Configure Microsoft® Windows XP** Virtual Private Network (VPN) client interoperability with NAT-T support 17
# To cater for dynamic creation of incoming L2TP calls enter the following
commands.
enable l2tp
enable l2tp server=both
add l2tp ip=1.1.1.1-255.255.255.254 ppptemplate=1
enable ip
add ip int=vlan1 ip=<office private LAN address>
add
ip int
=e
th0 ip
=<
inter
co
nn
ect LA
N add
ress
> ma
sk
=<ap
pro
pria
te
mas
k>
# The default route to the Internet..
add ip route=0.0.0.0 mask=0.0.0.0 int=eth0 next=<your NAT gateway or ISP next-
hop address>
# The IP pool addresses are the internal address ranges you want to allocate to
your IPSec remote PC clients (e.g. ip=192.168.8.1-192.168.8.254). Although,
addresses defined in the user database will take precedence.
create ip pool=myippool ip=x.x.x.x-x.x.x.x
# Firewall
enable fire
create fire policy=main
create fire policy=main dy=dynamic
add fire policy=main dy=dynamic user=ANY
add fire policy=main int=vlan1 type=private
# Dynamic private interfaces are accepted from L2TP, which are from IPSec only.
add fire policy=main int=dyn-dynamic type=private
add fire policy=main int=eth0 type=public
# The firewall allows for internally generated access to the Internet through
this NAT definition.
add fire policy=main nat=enhanced int=vlan1 gblinterface=eth0
# This NAT definition allows Internet access for remote VPN users by providing
address translation.
add fire policy=main nat=enhanced int=dyn-dynamic gblinterface=eth0
# Rules 1 and 2 allow for ISAKMP and the "port floated" IKE /ISAKMP that NAT-T
uses.
add fire policy=main rule=1 int=eth0 action=allow protocol=udp ip=<office
Internet address> port=500 gblip=<office Internet address> gblport=500
add fire policy=main rule=2 int=eth0 action=allow protocol=udp ip=<office
Internet address> port=4500 gblip=<office Internet address> gblport=4500
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales