Page 51 / 131 Scroll up to view Page 46 - 50
L2TP/PPTP Servers
Name
– Specifies a name for
this PPTP/L2TP Server.
Outer IP
- Specifies the IP
that the PPTP/L2TP server
should listen on, leave it Blank for
the WAN IP.
Inner IP
- Specifies the IP
inside the tunnel, leave it Blank
for the LAN IP.
IP Pool and settings
Client IP Pool
- A range,
group or network that the
PPTP/L2TP Server will use as IP
address pool to give out IP addresses to the clients from.
Primary/Secondary DNS
- IP of the primary and secondary DNS servers.
Primary/Secondary WINS
- IP of the Windows Internet Name Service (WINS) servers
that are used in Microsoft environments which uses the NetBIOS Name Servers (NBNS) to
assign IP addresses to NetBIOS names.
Authentication protocol
Specify if, and what
authentication protocol to use,
read more about the different
authentication protocols in the
Authentication Protocol
Introduction
chapter.
Page 52 / 131
52
MPPE encryption
If MPPE encryption is going to
be used, this is where the
encryption level is configured.
If L2TP or PPTP over
IPSec
is going to be used it has to be
enabled and configured to either
use a Pre-Shared Key or a
Certificate.
Page 53 / 131
VPN between two networks
In the following example users on the main
office internal network can connect to the branch
office internal network vice versa. Communication
between the two networks takes place in an
encrypted VPN tunnel that connects the two DFLs
Network Security Firewall across the Internet. Users
on the internal networks are not aware that when
they connect to a computer on the other network
that the connection runs across the Internet.
As shown in the example, you can use the DFL
to protect a branch office and a small main office.
Both of these DFLs can be configured as IPSec
VPN gateways to create the VPN that connects the
branch office network to the main office network.
The example shows a VPN between two
internal networks, but you can also create VPNs
between an internal network behind one VPN
gateway and a DMZ network behind another or
between two DMZ networks. The networks at the
ends of the VPN tunnel are selected when you configure the VPN policy.
Creating a LAN-to-LAN IPSec VPN Tunnel
Follow these steps to add LAN-to-LAN Tunnel.
Step 1.
Go to Firewall and VPN and choose
Add new
in the IPSec tunnels section.
Step 2.
Enter a Name for the new tunnel in the name field. The name can contain
numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters -
and _. No other special characters and spaces are allowed.
Step 3.
Specify your local network, or your side of the tunnel, for example
192.168.1.0/255.255.255.0, in the Local Net field.
Step 4.
Choose authentication type, either PSK (Pre-shared Key) or Certificate-based. If
you choose PSK make sure both firewalls use exactly the same PSK.
Step 5.
As Tunnel Type choose LAN-to-LAN tunnel and specify the network behind the
other DFL-700 as Remote Net also specify the external IP of the other DFL-700, this can
be an IP or a DNS name.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes.
Repeat this on the firewall on the other site.
Page 54 / 131
54
VPN between client and an internal network
In the following example users can connect to
the main office internal network from anywhere on
the Internet. Communication between the client and
the internal network takes place in an encrypted
VPN tunnel that connects the DFL and the roaming
users across the Internet.
The example shows a VPN between a roaming
VPN client and the internal network, but you can
also create a VPN tunnel that uses the DMZ network.
The networks at the ends of the VPN tunnel are
selected when you configure the VPN policy.
Creating a Roaming Users IPSec VPN Tunnel
Follow these steps to add a roaming users tunnel.
Step 1.
Go to Firewall and VPN and choose
Add new
in the IPSec tunnels section.
Step 2.
Enter a Name for the new tunnel in the name field. The name can contain
numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters -
and _. No other special characters and spaces are allowed.
Step 3.
Specify your local network, or your side of the tunnel, for example
192.168.1.0/255.255.255.0, in the Local Net field. This is the network your roaming VPN
clients should be allowed to connect to.
Step 4.
Choose authentication type, either PSK (Pre-shared Key) or Certificate-based. If
you choose PSK make sure the clients use exactly the same PSK.
Step 5.
As Tunnel Type choose Roaming User.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes.
Page 55 / 131
Adding a L2TP/PPTP VPN Client
Follow these steps to add a L2TP or PPTP VPN Client configuration.
Step 1.
Go to Firewall and VPN and choose
Add new PPTP client
or
Add new L2TP
client
in the L2TP/PPTP Clients section.
Step 2.
Enter a Name for the new tunnel in the name field. The name can contain
numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters -
and _. No other special characters and spaces are allowed.
Step 3.
Enter the username and password for the PPTP or L2TP Client.
Step 4.
Specifies if the IP should be received from the server or if one should be specified.
Should be left blank in most scenarios.
Step 5.
Specify the
Remote Gateway
; this should be the IP of the L2TP or PPTP Server
you are connecting to.
Step 6.
If you are using IPSec encryption for the L2TP or PPTP Client choose
authentication type, either PSK (Pre-shared Key) or Certificate-based.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes.
Adding a L2TP/PPTP VPN Server
Follow these steps to add a L2TP or PPTP VPN Server configuration that listens on the WAN
IP.
Step 1.
Go to Firewall and VPN and choose
Add new PPTP server
or
Add new L2TP
server
in the L2TP/PPTP Server section.
Step 2.
Enter a Name for the new tunnel in the name field. The name can contain
numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters -
and _. No other special characters and spaces are allowed.
Step 3.
Specify the
Client IP Pool
; this should be a range of unused IP’s on the LAN
interface that should be handed out to the L2TP or PPTP Clients.
Step 4.
If you are using IPSec encryption for the L2TP or PPTP Client choose
authentication type, either PSK (Pre-shared Key) or Certificate-based.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top