Download
Share
Print this page
D-Link DFL-800 Application Note
  1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-800 - Security Appliance
  6. Application note
D-Link DFL-800 Application Note

D-Link DFL-800 Application Note

Netdefend ips/utm firewall
Hide thumbs Also See for DFL-800:

Advertisement

Quick Links

Download this manual See also: User Manual, Cli Reference Manual
D-Link And TheGreenBow Solution
N
e
t
d
e
f
N
e
t
d
e
f
A
p
p
A
p
p
D-Link International
Confidential and proprietary
D
D
e
n
d
I
P
e
n
d
I
P
F
F
l
i
c
a
t
i
o
l
i
c
a
t
i
o
F
L
-
8
0
0
F
L
-
8
0
0
S
/
U
T
M
S
/
U
T
M
i
r
e
w
a
l
i
r
e
w
a
l
n
N
o
t
e
n
N
o
t
e
Version 2.00
(2009-5-28)
l
l
1

Advertisement

loading

Related Manuals for D-Link DFL-800

Summary of Contents for D-Link DFL-800

  • Page 1 D-Link And TheGreenBow Solution Version 2.00 (2009-5-28) D-Link International Confidential and proprietary...

  • Page 2: Revision History

    The objective of this document is to provide a guide describing how to configure the devices to achieve the same environment as show at the network topology. Users of this document are expected to already possess basic knowledge of D-Link devices and TheGreenBow VPN software, and are familiar with how to perform basic configurations.

  • Page 3: Network Diagram

    6. Configurations In this document, we will only describe the main configurations for this Scenario. The configurations setting for all the D-Link products will not be described here and for more detail about the product you can download their user guide.
  • Page 4 • Setup Phase 2 6.1.1) Setup DFL-800 for VPN tunneling Setup Pre-Shared Key 6.1.1.1) Login to the DFL-800 and click “Authenticate Objects” and add a new “Pre-shared Key” and fill in the passphrase and name. D-Link International Confidential and proprietary...
  • Page 5 Phase 1 and Phase 2 algorithms setup At the “IKE Algorithms”, select the Encryption and Integrity algorithms for your phase 1 authenticate. Next is the “IPSec Algorithms”, select the Encryption and Integrity algorithms for the Phase 2. D-Link International Confidential and proprietary...
  • Page 6 After we finish setting up the algorithms, next we will need to create the “IPSec-Tunnel” as show below. Next, click on the “Authentication” tab and select the “Pre- Shared Key” you have setup at the steps 1. D-Link International Confidential and proprietary...
  • Page 7 TheGreenBow VPN Client software. 6.1.1.4) Setup IP Rules Now is to setup the IP Rules so there the DFL-800 knows where to direct all the traffic to. First add a new interface group name “IPSec-LAN” by grouping up “IPSec-Tunnel”...
  • Page 8 Next, click “IP Rules” and add a new IP rule as show below. D-Link International Confidential and proprietary...
  • Page 9 Right click on the “Root” to add a new “Phase1”, next fill in the IP address for this VPN client and Remote gateway IP follow by Preshared Key and IKE setting. Note: the Preshared Key and IKE must be the same setting set in the DFL-800. D-Link International Confidential and proprietary...
  • Page 10 Right click on the “Phase1” to add a new “Phase2”, next fill in the VPN Client address for this VPN client and Remote gateway IP follow by ESP setting. Note: the ESP Encryption and Authentication setting must be the same in the DFL-800 IPSec-Tunnel. D-Link International Confidential and proprietary...
  • Page 11 All configurations are based on DFL-800 (F/W: 2.20.03.08-8257), TheGreenBow VPN Client (F/W: 4.60.0.0) and WinRadius (Version 4.00) Note: Before configuration this solution, please make sure that your DFL-800 and VPN Client had the IPSec setting configured. Please refer to (6.1 - TheGreenBow VPN Client software (IPSec)
  • Page 12 6.2.1) Setup DFL-800 for X-Auth Enable the X-Auth in DFL-800 6.2.1.1) At the “Interfaces IPSec”, select the IPSec tunnel you have created in the previous solution and at the “XAuth” tab, enable the function as show below. Setup the External Authentication Server (i.e. Radius) 6.2.1.2)
  • Page 13 “Radius Server” with the setting as show below. Note: the Shared Secret must be the same key in the Radius Server. Next, add a New Rule in the “User Authentication Rules”. D-Link International Confidential and proprietary...
  • Page 14 At the “Authentication Options”, select the Radius Server you have created and select the Radius Method as “CHAP”. Save and activate the setting. D-Link International Confidential and proprietary...
  • Page 15 6.2.2) Setup TheGreenBow VPN Client software 6.2.2.1) Enable the X-Auth Function Inside the “P1 Advanced” m enu, tick the box for the “X-Auth Popup”. Click “Ok” and “Save &Apply” the setting. D-Link International Confidential and proprietary...
  • Page 16 Set the Secret Key Click the “System” from the “Setting” drop down list Key in the “NAS Secret”. Note: The NAS Secret must be the same key set in the DFL-800 “Shared Key”. Click “OK”, close and start the WinRadius Server again.
  • Page 17 AES-MD5 DES-MD5 AES-MD5 DES-SHA AES-MD5 AES-SHA 3DES-SHA AES-MD5 3DES-SHA 3DES-MD5 3DES-SHA 3DES-SHA 3DES-SHA DES-MD5 3DES-SHA DES-SHA 3DES-SHA AES-SHA 3DES-MD5 AES-MD5 3DES-MD5 3DES-MD5 3DES-MD5 3DES-SHA 3DES-MD5 DES-MD5 3DES-MD5 DES-SHA 3DES-MD5 AES-SHA DES-SHA AES-MD5 DES-SHA 3DES-MD5 DES-SHA D-Link International Confidential and proprietary...
  • Page 18 AES-SHA DES-MD5 AES-MD5 DES-MD5 3DES-MD5 DES-MD5 3DES-SHA DES-MD5 DES-MD5 DES-MD5 DES-SHA DES-MD5 reate use rs in th e WinRad ius and during the X-Auth popup, key in the users ID and Password from the WinRadius. D-Link International Confidential and proprietary...

  • Page 19: Test Result

    7.2) Test Result The VPN tunnel will be open at any negotiate mode set in Phase 1 and Phase 2. TheGreenBow VPN Client software D-Link International Confidential and proprietary...
  • Page 20 The DFL-800 will show the tunnel is up at their VPN status. DFL-800 IPSec Client is able to Ping to the remote network. D-Link International Confidential and proprietary...
  • Page 21 For the “X-Auth”, when the valid users are enter in the X-Auth popup. The Radius Server will show “Users Authentication OK” and open up the VPN tunnel. TheGreenBow VPN Client software D-Link International Confidential and proprietary...
  • Page 22 8. Conclusion The Application Notes demonstrate how D-Link VPN products and TheGreenBow VPN software combined perfectly address the requirements of the small and medium businesses worldwide. The joint VPN solution offer advantages around multiple access control and authorization mechanisms for users and tunneling capabilities to access the entire corporate network;...
  • Page 23 D-Link Inc. All Rights Reserved D-Link is the worldwide leader and an award-winning designer, developer, and manufacturer of Wi-Fi and Ethernet networking, broadband, multimedia, voice and data ommunications and digital electronics solutions. D-Link International Confidential and proprietary...