Table of Contents
Advertisement
VPN menu features
L2TP VPN Server
Authenticating tunnels with an x.509 certificate
Use this procedure to create an IPSec connection over an L2TP VPN tunnel.
Prerequisite: Upload certificates to the UTM Firewall appliance. See
Multiple x.509 certificate tunnels can be added. A separate x.509 certificate tunnel is required for each
remote client to authenticate.
From the VPN menu, click L2TP VPN Server > L2TP IPSec Configuration tab.
1
Select x509 Certificate Tunnel from the configuration list and click New.
2
• If there are no local certificates available to use, you are prompted to either go to the Certificate Lists
page to upload it, or to click Cancel and create a shared secret tunnel instead.
• If there are x.509 certificates available, the L2TP Server IPSec x509 Certificate Configuration page
appears
(Figure
257).
Figure 257 L2TP IPSec Certificate Configuration
Enter a name to identify the connection in the Tunnel Name field. The name must be unique and not
3
the same as any other L2TP/IPSec pr regular IPSec tunnel names.
From the Local Certificate list, select the certificate uploaded to the UTM Firewall appliance.
4
Enter the Client Distinguished Name. It must match exactly the distinguished name of the remote
5
party's local certificate to successfully authenticate the tunnel. Distinguished name fields are listed within
the field.
Click Submit. The connection is added to the list, and the Distinguished name displays in the Details
6
column.
Authenticating tunnels with a preshared secret
Use this procedure to create an IPSec tunnel for an L2TP connection. Only one shared secret tunnel can be
created. The one shared secret is used by all remote clients to authenticate. When using preshared secrets
with an L2TP tunnel, a single Main Mode connection with a remote dynamic endpoint is configured. Only a
single Main Mode dynamic connection is supported so that multiple L2TP clients can use this tunnel to
connect. Creating a preshared secret L2TP tunnel means that IPSec cannot be configured with any Main
Mode tunnels to a dynamic remote endpoint that uses preshared secrets. You must either use Aggressive
mode, x509 certificates, or RSA digital signatures.
From the VPN menu, click L2TP VPN Server > L2TP IPSec Configuration tab.
1
Select Preshared Secret Tunnel from the configuration list and click New. The L2TP IPSec Preshared
2
Secret Configuration page appears
McAfee UTM Firewall 4.0.4 Administration Guide
(Figure
258).
Certificate
management.
255
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee SG310
Related Products for McAfee SG310
- McAfee SG720
- McAfee SAV85E - Active VirusScan - PC
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE EPOLICY ORCHESTRATOR 4.0 PATCH 5 - S 12-05-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 1 - S 24-04-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 2 - S 31-08-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 3 - S 09-02-2009
- McAfee SMEFCE-AI-DA - Email Security Service Inbound