d-link security 1 create object for pptp server ip address and ip address range click “address”...

D-Link Security

1

Create object for PPTP server IP address and IP address range

•Click “Address” in Objects

•Key in the correspond IP address

Scenario & Hands-on 7-1 VPN Configuration-PPTP1 2 3 4 5 6

D-Link Security

2

Create Local Database for PPTP authentication

•Click “Local User Databases ” in User Authentication

•Key in the correct Username and Password

1 2 3 4 5Scenario & Hands-on 7-1

VPN Configuration-PPTP6

D-Link Security

3

Create PPTP tunnel

•Click “PPTP/L2TP Servers ” in Interface

•Choose the correspond configuration



D-Link Security

4

Create User Authentication Rules for PPTP tunnel

•Click “User Authentication Rules ” in User Authentication


•Enable Log setting and choose local user database



D-Link Security

5

Create IP Rules for PPTP tunnel

•Click “IP Rules ” in Rules


•Enable Log setting



D-Link Security

6

Scenario & Hands-on 7-1 VPN Configuration-PPTP

After all configuration, Click “configuration” on main menu bar

• Click “Save and Activate”

1 2 3 4 65

D-Link Security

7

Testing Result

Scenario & Hands-on 7-1 VPN Configuration-PPTP

D-Link Security

8

Scenario & Hands-on 7-1 Exercise 7-1- VPN Configuration-PPTP

Internal LAN1IP: 192.168.1.0/24



WAN1DHCP IP

DFL-1600

PPTP Client

VPN Tunnel

Objectives:

1. Use Windows client to Dial-up PPTP

2. Ping the IP address of LAN in firewall

D-Link Security

9

Scenario & Hands-on 7-2 VPN Configuration-L2TP/IPsec

Network topology




WAN1DHCP

DFL-1600

L2TP/IPsec ClientIP: 192.168.174.71/24

VPN Tunnel

Note:

L2TP/IPsec must use transport mode Choose correct local net and remote n

et for IPsec tunnel Choose correct inner IP address and O

uter Interface filter for L2TP tunnel

D-Link Security

10

Objectives The user dial-up to firewall by Windows L2TP/IPsec client software Dial-up user communicate with LAN1 of firewall

The logic of configuration Create objects for L2TP server IP address and IP address range Create Authenticating database Configure IPsec tunnel Configure L2TP server Create the IP rule for L2TP tunnel

Scenario & Hands-on 7-2 VPN Configuration-IPsec

D-Link Security

11

Create objects for L2TP server IP address and IP address range



1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2

VPN Configuration-L2TP/IPsec11

D-Link Security

12

Create Local Database for L2TP authentication

•Click “Local User Databases ” in User Authentication

•Key in correct Username and Password



D-Link Security

13

Create the pre-shared key for L2TP

•Click “Pre-Share Keys ” in VPN Objects

•Key in the correspond value



D-Link Security

14

Create the IPsec tunnel

•Click “IPsec Tunnels” in Interface

•Choose correspond configuration



D-Link Security

15

Verify the IPsec tunnel

•Click “Authentication” in this IPsec tunnel

•Apply pre-shared key to this IPsec tunnel



D-Link Security

16


•Click “Routing” in this IPsec tunnel

•Enable “Dynamically add routes to remote network when a tunnel is established “in this IPsec tunnel



D-Link Security

17


•Click “Advanced” in this IPsec tunnel

•Disable “Add route for remote network “in this IPsec tunnel



D-Link Security

18

Create the L2TP tunnel

•Click “PPTP/L2TP Servers ” in Interface




D-Link Security

19

Create User Authentication Rules for L2TP tunnel

•Click “User Authentication Rules ” in User Authentication


•Enable Log setting and choose local user database



D-Link Security

20

Create IP Rules for L2TP tunnel

•Click “IP Rules” in Rules





D-Link Security

21


After all configuration , Click “configuration” on main menu bar


1 2 3 4 5 6 7 8 9 1110

D-Link Security

22

Testing Result


D-Link Security

23

Scenario & Hands-on 7-2 Exercise 7-2- VPN Configuration-L2TP/IPsec




WAN1DHCP IP

DFL-1600

L2TP/IPsec Client

VPN Tunnel

Objectives:

