D-Link DSR-250v2 Product Manual

D-Link DSR-250v2 Manual

D-Link DSR-250v2 manual content summary:

  • D-Link DSR-250v2 | Product Manual - Page 1
    Version 1.02 | 11/21/2023 Services Router User Manual Business Gateway DSR-250V2
  • D-Link DSR-250v2 | Product Manual - Page 2
    1. D-Link Services Router 3 1.1 User Guide 3 1.1.1 Preface 3 1.1.1.1 Copyright Notice 3 1.1.2 Web UI Login 3 1.1.3 Chapter 1 System and Status 4 1.1.3.1 Summary 5 1.1.3.2 Statistics 6 1.1.3.3 Event Logging Status 8 1.1.3.4 Connections 9 1.1.3.5 Client 9 1.1.3.6 VPN Status 10 1.1.3.6.1
  • D-Link DSR-250v2 | Product Manual - Page 3
    1.1.10.1 IPsec Profiles 87 1.1.10.2 IPsec Site to Site 91 1.1.10.3 IPsec Client to Site 94 1.1.10.4 IPsec 1 to 1 mapping 97 1.1.10.5 PPTP 97 1.1.10.6 L2TP 100 1.1.10.7 OpenVPN 103 1.1.10.7.1 Server mode 103 1.1.10.7.2 Client mode 108 1.1.10.7.3 Access server-client mode 110 1.1.10.8 GRE
  • D-Link DSR-250v2 | Product Manual - Page 4
    This chapter provides details about the port status, device information, and statistics. You can add filters for the event logging. This section of the user manual gives status about the connections, client, VPN, and Routing. This chapter covers the following topics: Summary
  • D-Link DSR-250v2 | Product Manual - Page 5
    Statistics Event logging Connections Client VPN status Routing Summary The Device information section provides details of the device, like the system name, serial number, hardware version, and firmware version. The Port status section displays details about the configured ports. The fields
  • D-Link DSR-250v2 | Product Manual - Page 6
    Gateway It displays the gateway IP address of the port. Statistics This page displays detailed transmit and receive statistics for each physical port. Each interface (WAN1, WAN2/DMZ, LAN, and VLANs) has portspecific packet-level information provided for review. In addition, it also provides sent/
  • D-Link DSR-250v2 | Product Manual - Page 7
    VPN usage displays the usage of the VPN tunnels for downloading and uploading the data. You can select the Time frame to display traffic over VPN tunnels. Then, when the mouse hovers over the graph, it shows the speed of the VPN tunnel at that instant.
  • D-Link DSR-250v2 | Product Manual - Page 8
    The fields displayed on this page are as follows: Field Resource utilization Service port usage Web usage Application usage Description It displays the percentage of the CPU currently consumed by the device and displays the space of memory
  • D-Link DSR-250v2 | Product Manual - Page 9
    Field Time period Filter Time Severity Category/Event type Event description Event Details Download Icon Description Select the time frame for which you want to schedule logging. Click Filter to display the data. Current logs It displays the time when the event occurred. It displays the severity of
  • D-Link DSR-250v2 | Product Manual - Page 10
    This page of the router details the DHCP server status and LAN clients connected to your router. The fields available on this page are as follows: Field Name Interface IP range Active Utilization (%) Host name IP address MAC address Type Interface Expires time Block Description DHCP server status
  • D-Link DSR-250v2 | Product Manual - Page 11
    This page covers the following Topics: VPN status Ipsec status PPTP status L2TP status Openvpn/GRE status IPSec status An IPSec policy is between DSR-250v2 and another router and an IPSec client on a remote host. Depending on the traversed network between the two policy endpoints, the IPSec mode can
  • D-Link DSR-250v2 | Product Manual - Page 12
    The fields displayed on this page are as follows: Field Name Interface Remote gateway Local network Remote network Sent bytes Received bytes Status Connect Name Interface Connections Description Site to Site VPN It displays the name of the VPN. It displays the interface on which the VPN tunnel is
  • D-Link DSR-250v2 | Product Manual - Page 13
    Field VPN Server Client IP address connect Description It displays the VPN server (WAN) ip address. It displays the Remote IP address to which the tunnel is established. It displays the connected Status of PPTP client. Field Username Remote IP address PPTP tuneel IP Connect time Description It
  • D-Link DSR-250v2 | Product Manual - Page 14
    Field VPN Server Client IP address connect Description It displays the VPN server (WAN) ip address. It displays the Remote IP address to which the tunnel is established. It displays the connect/Disconnect status of L2TP client. Field Username Remote IP address L2TP IP address Connect time Openvpn/
  • D-Link DSR-250v2 | Product Manual - Page 15
