Home » D-Link Manuals » Networking » D-Link DFL-200 » Manual Viewer

D-Link DFL-200 Product Manual - Page 42

VPN, Introduction to IPSec, Subnet Local Net, Destination Gateway If LAN-to-LAN - forum

UPC - 790069268823

Add to My Manuals
Save this manual to your list of manuals

Page 42 highlights

VPN Introduction to IPSec This chapter introduces IPSec, the method, or rather set of methods used to provide VPN functionality. IPSec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering Task Force, to provide IP security at the network layer. An IPSec based VPN, such as that of the DFL-200, is made up of two basic parts: • Internet Key Exchange security protocol (IKE) • IPSec protocol (ESP) The first part, IKE, is the initial negotiation phase, where the two VPN endpoints agree on which methods will be used to provide security for the underlying IP traffic. Furthermore, IKE is used to manage connections, by defining a set of Security Associations (SA), for each connection. Each SA is unidirectional, so there will be at least two SA per IPSec connection. The other part is the actual IP data being transferred, using the encryption and authentication methods agreed upon in the IKE negotiation. This can be accomplished in a number of ways; by using the IPSec protocol ESP. To set up an IPSec Virtual Private Network (VPN), you do not need to configure an Access Policy to enable encryption. Just fill in the following settings: VPN Name, Source Subnet (Local Net), Destination Gateway (If LAN-to-LAN), Destination Subnet (If LAN-to-LAN), and Authentication Method (Pre-shared key or Certificate). The firewalls on both ends must use the same Pre-shared key or set of Certificates and IPSec lifetime to make a VPN connection. Introduction to PPTP PPTP, Point-to-Point Tunneling Protocol, jointly developed by Microsoft, US Robotics, and various other remote access companies known collectively as the PPTP Forum, is used to provide IP security at the network layer. A PPTP based VPN is made up by these parts: • Point-to-Point Protocol (PPP) • Authentication Protocols (PAP, CHAP, MS-CHAP v1, MS-CHAP v2) • Microsoft Point-To-Point Encryption (MPPE) • Generic Routing Encapsulation (GRE) PPTP uses TCP port 1723 for it's control connection and uses GRE (IP protocol 47) for the PPP data. PPTP supports data encryption by using MPPE. 42