1. The user dial-up to firewall by Windows L2TP/IPsec client software

2. Ping the IP address of LAN in firewall

D-Link Security

24

• For users to authenticate VPN tunnels

• 2 types of method to enter PSK – ASCII and HEX

– ASCII – type in passphrase

– HEX – type in passphrase and use “generate” to cipher passphrase

Scenario & Hands-on 7-3 VPN Configuration- IPsec

VPN Objects – Pre Shared Keys

D-Link Security

25

• For secured authentication to established over VPN, CA need to be downloaded to LDAP Server


VPN Objects – LDAP

D-Link Security

26

• The Concept of ID Lists is to manage and control accessibility of the VPN clients and gateways

• Mobile clients can be restricted from accessing Internal networks by ID Lists


ID Lists

D-Link Security

27

• Predefined IKE & IPSec Algorithms by default

• High – Very Secured

• Medium – Secured

• You can defined your own algorithms


IKE/IPsec Algorithms

D-Link Security

28


Network topology




WAN1Static IP: 192.168.174.70/24

DFL-1600

DFL-1600

Remote LANInternal LANIP: 192.168.10.0/24

WAN1IP: 192.168.174.71/24

VPN Tunnel

Note:

Use same pre-share key and algorithm between two IPsec settings

Choose correct local net and remote net for IPsec tunnel

D-Link Security

29

Objectives Two firewalls communicate to each other by IPsec tunnel . The client of local-net ping to the client of remote-net

The logic of configuration Create VPN Object( pre-shared key) Configure IPsec tunnel Create the IP rule for IPsec tunnel

Scenario & Hands-on 7-3 VPN Configuration-IPsec

D-Link Security

30

Create objects for IP address of remote IP address and network



1 2 3 4 5

Scenario & Hands-on 7-3 VPN Configuration- IPsec6

D-Link Security

31

Create the pre-shared key for IPsec tunnel

•Click “Pre-Share Keys ” in VPN Objects

•Key in the correct value

1 2 3 4 5


D-Link Security

32

Create the IPsec tunnel

•Click “IPsec Tunnels” in Interface


1 2 3 4 5


D-Link Security

33

Combine two interfaces to one interface group•Click “Interface Groups” in this Interface•Choose the correspond interfaces

1 2 3 4 5


D-Link Security

34

Create IP Rules for L2TP tunnel

•Click “IP Rules” in Rules



1 2 3 4 5


D-Link Security

35


After all configuration , Click “configuration” on main menu bar


1 2 3 4 65

D-Link Security

36

Scenario & Hands-on 7-3 Exercise 7-3- VPN Configuration-IPsec

Internal LAN1

Even group

DFL-1600

DFL-1600

Remote LANInternal LAN

Odd group

VPN Tunnel

Objectives:

1. Two firewalls communicate to each other by IPsec tunnel

2. The client of local-net ping to the client of remote-net

D-Link Security

37

Scenario & Hands-on 7-4 VPN Configuration- IPsec with NetScreen 204

Network topology




WAN1Static IP: 192.168.174.70/24

DFL-1600

NetScreen 204

Remote LANInternal LANIP: 192.168.10.0/24

WAN1IP: 192.168.174.71/24

VPN Tunnel

Note:

Use same pre-share key and algorithm between two DFL-1600 and NS-204

Choose correct local net and remote net for IPsec tunnel

D-Link Security

38

Objectives Two firewalls communicate to each other by IPsec tunnel . The client of local-net ping to the client of remote-net

The logic of configuration Create VPN Object( pre-shared key, remote net/gateway and algorithm ) Configure IPsec tunnel Create the IP rule for IPsec tunnel

Scenario & Hands-on 7-4 VPN Configuration- NetScreen 204

d-link security 1 create object for pptp server ip address and ip address range click “address”...

Documents