Setting Up A Psk Based Vpn Tunnel For Roaming Clients; Setting Up A Self-Signed Certificate Based Vpn Tunnel For Roaming Clients - D-Link DFL-1660 User Manual

9.4.3. Roaming Clients
the algorithm proposal lists that are pre-configured in NetDefendOS.
9.4.3.1. PSK based client tunnels
Example 9.4. Setting up a PSK based VPN tunnel for roaming clients
This example describes how to configure an IPsec tunnel at the head office NetDefend Firewall for roaming
clients that connect to the office to gain remote access. The head office network uses the 10.0.1.0/24 network
span with external firewall IP wan_ip.
Web Interface
A. Create a pre-shared key for IPsec authentication:
1. Go to Objects > Authentication Objects > Add > Pre-Shared Key
2. Now enter:
• Name: Enter a name for the key, for example SecretKey
• Shared Secret: Enter a secret passphrase
• Confirm Secret: Enter the secret passphrase again
3. Click OK
B. Configure the IPsec tunnel:
1. Go to Interfaces > IPsec > Add > IPsec Tunnel
2. Now enter:
• Name: RoamingIPsecTunnel
• Local Network: 10.0.1.0/24 (This is the local network that the roaming users will connect to)
• Remote Network: all-nets
• Remote Endpoint: (None)
• Encapsulation Mode: Tunnel
3. For Algorithms enter:
• IKE Algorithms: Medium or High
• IPsec Algorithms: Medium or High
4. For Authentication enter:
• Pre-Shared Key: Select the pre-shared key created earlier
5. Under the Routing tab:
• Enable the option: Dynamically add route to the remote network when a tunnel is established.
6. Click OK
C. Finally configure the IP rule set to allow traffic inside the tunnel.
9.4.3.2. Self-signed Certificate based client tunnels
Example 9.5. Setting up a Self-signed Certificate based VPN tunnel for roaming clients
This example describes how to configure an IPsec tunnel at the head office NetDefend Firewall for roaming
359
Chapter 9. VPN