D-Link 860 Network Router User Manual


  Open as PDF
of 545
 
Tunnels Based on CA Server Certificates
Setting up client tunnels using a CA issued certificate is largely the same as using Self-signed
certificates with the exception of a couple of steps.
It is the responsibility of the administrator to acquire the appropriate certificate from an issuing
authority for client tunnels. With some systems, such as Windows 2000 Server, there is built-in
access to a CA server (in Windows 2000 Server this is found in Certificate Services). For more
information on CA server issued certificates see Section 3.7, “Certificates”.
Example 9.6. Setting up CA Server Certificate based VPN tunnels for roaming clients
This example describes how to configure an IPsec tunnel at the head office NetDefend Firewall for roaming
clients that connect to the office to gain remote access. The head office network uses the 10.0.1.0/24 network
span with external firewall IP wan_ip.
Web Interface
A. Upload all the client certificates:
1. Go to Objects > Authentication Objects > Add > Certificate
2. Enter a suitable name for the Certificate object
3. Select the X.509 Certificate option
4. Click OK
B. Create Identification Lists:
1. Go to Objects > VPN Objects > ID List > Add > ID List
2. Enter a descriptive name, for example sales
3. Click OK
4. Go to Objects > VPN Objects > ID List > Sales > Add > ID
5. Enter the name for the client
6. Select Email as Type
7. In the Email address field, enter the email address selected when you created the certificate on the client
8. Create a new ID for every client that you want to grant access rights according to the instructions above
C. Configure the IPsec tunnel:
1. Go to Interfaces > IPsec > Add > IPsec Tunnel
2. Now enter:
Name: RoamingIPsecTunnel
Local Network: 10.0.1.0/24 (This is the local network that the roaming users will connect to)
Remote Network: all-nets
Remote Endpoint: (None)
Encapsulation Mode: Tunnel
3. For Algorithms enter:
IKE Algorithms: Medium or High
IPsec Algorithms: Medium or High
4. For Authentication enter:
9.4.3. Roaming Clients Chapter 9. VPN
411
 previous next