Advertisement
Quick Links
Configuration examples for the D-Link
NetDefend Firewall series
Scenario: How to configure IPSec VPN LAN-to-LAN Tunnel
Platform Compatibility: All NetDefend Firewall Series
Last update: 2008-03-07
Overview
In this document, the notation Objects->Address book means that in the tree on the left
side of the screen Objects first should be clicked (expanded) and then Address Book.
Most of the examples in this document are adapted for the DFL-800. The same settings can
easily be used for all other models in the series. The only difference is the names of the
interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan
interfaces are named lan1, lan2 and lan3 not just lan.
The screenshots in this document is from firmware version 2.12.00. If you are using an
earlier version of the firmware, the screenshots may not be identical to what you see on
your browser.
Advertisement
Related Manuals for D-Link NetDefend Firewall Series
Summary of Contents for D-Link NetDefend Firewall Series
- Page 1 Configuration examples for the D-Link NetDefend Firewall series Scenario: How to configure IPSec VPN LAN-to-LAN Tunnel Platform Compatibility: All NetDefend Firewall Series Last update: 2008-03-07 Overview In this document, the notation Objects->Address book means that in the tree on the left side of the screen Objects first should be clicked (expanded) and then Address Book.
- Page 2 How to configure IPSec VPN LAN-to-LAN Tunnel Create one lan-to-lan IPsec VPN tunnel between firewall A and B.
- Page 3 1. Firewall A - Addresses Go to Objects -> Address book -> InterfaceAddresses. Edit the following items: Change lan_ip to 192.168.1.1 Change lannet to 192.168.1.0/24 Change wan1_ip to 192.168.110.1 Change wan1net to 192.168.110.0/24 Go to Objects -> Address book. Add a new Address Folder called RemoteHosts.
- Page 4 Shared secret: Select Passphrase and enter a shared secret Click Ok. 3. Firewall A – IPsec interface Go to Interfaces -> IPsec. Add a new IPsec Tunnel. In the General tab: General: Name: fwB-ipsec Local Network: lannet Remote Network: fwB-remotenet Remote Endpoint: fwB-remotegw Encapsulation...
- Page 5 Algorithms: Algorithms: High IKE Life Time: 28800 IPsec Algorithms: High IPsec Life Time: 3600 IPsec Life Time: 0 In the Authentication tab: Authentication: Select Pre-Shared Key and fwB-psk. Click Ok. 4. Firewall A – Rules Go to Rules -> IP Rules. Create a new IP Rules Folder called lan_to_fwB-ipsec...
- Page 6 Name: allow_all Action: Allow Service: all_services Address Filter: Source Interface: lan Source Network: lannet Destination Interface: fwB-ipsec Destination Network: fwB-remotenet Click Ok. Create a second rule in the same folder. In the General tab: General: Name: allow_all Action: Allow Service: all_services Address Filter: Source Interface: fwB-ipsec...
- Page 7 Save and activate the configuration on firewall A. 5. Firewall B - Addresses Go to Objects -> Address book -> InterfaceAddresses. Edit the following items: Change lan_ip to 192.168.2.1 Change lannet to 192.168.2.0/24 Change wan1_ip to 192.168.110.2 Change wan1net to 192.168.110.0/24 Go to Objects ->...
- Page 8 7. Firewall B – IPsec interface Go to Interfaces -> IPsec. Add a new IPsec Tunnel. In the General tab: General: Name: fwA-ipsec Local Network: lannet Remote Network: fwA-remotenet Remote Endpoint: fwA-remotegw Encapsulation Mode: Tunnel Algorithms: Algorithms: High IKE Life Time: 28800 IPsec Algorithms: High...
- Page 9 In the General tab: General: Name: allow_all Action: Allow Service: all_services Address Filter: Source Interface: lan Source Network: lannet Destination Interface: fwA-ipsec Destination Network: fwA-remotenet Click Ok. Create a second rule in the same folder. In the General tab: General: Name: allow_all Action: Allow Service: all_services...