D-Link DWC-1000 User Manual page 252

Section 7 - VPN Settings
Field
Policy Name
Policy Type
IP Protocol Version
IKE Version
IPSec Mode
Select Local Gateway
Remote Endpoint
IP Address/FQDN
Enable Mode Config
Enable NetBIOS
Enable RollOver
Protocol
Enable DHCP
Local IP/Remote IP
Enable Keepalive
D-Link DWC-1000 User Manual
Enter a unique name for the VPN Policy. This name is not an identifier for the remote WAN/client.
Select either Manual or Auto.
• Manual: All settings (including the keys) for the VPN tunnel are manually input for each end point. No third-
party server or organization is involved.
• Auto: Some parameters for the VPN tunnel are generated automatically. This requires using the IKE (Internet Key
Exchange) protocol to perform negotiations between the two VPN Endpoints.
Select either IPv4 or IPv6.
Select the version of IKE.
Select either Tunnel or Transport. IPSec tunnel mode is useful for protecting traffic between different networks, when
traffic must pass through an intermediate, untrusted network. Tunnel mode is primarily used for interoperability with
gateways, or end-systems that do not support L2TP/IPSec or PPTP connections. Transport mode is the default mode
for IPSec, and it is used for end-to-end communications (for example, for communications between a client and a
server).
In the event that two Option ports are configured to connect to your ISP, select the gateway that will be used as the
local endpoint for this IPSec tunnel.
Select the type of identifier that you want to provide for the controller at the remote endpoint (either IP Address or
FQDN [Fully Qualified Domain Name])
Enter the identifier for the controller.
Toggle to ON to enable. Mode Config is similar to DHCP and is used to assign IP addresses to the remote VPN clients.
Toggle to ON to allow NetBIOS broadcasts to travel over the VPN tunnel
Toggle to ON to enable VPN rollover. You must have the Option Mode set to Rollover.
Select a protocol from the drop-down menu.
Toggle to ON to allow VPN clients that are connected to your controller over IPSec to receive an assigned IP using
DHCP.
Select the type of identifier that you want to provide for the endpoint:
• Any: Specifies that the policy is for traffic from the given end point (local or remote). Note that selecting Any for
both local and remote end points is not valid.
• Single: Limits the policy to one host. Enter the IP address of the host that will be part of the VPN.
• Range: Allows computers within an IP address range to connect to the VPN. Enter the Start IP Address and End
IP Address in the provided fields.
• Subnet: Allows an entire subnet to connect to the VPN. Enter the network address and subnet mask in the
provided fields.
Toggle to ON to periodically send ping packets to the host on the peer side of the network to keep the tunnel alive.
Description
252