    You will find a list of GRE clients connected with the following details: The fields available on this page are as follows: Field Name Interface GRE tunnel IP Remote IP Status Description It displays the VPN server (WAN) ip address. It displays the interface name to which the tunnel is established
  • D-Link DSR-250v2 | Product Manual - Page 16
    Field Connection status Connect Routing status This chapter covers the following topics: Routing Active Routes Multicast IP table Description It displays the VPN connection status. We can connect or disconnect VPN tunnel. Field Destination Subnet mask Gateway Interface Metric Multicast channel
  • D-Link DSR-250v2 | Product Manual - Page 17
    , it can manage many logs over a sustained period. These logs help debug network issues or monitor router traffic over a long duration. The router supports five concurrent Syslog servers. Using the Remote Logs page, you can configure the server to receive different log facility messages of varying
  • D-Link DSR-250v2 | Product Manual - Page 18
    , and with which Network Time Protocol (NTP) server to synchronize the date and time. You can choose to set the Date and Time manually. Setting date and time manually store the information on the router's real-time clock (RTC). If the router has access to the Internet, the most accurate mechanism to
  • D-Link DSR-250v2 | Product Manual - Page 19
    You can upgrade to a newer firmware version from the Administration web page. In the Firmware Upgrade section, to upgrade your firmware, click Browse, locate and select the firmware image on your host, and click Upgrade. After validating the new firmware image, the new image writes to flash, and the
  • D-Link DSR-250v2 | Product Manual - Page 20
    Backup This section allows you to save a backup file of the current configuration. The fields available in this section are as follows: Field Save to Description To save the file to your computer, click System (PC). Restore After using the procedure to back up a router's configuration, you can
  • D-Link DSR-250v2 | Product Manual - Page 21
    The Web GUI access page allows users to specify the user's IP address or VLAN to configure the router using the web GUI. Field Enable Name Access type IP address/VLAN network Apply Cancel Description Select the check box to enable the Web GUI access feature. It displays the name of the user. It
  • D-Link DSR-250v2 | Product Manual - Page 22
    Field Administrator Administrator timeout Guest Guest timeout Apply Cancel Description It displays the name of the admin. Enter the timeout value in minutes for the Administrator account. It displays the name of the guest. Enter the timeout value in minutes for the Guest account. Click Apply to
  • D-Link DSR-250v2 | Product Manual - Page 23
    router from D-Link's repositories. This feature lets users download new drivers for supported USB devices and language packs to enable multi-lingual support for the router's management interface. In addition, multi-lingual support via the Utility page allows the user to choose a language of choice
  • D-Link DSR-250v2 | Product Manual - Page 24
    Field License model Activation code Expires Description It tells about model of license It displays the activation code of the license. It tells about expiry time Activation setup We need to give activation code in license activation code and click on activate.Which will activate the license
  • D-Link DSR-250v2 | Product Manual - Page 25
    Field Method Profilename TLS key name Description It says about how we are adding tls/crl profile It displays the name of profile It tells about the key TLS upload Field Method Profile name upload Description It says about how we are adding tls/crl profile It displays the name of profile we need
  • D-Link DSR-250v2 | Product Manual - Page 26
    CRL upload Field Method Profile name upload Description It says about how we are adding tls/crl profile name of profile we need to give file and upload
  • D-Link DSR-250v2 | Product Manual - Page 27
    Click Add icon to add a new entry to the table. This opens the Add tls/crl profile . To delete more than one entry, select the checkbox you want to delete, and click Delete icon. Schedules Schedule policies The Schedule policies page displays all the default and configured schedule policies for the
  • D-Link DSR-250v2 | Product Manual - Page 28
    Ping As part of the diagnostics tools supported by the router, you can ping an IP address or FQDN (Fully Qualified Domain Name). You can use this feature to test connectivity between the router and another device connected to the router.
