Pptp Roaming Clients - D-Link NetDefend DFL-210 User Manual
Network security firewall ver 2.26.01
Hide thumbs
Also See for NetDefend DFL-210:
- Log reference manual (476 pages) ,
- User manual (469 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
9.2.7. PPTP Roaming Clients
2.
Load a Gateway Certificate and Root Certificate into NetDefendOS.
3.
When setting up the IPsec Tunnel object, specify the certificates to use under Authentication.
This is done by:
a.
Enable the X.509 Certificate option.
b.
Select the Gateway Certificate.
c.
Add the Root Certificate to use.
4.
If using the Windows XP L2TP client, the appropriate certificates need to be imported into
Windows before setting up the connection with the New Connection Wizard.
The step to set up user authentication is optional since this is additional security to certificates.
Also review Section 9.6, "CA Server Access", which describes important considerations for
certificate validation.
9.2.7. PPTP Roaming Clients
PPTP is simpler to set up than L2TP since IPsec is not used and instead relies on its own, less
strong, encryption.
A major secondary disadvantage is not being able to NAT PPTP connections through a tunnel so
multiple clients can use a single connection to the NetDefend Firewall. If NATing is tried then only
the first client that tries to connect will succeed.
The steps for PPTP setup are as follows:
1.
In the Address Book define the following IP objects:
•
A pptp_pool IP object which is the range of internal IP addresses that will be handed out
from an internal network.
•
An int_net object which is the internal network from which the addresses come.
•
An ip_int object which is the internal IP address of the interface connected to the internal
network. Let us assume that this interface is int.
•
An ip_ext object which is the external public address which clients will connect to (let's
assume this is on the ext interface).
2.
Define a PPTP/L2TP object (let's call it pptp_tunnel) with the following parameters:
•
Set Inner IP Address to ip_net.
•
Set Tunnel Protocol to PPTP.
•
Set Outer Interface Filter to ext.
•
Set Outer server IP to ip_ext.
•
For Microsoft Point-to-Point Encryption it is recommended to disable all options except
128 bit encryption.
•
Set IP Pool to pptp_pool.
•
Enable Proxy ARP on the int interface.
•
As in L2TP, enable the insertion of new routes automatically into the main routing table.
349
Chapter 9. VPN
Advertisement
Table of Contents
Troubleshooting
