Configuring The Vpn Tunnel For The Client Vpn - D-Link DFL-500 User Manual

Soho firewall

Hide thumbs Also See for DFL-500:

Manual (122 pages)

User manual (140 pages)

Quick install manual (8 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

Table of Contents

Use the following procedures to configure an IPSec Autokey IKE VPN that allows VPN clients to connect to

an internal network:

•

Configuring the VPN tunnel for the client VPN

•

Adding internal and external addresses

•

Adding an IPSec VPN policy

•

Configuring the IPSec VPN client

Configuring the VPN tunnel for the client VPN

A VPN tunnel consists of a name for the tunnel, the remote gateway IP address (which is the IP address of

the client), the keylife for the tunnel, and the authentication key to be used to start the tunnel.

You can either create multiple VPN tunnels, one for each VPN client, or you can create one VPN tunnel with a

remote gateway address set to 0.0.0.0. This VPN tunnel accepts connections from any Internet address.

You must create complementary VPN tunnels on the VPN gateway and the clients. On both, the tunnel must

have the same name, keylife, and authentication key.

Example VPN Tunnel configuration

Example VPN between an internal network and remote

Example VPN Tunnel configuration

Description

Use the same name on both ends of the tunnel. The name can contain numbers (0-

VPN Tunnel

9) and upper and lower case letters (A-Z, a-z), and the special characters - and _.

Name

Spaces and the @ character are not allowed.

To accept connections from a client at a static IP address (for example, 2.2.2.2).

Remote

Gateway

To accept connections from any Internet address (for a client with a dynamic IP

address).

The amount of time (5 to 1440 minutes) before the encryption key expires. When the

Keylife

key expires, the VPN gateway and the client generate a new key without interrupting

service.

Select the Encryption algorithms to propose for Phase 1 of the IPSec VPN

connection.

P1 Proposal

Select the Authentication algorithms to propose for Phase 1 of the IPSec VPN

connection.

Select the algorithms to propose for Phase 2 of the IPSec VPN connection. For

P2 Proposal

more information, see

Authentication

Enter up to 20 characters. The VPN gateway and clients must have the same key

Key

and it should only be known by network administrators.

Complete the following procedure on the DFL-500 VPN gateway.

•

Go to VPN > IPSEC > Autokey IKE .

•

Click New to add a new Autokey IKE VPN tunnel.

•

Enter the VPN Tunnel Name, Remote Gateway, Keylife, and Authentication Key.

•

Select the P1 Proposal and the P2 Proposal algorithms.

•

Click OK to save the Autokey IKE VPN tunnel.

DFL-500 User's Manual

shows the information required to configure the VPN tunnel for the VPN in

clients.

See About P1 and P2

proposals.

Example

Setting

Client_VPN

2.2.2.2

0.0.0.0

100

DES and

3DES

MD5

ddcHH01887d

Table of Contents

Configuring The Vpn Tunnel For The Client Vpn - D-Link DFL-500 User Manual

Configuring the VPN tunnel for the client VPN

Related Manuals for D-Link DFL-500

Related Content for D-Link DFL-500

Table of Contents