d-link security 1 create object for pptp server ip address and ip address range click “address”...
TRANSCRIPT
![Page 1: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/1.jpg)
D-Link Security
1
Create object for PPTP server IP address and IP address range
•Click “Address” in Objects
•Key in the correspond IP address
Scenario & Hands-on 7-1 VPN Configuration-PPTP1 2 3 4 5 6
![Page 2: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/2.jpg)
D-Link Security
2
Create Local Database for PPTP authentication
•Click “Local User Databases ” in User Authentication
•Key in the correct Username and Password
1 2 3 4 5Scenario & Hands-on 7-1
VPN Configuration-PPTP6
![Page 3: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/3.jpg)
D-Link Security
3
Create PPTP tunnel
•Click “PPTP/L2TP Servers ” in Interface
•Choose the correspond configuration
1 2 3 4 5Scenario & Hands-on 7-1
VPN Configuration-PPTP6
![Page 4: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/4.jpg)
D-Link Security
4
Create User Authentication Rules for PPTP tunnel
•Click “User Authentication Rules ” in User Authentication
•Choose the correspond configuration
•Enable Log setting and choose local user database
1 2 3 4 5Scenario & Hands-on 7-1
VPN Configuration-PPTP6
![Page 5: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/5.jpg)
D-Link Security
5
Create IP Rules for PPTP tunnel
•Click “IP Rules ” in Rules
•Choose the correspond configuration
•Enable Log setting
1 2 3 4 5Scenario & Hands-on 7-1
VPN Configuration-PPTP6
![Page 6: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/6.jpg)
D-Link Security
6
Scenario & Hands-on 7-1 VPN Configuration-PPTP
After all configuration, Click “configuration” on main menu bar
• Click “Save and Activate”
1 2 3 4 65
![Page 7: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/7.jpg)
D-Link Security
7
Testing Result
Scenario & Hands-on 7-1 VPN Configuration-PPTP
![Page 8: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/8.jpg)
D-Link Security
8
Scenario & Hands-on 7-1 Exercise 7-1- VPN Configuration-PPTP
Internal LAN1IP: 192.168.1.0/24
Internal LAN2IP: 192.168.2.0/24
Internal LAN3IP: 192.168.3.0/24
WAN1DHCP IP
DFL-1600
PPTP Client
VPN Tunnel
Objectives:
1. Use Windows client to Dial-up PPTP
2. Ping the IP address of LAN in firewall
![Page 9: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/9.jpg)
D-Link Security
9
Scenario & Hands-on 7-2 VPN Configuration-L2TP/IPsec
Network topology
Internal LAN1IP: 192.168.1.0/24
Internal LAN2IP: 192.168.2.0/24
Internal LAN3IP: 192.168.3.0/24
WAN1DHCP
DFL-1600
L2TP/IPsec ClientIP: 192.168.174.71/24
VPN Tunnel
Note:
L2TP/IPsec must use transport mode Choose correct local net and remote n
et for IPsec tunnel Choose correct inner IP address and O
uter Interface filter for L2TP tunnel
![Page 10: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/10.jpg)
D-Link Security
10
Objectives The user dial-up to firewall by Windows L2TP/IPsec client software Dial-up user communicate with LAN1 of firewall
The logic of configuration Create objects for L2TP server IP address and IP address range Create Authenticating database Configure IPsec tunnel Configure L2TP server Create the IP rule for L2TP tunnel
Scenario & Hands-on 7-2 VPN Configuration-IPsec
![Page 11: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/11.jpg)
D-Link Security
11
Create objects for L2TP server IP address and IP address range
•Click “Address” in Objects
•Key in the correspond IP address
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
![Page 12: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/12.jpg)
D-Link Security
12
Create Local Database for L2TP authentication
•Click “Local User Databases ” in User Authentication
•Key in correct Username and Password
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
![Page 13: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/13.jpg)
D-Link Security
13
Create the pre-shared key for L2TP
•Click “Pre-Share Keys ” in VPN Objects
•Key in the correspond value
