Setting Up A Self-Signed Certificate Based Vpn Tunnel For Roaming Clients - D-Link NetDefend DFL-210 User Manual

9.3.3. Roaming Clients
5. Under the Routing tab:
• Enable the option: Dynamically add route to the remote network when a tunnel is established.
6. Click OK.
C. Finally configure the IP rule-set to allow traffic inside the tunnel.
9.3.3.2. Self-signed Certificate based client tunnels
Example 9.5. Setting up a Self-signed Certificate based VPN tunnel for roaming clients
This example describes how to configure an IPsec tunnel at the head office D-Link Firewall for roaming clients
that connect to the office to gain remote access. The head office network uses the 10.0.1.0/24 network span with
external firewall IP wan_ip.
Web Interface
A. Create a Self-signed Certificate for IPsec authentication:
1. Go to Objects > Authentication Objects > Add > Certificate
2. Click OK.
B. Import all the clients self-signed certificates:
1. Go to Objects > Authentication Objects > Add > Certificate
2. Click OK.
C. Create Identification Lists:
1. Go to Objects > VPN Objects > ID List > Add > ID List
2. Enter a descriptive name, in this example sales.
3. Click OK.
4. Go to Objects > VPN Objects > ID List > Sales > Add > ID
5. Enter the name for the client.
6. Select Email as Type.
7. In the Email address field, enter the email address selected when you created the certificate on the client.
8. Create a new ID for every client that you want to grant access rights according to the instructions above.
D. Configure the IPsec tunnel:
1. Go to Interfaces > IPsec > Add > IPsec Tunnel
2. Now enter:
• Name: RoamingIPsecTunnel
• Local Network: 10.0.1.0/24 (This is the local network that the roaming users will connect to)
• Remote Network: all-nets
• Remote Endpoint: (None)
• Encapsulation Mode: Tunnel
Chapter 9. Virtual Private Networks
198