Table of Contents
Advertisement
VPN menu features
PPTP VPN Server
Select the weakest Authentication Scheme to accept. Access is denied to remote users attempting to
6
connect using an authentication scheme weaker than the selected scheme. The schemes are described
below, from strongest to weakest.
• Encrypted Authentication (MS-CHAP v2) – The strongest type of authentication to use; this is the
recommended option.
• Encrypted Authentication (MS-CHAP) – This is not a recommended encryption type and should
only be used for older dial-in clients that do not support MS-CHAP v2.
• Weakly Encrypted Authentication (CHAP) – This is the weakest type of encrypted password
authentication to use. It is not recommended that clients connect using this as it provides very little
password protection. Also note that clients connecting using CHAP are unable to encrypt traffic.
• Unencrypted Authentication (PAP) – This is plain text password authentication. When using this
type of authentication, the client password is transmitted unencrypted.
Select the Required Encryption Level. Access is denied to remote users attempting to connect not
7
using this encryption level. Strong Encryption (MPPE 128 Bit) is recommended.
Select the user authentication location from the Authentication Database list. This allows you to
8
indicate where the list of valid clients can be found. You can select from the following options:
• Local – Use the local database defined on the Local Users tab of the Users page. You must enable
the Dial-in Access option for the individual users that are allowed dial-in access.
• RADIUS – Use an external RADIUS server as defined on the RADIUS tab of the Users page.
• TACACS+ – Use an external TACACS+ server as defined on the TACACS+ tab of the Users page.
For further details on users, RADIUS, and TACAS+, refer to
[Optional] To configure Advanced options, click Advanced. The following fields are available:
9
Enter the desired value of the Maximum Transmission appliance (MTU) for the PPTP interfaces into the
a
PPTP MTU field.
Default: 1400
Enter the number of minutes without activity before disconnecting the PPTP client in the Idle Time
b
(minutes) field.
In the DNS Server field, enter the IP address of the DNS server that assigns IP addresses to
c
connecting PPTP clients.
In the WINS Server field, enter the IP address of the WINS server that assigns IP addresses to
d
connecting PPTP clients.
Select the Enable PPTP Debugging checkbox to add PPTP debugging information to server logs.
e
Click Submit.
10
Adding a PPTP user account
Use this procedure to add a new PPTP VPN user. Keep a note of the User name and Password, as these are
required in configuring the remote PPTP client.
Click System > Users > Local Users tab. The Local Users page is displayed.
1
Click New. The Edit User Information page appears.
2
Complete the fields. For further details on adding a user, refer to
3
username and password for when you need to connect to the VPN connection.
[Required for VPN PPTP access] Be sure to select the PPTP Access checkbox.
4
If applicable, enter a static IP address in the PPTP Address field.
5
244
McAfee UTM Firewall 4.0.4 Administration Guide
Users
menu.
Creating a
user. Keep note of the
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
