Configuring Remote Ipsec Vpn Clients; Configuring Remote Ipsec Vpn Gateways - D-Link DFL-500 User Manual

Hide thumbs Also See for DFL-500:

Manual (122 pages)

User manual (114 pages)

Quick install manual (8 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

Table of Contents

Select Enable perfect forward secrecy (PFS) to improve the security of Phase 2

keys. See

Specify the Keylife for Phase 2. The keylife is the amount of time in seconds before

the phase 2 encryption key expires. When the key expires, a new key is generated

without interrupting service.

Specify the IKE Identity (also called the proxy ID) to use for the tunnel. The identity

labels all IPSec packets associated with a specific tunnel so that the VPN gateway

can associate IPSec packets that it receives with the correct tunnel. The default

identity is IP Subnet, which means the IPSec packets associated with this tunnel are

identified using the subnet IP address. You can also set Identity to IP address.

Authentication

Enter up to 20 characters. The VPN gateway and clients must have the same key and

Key

it should only be known by network administrators.

Incoming NAT

Select Incoming NAT if you require Network address translation for VPN packets.

Complete the following procedure on the DFL-500 dial-up VPN gateway:

Go to VPN > IPSEC > Autokey IKE .

Select New to add a new Autokey IKE VPN tunnel.

Enter the VPN Tunnel Name, Remote Gateway, Keylife, and Authentication Key.

Select the P1 Proposal and the P2 Proposal algorithms.

Select OK to save the Autokey IKE VPN tunnel.

Configuring remote IPSec VPN clients

The remote VPN clients must be running industry standard IPSec Autokey IKE VPN client software. D-Link

recommends the SafeNet/Soft-PK client from IRE, Inc.

Configure the client as required to connect to the dial-up VPN gateway using an IPSec VPN configuration.

Make sure the client configuration includes the settings in

Remote IPSec VPN client configuration

Description

Should correspond to the dial-up VPN tunnel name used on the DFL-500 dial-up

Tunnel Name

VPN gateway.

Remote Gateway

The External IP address of the dial-up VPN gateway.

Authentication

The client authentication key should match the dial-up VPN gateway tunnel

Key

authentication key.

Configuring remote IPSec VPN gateways

The remote IPSec VPN gateways must be DFL-500 IPSec VPN gateways or third-party IPSec VPN gateways

running industry standard IPSec Autokey IKE VPN software.

Configure the VPN gateway as required to connect to the dial-up VPN gateway using an IPSec VPN

configuration. Make sure the gateway configuration includes the settings in

configuration.

Remote IPSec VPN gateway configuration

Tunnel Name

DFL-500 User Manual

About perfect forward secrecy

Description

Should correspond to the dial-up VPN tunnel name used on the DFL-500

(PFS).

Remote IPSec VPN client

Select

600

IP Subnet

ddcHH01887d

Select

configuration.

Example

Setting

Dial-up_VPN

1.1.1.1

ddcHH01887d

Remote IPSec VPN gateway

Example

Setting

Dial-up_VPN

Table of Contents

Configuring Remote Ipsec Vpn Clients; Configuring Remote Ipsec Vpn Gateways - D-Link DFL-500 User Manual

Configuring remote IPSec VPN clients

Configuring remote IPSec VPN gateways

Related Manuals for D-Link DFL-500

Related Content for D-Link DFL-500

Table of Contents