• When all-nets is the destination network, as is the case here, the advanced setting option
Add route statically must also be disabled. This setting is enabled by default.
5. Define an PPTP/L2TP Server object (let's call this object l2tp_tunnel) with the following
parameters:
• Set Inner IP Address to lan_ip.
• Set Tunnel Protocol to L2TP.
• Set Outer Interface Filter to ipsec_tunnel.
• Set Outer Server IP to wan_ip.
• Set the Microsoft Point-to-Point Encryption setting to None only. Since IPsec
encryption is already used, double encryption will degrade throughput.
• Set IP Pool to l2tp_pool.
• Enable Proxy ARP on the lan interface to which the internal network is connected.
• Under the Virtual Routing tab, make this interface a member of a specific routing table so
that routes are automatically added to that table. Normally the main table should be
selected.
6. For user authentication:
• Define a Local User DB object (let's call this object TrustedUsers).
• Add individual users to TrustedUsers. This should consist of at least a username and
password combination.
The Group string for a user can also be specified. This is explained in the same step in
the IPsec Roaming Clients section above.
• Define a User Authentication Rule:
Agent Auth Source Src Network Interface Client Source IP
PPP Local all-nets l2tp_tunnel all-nets (0.0.0.0/0)
7. To allow traffic through the L2TP tunnel the following rules should be defined in the IP rule
set:
Action Src Interface Src Network Dest Interface Dest Network Service
Allow l2tp_tunnel l2tp_pool any int_net all_services
NAT l2tp_tunnel l2tp_pool ext all-nets all_services
The second rule would be included to allow clients to surf the Internet via the lan interface on
the NetDefend Firewall. The client will be allocated a private internal IP address which must be
NATed if connections are then made out to the public Internet via the NetDefend Firewall.
8. Set up the client. Assuming Windows XP, the Create new connection option in Network
Connections should be selected to start the New Connection Wizard. The key information to
enter in this wizard is the resolvable URL of the NetDefend Firewall or alternatively its
wan_ip IP address.
Then choose Network > Properties. In the dialog that opens choose the L2TP Tunnel and
Chapter 9: VPN
679
To Next Page
Loading...
