2. Define a PPTP/L2TP object (let's call it pptp_tunnel) with the following parameters:
• Set Inner IP Address to ip_net.
• Set Tunnel Protocol to PPTP.
• Set Outer Interface Filter to ext.
• Set Outer server IP to ip_ext.
• For Microsoft Point-to-Point Encryption it is recommended to disable all options except
128 bit encryption.
• Set IP Pool to pptp_pool.
• Enable Proxy ARP on the int interface.
• As in L2TP, enable the insertion of new routes automatically into the main routing table.
3. Define a User Authentication Rule, this is almost identical to L2TP:
Agent Auth Source Src Network Interface Client Source IP
PPP Local all-nets pptp_tunnel all-nets (0.0.0.0/0)
4. Now set up the IP rules in the IP rule set:
Action Src Interface Src Network Dest Interface Dest Network Service
Allow pptp_tunnel pptp_pool any int_net all_services
NAT pptp_tunnel pptp_pool ext all-nets all_services
As described for L2TP, the NAT rule lets the clients access the public Internet via the NetDefend
Firewall.
5. Set up the client. For Windows XP, the procedure is exactly as described for L2TP above but
without entering the pre-shared key.
9.2.7. PPTP Roaming Clients Chapter 9. VPN
428
To Next Page
Loading...