  • D-Link DSR-250v2 | Product Manual - Page 29
    The fields available in this section are as follows: Field IP address / FQDN Ping Result Description Enter the IP address or FQDN. Click Ping to send an ICMP echo request packet to the destination using the IPv4 network. It displays the result of the IP address. If the destination IP address is
  • D-Link DSR-250v2 | Product Manual - Page 30
    The fields available in this section are as follows: Field IPv4 table Result Description Click Display to display the results of the static and dynamic route of IPv4. This section displays the results of the Traceroute operation. Debug logs To download the debug logs, click Download. Then,
  • D-Link DSR-250v2 | Product Manual - Page 31
    Chapter 3 Authentication This chapter covers the following topics: User authentication status User data base Captive portal User Authentication This page displays the status of the authenticated users with the following details: Field User account User group Authentication server Application IP
  • D-Link DSR-250v2 | Product Manual - Page 32
    User Account: Local group: This page allows you to add user groups. The fields displayed are as follows: Field Group name Member Associated services Description Description It displays the name of the group. It displays the number of members present in the group. It displays the associated
  • D-Link DSR-250v2 | Product Manual - Page 33
    the name of the group. Describe the group. Group membership list It displays the number of members present in the group. It displays the associated services with the group. It displays the description about the group. Enable to add the already existing user to the group. Local users After you add
  • D-Link DSR-250v2 | Product Manual - Page 34
    to save your settings. Click Cancel to revert to the previous settings. External auth server Authentication Server An authentication server is a network service that provides credentials to authenticated users to access the network. When a user enters these credentials into the login page, they get
  • D-Link DSR-250v2 | Product Manual - Page 35
    Port Enable Apply Cancel Enter the RADIUS accounting port. Select the checkbox to enable the server. Click Apply to save your settings. Click Cancel to revert to the previous settings. Click + to add an external authentication server. Adding RADIUS server A RADIUS server can be configured and
  • D-Link DSR-250v2 | Product Manual - Page 36
    Adding LDAP server The LDAP authentication method uses LDAP to exchange authentication credentials between the gateway and an external server. The LDAP server maintains a large database of users in a directory structure, so users with the same user name but different groups can be authenticated
  • D-Link DSR-250v2 | Product Manual - Page 37
    as the type of server. Enter the IP address of the authentication server. Enter the authentication server port. You can enable or disable the SSL support for POP3. If this option is enabled, it is mandatory to select a certificate authority for it. Select a Certificate Authority to verify the POP3
  • D-Link DSR-250v2 | Product Manual - Page 38
    authenticates the user and then only grants internet access. It is done by entering the login credentials and accepting the terms and conditions of service. This feature helps the router monitor and control Internet usage. The router DSR-250v2 allows its users to configure the captive portal page
  • D-Link DSR-250v2 | Product Manual - Page 39
    The fields available on this page are as follows: Field Name Browser title Description It displays the name of the login profile. It displays the browser title. Click + to add a new login profile.
  • D-Link DSR-250v2 | Product Manual - Page 40
    The fields available on this page are as follows: Field Name Browser title Background Background Header caption Font name Font size Font color Login session title Welcome message Error message Enable Ad place Ad content Font name Description General details Enter a name for this login profile.
