d-link security 1 create object for pptp server ip address and ip address range click “address”...
Post on 11-Jan-2016
236 Views
Preview:
TRANSCRIPT
D-Link Security
1
Create object for PPTP server IP address and IP address range
•Click “Address” in Objects
•Key in the correspond IP address
Scenario & Hands-on 7-1 VPN Configuration-PPTP1 2 3 4 5 6
D-Link Security
2
Create Local Database for PPTP authentication
•Click “Local User Databases ” in User Authentication
•Key in the correct Username and Password
1 2 3 4 5Scenario & Hands-on 7-1
VPN Configuration-PPTP6
D-Link Security
3
Create PPTP tunnel
•Click “PPTP/L2TP Servers ” in Interface
•Choose the correspond configuration
1 2 3 4 5Scenario & Hands-on 7-1
VPN Configuration-PPTP6
D-Link Security
4
Create User Authentication Rules for PPTP tunnel
•Click “User Authentication Rules ” in User Authentication
•Choose the correspond configuration
•Enable Log setting and choose local user database
1 2 3 4 5Scenario & Hands-on 7-1
VPN Configuration-PPTP6
D-Link Security
5
Create IP Rules for PPTP tunnel
•Click “IP Rules ” in Rules
•Choose the correspond configuration
•Enable Log setting
1 2 3 4 5Scenario & Hands-on 7-1
VPN Configuration-PPTP6
D-Link Security
6
Scenario & Hands-on 7-1 VPN Configuration-PPTP
After all configuration, Click “configuration” on main menu bar
• Click “Save and Activate”
1 2 3 4 65
D-Link Security
7
Testing Result
Scenario & Hands-on 7-1 VPN Configuration-PPTP
D-Link Security
8
Scenario & Hands-on 7-1 Exercise 7-1- VPN Configuration-PPTP
Internal LAN1IP: 192.168.1.0/24
Internal LAN2IP: 192.168.2.0/24
Internal LAN3IP: 192.168.3.0/24
WAN1DHCP IP
DFL-1600
PPTP Client
VPN Tunnel
Objectives:
1. Use Windows client to Dial-up PPTP
2. Ping the IP address of LAN in firewall
D-Link Security
9
Scenario & Hands-on 7-2 VPN Configuration-L2TP/IPsec
Network topology
Internal LAN1IP: 192.168.1.0/24
Internal LAN2IP: 192.168.2.0/24
Internal LAN3IP: 192.168.3.0/24
WAN1DHCP
DFL-1600
L2TP/IPsec ClientIP: 192.168.174.71/24
VPN Tunnel
Note:
L2TP/IPsec must use transport mode Choose correct local net and remote n
et for IPsec tunnel Choose correct inner IP address and O
uter Interface filter for L2TP tunnel
D-Link Security
10
Objectives The user dial-up to firewall by Windows L2TP/IPsec client software Dial-up user communicate with LAN1 of firewall
The logic of configuration Create objects for L2TP server IP address and IP address range Create Authenticating database Configure IPsec tunnel Configure L2TP server Create the IP rule for L2TP tunnel
Scenario & Hands-on 7-2 VPN Configuration-IPsec
D-Link Security
11
Create objects for L2TP server IP address and IP address range
•Click “Address” in Objects
•Key in the correspond IP address
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
D-Link Security
12
Create Local Database for L2TP authentication
•Click “Local User Databases ” in User Authentication
•Key in correct Username and Password
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
D-Link Security
13
Create the pre-shared key for L2TP
•Click “Pre-Share Keys ” in VPN Objects
•Key in the correspond value
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
D-Link Security
14
Create the IPsec tunnel
•Click “IPsec Tunnels” in Interface
•Choose correspond configuration
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
D-Link Security
15
Verify the IPsec tunnel
•Click “Authentication” in this IPsec tunnel
•Apply pre-shared key to this IPsec tunnel
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
D-Link Security
16
Verify the IPsec tunnel
•Click “Routing” in this IPsec tunnel
•Enable “Dynamically add routes to remote network when a tunnel is established “in this IPsec tunnel
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
D-Link Security
17
Verify the IPsec tunnel
•Click “Advanced” in this IPsec tunnel
•Disable “Add route for remote network “in this IPsec tunnel
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
D-Link Security
18
Create the L2TP tunnel
•Click “PPTP/L2TP Servers ” in Interface
•Choose correspond configuration
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
D-Link Security
19
Create User Authentication Rules for L2TP tunnel
•Click “User Authentication Rules ” in User Authentication
•Choose correspond configuration
•Enable Log setting and choose local user database
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
D-Link Security
20
Create IP Rules for L2TP tunnel
•Click “IP Rules” in Rules
•Choose correspond configuration
•Enable Log setting
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