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
![Page 14: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/14.jpg)
D-Link Security
14
Create the IPsec tunnel
•Click “IPsec Tunnels” in Interface
•Choose correspond configuration
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
![Page 15: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/15.jpg)
D-Link Security
15
Verify the IPsec tunnel
•Click “Authentication” in this IPsec tunnel
•Apply pre-shared key to this IPsec tunnel
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
![Page 16: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/16.jpg)
D-Link Security
16
Verify the IPsec tunnel
•Click “Routing” in this IPsec tunnel
•Enable “Dynamically add routes to remote network when a tunnel is established “in this IPsec tunnel
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
![Page 17: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/17.jpg)
D-Link Security
17
Verify the IPsec tunnel
•Click “Advanced” in this IPsec tunnel
•Disable “Add route for remote network “in this IPsec tunnel
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
![Page 18: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/18.jpg)
D-Link Security
18
Create the L2TP tunnel
•Click “PPTP/L2TP Servers ” in Interface
•Choose correspond configuration
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
![Page 19: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/19.jpg)
D-Link Security
19
Create User Authentication Rules for L2TP tunnel
•Click “User Authentication Rules ” in User Authentication
•Choose correspond configuration
•Enable Log setting and choose local user database
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
![Page 20: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/20.jpg)
D-Link Security
20
Create IP Rules for L2TP tunnel
•Click “IP Rules” in Rules
•Choose correspond configuration
•Enable Log setting
1 2 3 4 5 6 7 8 9 10Scenario & Hands-on 7-2
VPN Configuration-L2TP/IPsec11
![Page 21: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/21.jpg)
D-Link Security
21
Scenario & Hands-on 7-2 VPN Configuration-L2TP/IPsec
After all configuration , Click “configuration” on main menu bar
• Click “Save and Activate”
1 2 3 4 5 6 7 8 9 1110
![Page 22: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/22.jpg)
D-Link Security
22
Testing Result
Scenario & Hands-on 7-2 VPN Configuration-L2TP/IPsec
![Page 23: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/23.jpg)
D-Link Security
23
Scenario & Hands-on 7-2 Exercise 7-2- VPN Configuration-L2TP/IPsec
Internal LAN1IP: 192.168.1.0/24
Internal LAN2IP: 192.168.2.0/24
Internal LAN3IP: 192.168.3.0/24
WAN1DHCP IP
DFL-1600
L2TP/IPsec Client
VPN Tunnel
Objectives:
1. The user dial-up to firewall by Windows L2TP/IPsec client software
2. Ping the IP address of LAN in firewall
![Page 24: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/24.jpg)
D-Link Security
24
• For users to authenticate VPN tunnels
• 2 types of method to enter PSK – ASCII and HEX
– ASCII – type in passphrase
– HEX – type in passphrase and use “generate” to cipher passphrase
Scenario & Hands-on 7-3 VPN Configuration- IPsec
VPN Objects – Pre Shared Keys
![Page 25: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/25.jpg)
D-Link Security
25
• For secured authentication to established over VPN, CA need to be downloaded to LDAP Server
Scenario & Hands-on 7-3 VPN Configuration- IPsec
VPN Objects – LDAP
![Page 26: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/26.jpg)
D-Link Security
26
• The Concept of ID Lists is to manage and control accessibility of the VPN clients and gateways
• Mobile clients can be restricted from accessing Internal networks by ID Lists
Scenario & Hands-on 7-3 VPN Configuration- IPsec
ID Lists
![Page 27: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/27.jpg)
D-Link Security
27
• Predefined IKE & IPSec Algorithms by default
• High – Very Secured
• Medium – Secured
• You can defined your own algorithms
Scenario & Hands-on 7-3 VPN Configuration- IPsec
