Filter
Top Products
Working with VPNs
Additional IPSec configuration
Password / Confirm password
Specify the password the service controller will use to log on to the PPTP server.
Network Address Translation (NAT)
If you enable NAT, it effectively hides the addresses of all local computers so that they are
not visible on the other side of the PPTP connection.
If you disable NAT, then the appropriate IP routes must be added to send traffic through the
tunnel.
Keeping user traffic out of the VPN tunnel
Note The VPN tunnel should not be used to transport user traffic. The tunnel should only be used
to carry management traffic (RADIUS, SNMP, and management sessions).
To prevent user traffic from entering the tunnel, you must define access list definitions to
DENY access to all subnets on the other side of the tunnel.
Consider the following scenario:
VPN tunnel
VPN server
Physical address
24.10.135.55
Physical address
35.210.15.155
Service controller
Address in VPN tunnel Address in VPN tunnel
192.168.30.1 192.168.30.2
To protect the VPN, add the following definitions to the site access list:
access-list=vpn,DENY,all,192.168.30.0/24,all
use-access-list=vpn
This definition applies to all users, whether they are authenticated or not. It blocks access to
the VPN subnet for all traffic. For more information on using the access list feature, see
Access list on page 9-30.
Additional IPSec configuration
Page Service Controller > VPN > IPSec provides some additional configuration options
and information.
For information about the IPsec certificates see IPSec certificates on page 5-12.
12-11