D-Link DFL-260E User Manual for DFL-260E - Page 216
VPN Quick Start
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 216 highlights
4.5.5. Setting Up OSPF Chapter 4. Routing 1. Set up an IPsec tunnel First set up an IPsec tunnel in the normal way between the two firewalls A and B. The IPsec setup options are explained in Section 9.2, "VPN Quick Start". This IPsec tunnel is now treated like any other interface when configuring OSPF in NetDefendOS. 2. Choose a random internal IP network For each firewall, we need to choose a random IP network using internal, private IPv4 addresses. For example, for firewall A we could use the network 192.168.55.0/24. This network is used just as a convenience with OSPF setup and will never be associated with a real physical network. 3. Define an OSPF Interface for the tunnel Define an NetDefendOS OSPF Interface object which has the IPsec tunnel for the Interface parameter. Specify the Type parameter to be point-to-point and the Network parameter to be the network chosen in the previous step, 192.168.55.0/24. This OSPF Interface tells NetDefendOS that any OPSF related connections to addresses within the network 192.168.55.0/24 should be routed into the IPsec tunnel. 4. Define an OSPF Neighbor Next, we must explicitly tell OSPF how to find the neighbouring OSPF router. Do this by defining a NetDefendOS OSPF Neighbor object. This consists of a pairing of the IPsec tunnel (which is treated like an interface) and the IP address of the router at the other end of the tunnel. For the IPv4 address of the router, we simply use any single IP address from the network 192.168.55.0/24. For example, 192.168.55.1. When NetDefendOS sets up OSPF, it will look at this OSPF Neighbor object and will try to send OSPF messages to the IPv4 address 192.168.55.1. The OSPF Interface object defined in the previous step tells NetDefendOS that OSPF related traffic to this IP address should be routed into the IPsec tunnel. 5. Set the Local IP of the tunnel endpoint To finish the setup for firewall A there needs to be two changes made to the IPsec tunnel setup on firewall B. These are: i. In the IPsec tunnel properties, the Local Network for the tunnel needs to be set to all-nets. This setting acts as a filter for what traffic is allowed into the tunnel and all-nets will allow all traffic into the tunnel. ii. In the routing section of the IPsec properties, the Specify address manually option needs to be enabled and the IPv4 address in this example of 192.168.55.1 needs to be entered. This sets the tunnel endpoint IP to be 192.168.55.1 so that all OSPF traffic will be sent to firewall A with this source IP. The result of doing this is to "core route" OSPF traffic coming from firewall A. In other words the traffic is destined for NetDefendOS. 6. Repeat the steps for the other firewall What we have done so far is allow OSPF traffic to flow from A to B. The steps above need to be repeated as a mirror image for firewall B using the same IPsec tunnel but using a different random internal IP network for OSPF setup. 216