D-Link DSR-150N DSR-150 User Manual - Page 117

Configuring IPsec Policies

Get D-Link DSR-150N PDF manuals and user guides View all D-Link DSR-150N manuals
Add to My Manuals
Save this manual to your list of manuals

Page 117 highlights

Unified Services Router Par am eter Exchange Mode ID Type Local WAN ID Remote WAN ID Encryption Algorithm Authentication Algorithm Authentication Method PFS Key-Group Life Time (Phase 1) NETBIOS De f au lt value f rom Wizard Aggressive (Client policy ) or Main (Gatew ay policy) FQDN w an_local.com(only applies to Client policies) w an_remote.com(only applies to Client policies) 3DES SHA-1 Pre-shared Key DH-Group 2(1024 bit) 24 hours Enabled (only applies to Gatew ay policies) User Manual  Th e VPN W izard is t h e reco mmen d ed met h o d t o s et u p an A u t o IPs ec p o licy . On ce t h e W izard creat es t h e mat ch in g IKE an d VPN p o licies req u ired b y t h e A u t o p o licy , o n e can mo d ify t h e req uired field s t h ro ugh t he ed it lin k. Refer t o t h e o n lin e help for details . Eas y Set u p Sit e t o Sit e VPN Tu n n el: If y o u fin d it d ifficu lt t o co n fig u re VPN p o licies t h ro ugh VPN wizard u s e easy s et up s it e t o s it e VPN t u n n el. Th is will ad d VPN p o licies b y imp o rt in g a file co n t ain in g v pn policies . 6.2 Configuring IPsec Policies Setup > VPN Settings > IPsec > IPsec Policies A n IPs ec policy is between this router and another gateway or this router and a IPs ec clien t o n a remo t e h o s t . Th e IPs ec mo d e can b e eit her t u nnel o r t ran s p o rt d ep en d in g on the network being travers ed between the two policy endpoints .  Tran s p ort : Th is is u sed fo r en d -to -en d co mmu n icat ion b et ween t h is ro u t er an d t h e t u n n el en d p o in t , eit h er an o t h er IPs ec g at eway o r an IPs ec VPN clien t o n a h o s t . On ly t h e d at a p ay lo ad is en cry pted an d t he IP h ead er is n o t mo d ified o r en cry p t ed .  Tu n n el: Th is mo d e is u s ed fo r n et wo rk -t o -n et wo rk IPs ec t u n n els wh ere t h is g at eway is o n e en dpo int o f t h e t u nn el. In t h is mo d e t h e en t ire IP p acket in clu d in g the header is encrypted and/or authenticated. W h en t u n n el mo d e is s elect ed , y o u can en ab le Net BIOS an d DHCP o v er IPs ec . DHCP o v er IPs ec allo ws t h is ro ut er t o s erve IP leas es t o h o sts o n t h e remo t e LA N. A s well in t h is mo d e y o u can d efin e t h e s ing le IP ad d ress, ran ge o f IPs , o r s u b net o n b oth t h e lo cal an d remo t e p riv at e n et wo rks t h at can co mmu n icat e o v er t h e t u n n el. 115

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
Unified Services Router
User Manual
115
Parameter
Default value from Wizard
Exchange Mode
Aggressive (Client policy ) or Main (Gatew ay policy)
ID Type
FQDN
Local WAN ID
w an_local.com (only applies to Client policies)
Remote WAN ID
w an_remote.com (only applies to Client policies)
Encryption Algorithm
3DES
Authentication Algorithm
SHA-1
Authentication Method
Pre-shared Key
PFS Key-Group
DH-Group 2(1024 bit)
Life Time (Phase 1)
24 hours
NETBIOS
Enabled (only applies to Gatew ay policies)
The VPN Wizard is the recommended method to set up an Auto IPsec policy.
Once the Wizard creates the matching IKE and VPN policies required by the Auto
policy, one can modify the required fields through the edit link. Refer to the online
help for details.
Easy Setup Site to Site VPN Tunnel:
If you find it difficult to configure VPN policies through VPN wizard use easy setup
site to site VPN tunnel. This will add VPN policies by importing a file containing vpn
policies.
6.2
Configuring IPsec Policies
Setup > VPN Settings > IPsec > IPsec Policies
An IPsec policy is between this router and another gateway or this router and a IPsec
client on a remote host.
The IPsec mode can be either tunnel or transport depending
on the network being traversed between the two policy endpoints.
Transport: This is used for end-to-end communication between this router and the
tunnel endpoint, either another IPsec gateway or an IPsec VPN client on a host.
Only the data payload is encrypted and the IP header is not modified or encrypted.
Tunnel: This mode is used for network-to-network IPsec tunnels where this
gateway is one endpoint of the tunnel.
In this mode the entire IP packet including
the header is encrypted and/or authenticated.
When tunnel mode is selected, you can enable NetBIOS and DHCP over IPsec.
DHCP over IPsec allows this router to serve IP leases to hosts on the remote LAN. As
well in this mode you can define the single IP address, range of IPs, or subnet on both
the local and remote private networks that can communicate over the tunnel.