Creating The Vpn Tunnel - D-Link DFL-500 User Manual
Soho firewall
Hide thumbs
Also See for DFL-500:
- Manual (122 pages) ,
- User manual (140 pages) ,
- Quick install manual (8 pages)
Table of Contents
Advertisement
Creating the VPN tunnel
A VPN tunnel consists of a name for the tunnel, the IP address of the VPN gateway at the opposite end of the
tunnel, the keylife for the tunnel, and the authentication key to be used to start the tunnel. You must create
complementary VPN tunnels on each of the VPN gateways. On both gateways the tunnel should have the
same name, keylife, and authentication key.
Example IPSec Autokey VPN Tunnel configuration
tunnel for the VPN in
Example VPN between two internal
Example IPSec Autokey VPN Tunnel configuration
Description
Use the same name on both ends of the tunnel. The
VPN Tunnel
name can contain numbers (0-9) and upper and lower
Name
case letters (A-Z, a-z), and the special characters - and _.
Spaces and the @ character are not allowed.
Remote
The External IP address of the VPN gateway at the other
Gateway
end of the VPN tunnel.
The amount of time (5 to 1440 minutes) before the
Keylife
encryption key expires. When the key expires, the VPN
gateways generate a new key without interrupting service.
Select the Encryption and algorithm to propose for Phase
1 of the IPSec VPN connection.
P1 Proposal
Select the Authentication algorithms to propose for Phase
1 of the IPSec VPN connection.
Select the algorithms to propose for Phase 2 of the IPSec
P2 Proposal
VPN connection.
Enter up to 20 characters. The key must be the same on
Authentication
both VPN gateways and should only be known by network
Key
administrators.
About P1 and P2 proposals
IPSec VPNs use a two-phase process for creating a VPN tunnel. During the first phase (P1) the VPN
gateways at each end of the tunnel negotiate to select a common algorithm for encryption and another one for
authentication. When you select a P1 Proposal, you are selecting the algorithms that the DFL-500 proposes
during Phase 1 negotiation. You can choose two encryption and two authentication algorithms. Usually you
would choose both, to make it easier for P1 negotiation. But you can restrict the choice to one if required. For
negotiation to be successful, each VPN gateway should have at least one encryption algorithm and one
authentication algorithm in common.
During the second phase (P2) the VPN gateways negotiate to select a common algorithm for data
communication. When you select algorithms for the P2 Proposal, you are selecting the algorithms that the
DFL-500 will propose during Phase 2 negotiation. Again, during P2, each VPN gateway should have at least
one algorithm in common.
Creating the VPN tunnel
Complete the following procedure on both VPN gateways to configure a VPN tunnel that uses Autokey IKE
key exchange:
•
Go to VPN > IPSEC > Autokey IKE .
•
Click New to add a new Autokey IKE VPN tunnel.
•
Enter the VPN Tunnel Name, Remote Gateway, Keylife and Authentication Key.
•
Select the P1 Proposal and P2 Proposal algorithms.
DFL-500 User's Manual
shows the information required to configure the VPN
networks.
Main Office
Branch_Office_VPN Branch_Office_VPN
2.2.2.1
100
DES and 3DES
MD5
ddcHH01887d
Branch Office
1.1.1.1
100
DES and 3DES
MD5
ddcHH01887d
44
Advertisement
Table of Contents
