D-Link DSR-1000AC User Manual - Page 111

Section 7 - VPN Field Policy Name Policy Type IP Protocol Version IKE Version L2TP Mode IPSec Mode Select Local Gateway Remote Endpoint IP Address/FQDN Enable Mode Config Enable NetBIOS Enable RollOver Protocol Enable DHCP Local IP/Remote IP Description Enter a unique name for the VPN Policy. This name is not an identifier for the remote WAN/client. Select either Manual or Auto. • Manual: All settings (including the keys) for the VPN tunnel are manually input for each end point. No third-party server or organization is involved. • Auto: Some parameters for the VPN tunnel are generated automatically. This requires using the IKE (Internet Key Exchange) protocol to perform negotiations between the two VPN Endpoints. Select either IPv4 or IPv6. Select the version of IKE. Select the L2TP mode. Select either Tunnel or Transport. IPsec tunnel mode is useful for protecting traffic between different networks, when traffic must pass through an intermediate, untrusted network. Tunnel mode is primarily used for interoperability with gateways, or end-systems that do not support L2TP/IPsec or PPTP connections. Transport mode is the default mode for IPsec, and it is used for end-to-end communications (for example, for communications between a client and a server). In the event that two WAN ports are configured to connect to your ISP, select the gateway that will be used as the local endpoint for this IPsec tunnel. Select the type of identifier that you want to provide for the router at the remote endpoint (either IP Address or FQDN [Fully Qualified Domain Name]) Enter the identifier for the router. Toggle to ON to enable. Mode Config is similar to DHCP and is used to assign IP addresses to the remote VPN clients. Toggle to ON to allow NetBIOS broadcasts to travel over the VPN tunnel Toggle to ON to enable VPN rollover. You must have the WAN Mode set to Rollover. Select a protocol from the drop-down menu. Toggle to ON to allow VPN clients that are connected to your router over IPsec to receive an assigned IP using DHCP. Select the type of identifier that you want to provide for the endpoint: • Any: Specifies that the policy is for traffic from the given end point (local or remote). Note that selecting Any for both local and remote end points is not valid. • Single: Limits the policy to one host. Enter the IP address of the host that will be part of the VPN. • Range: Allows computers within an IP address range to connect to the VPN. Enter the Start IP Address and End IP Address in the provided fields. • Subnet: Allows an entire subnet to connect to the VPN. Enter the network address and subnet mask in the provided fields. D-Link DSR-Series User Manual 98