46

L2TP/PPTP Servers

Name

– Specifies a name for

this PPTP/L2TP Server.

Outer IP

- Specifies the IP

that

the

PPTP/L2TP

server

should listen on, leave it Blank for

the WAN IP.

Inner IP

- Specifies the IP

inside the tunnel, leave it Blank

for the LAN IP.

IP Pool and settings

Client IP Pool

- A range,

group

or

network

that

the

PPTP/L2TP Server will use as IP

address pool to give out IP addresses to the clients from.

Primary/Secondary DNS

- IP of the primary and secondary DNS servers.

Primary/Secondary WINS

- IP of the Windows Internet Name Service (WINS) servers

that are used in Microsoft environments which uses the NetBIOS Name Servers (NBNS) to

assign IP addresses to NetBIOS names.

Authentication protocol

Specify

if,

and

what

authentication protocol to use,

read more about the different

authentication protocols in the

Authentication

Protocol

Introduction

chapter.

MPPE encryption

If MPPE encryption is going to

be

used,

this

is

where

the

encryption level is configured.

If L2TP or PPTP over

IPSec

is going to be used it has to be

enabled and configured to either

use a Pre-Shared Key or a

Certificate.

48

VPN between two networks

In the following example users on the main

office internal network can connect to the branch

office internal network vice versa. Communication

between the two networks takes place in an

encrypted VPN tunnel that connects the two DFLs

Network Security Firewall across the Internet. Users

on the internal networks are not aware that when

they connect to a computer on the other network

that the connection runs across the Internet.

As shown in the example, you can use the DFL

to protect a branch office and a small main office.

Both of these DFLs can be configured as IPSec

VPN gateways to create the VPN that connects the

branch office network to the main office network.

The example shows a VPN between two

internal networks, but you can also create VPNs

between an internal network behind one VPN

gateway and a DMZ network behind another or

between two DMZ networks. The networks at the

ends of the VPN tunnel are selected when you configure the VPN policy.

Creating a LAN-to-LAN IPSec VPN Tunnel

Follow these steps to add LAN-to-LAN Tunnel.

Step 1.

Go to Firewall and VPN and choose

Add new

in the IPSec tunnels section.

Step 2.

Enter a Name for the new tunnel in the name field. The name can contain

numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters -

and _. No other special characters and spaces are allowed.

Step 3.

Specify your local network, or your side of the tunnel, for example

192.168.1.0/255.255.255.0, in the Local Net field.

Step 4.

Choose authentication type, either PSK (Pre-shared Key) or Certificate-based. If

you choose PSK make sure both firewalls use exactly the same PSK.

Step 5.

As Tunnel Type choose LAN-to-LAN tunnel and specify the network behind the

other DFL-200 as Remote Net also specify the external IP of the other DFL-200, this can

be an IP or a DNS name.

Click the

Apply

button below to apply the change or click

Cancel

to discard changes.

Repeat this on the firewall on the other site.

VPN between client and an internal network

In the following example users can connect to

the main office internal network from anywhere on

the Internet. Communication between the client and

the internal network takes place in an encrypted

VPN tunnel that connects the DFL and the roaming

users across the Internet.

The example shows a VPN between a roaming

VPN client and the internal network, but you can

also create a VPN tunnel that uses the DMZ network.

The networks at the ends of the VPN tunnel are

selected when you configure the VPN policy.

Creating a Roaming Users IPSec VPN Tunnel

Follow these steps to add a roaming users tunnel.

Step 1.

Go to Firewall and VPN and choose

Add new

in the IPSec tunnels section.

Step 2.

Enter a Name for the new tunnel in the name field. The name can contain

numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters -

and _. No other special characters and spaces are allowed.

Step 3.

Specify your local network, or your side of the tunnel, for example

192.168.1.0/255.255.255.0, in the Local Net field. This is the network your roaming VPN

clients should be allowed to connect to.

Step 4.

Choose authentication type, either PSK (Pre-shared Key) or Certificate-based. If

you choose PSK make sure the clients use exactly the same PSK.

Step 5.

As Tunnel Type choose Roaming User.

Click the

Apply

button below to apply the change or click

Cancel

to discard changes.

50

Adding a L2TP/PPTP VPN Client

Follow these steps to add a L2TP or PPTP VPN Client configuration.

Step 1.

Go to Firewall and VPN and choose

Add new PPTP client

or

Add new L2TP

client

in the L2TP/PPTP Clients section.

Step 2.

Enter a Name for the new tunnel in the name field. The name can contain

numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters -

and _. No other special characters and spaces are allowed.

Step 3.

Enter the username and password for the PPTP or L2TP Client.

Step 4.

Specifies if the IP should be received from the server or if one should be specified.

Should be left blank in most scenarios.

Step 5.

Specify the

Remote Gateway

; this should be the IP of the L2TP or PPTP Server

you are connecting to.

Step 6.

If you are using IPSec encryption for the L2TP or PPTP Client choose

authentication type, either PSK (Pre-shared Key) or Certificate-based.

Click the

Apply

button below to apply the change or click

Cancel

to discard changes.

Adding a L2TP/PPTP VPN Server

Follow these steps to add a L2TP or PPTP VPN Server configuration that listens on the WAN

IP.

Step 1.

Go to Firewall and VPN and choose

Add new PPTP server

or

Add new L2TP

server

in the L2TP/PPTP Server section.

Step 2.

Enter a Name for the new tunnel in the name field. The name can contain

numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters -

and _. No other special characters and spaces are allowed.

Step 3.

Specify the

Client IP Pool

; this should be a range of unused IP’s on the LAN

interface that should be handed out to the L2TP or PPTP Clients.

Step 4.

If you are using IPSec encryption for the L2TP or PPTP Client choose

authentication type, either PSK (Pre-shared Key) or Certificate-based.

Click the

Apply

button below to apply the change or click

Cancel

to discard changes.