1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

Setting Up A Ca Server Issued Certificate Based Vpn Tunnel For Roaming Clients - D-Link NetDefend DFL-210 User Manual

Network security firewall
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

9.4.3. Roaming Clients
3.
For Algorithms enter:
IKE Algorithms: Medium or High
IPsec Algorithms: Medium or High
4.
For Authentication enter:
Choose X.509 Certificate as authentication method
Root Certificate(s): Select all your client certificates and add them to the Selected list
Gateway Certificate: Choose your newly created firewall certificate
Identification List: Select your ID List that you want to associate with your VPN Tunnel. In our case that
will be sales
5.
Under the Routing tab:
Enable the option: Dynamically add route to the remote network when a tunnel is established.
6.
Click OK
E. Finally configure the IP rule set to allow traffic inside the tunnel.
9.4.3.3. CA Server issued Certificates based client tunnels
Setting up client tunnels using a Certification Authority issued X.509 certificate is largely the same
as using Self-Signed certificates with the exception of a couple of steps. Most importantly, it is the
responsibility of the administrator to aquire the appropriate certificate from an issuing authority.
With some systems, such as Windows 2000 Server, there is built-in access to a CA server (in
Windows 2000 Server this is found in Certificate Services). For more information on CA server
issued certificates see Section 3.7, "X.509 Certificates".
It is the responsibility of the administrator to aquire the appropriate certificate from an issuing
authority for client tunnels. With some systems, such as Windows 2000 Server, there is built-in
access to a CA server (in Windows 2000 Server this is found in Certificate Services). For more
information on CA server issued certificates see Section 3.7, "X.509 Certificates".
Example 9.6. Setting up a CA Server issued Certificate based VPN tunnel for roaming
clients
This example describes how to configure an IPsec tunnel at the head office D-Link Firewall for roaming clients
that connect to the office to gain remote access. The head office network uses the 10.0.1.0/24 network span with
external firewall IP wan_ip.
Web Interface
A. Upload all the client certificates:
1.
Go to Objects > Authentication Objects > Add > Certificate
2.
Enter a suitable name for the Certificate object.
3.
Select the X.509 Certificate option
4.
Click OK
B. Create Identification Lists:
1.
Go to Objects > VPN Objects > ID List > Add > ID List
2.
Enter a descriptive name, eg. sales.
256
Chapter 9. VPN

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Content for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Netdefend dfl-2500Dfl-1600Netdefend dfl-860Netdefend dfl-260Netdefend dfl-800 ... Show all

Table of Contents