  • D-Link DSR-250v2 | Product Manual - Page 41
    per-VLAN basis. Then, the hosts of a particular VLAN get authentication via the Captive Portal, which may be a customized portal with special instructions and branding compared to another VLAN. The most critical aspect of this configuration page is choosing the authentication server. All users (VLAN
  • D-Link DSR-250v2 | Product Manual - Page 42
    1 WAN port and other as configurable port as WAN2 or DMZ Another feature that the router supports is Dynamic DNS (DDNS), i.e., an Internet service that allows routers with varying public IP addresses to be located using Internet domain names. You may also configure the IP aliasing feature to
  • D-Link DSR-250v2 | Product Manual - Page 43
    configuration by selecting the checkbox. The Port Configuration section explains how to configure the following ports: WAN Port LAN Port WAN Port The unified services router DSR-250v2 has one WAN port to connect to the Internet or another network subnet. The fields available on this page are as
  • D-Link DSR-250v2 | Product Manual - Page 44
    Get dynamically from ISP or Use these DNS servers to enter DNS servers manually. If you select Use these DNS servers, enter the primary DNS . Enter your PPPoE user name. Enter your PPPoE password. If your ISP supports the service name, enter it here. Select the type of Authentication to use (Auto-
  • D-Link DSR-250v2 | Product Manual - Page 45
    either Get dynamically from ISP or Use DNS as below to enter DNS servers manually. If you select Use these DNS servers, enter the primary DNS server IP user name. Enter your L2TP password. Enter a shared secret if your ISP supports it. Some ISPs may require you to pay for usage time. Select On-
  • D-Link DSR-250v2 | Product Manual - Page 46
    address mode, enter the subnet mask supplied by your ISP. Enter your Russian PPPoE user name. Enter your Russian PPPoE user name. If your ISP supports the service name, enter it here. Select the authentication type from the drop-down list. Some ISPs may require you to pay for usage time. Select
  • D-Link DSR-250v2 | Product Manual - Page 47
    default DHCP and TCP/IP settings are satisfactory. If you want another PC on your network to be the DHCP server or if you are manually configuring the network settings of all of your PCs, set the DHCP mode to "none." DHCP relay can forward DHCP packets to get the DHCP
  • D-Link DSR-250v2 | Product Manual - Page 48
    . Click Cancel to revert to the previous settings. DMZ Port The router supports one of the physical ports to be configured as a dedicated DMZ port. behind the firewall. The DMZ provides security to the network, as specific services/ports exposed to the Internet on the DMZ do not get exposed to
  • D-Link DSR-250v2 | Product Manual - Page 49
    the DMZ port, other than the fact that it cannot be identical to the IP address given to the LAN interface of this router. You can configure Port interface 4 as DMZ ports in the Port Configuration section. Select radio button of interface type 4 for port 4 and Apply the configurations. Select
  • D-Link DSR-250v2 | Product Manual - Page 50
    Cancel to revert to the previous settings. WAN Mode Configuration The router supports multiple WAN links. This allows you to take advantage of rollover and load balancing features to ensure that certain Internetdependent services are prioritized in the event of unstable WAN connectivity on one of
  • D-Link DSR-250v2 | Product Manual - Page 51
    Auto-rollover using WAN In the Auto-rollover using WAN mode, one of the WAN ports is assigned as the primary Internet link for all the Internet traffic; the secondary WAN port is used for redundancy if the primary link goes down for any reason. Both WAN ports (primary and secondary) must be
  • D-Link DSR-250v2 | Product Manual - Page 52
    than one link. Protocol bindings are used to segregate and assign services over one WAN port to manage Internet flow. The configured failure detection such as SMTP) go over the lower-speed link. The gateway currently supports two algorithms for Load Balancing: Round Robin: This algorithm works in
  • D-Link DSR-250v2 | Product Manual - Page 53
    Field Load balancing Health check Primary WAN Secondary WAN Retry interval Failover after Description Select Round robin. Select any one of the following options: None: Select this option if you do not want to check the WAN health. WAN DNS Servers: Select this option to detect the health of a WAN
  • D-Link DSR-250v2 | Product Manual - Page 54
    Load balancing Health check Primary WAN Secondary WAN Retry interval is Failover after Load tolerance Max bandwidth Select Spillover mode. Select any one of the following options: None: Select this option if you do not want to check the WAN health. WAN DNS Servers: Select this option to detect the
  • D-Link DSR-250v2 | Product Manual - Page 55
    To delete multiple entries at once, select the checkboxes of the IP aliasing you want to delete, and click Delete. Click Add icon to add a new IP alias. This opens a new row to Add IP aliasing rule. The fields available on this page are as follows: Field Interface IP address Subnet mask Apply
  • D-Link DSR-250v2 | Product Manual - Page 56
    The fields displayed in the IP management list table are as follows: Field Hostname IP address MAC address Address reservation IP/MAC binding Log dropped packets Description It displays the hostname for the pair of IP and MAC addresses. It displays the IP address you have assigned to the device.
