpn Tunnel For Roaming Clients - D-Link NetDefend DFL-210 User Manual

Network security firewall ver. 1.05
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

9.3.3. Roaming Clients
3.
For Algorithms enter:
IKE Algorithms: Medium or High.
IPsec Algorithms: Medium or High.
4.
For Authentication enter:
Choose X.509 Certificate as authentication method
Root Certificate(s): Select all your client certificates and add them to the Selected list
Gateway Certificate: Choose your newly created firewall certificate
Identification List: Select your ID List that you want to associate with your VPN Tunnel. In our case that
will be sales
5.
Under the Routing tab:
Enable the option: Dynamically add route to the remote network when a tunnel is established.
6.
Click OK.
E. Finally configure the IP rule-set to allow traffic inside the tunnel.
9.3.3.3. CA Server issued Certificates based client tunnels
Setting up client tunnels using a Certification Authority issued X.509 certificate is largely the same
as using Self-Signed certificates with the exception of a couple of steps. Most importantly, it is the
responsibility of the administrator to aquire the appropriate certificate from an issuing authority.
With some systems, such as Windows 2000 Server, there is built-in access to a CA server (in Win-
dows 2000 Server this is found in Certificate Services). For more information on CA server issued
certificates see Section 3.7, "X.509 Certificates".
It is the responsibility of the administrator to aquire the appropriate certificate from an issuing au-
thority for client tunnels. With some systems, such as Windows 2000 Server, there is built-in access
to a CA server (in Windows 2000 Server this is found in Certificate Services). For more informa-
tion on CA server issued certificates see Section 3.7, "X.509 Certificates".
Example 9.6. Setting up a CA Server issued Certificate based VPN tunnel for roaming
clients
This example describes how to configure an IPsec tunnel at the head office D-Link Firewall for roaming clients
that connect to the office to gain remote access. The head office network uses the 10.0.1.0/24 network span with
external firewall IP wan_ip.
Web Interface
A. Create a Self-signed Certificate for IPsec authentication:
1.
Go to Objects > Authentication Objects > Add > Certificate
2.
Click OK.
B. Import all the clients self-signed certificates:
1.
Go to Objects > Authentication Objects > Add > Certificate
2.
Click OK.
C. Create Identification Lists:
Chapter 9. Virtual Private Networks
199

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Content for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Dfl-1600Netdefend dfl-2500Netdefend dfl-260Netdefend dfl-860Netdefend dfl-800 ... Show all

Table of Contents