IKE/IPsec Algorithms
![Page 28: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/28.jpg)
D-Link Security
28
Scenario & Hands-on 7-3 VPN Configuration- IPsec
Network topology
Internal LAN1IP: 192.168.1.0/24
Internal LAN2IP: 192.168.2.0/24
Internal LAN3IP: 192.168.3.0/24
WAN1Static IP: 192.168.174.70/24
DFL-1600
DFL-1600
Remote LANInternal LANIP: 192.168.10.0/24
WAN1IP: 192.168.174.71/24
VPN Tunnel
Note:
Use same pre-share key and algorithm between two IPsec settings
Choose correct local net and remote net for IPsec tunnel
![Page 29: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/29.jpg)
D-Link Security
29
Objectives Two firewalls communicate to each other by IPsec tunnel . The client of local-net ping to the client of remote-net
The logic of configuration Create VPN Object( pre-shared key) Configure IPsec tunnel Create the IP rule for IPsec tunnel
Scenario & Hands-on 7-3 VPN Configuration-IPsec
![Page 30: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/30.jpg)
D-Link Security
30
Create objects for IP address of remote IP address and network
•Click “Address” in Objects
•Key in the correspond IP address
1 2 3 4 5
Scenario & Hands-on 7-3 VPN Configuration- IPsec6
![Page 31: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/31.jpg)
D-Link Security
31
Create the pre-shared key for IPsec tunnel
•Click “Pre-Share Keys ” in VPN Objects
•Key in the correct value
1 2 3 4 5
Scenario & Hands-on 7-3 VPN Configuration- IPsec6
![Page 32: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/32.jpg)
D-Link Security
32
Create the IPsec tunnel
•Click “IPsec Tunnels” in Interface
•Choose the correspond configuration
1 2 3 4 5
Scenario & Hands-on 7-3 VPN Configuration- IPsec6
![Page 33: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/33.jpg)
D-Link Security
33
Combine two interfaces to one interface group•Click “Interface Groups” in this Interface•Choose the correspond interfaces
1 2 3 4 5
Scenario & Hands-on 7-3 VPN Configuration- IPsec6
![Page 34: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/34.jpg)
D-Link Security
34
Create IP Rules for L2TP tunnel
•Click “IP Rules” in Rules
•Choose correspond configuration
•Enable Log setting
1 2 3 4 5
Scenario & Hands-on 7-3 VPN Configuration- IPsec6
![Page 35: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/35.jpg)
D-Link Security
35
Scenario & Hands-on 7-3 VPN Configuration- IPsec
After all configuration , Click “configuration” on main menu bar
• Click “Save and Activate”
1 2 3 4 65
![Page 36: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/36.jpg)
D-Link Security
36
Scenario & Hands-on 7-3 Exercise 7-3- VPN Configuration-IPsec
Internal LAN1
Even group
DFL-1600
DFL-1600
Remote LANInternal LAN
Odd group
VPN Tunnel
Objectives:
1. Two firewalls communicate to each other by IPsec tunnel
2. The client of local-net ping to the client of remote-net
![Page 37: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/37.jpg)
D-Link Security
37
Scenario & Hands-on 7-4 VPN Configuration- IPsec with NetScreen 204
Network topology
Internal LAN1IP: 192.168.1.0/24
Internal LAN2IP: 192.168.2.0/24
Internal LAN3IP: 192.168.3.0/24
WAN1Static IP: 192.168.174.70/24
DFL-1600
NetScreen 204
Remote LANInternal LANIP: 192.168.10.0/24
WAN1IP: 192.168.174.71/24
VPN Tunnel
Note:
Use same pre-share key and algorithm between two DFL-1600 and NS-204
Choose correct local net and remote net for IPsec tunnel
![Page 38: D-Link Security 1 Create object for PPTP server IP address and IP address range Click “Address” in Objects Key in the correspond IP address Scenario &](https://reader035.vdocument.in/reader035/viewer/2022062518/56649e055503460f94af20bf/html5/thumbnails/38.jpg)
D-Link Security
38
Objectives Two firewalls communicate to each other by IPsec tunnel . The client of local-net ping to the client of remote-net
The logic of configuration Create VPN Object( pre-shared key, remote net/gateway and algorithm ) Configure IPsec tunnel Create the IP rule for IPsec tunnel
Scenario & Hands-on 7-4 VPN Configuration- NetScreen 204