  • D-Link DSR-250v2 | Product Manual - Page 57
    to activate or deactivate this route. Click Apply to save your settings. Click Cancel to revert to the previous settings. VLAN Settings The gateway supports virtual network isolation on the LAN by using VLANs. You can configure LAN devices to communicate in a sub-network defined by VLAN identifiers
  • D-Link DSR-250v2 | Product Manual - Page 58
    The VLAN settings section displays a list of configured VLANs by name and VLAN ID. A VLAN membership can be created by clicking the Add button present above the list. The VLAN ID value can be any number from 1 to 4094. By default, the router accepts only untagged traffic on the LAN interface.
  • D-Link DSR-250v2 | Product Manual - Page 59
    The fields available on the Add VLAN profile page are as follows: Field Name VLAN ID Base Interface Intervlan routing IP address Subnet mask DHCP mode Domain name Starting IP address Ending IP address Default gateway DNS server Primary DNS server Secondary DNS server Lease time (minutes) Relay
  • D-Link DSR-250v2 | Product Manual - Page 60
    required to manage the routing process in the network. Various methods are supported by the DSR250v2 like the Static Route, Policy Route, RIP, and to the traffic flow behavior between the secure LAN and the Internet. Manually adding static routes to this device allows you to define the traffic path
  • D-Link DSR-250v2 | Product Manual - Page 61
    assign the type of traffic to go over the specified WAN ports. The source network, source address, the destination network, a destination address, service, or protocol can be associated with a particular WAN port for increased flexibility. For example, the VoIP traffic for a set of LAN IP addresses
  • D-Link DSR-250v2 | Product Manual - Page 62
    Field Name Protocol Source network Source port Destination network Destination port Local Gateway Enable Description It displays the name of the policy route. It displays the protocol placed in the transport layers of the Internet protocol suite. It displays the source network. It options are Any,
  • D-Link DSR-250v2 | Product Manual - Page 63
    the interface on which the RIP is configured. It displays in which direction the RIP packets need to be exchanged. It displays the RIP version supported by the routing devices in the selected interface. It displays whether the authentication is enabled or disabled for RIP-2M. Enter the unique MD5
  • D-Link DSR-250v2 | Product Manual - Page 64
    . In Only: The gateway accepts RIP information from other routers but does not broadcast its routing table. The RIP version is dependent on the RIP support of other routing devices in the LAN. RIP-1: A class-based routing version that does not include subnet information. This is the most commonly
  • D-Link DSR-250v2 | Product Manual - Page 65
    Cost Authentication LAN route exchange NSSA Enable Click Edit to open the Edit OSPFv2 page. It displays the cost of sending a packet on an OSPFv2 interface. It displays the authentication type. It displays the LAN Route Exchange status for a WAN interface. It displays whether NSSA is enabled or
  • D-Link DSR-250v2 | Product Manual - Page 66
    network to create multicast group memberships. The IGMP can be used for web and support applications like the online streaming of videos and games. The IGMP proxy enables the LAN users (like guests or HTTP service) do not monopolize the available WAN's bandwidth for cost-savings or
  • D-Link DSR-250v2 | Product Manual - Page 67
    displays the interface with which the profile is associated. It displays the range of bandwidth rates or priority i.e low or high It displays the service. It displays the traffic selector match type. You can enable or disable the respective bandwidth management policy. Click Add icon to add a new
  • D-Link DSR-250v2 | Product Manual - Page 68
    Medium, or High. If you select Rate, enter the maximum bandwidth rate. If you select Rate, enter the minimum bandwidth rate. Traffic selector Select a service from the drop-down list. This field is available when you select Outbound as the Policy type. Select any one of the following match types:
  • D-Link DSR-250v2 | Product Manual - Page 69
    page are as follows: Field Name Management Type Maximum sessions Service Traffic selector match type Interface IP address Subnet mask Description Enter allowed on the source type to limit sessions. Traffic selector Select a service from the drop-down list. This field is available when you select
  • D-Link DSR-250v2 | Product Manual - Page 70
    apply to save your settings. Click cancel to revert to the previous settings. Chapter 6 Firewall This chapter introduces you to the security features supported by the router. These features include Firewall and IPS/IDS. These are the various techniques used to block any malicious attacks from the
  • D-Link DSR-250v2 | Product Manual - Page 71