D-Link Security
21
Scenario & Hands-on 7-2 VPN Configuration-L2TP/IPsec
After all configuration , Click “configuration” on main menu bar
• Click “Save and Activate”
1 2 3 4 5 6 7 8 9 1110
D-Link Security
22
Testing Result
Scenario & Hands-on 7-2 VPN Configuration-L2TP/IPsec
D-Link Security
23
Scenario & Hands-on 7-2 Exercise 7-2- VPN Configuration-L2TP/IPsec
Internal LAN1IP: 192.168.1.0/24
Internal LAN2IP: 192.168.2.0/24
Internal LAN3IP: 192.168.3.0/24
WAN1DHCP IP
DFL-1600
L2TP/IPsec Client
VPN Tunnel
Objectives:
1. The user dial-up to firewall by Windows L2TP/IPsec client software
2. Ping the IP address of LAN in firewall
D-Link Security
24
• For users to authenticate VPN tunnels
• 2 types of method to enter PSK – ASCII and HEX
– ASCII – type in passphrase
– HEX – type in passphrase and use “generate” to cipher passphrase
Scenario & Hands-on 7-3 VPN Configuration- IPsec
VPN Objects – Pre Shared Keys
D-Link Security
25
• For secured authentication to established over VPN, CA need to be downloaded to LDAP Server
Scenario & Hands-on 7-3 VPN Configuration- IPsec
VPN Objects – LDAP
D-Link Security
26
• The Concept of ID Lists is to manage and control accessibility of the VPN clients and gateways
• Mobile clients can be restricted from accessing Internal networks by ID Lists
Scenario & Hands-on 7-3 VPN Configuration- IPsec
ID Lists
D-Link Security
27
• Predefined IKE & IPSec Algorithms by default
• High – Very Secured
• Medium – Secured
• You can defined your own algorithms
Scenario & Hands-on 7-3 VPN Configuration- IPsec
IKE/IPsec Algorithms
D-Link Security
28
Scenario & Hands-on 7-3 VPN Configuration- IPsec
Network topology
Internal LAN1IP: 192.168.1.0/24
Internal LAN2IP: 192.168.2.0/24
Internal LAN3IP: 192.168.3.0/24
WAN1Static IP: 192.168.174.70/24
DFL-1600
DFL-1600
Remote LANInternal LANIP: 192.168.10.0/24
WAN1IP: 192.168.174.71/24
VPN Tunnel
Note:
Use same pre-share key and algorithm between two IPsec settings
Choose correct local net and remote net for IPsec tunnel
D-Link Security
29
Objectives Two firewalls communicate to each other by IPsec tunnel . The client of local-net ping to the client of remote-net
The logic of configuration Create VPN Object( pre-shared key) Configure IPsec tunnel Create the IP rule for IPsec tunnel
Scenario & Hands-on 7-3 VPN Configuration-IPsec
D-Link Security
30
Create objects for IP address of remote IP address and network
•Click “Address” in Objects
•Key in the correspond IP address
1 2 3 4 5
Scenario & Hands-on 7-3 VPN Configuration- IPsec6
D-Link Security
31
Create the pre-shared key for IPsec tunnel
•Click “Pre-Share Keys ” in VPN Objects
•Key in the correct value
1 2 3 4 5
Scenario & Hands-on 7-3 VPN Configuration- IPsec6
D-Link Security
32
Create the IPsec tunnel
•Click “IPsec Tunnels” in Interface
•Choose the correspond configuration
1 2 3 4 5
Scenario & Hands-on 7-3 VPN Configuration- IPsec6
D-Link Security
33
Combine two interfaces to one interface group•Click “Interface Groups” in this Interface•Choose the correspond interfaces
1 2 3 4 5
Scenario & Hands-on 7-3 VPN Configuration- IPsec6
D-Link Security
34
Create IP Rules for L2TP tunnel
•Click “IP Rules” in Rules
•Choose correspond configuration
•Enable Log setting
1 2 3 4 5
Scenario & Hands-on 7-3 VPN Configuration- IPsec6
D-Link Security
35
Scenario & Hands-on 7-3 VPN Configuration- IPsec
After all configuration , Click “configuration” on main menu bar
• Click “Save and Activate”
1 2 3 4 65
D-Link Security
36
Scenario & Hands-on 7-3 Exercise 7-3- VPN Configuration-IPsec
Internal LAN1
Even group
DFL-1600
DFL-1600
Remote LANInternal LAN
Odd group
VPN Tunnel
Objectives:
1. Two firewalls communicate to each other by IPsec tunnel
2. The client of local-net ping to the client of remote-net
D-Link Security
37
Scenario & Hands-on 7-4 VPN Configuration- IPsec with NetScreen 204
Network topology
Internal LAN1IP: 192.168.1.0/24
Internal LAN2IP: 192.168.2.0/24
Internal LAN3IP: 192.168.3.0/24
WAN1Static IP: 192.168.174.70/24
DFL-1600
NetScreen 204
Remote LANInternal LANIP: 192.168.10.0/24
WAN1IP: 192.168.174.71/24
VPN Tunnel
Note:
Use same pre-share key and algorithm between two DFL-1600 and NS-204
Choose correct local net and remote net for IPsec tunnel
D-Link Security
38
Objectives Two firewalls communicate to each other by IPsec tunnel . The client of local-net ping to the client of remote-net
The logic of configuration Create VPN Object( pre-shared key, remote net/gateway and algorithm ) Configure IPsec tunnel Create the IP rule for IPsec tunnel
Scenario & Hands-on 7-4 VPN Configuration- NetScreen 204
top related