• Set Tunnel Protocol to PPTP.
• Set Outer Interface Filter to wan.
• Set Outer server IP to wan_ip.
• For Microsoft Point-to-Point Encryption it is recommended to disable all options
except 128 bit encryption.
• Set IP Pool to pptp_pool.
• Enable Proxy ARP on the lan interface.
• As in L2TP, enable the insertion of new routes automatically into the main routing table.
3. Define a User Authentication Rule, this is almost identical to L2TP:
Agent Auth Source Src Network Interface Client Source IP
PPP Local all-nets pptp_tunnel all-nets (0.0.0.0/0)
4. Now set up the IP rules in the IP rule set:
Action Src Interface Src Network Dest Interface Dest Network Service
Allow pptp_tunnel pptp_pool any int_net all_services
NAT pptp_tunnel pptp_pool ext all-nets all_services
As described for L2TP, the NAT rule lets the clients access the public Internet via the NetDefend
Firewall.
5. Set up the client. For Windows XP, the procedure is exactly as described for L2TP above but
without entering the pre-shared key.
9.2.8. iOS Setup
The standard IPsec client built into Apple iOS™ devices can be used to connect to a NetDefend
Firewall using standard IPsec tunnels defined in NetDefendOS. The NetDefendOS setup steps are
as follows:
1. Create address book objects for the tunnel. These will consist of:
i. The network to which the local endpoint and the client addresses belong. For example,
192.168.99.0/24.
ii. The local tunnel endpoint. For example, 192.168.99.1.
iii. A range of addresses to be handed out to connecting clients. For example,
192.168.99.10-192.168.99.250.
2. Create a Pre-shared Key (PSK) object of type Passphrase (ASCII). This is the shared secret that
will be entered into the IPsec client on the iOS device along with username and password.
3. Create a Config Mode Pool object, select the option Use a Static IP Pool and associate the IP
address range defined in the first step.
4. Populate a local user database with users that have a username and password. This function
Chapter 9: VPN
681
To Next Page
Loading...