    (DoS) attacks. These attacks, if uninhibited, can use up processing power and bandwidth and can prevent normal regular network services. You can also configure ICMP packet flooding, SYN traffic flooding, and Echo storm thresholds to suspect traffic from the offending source temporarily. The fields
  • D-Link DSR-250v2 | Product Manual - Page 72
    that external address. Application Layer Gateways Application Level Gateways (ALGs) are security components that enhance the firewall and NAT support of the Router to seamlessly support application layer protocols. In some cases enabling the ALG will allow the firewall to use dynamic, ephemeral TCP
  • D-Link DSR-250v2 | Product Manual - Page 73
    SIP H.323 TFTP SMTP IPSec Passthrough L2TP Passthrough PPTP Passthrough Enable it to allow devices and applications using VoIP (Voice over IP) to communicate across NAT. Enable it to allow H.323 (specifically Microsoft Netmeeting) clients to communicate across NAT. Enable it to allow Trivial FTP (
  • D-Link DSR-250v2 | Product Manual - Page 74
    protocol required by that network device. If the UPnP feature is disabled, the gateway can not configure an automatic device, and you may have to manually open /forward ports to allow applications to work. Select Enable to configure UPnP and display the UPnP port mapping list. The UPnP port mapping
  • D-Link DSR-250v2 | Product Manual - Page 75
    of the configured rule. It specifies the name of the firewall rule It specifies the source interface It specifies the destination interface It displays the service for which the firewall rule is defined. It displays the source IP address range, a specific IP address, or Any for all IP addresses on
  • D-Link DSR-250v2 | Product Manual - Page 76
    rule Select the source interface from the drop down. Select the Destination interface from the drop down. Select either Block or Allow. Select the protocol/service on which you want to configure the firewall rule. The options are all, TCP, UDP, TCP/UDP, ping, HTTP, HTTPs, FTP, SSH,etc., Enter
  • D-Link DSR-250v2 | Product Manual - Page 77
    secure LAN, except in response to the LAN or DMZ requests. To allow outside devices to access services on the secure LAN, you must create a port forwarding rule for each service. It also supports Translation (Outbound). The fields displayed in the Port forwarding table are as follows: Field Active
  • D-Link DSR-250v2 | Product Manual - Page 78
    Name Mode Interface Protocol Public port Forward internal IP Local port Allowed remote IPs Apply Cancel Enter the name for your rule. Select any one of the following modes: Forwarding (Inbound): If you select this mode, traffic passes from the WAN host to the LAN host for a public destination port.
  • D-Link DSR-250v2 | Product Manual - Page 79
    to save your settings. Click Cancel to revert to the previous settings. Chapter 7 Security This chapter introduces you to the security features supported by the DSR-250v2. These features include Web content filtering and Application control. These are the features used to Block/Allow only selected
  • D-Link DSR-250v2 | Product Manual - Page 80
    The fields displayed in the Web content filter list are as follows: Field Name Action Schedule Filtered by Enable Description It displays the name of the policy. It displays the Action rule(Allow/Block). It displays the schedule selected for the policy. It displays the type of information you want
  • D-Link DSR-250v2 | Product Manual - Page 81
    Allow override Override timeout (seconds) Update on access Policy Schedule If enabled, it allows the sites categorized under Blocked categories. Enter the time (in seconds) for which all the disallowed categories will be allowed. Enable the field to restart the override timer on each new access to
  • D-Link DSR-250v2 | Product Manual - Page 82
    Users can select a particular URL or select a group to manage URLs associated with that group. This section displays groups and URLs associated with them. The fields displayed in the Custom Group List table are as follows: Field Name URLs Category filtering In use Description It displays the name
  • D-Link DSR-250v2 | Product Manual - Page 83
    . This is available when you select either "Cat egory-based" or "URL+Category-based" filtering type. This box displays the items selected from the supported items list. To remove the item from the selected list, click the "
  • D-Link DSR-250v2 | Product Manual - Page 84
    enter the number of minutes after which the device will check for the updates. If you select Schedule, choose a Day and Time. Select either manual or auto Application Control List The user can select a particular app or select a group to manage applications associated with that group. This provides
  • D-Link DSR-250v2 | Product Manual - Page 85
