9.3.4. Fetching CRLs from an alternate
LDAP server
1.
Go to Objects > VPN Objects > ID List > Add > ID List
2.
Enter a descriptive name, in this example sales.
3.
Click OK.
4.
Go to Objects > VPN Objects > ID List > Sales > Add > ID
5.
Enter the name for the client.
6.
Select Email as Type.
7.
In the Email address field, enter the email address selected when you created the certificate on the client.
8.
Create a new ID for every client that you want to grant access rights according to the instructions above.
D. Configure the IPsec tunnel:
1.
Go to Interfaces > IPsec > Add > IPsec Tunnel
2.
Now enter:
•
Name: RoamingIPsecTunnel
•
Local Network: 10.0.1.0/24 (This is the local network that the roaming users will connect to)
•
Remote Network: all-nets
•
Remote Endpoint: (None)
•
Encapsulation Mode: Tunnel
3.
For Algorithms enter:
•
IKE Algorithms: Medium or High.
•
IPsec Algorithms: Medium or High.
4.
For Authentication enter:
•
Choose X.509 Certificate as authentication method
•
Root Certificate(s): Select your CA server root certificate imported earlier and add it to the Selected list
•
Gateway Certificate: Choose your newly created firewall certificate
•
Identification List: Select your ID List that you want to associate with your VPN Tunnel. In our case that
will be sales
5.
Under the Routing tab:
•
Enable the option: Dynamically add route to the remote network when a tunnel is established.
6.
Click OK.
9.3.4. Fetching CRLs from an alternate LDAP server
An X.509 root certificate usually includes the IP address or hostname of the Certificate Authority to
contact when certificates or Certificate Revocation Lists need to be downloaded to the D-Link Fire-
wall. Lightweight Directory Access Protocol (LDAP) is used for these downloads.
However, in some scenarios, this information is missing, or the administrator wishes to use another
LDAP server. The LDAP configuration section can then be used to manually specify alternate
LDAP servers.
Example 9.7. Setting up an LDAP server
This example shows how to manually setup and specify a LDAP server.
Chapter 9. Virtual Private Networks
200