D-Link DFL-1000 [103/168] Pptp and l2tp vpns

D-Link DFL-1000 [103/168] Pptp and l2tp vpns
DFL-1000 User Manual
10
3
PPTP and L2TP VPNs
Using PPTP and L2TP Virtual Private Networking (VPN), you can create a secure connection between a
client computer running Microsoft Windows and your internal network.
PPTP is a Windows VPN standard. You can use PPTP to connect computers running Windows to a DFL-
1000 NPG-protected private network without using third-party VPN client software.
L2TP combines Windows PPTP functionality with IPSec security. L2TP is supported by most recent
versions of Windows.
VPNs protect data passing through the secure tunnel by encrypting it to guarantee confidentiality. In
addition, authentication guarantees that the data originated from the claimed sender and was not
damaged or altered in transit. When the client computer is connected to the VPN tunnel, it seems to the
user that the client computer is directly connected to the internal network.
PPTP and L2TP VPNs are only supported in NAT/Route mode.
This chapter describes:
PPTP VPN configuration
L2TP VPN configuration
PPTP VPN configuration
PPTP clients must be able to authenticate with the DFL-1000 NPG to start a PPTP session. To support
PPTP authentication, you must add a user group to the DFL-1000 NPG configuration. This user group
can contain users added to the DFL-1000 NPG user database, RADIUS servers, or both.
After you have added a user group, configure your DFL-1000 NPG to support PPTP by enabling PPTP
and specifying a PPTP address range. The PPTP address range is the range of addresses that must be
reserved for remote PPTP clients. When a remote PPTP client connects to the internal network using
PPTP, the client computer is assigned an IP address from this range. The PPTP address range can be
on any subnet.
Add firewall policies with an external source address to control the access that PPTP clients have through
the DFL-1000 NPG.
Add the addresses in the PPTP address range to the external interface address list. To make policy
configuration easier, you can create an address group for PPTP that contains the IP addresses that can
be assigned to PPTP clients from the PPTP address range.
Add addresses to the destination interface address list to control the addresses to which PPTP clients
can connect.
The destination interface can be either the Int or DMZ interface. For example, if the destination address is
on the internal network, you would create an Ext
->
Int policy to control the access that PPTP users
have through the DFL-1000 NPG.
Set the service for the policy to the traffic type inside the PPTP VPN tunnel. For example, if you want
PPTP clients to be able to access a web server, set service to HTTP.
Make sure that your ISP supports PPTP connections.
This section describes:
Configuring the DFL-1000 NPG as a PPTP gateway
Configuring a Windows 98 client for PPTP
Configuring a Windows 2000 client for PPTP

Содержание

Скачать