Certificate Based Ipsec Tunnels For Roaming Clients - D-Link NetDefendOS User Manual

1. Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2. Now enter:
• Name: client_to_lan
• Action: Allow
• Service: all_services
• Source Interface: ipsec_roaming
• Source Network: all-nets
• Destination Interface: lan
• Destination Network: 172.16.1.0/24
3. Click OK

Certificate Based IPsec Tunnels for Roaming Clients

Setting up client tunnels using a CA signed certificate is largely the same as using self-signed
certificates with the exception of a couple of steps.
It is the responsibility of the administrator to acquire the appropriate CA signed certificate from
an issuing authority for client tunnels. With some systems, such as Windows 2000 Server, there is
built-in access to a CA server (in Windows 2000 Server this is found in Certificate Services). For
more information on CA server issued certificates see Section 3.9, "Certificates".
Example 9.6. Certificate Based IPsec Tunnels for Roaming Clients
This example describes how to configure an IPsec tunnel at the head office NetDefend Firewall
for roaming clients that connect to the office to gain remote access. The head office network
uses the 203.0.113.0/24 network with external firewall IP wan_ip.
Web Interface
A. Upload the required certificates to NetDefendOS and for each certificate:
1. Go to: Objects > Key Ring > Add > Certificate
2. Enter a suitable name for the Certificate object
3. Select the X.509 Certificate option
4. Click OK
B. Configure the IPsec tunnel:
1. Go to: Network > Interfaces and VPN > IPsec > Add > IPsec Tunnel
2. Now enter:
710
Chapter 9: VPN