Section	Page
Features and Benefits	6
Introduction to Firewalls	6
Introduction to Local Area Networking	7
LEDs	8
Physical Connections	8
Package Contents	9
System Requirements	9
Managing D-Link DFL-200	10
Resetting the DFL-200	10
Administration Settings	11
Administrative Access	11
Add ping access to an interface	12
Add Admin access to an interface	12
Add Read-only access to an interface	13
Enable SNMP access to an interface	13
System	14
Interfaces	14
Change IP of the LAN or DMZ interface	14
WAN Interface Settings – Using Static IP	15
WAN Interface Settings – Using DHCP	15
WAN Interface Settings – Using PPPoE	16
WAN Interface Settings – Using PPTP	17
WAN Interface Settings – Using L2TP	18
WAN Interface Settings – Using BigPond	19
MTU Configuration	19
Routing	20
Add a new Static Route	21
Remove a Static Route	21
Logging	22
Enable Logging	23
Enable Audit Logging	23
Enable E-mail alerting for IDS/IDP events	23
Time	24
Changing time zone	25
Using NTP to sync time	25
Setting time and date manually	25
Firewall	26
Policy	26
Policy modes	26
Action Types	26
Source and Destination Filter	26
Service Filter	27
Schedule	27
Intrusion Detection / Prevention	27
Add a new policy	28
Change order of policy	29
Delete policy	29
Configure Intrusion Detection	29
Configure Intrusion Prevention	29
Port mapping / Virtual Servers	30
Add a new mapping	30
	30
Delete mapping	31
Administrative users	32
Change Administrative User Password	32
	32
	32
Users	33
The DFL-200 RADIUS Support	33
Enable User Authentication via HTTP / HTTPS	34
Enable RADIUS Support	34
Add User	35
Change User Password	35
Delete User	36
	36
Schedules	37
Add new recurring schedule	37
Add new one-time schedule	38
Services	39
Adding TCP, UDP or TCP/UDP Service	39
Adding IP Protocol	40
Grouping Services	40
Protocol-independent settings	41
VPN	42
Introduction to IPSec	42
	42
Introduction to PPTP	42
	43
Introduction to L2TP	43
Point-to-Point Protocol	43
Authentication Protocols	44
MPPE, Microsoft Point-To-Point Encryption	44
	44
L2TP/PPTP Clients	45
L2TP/PPTP Servers	46
IPSec VPN between two networks	47
Creating a LAN-to-LAN IPSec VPN Tunnel	47
VPN between client and an internal network	48
	48
Creating a Roaming Users IPSec Tunnel	48
	48
Adding an L2TP/PPTP VPN Client	49
	49
Adding an L2TP/PPTP VPN Server	49
VPN – Advanced Settings	50
Limit MTU	50
IKE Mode	50
IKE DH Group	50
PFS – Perfect Forward Secrecy	50
NAT Traversal	50
Keepalives	50
Proposal Lists	51
IKE Proposal List	51
IPSec Proposal List	51
Certificates	52
Trusting Certificates	52
Local identities	52
Certificates of remote peers	52
Certificate Authorities	53
Identities	53
Content Filtering	54
Edit the URL Global Whitelist	54
Edit the URL Global Blacklist	55
Active content handling	55
Servers	56
DHCP Server Settings	56
Enable DHCP Server	57
Enable DHCP Relay	57
Disable DHCP Server/Relay	57
DNS Relay Settings	58
Enable DNS Relayer	58
Disable DNS Relayer	58
Tools	59
Ping	59
Ping Example	59
Dynamic DNS	60
Add Dynamic DNS Settings	60
Backup	61
Exporting the DFL-200’s Configuration	61
Restoring the DFL-200’s Configuration	61
Restart/Reset	62
Restoring system settings to factory defaults	63
Upgrade	64
Upgrade Firmware	64
Upgrade IDS Signature-database	64
Status	65
System	65
Interfaces	66
VPN	67
Connections	68
DHCP Server	69
How to read the logs	70
	70
USAGE events	70
	70
DROP events	70
CONN events	71
Step by Step Guides	72
LAN-to-LAN VPN using IPSec	73
Settings for Main office	75
LAN-to-LAN VPN using PPTP	77
Settings for Main office	79
LAN-to-LAN VPN using L2TP	83
Settings for Branch office	83
Settings for Main office	86
A more secure LAN-to-LAN VPN solution	90
Settings for Branch office	90
Settings for Main office	93
	93
Windows XP client and PPTP server	94
Settings for the Windows XP client	94
Settings for Main office	101
Windows XP client and L2TP server	104
Settings for the Windows XP client	104
Settings for Main office	106
Intrusion Detection and Prevention	108
Appendixes	111
Appendix A: ICMP Types and Codes	111
Appendix B: Common IP Protocol Numbers	113
Appendix C: Multiple Public IP addresses	114
Appendix D: HTTP Content Filtering	122
Warranty	129
Copyright Statement: No part of this publication or documentation accompanying this Product may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems, Inc., as stipulated by the United States Copyright Act of 1976. Contents are subject to change without prior notice. Copyright© 2005 by D-Link Corporation/D-Link Systems, Inc. All rights reserved.	131

Match case Limit results 1 per page

VPN

Introduction to IPSec

This chapter introduces IPSec, the method, or rather set of methods used to provide VPN

functionality. IPSec, Internet Protocol Security, is a set of protocols defined by the IETF,

Internet Engineering Task Force, to provide IP security at the network layer.

An IPSec based VPN, such as that of the DFL-200, is made up of two basic parts:

•

Internet Key Exchange security protocol (IKE)

•

IPSec protocol (ESP)

The first part, IKE, is the initial negotiation phase, where the two VPN endpoints agree on

which methods will be used to provide security for the underlying IP traffic. Furthermore, IKE

is used to manage connections, by defining a set of Security Associations (SA), for each

connection. Each SA is unidirectional, so there will be at least two SA per IPSec connection.

The other part is the actual IP data being transferred, using the encryption and authentication

methods agreed upon in the IKE negotiation. This can be accomplished in a number of ways;

by using the IPSec protocol ESP.

To set up an IPSec Virtual Private Network (VPN), you do not need to configure an

Access Policy to enable encryption. Just fill in the following settings: VPN Name, Source

Subnet (Local Net), Destination Gateway (If LAN-to-LAN), Destination Subnet (If LAN-to-LAN),

and Authentication Method (Pre-shared key or Certificate). The firewalls on both ends must

use the same Pre-shared key or set of Certificates and IPSec lifetime to make a VPN

connection.

Introduction to PPTP

PPTP, Point-to-Point Tunneling Protocol, jointly developed by Microsoft, US Robotics,

and various other remote access companies known collectively as the PPTP Forum, is used

to provide IP security at the network layer.

A PPTP based VPN is made up by these parts:

•

Point-to-Point Protocol (PPP)

•

Authentication Protocols (PAP, CHAP, MS-CHAP v1, MS-CHAP v2)

•

Microsoft Point-To-Point Encryption (MPPE)

•

Generic Routing Encapsulation (GRE)

PPTP uses TCP port 1723 for it's control connection and uses GRE (IP protocol 47) for

the PPP data. PPTP supports data encryption by using MPPE.