Home » D-Link Manuals » Networking » D-Link DFL-200 » Manual Viewer

D-Link DFL-200 Product Manual - Page 47

IPSec VPN between two networks, Creating a LAN-to-LAN IPSec VPN Tunnel, Step 1., Add new, Apply - add vpn

UPC - 790069268823

Add to My Manuals
Save this manual to your list of manuals

Page 47 highlights

IPSec VPN between two networks In the following example users on the main office internal network can connect to the branch office internal network and vice versa. Communication between the two networks takes place in an encrypted IPSec VPN tunnel that connects the two DFL-200 NetDefend Firewalls across the Internet. Users on the internal networks are not aware that when they connect to a computer on the other network that the connection runs across the Internet. DFL-200 Firewall As shown in the example, you can use the DFL-200 to protect a branch office and a small main office. Both of these DFL-200s can be configured as IPSec VPN gateways to create a VPN tunnel that connects the branch office network to the main office network. DFL-200 Firewall The example shows an IPSec VPN between two internal networks. One may also create VPN tunnels between an internal network behind one VPN gateway and a DMZ network behind another or between two remote DMZ networks. The networks at the ends of the VPN tunnel are selected when you configure the VPN policy. Creating a LAN-to-LAN IPSec VPN Tunnel Follow these steps to add a LAN-to-LAN Tunnel. Step 1. Go to Firewall/VPN and choose Add new under IPSec. Step 2. Enter a Name for the new tunnel in the name field. The name can contain numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters and _. No other special characters and spaces are allowed. Step 3. Specify your local network, or your side of the tunnel, for example 192.168.1.0/255.255.255.0, in the Local Net field. Step 4. Choose authentication type, either PSK (Pre-shared Key) or Certificate-based. If you choose PSK, make sure both firewalls use exactly the same PSK. Step 5. For Tunnel Type, choose LAN-to-LAN tunnel and specify the network behind the other DFL-200 as Remote Net. Also specify the external IP of the other DFL-200, either an IP or a DNS name. Click the Apply button below to apply the changes or click Cancel to discard changes. Repeat these steps with the firewall on the other site.

