Table of Contents
Advertisement
•
ESP security in tunnel mode
•
DES and 3DES (TripleDES) encryption
•
Diffie-Hellman groups 1, 2, and 5
•
HMAC MD5 authentication/data integrity or HMAC SHA1 authentication/data integrity
•
Aggressive and Main Mode
•
NAT Traversal
•
Replay Detection
•
IPSec Redundancy
•
Perfect Forward Secrecy
•
VPN concentrator for hub and spoke configurations
To successfully establish an IPSec VPN tunnel, the DFL-500 IPSec VPN configuration must be
compatible with the third-party product IPSec VPN configuration. D-Link has tested DFL-500 VPN
interoperability with the following third-party products:
•
NetScreen Internet security appliances
•
SonicWALL PRO firewall
•
Cisco PIX firewall
•
Cisco IOS router
•
Check Point NG firewall
•
Check Point NG-1 firewall
•
Check Point FP-1 firewall
•
Check Point FP-2 firewall
•
Check Point FP-3 firewall
•
Linksys firewall router
•
SafeNet IPSec VPN client
•
Secure Computing Sidewinder
•
SSH Sentinel
For more information about DFL-500 VPN interoperability, contact D-Link technical support.
Configuring AutoIKE key IPSec VPN
An AutoIKE key VPN configuration consists of a remote gateway, an AutoIKE key VPN tunnel, the source and
destination addresses for both ends of the tunnel, and an encrypt policy to control access to the VPN tunnel.
Normally an AutoIKE key VPN tunnel requires one remote gateway. This can be a gateway with a static IP address
or a dialup gateway. For IPSec redundancy, you can add up to three remote gateways with static IP addresses to
an AutoIKE key tunnel. For information about IPSec redundancy, see
To create an AutoIKE key VPN configuration:
•
Add a remote gateway.
See
Adding a remote
•
Add an AutoIKE key VPN tunnel that includes the remote gateway that you added in step 1.
See
Adding an AutoIKE key VPN
•
Add an encrypt policy that includes the tunnel, source address, and destination address for both ends
of the tunnel.
DFL-500 User Manual
gateway.
tunnel.
Configuring IPSec
redundancy.
49
Advertisement
Table of Contents
