Ipsec - D-Link NetDefend SOHO DFL-160 User Manual

Netdefend soho utm firewall

Hide thumbs Also See for NetDefend SOHO DFL-160:

Reference manual (356 pages)

Quick installation manual (61 pages)

Quick installation manual (33 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

Table of Contents

4.4.1. IPsec

In summary, a VPN allows the public Internet to be used for setting up secure communications or

tunnels between DFL-160s or between a DFL-160 and other security gateway devices or clients.

VPN with the DFL-160

NetDefendOS supports setting up tunnels using the following types of tunnel protocols for secure

communication:

•

IPsec tunnels.

•

L2TP tunnels.

Using L2TP tunnels the DFL-160 can either be:

An L2TP client - which connects to an L2TP server.

Or an L2TP server - to which L2TP clients connect.

•

PPTP tunnels.

Using PPTP tunnels the DFL-160 can either be:

A PPTP client - which connects to a PPTP server.

Or a PPTP server - to which PPTP clients connect.

Pressing the Add button on the initial VPN page of the web interface allows the administrator to

define a tunnel based on one of these protocols. The following sections explore these options in

greater depth.

In the web interface, the L2TP and PPTP setup options are grouped together into the same pages.

This is because of their similarity. L2TP is a protocol that has superseded PPTP but PPTP is still

used in some scenarios.

4.4.1. IPsec

This section explains the IPsec options available when setting up an IPsec based VPN tunnel.

An IPsec Overview

Internet Protocol Security (IPsec) is a standardized set of protocols that provide highly secure data

transportation. IPsec is made up of two parts:

•

The Internet Key Exchange protocol (IKE)

•

IPsec protocols (AH and ESP)

The first part, IKE, is the initial negotiation phase, where two VPN tunnel endpoints agree on which

methods will be used to provide transportation and security for the data traffic. IKE manages

connections by creating a set of Security Associations (SAs) for each tunnel. An SA is unidirectional

so there are usually at least two for each IPsec connection.

The second part is the actual data transfer and this is done using the encryption and authentication

methods agreed upon in the IKE negotiation.

The flow of events for IPsec can be summarized as follows:

Chapter 4. The Firewall Menu

Table of Contents

Ipsec - D-Link NetDefend SOHO DFL-160 User Manual

4.4.1. IPsec

Troubleshooting

Related Manuals for D-Link NetDefend SOHO DFL-160

Related Content for D-Link NetDefend SOHO DFL-160

Table of Contents