Section	Page
Features and Benefits	6
Introduction to Firewalls	6
Introduction to Local Area Networking	7
LEDs	8
Physical Connections	8
Package Contents	9
System Requirements	9
Managing D-Link DFL-200	10
Resetting the DFL-200	10
Administration Settings	11
Administrative Access	11
Add ping access to an interface	12
Add Admin access to an interface	12
Add Read-only access to an interface	13
Enable SNMP access to an interface	13
System	14
Interfaces	14
Change IP of the LAN or DMZ interface	14
WAN Interface Settings – Using Static IP	15
WAN Interface Settings – Using DHCP	15
WAN Interface Settings – Using PPPoE	16
WAN Interface Settings – Using PPTP	17
WAN Interface Settings – Using L2TP	18
WAN Interface Settings – Using BigPond	19
MTU Configuration	19
Routing	20
Add a new Static Route	21
Remove a Static Route	21
Logging	22
Enable Logging	23
Enable Audit Logging	23
Enable E-mail alerting for IDS/IDP events	23
Time	24
Changing time zone	25
Using NTP to sync time	25
Setting time and date manually	25
Firewall	26
Policy	26
Policy modes	26
Action Types	26
Source and Destination Filter	26
Service Filter	27
Schedule	27
Intrusion Detection / Prevention	27
Add a new policy	28
Change order of policy	29
Delete policy	29
Configure Intrusion Detection	29
Configure Intrusion Prevention	29
Port mapping / Virtual Servers	30
Add a new mapping	30
	30
Delete mapping	31
Administrative users	32
Change Administrative User Password	32
	32
	32
Users	33
The DFL-200 RADIUS Support	33
Enable User Authentication via HTTP / HTTPS	34
Enable RADIUS Support	34
Add User	35
Change User Password	35
Delete User	36
	36
Schedules	37
Add new recurring schedule	37
Add new one-time schedule	38
Services	39
Adding TCP, UDP or TCP/UDP Service	39
Adding IP Protocol	40
Grouping Services	40
Protocol-independent settings	41
VPN	42
Introduction to IPSec	42
	42
Introduction to PPTP	42
	43
Introduction to L2TP	43
Point-to-Point Protocol	43
Authentication Protocols	44
MPPE, Microsoft Point-To-Point Encryption	44
	44
L2TP/PPTP Clients	45
L2TP/PPTP Servers	46
IPSec VPN between two networks	47
Creating a LAN-to-LAN IPSec VPN Tunnel	47
VPN between client and an internal network	48
	48
Creating a Roaming Users IPSec Tunnel	48
	48
Adding an L2TP/PPTP VPN Client	49
	49
Adding an L2TP/PPTP VPN Server	49
VPN – Advanced Settings	50
Limit MTU	50
IKE Mode	50
IKE DH Group	50
PFS – Perfect Forward Secrecy	50
NAT Traversal	50
Keepalives	50
Proposal Lists	51
IKE Proposal List	51
IPSec Proposal List	51
Certificates	52
Trusting Certificates	52
Local identities	52
Certificates of remote peers	52
Certificate Authorities	53
Identities	53
Content Filtering	54
Edit the URL Global Whitelist	54
Edit the URL Global Blacklist	55
Active content handling	55
Servers	56
DHCP Server Settings	56
Enable DHCP Server	57
Enable DHCP Relay	57
Disable DHCP Server/Relay	57
DNS Relay Settings	58
Enable DNS Relayer	58
Disable DNS Relayer	58
Tools	59
Ping	59
Ping Example	59
Dynamic DNS	60
Add Dynamic DNS Settings	60
Backup	61
Exporting the DFL-200’s Configuration	61
Restoring the DFL-200’s Configuration	61
Restart/Reset	62
Restoring system settings to factory defaults	63
Upgrade	64
Upgrade Firmware	64
Upgrade IDS Signature-database	64
Status	65
System	65
Interfaces	66
VPN	67
Connections	68
DHCP Server	69
How to read the logs	70
	70
USAGE events	70
	70
DROP events	70
CONN events	71
Step by Step Guides	72
LAN-to-LAN VPN using IPSec	73
Settings for Main office	75
LAN-to-LAN VPN using PPTP	77
Settings for Main office	79
LAN-to-LAN VPN using L2TP	83
Settings for Branch office	83
Settings for Main office	86
A more secure LAN-to-LAN VPN solution	90
Settings for Branch office	90
Settings for Main office	93
	93
Windows XP client and PPTP server	94
Settings for the Windows XP client	94
Settings for Main office	101
Windows XP client and L2TP server	104
Settings for the Windows XP client	104
Settings for Main office	106
Intrusion Detection and Prevention	108
Appendixes	111
Appendix A: ICMP Types and Codes	111
Appendix B: Common IP Protocol Numbers	113
Appendix C: Multiple Public IP addresses	114
Appendix D: HTTP Content Filtering	122
Warranty	129
Copyright Statement: No part of this publication or documentation accompanying this Product may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems, Inc., as stipulated by the United States Copyright Act of 1976. Contents are subject to change without prior notice. Copyright© 2005 by D-Link Corporation/D-Link Systems, Inc. All rights reserved.	131

Match case Limit results 1 per page

IPSec VPN between two networks

In the following example users on the main

office internal network can connect to the

branch office internal network and vice versa.

Communication between the two networks

takes place in an encrypted IPSec VPN tunnel

that connects the two DFL-200 NetDefend

Firewalls across the Internet. Users on the

internal networks are not aware that when they

connect to a computer on the other network

that the connection runs across the Internet.

As shown in the example, you can use the

DFL-200 to protect a branch office and a small

main office. Both of these DFL-200s can be

configured as IPSec VPN gateways to create a

VPN tunnel that connects the branch office

network to the main office network.

The

example

shows

IPSec

VPN

between two internal networks. One may also

create VPN tunnels between an internal

network behind one VPN gateway and a DMZ

network behind another or between two remote

DMZ networks. The networks at the ends of the VPN tunnel are selected when you configure

the VPN policy.

Creating a LAN-to-LAN IPSec VPN Tunnel

Follow these steps to add a LAN-to-LAN Tunnel.

Step 1.

Go to Firewall/VPN and choose

Add new

under IPSec.

Step 2.

Enter a Name for the new tunnel in the name field. The name can contain

numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters -

and _. No other special characters and spaces are allowed.

Step 3.

Specify your local network, or your side of the tunnel, for example

192.168.1.0/255.255.255.0, in the Local Net field.

Step 4.

Choose authentication type, either PSK (Pre-shared Key) or Certificate-based. If

you choose PSK, make sure both firewalls use exactly the same PSK.

Step 5.

For Tunnel Type, choose LAN-to-LAN tunnel and specify the network behind the

other DFL-200 as Remote Net. Also specify the external IP of the other DFL-200, either an

IP or a DNS name.

Click the

Apply

button below to apply the changes or click

Cancel

to discard changes.

Repeat these steps with the firewall on the other site.

DFL-200 Firewall