    Actions You can edit or delete the selected policy. Click Add icon to add a new policy. This opens the Add application control policy configuration page. To delete multiple entries, select the checkboxes of the application control policies you want to delete, and click Delete icon. The fields
  • D-Link DSR-250v2 | Product Manual - Page 86
    Min bandwidth rate (Kbps) PPTP L2TP OpenVPN IPSec VPN Application type Category Application Default group Custom group Apply Cancel Enter the minimum bandwidth rate. Enable or disable the PPTP VPN. Enabling this option allows all the PPTP traffic to follow this policy. Enable or disable the L2TP
  • D-Link DSR-250v2 | Product Manual - Page 87
    to the previous settings. Chapter 8 VPN VPN provides a secure communication channel ("tunnel") between two gateway routers or a remote PC client. DSR-250v2 supports the following types of tunnels: Gateway-to-gateway VPN: To connect two or more routers to secure traffic between remote sites. Remote
  • D-Link DSR-250v2 | Product Manual - Page 88
    IPsec Profiles The Ipsec profile is the central configuration in IPSec that defines most of the IPSec parameters such as the protocol, algorithms, SA lifetime, and key management protocol. In addition, it contains information related to algorithms such as encryption, authentication, and DH group for
  • D-Link DSR-250v2 | Product Manual - Page 89
  • D-Link DSR-250v2 | Product Manual - Page 90
    The fields available on the Add Ipsec profiles are as follows: Field Profile name IKE version Exchange mode Local identifier type Remote identifier type DH group Encryption algorithm Authentication algorithm SA lifetime (sec.) Authentication method Pre-shared key Certificate Dead peer detection
  • D-Link DSR-250v2 | Product Manual - Page 91
    exchange. Select the DH group. Click Apply to save your settings. Click Cancel to revert to previous settings. IPsec Site to Site The user can manually configure it in the Ipsec site to site and build IPSec VPN tunnels. This mode is useful when you try to establish a tunnel between two
  • D-Link DSR-250v2 | Product Manual - Page 92
    The fields available in the Ipsec site to site Configuration table are as follows: Field Name Remote gateway Interface Local subnet Remote subnet IKE profile Enable Status Description It displays the name of the VPN. It displays the remote IP address to which the VPN tunnel is established. It
  • D-Link DSR-250v2 | Product Manual - Page 93
    The fields available on the Add basic configuration and Advanced configuration pages are as follows: Field Connection name Outgoing interface Remote gateway IP address Domain name IKE profile Local network Description Enter a descriptive name for the VPN connection. Specify the interface to be
  • D-Link DSR-250v2 | Product Manual - Page 94
    Mode set to Rollover. Click Save to save your settings. Click Cancel to revert to the previous settings. IPsec Client to Site The user can manually configure it in the Ipsec client to site and build IPSec VPN tunnels. This mode is useful when you try to establish a tunnel between two
  • D-Link DSR-250v2 | Product Manual - Page 95
  • D-Link DSR-250v2 | Product Manual - Page 96
    The fields available on the Add basic configuration and Advanced configuration pages are as follows: Field Connection name Outgoing interface Remote gateway IP address Domain name IKE profile Local network IP address Subnet mask Remote network Mode config Description Enter a descriptive name for
  • D-Link DSR-250v2 | Product Manual - Page 97
    to the remote VPN clients. You can enable or disable this feature. Split Tunnel: It provides VPN client access to all the intranet services. Starting IP address Ending IP address Primary DNS Secondary DNS (Optional) Starting IP address Ending IP address Subnet mask NetBIOS broadcast Rollover Save
  • D-Link DSR-250v2 | Product Manual - Page 98
    DSR-250v2 can establish a PPTP/L2TP VPN. Once enabled, a PPTP/L2TP server is available on the gateway for the LAN and WAN PPTP/L2TP client users to access, i.e., PPTP/L2TP clients can reach the gateway's PPTP/L2TP server. Furthermore, once authenticated by the PPTP/L2TP server (the tunnel endpoint),
  • D-Link DSR-250v2 | Product Manual - Page 99
    client, we can access a remote network that is local to the PPTP/L2TP server. Once a client is enabled, it will try to auto-connect or manual connect to the server. The fields available on the PPTPclient page are as follows: Field Description
  • D-Link DSR-250v2 | Product Manual - Page 100
    Name VPN server Tunnel type Remote network Remote netmask User name Password MPPE Auto connect Time Idle timeout (seconds) Apply Cancel Enter the name. Enter the IP address or domain name of the PPTP server you want to connect to. Select the tunnel type. Full tunnel: If this is selected, it will
  • D-Link DSR-250v2 | Product Manual - Page 101
    client, we can access a remote network that is local to the PPTP/L2TP server. Once a client is enabled, it will try to auto-connect or manual connect to the server.
