beautypg.com

Pptp roaming clients – Amer Networks E5Web GUI User Manual

Page 578

background image

The step to set up user authentication is optional since this is additional security to certificates.

Also review Section 9.7, “CA Server Access”, which describes important considerations for
certificate validation.

9.2.7. PPTP Roaming Clients

PPTP is simpler to set up than L2TP since IPsec is not used and instead relies on its own, less
strong, encryption.

A major secondary disadvantage is not being able to NAT PPTP connections through a tunnel so
multiple clients can use a single connection to the Clavister Security Gateway. If NATing is tried
then only the first client that tries to connect will succeed.

The steps for PPTP setup are as follows:

1.

In the Address Book define the following IP objects:

A pptp_pool IP object which is the range of internal IP addresses that will be handed out
from an internal network.

An int_net object which is the internal network from which the addresses come.

An lan_ip object which is the internal IP address of the interface connected to the
internal network. Let us assume that this interface is lan.

An wan_ip object which is the external public address which clients will connect to (let's
assume this is on the wan interface).

2.

Define a PPTP/L2TP object (let's call it pptp_tunnel) with the following parameters:

Set Inner IP Address to ip_net.

Set Tunnel Protocol to PPTP.

Set Outer Interface Filter to wan.

Set Outer server IP to wan_ip.

For Microsoft Point-to-Point Encryption it is recommended to disable all options
except 128 bit encryption.

Set IP Pool to pptp_pool.

Enable Proxy ARP on the lan interface.

As in L2TP, enable the insertion of new routes automatically into the main routing table.

3.

Define a User Authentication Rule, this is almost identical to L2TP:

Agent

Auth Source

Src Network

Interface

Client Source IP

PPP

Local

all-nets

pptp_tunnel

all-nets (0.0.0.0/0)

4.

Now set up the IP rules in the IP rule set:

Action

Src Interface

Src Network

Dest Interface

Dest Network

Service

Allow

pptp_tunnel

pptp_pool

any

int_net

all_services

NAT

pptp_tunnel

pptp_pool

ext

all-nets

all_services

Chapter 9: VPN

578

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: