•
Set Inner IP Address to ip_int.
•
Set Tunnel Protocol to L2TP.
•
Set Outer Interface Filter to ipsec_tunnel.
•
Set Outer Server IP to ip_ext.
•
Select the Microsoft Point-to-Point Encryption allowed. Since IPsec encryption is used
this can be set to be None only, otherwise double encryption will degrade throughput.
•
Set IP Pool to l2tp_pool.
•
Enable Proxy ARP on the int interface to which the internal network is connected.
•
Make the interface a member of a specific routing table so that routes are automatically
added to that table. Normally the main table is selected.
6.
For user authentication:
•
Define a Local User DB object (let's call this object TrustedUsers).
•
Add individual users to TrustedUsers. This should consist of at least a username and
password combination.
The Group string for a user can also be specified. This is explained in the same step in the
IPsec Roaming Clients section above.
•
Define a User Authentication Rule:
Agent
Auth Source
Src Network
Interface
Client Source IP
PPP
Local
all-nets
l2tp_tunnel
all-nets (0.0.0.0/0)
7.
To allow traffic through the L2TP tunnel the following rules should be defined in the IP rule
set:
Action
Src Interface
Src Network
Dest Interface
Dest Network
Service
Allow
l2tp_tunnel
l2tp_pool
any
int_net
All
NAT
ipsec_tunnel
l2tp_pool
ext
all-nets
All
The second rule would be included to allow clients to surf the Internet via the ext interface on the
NetDefend Firewall. The client will be allocated a private internal IP address which must be NATed
if connections are then made out to the public Internet via the NetDefend Firewall.
8.
Set up the client. Assuming Windows XP, the Create new connection option in Network
Connections should be selected to start the New Connection Wizard. The key information to
enter in this wizard is: the resolvable URL of the NetDefend Firewall or alternatively its ip_ext
IP address.
Then choose Network > Properties. In the dialog that opens choose the L2TP Tunnel and
select Properties. In the new dialog that opens select the Networking tab and choose Force to
L2TP. Now go back to the L2TP Tunnel properties, select the Security tab and click on the
IPsec Settings button. Now enter the pre-shared key.
9.2.6. L2TP Roaming Clients with Certificates
If certificates are used with L2TP roaming clients instead of pre-shared keys then the differences in
9.2.6. L2TP Roaming Clients with
Certificates
Chapter 9. VPN
394
Summary of Contents for NetDefend DFL-260E
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382...
Page 386: ...The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533...