D-Link DFL-800-AV-12 User Manual - Page 263
DHCPOverIPsec=Yes AddRouteToRemoteNet=Yes IPsecLifeTimeKilobytes=250000
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 263 highlights
9.5.2. L2TP Chapter 9. VPN DHCPOverIPsec=Yes AddRouteToRemoteNet=Yes IPsecLifeTimeKilobytes=250000 IPsecLifeTimeSeconds=3600 Web Interface 1. Go to Interfaces > IPsec > Add > IPsec Tunnel 2. Enter a name for the IPsec tunnel, eg. l2tp_ipsec 3. Now enter: a. Local Network: wan_ip b. Remote Network: all-nets c. Remote Endpoint: none d. Encapsulation Mode: Transport e. IKE Proposal List: ike-roamingclients f. IPsec Proposal List: esp-l2tptunnel 4. Enter 3600 in the IPsec Life Time seconds control 5. Enter 250000 in the IPsec Life Time kilobytes control 6. Under the Authentication tab, select Pre-shared Key 7. Select MyPSK in the Pre-shared Key control 8. Under the Routing tab, check the following controls: • Allow DHCP over IPsec from single-host clients • Dynamically add route to the remote network when a tunnel is established 9. Click OK Now it is time to setup the L2TP Server. The inner IP address should be a part of the network which the clients are assigned IP addresses from, in this lan_ip. The outer interface filter is the interface that the L2TP server will accept connections on, this will be the earlier created l2tp_ipsec. Also a ProxyARP needs to be configured for the IP's used by the L2TP Clients. C. Setup the L2TP Tunnel: CLI gw-world:/> add Interface L2TPServer l2tp_tunnel IP=lan_ip Interface=l2tp_ipsec ServerIP=wan_ip IPPool=l2tp_pool TunnelProtocol=L2TP AllowedRoutes=all-nets ProxyARPInterfaces=lan Web Interface 1. Go to Interfaces > L2TP Servers > Add > L2TPServer 2. Enter a name for the L2TP tunnel, eg. l2tp_tunnel 3. Now enter: • Inner IP Address: lan_ip • Tunnel Protocol: L2TP • Outer Interface Filter: l2tp_ipsec • Server IP: wan_ip 4. Under the PPP Parameters tab, check the Use User Authentication Rules control 5. Select l2tp_pool in the IP Pool control 6. Under the Add Route tab, select all-nets in the Allowed Networks control. 263