Ipsec Roaming Clients With Pre-Shared Keys - D-Link NetDefend DFL-210 User Manual

9.2.3. IPsec Roaming Clients with
Pre-shared Keys
key file. The gateway certificate needs just the certificate file added.
4. Set up the IPsec Tunnel object as for pre-shared keys, but specify the certificates to use under
Authentication. Do this with the following steps:
a. Enable the X.509 Certificate option.
b. Add the Root Certificate to use.
c. Select the Gateway Certificate.
5. Open the WebUI management interface for the D-Link Firewall at the other side of the tunnel
and repeat the above steps but reversing the certificate usage. What was the root certificate is
now added as the gateway certificate, and its private key file is not used. What was the gateway
certificate is now added as the root certificate and its private key file will be used.
Also review Section 9.6, "CA Server Access" below, which describes important considerations for
certificate validation.

9.2.3. IPsec Roaming Clients with Pre-shared Keys

This section details the setup with roaming clients connecting through an IPsec tunnel with
pre-shared keys. There are two types of roaming clients:
A. The IP addresses of the clients are already allocated.
B. The IP addresses of clients are not known beforehand and must be handed out by NetDefendOS
as the clients connect.
A. IP addresses already allocated
The IP addresses may be known beforehand and have been pre-allocated to the roaming clients
before they connect. The client's IP address will be manually input into the VPN client software.
1. Set up user authentication. XAuth user authentication is not required with IPsec roaming clients
but is recommended (this step could initially be left out to simplify setup). The authentication
source can be one of the following:
• A Local User DB object which is internal to NetDefendOS.
325
Chapter 9. VPN