  • D-Link DSR-250v2 | Product Manual - Page 102
    The fields available on the L2TP client page are as follows: Field Name VPN server Tunnel type Remote network Remote netmask User name Password Enable secret key Secret key MPPE Reconnect mode Maximum idle time (seconds) L2TP over IPsec Description Enter the name. Enter the IP address of the L2TP
  • D-Link DSR-250v2 | Product Manual - Page 103
    Auto-connect Apply Cancel .It is used to connect the tunnel automatically Click Save to save your settings. Click Cancel to revert to the previous settings. OpenVPN The router provides the OmniSSL feature, a customized OpenVPN, similar to the SSL VPN connectivity. OmniSSL provides an executable
  • D-Link DSR-250v2 | Product Manual - Page 104
    the Tu nnel type. Client List It allows the user to generate the client's configuration. Furthermore, OmniSSL is an adaptable feature as it supports and gets installed on various operating systems following their respective procedures. The fields available on the Client list table are as follows
  • D-Link DSR-250v2 | Product Manual - Page 105
    Cancel to revert to the previous settings. Click Download to download the OmniSSL list in the *.csv format. OmniSSL Portal Layout The router supports a static portal page to enable or disable authentication to the remote OmniSSL users. The fields displayed in the OmniSSL Portal layout table are
  • D-Link DSR-250v2 | Product Manual - Page 106
    The fields displayed in the Server policies table are as follows: Field Name Policy Scope Destination Port Description It displays the name of the server policy. It displays the policy applied to the IP address. It displays the scope. It is either Global or Local authentication. It displays the IP
  • D-Link DSR-250v2 | Product Manual - Page 107
    to which the OpenVPN policy needs to be applied. Enter the range of port numbers to which the policy will be applied. Enable it to support ICMP traffic. Click apply to save your settings. Click Cancel to revert to the previous settings. Remote Networks This section displays a list of configured
  • D-Link DSR-250v2 | Product Manual - Page 108
    Remote networks Subnet mask Apply Cancel Enter the IP address of the remote networks. Enter the subnet mask for the IP address of the remote network. Click Save to save your settings. Click Cancel to revert to the previous settings. Local Networks (Split Tunnel) This section is available only when
  • D-Link DSR-250v2 | Product Manual - Page 109
    Client mode In this section, you will learn about the OpenVPN configuration in the Client mode. The fields available when the Client mode is selected are as follows: Field Mode Server IP Failover server IP Port Tunnel protocol Encryption algorithm Hash algorithm User-based authentication User name
  • D-Link DSR-250v2 | Product Manual - Page 110
    Interval Status it dispalys the time interval to connect tunnel automatically It displays the connection status of the VPN. Access server-client mode Select the mode as access server-client mode. In access server-client mode, the user downloads the auto-login profile from the OpenVPN Access
  • D-Link DSR-250v2 | Product Manual - Page 111
    Field Name Interface GRE tunnel IP Remote IP Active Status Description It displays the name of the GRE tunnel. It displays the interface with which this tunnel is created. It displays the IP address of this endpoint. It displays the WAN IP address of the endpoint gateway. You can enable or disable
  • D-Link DSR-250v2 | Product Manual - Page 112
    Subnet mask Remote IP IP address Subnet mask Gateway IP address Apply Cancel Enter the subnet mask. Enter the WAN IP address of the endpoint gateway. Static route configuration Enter the destination IP address of the static route from the remote LAN subnet. Enter the subnet mask. Enter the IP
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112

Business Gateway
DSR-250V2
Services Router User Manual
Version 1.02 | 11/21/2023