6.7. Blacklisting Hosts and Networks ............................................................. 360
7. Address Translation ........................................................................................ 363
7.1. Overview ............................................................................................ 363
7.2. NAT ..................................................................................................364
7.3. NAT Pools ..........................................................................................369
7.4. SAT ................................................................................................... 372
7.4.1. Translation of a Single IP Address (1:1) ......................................... 372
7.4.2. Translation of Multiple IP Addresses (M:N) ....................................377
7.4.3. All-to-One Mappings (N:1) ......................................................... 379
7.4.4. Port Translation ......................................................................... 381
7.4.5. Protocols Handled by SAT .......................................................... 381
7.4.6. Multiple SAT Rule Matches ......................................................... 381
7.4.7. SAT and FwdFast Rules .............................................................. 382
8. User Authentication ........................................................................................ 385
8.1. Overview ............................................................................................ 385
8.2. Authentication Setup ............................................................................. 387
8.2.1. Setup Summary ......................................................................... 387
8.2.2. The Local Database .................................................................... 387
8.2.3. External RADIUS Servers ........................................................... 389
8.2.4. External LDAP Servers ............................................................... 389
8.2.5. Authentication Rules ..................................................................396
8.2.6. Authentication Processing ........................................................... 398
8.2.7. A Group Usage Example ............................................................. 399
8.2.8. HTTP Authentication ................................................................. 399
8.3. Customizing Authentication HTML Pages ................................................ 404
9. VPN ............................................................................................................. 409
9.1. Overview ............................................................................................ 409
9.1.1. VPN Usage ............................................................................... 409
9.1.2. VPN Encryption ........................................................................ 410
9.1.3. VPN Planning ........................................................................... 411
9.1.4. Key Distribution ........................................................................ 411
9.1.5. The TLS Alternative for VPN ......................................................412
9.2. VPN Quick Start .................................................................................. 413
9.2.1. IPsec LAN to LAN with Pre-shared Keys ....................................... 414
9.2.2. IPsec LAN to LAN with Certificates ............................................. 415
9.2.3. IPsec Roaming Clients with Pre-shared Keys ..................................416
9.2.4. IPsec Roaming Clients with Certificates .........................................418
9.2.5. L2TP Roaming Clients with Pre-Shared Keys ................................. 419
9.2.6. L2TP Roaming Clients with Certificates ........................................421
9.2.7. PPTP Roaming Clients ............................................................... 421
9.3. IPsec Components ................................................................................ 423
9.3.1. Overview ................................................................................. 423
9.3.2. Internet Key Exchange (IKE) ....................................................... 423
9.3.3. IKE Authentication .................................................................... 429
9.3.4. IPsec Protocols (ESP/AH) ........................................................... 430
9.3.5. NAT Traversal .......................................................................... 431
9.3.6. Algorithm Proposal Lists ............................................................. 433
9.3.7. Pre-shared Keys ........................................................................ 434
9.3.8. Identification Lists .....................................................................435
9.4. IPsec Tunnels ...................................................................................... 438
9.4.1. Overview ................................................................................. 438
9.4.2. LAN to LAN Tunnels with Pre-shared Keys ................................... 440
9.4.3. Roaming Clients ........................................................................ 440
9.4.4. Fetching CRLs from an alternate LDAP server ................................ 445
9.4.5. Troubleshooting with ikesnoop ..................................................... 446
9.4.6. IPsec Advanced Settings ............................................................. 453
9.5. PPTP/L2TP ......................................................................................... 457
9.5.1. PPTP Servers ............................................................................ 457
9.5.2. L2TP Servers ............................................................................ 458
9.5.3. L2TP/PPTP Server advanced settings ............................................463
9.5.4. PPTP/L2TP Clients .................................................................... 463
9.6. SSL VPN ............................................................................................ 466
User Manual
7
To Next Page
Loading...
