D-Link NetDefend SOHO DFL-160 User Manual page 49

4.4.1. IPsec
• IKE negotiates how IKE should be protected.
• IKE negotiates how IPsec should be protected.
• An IPsec tunnel is established which is used to securely transport data.
The following sections are used in the web interface for IPsec setup:
A. General
B. Authentication
C. Tunnel Type
D. Advanced
A. General
Here, a textual Name for the tunnel is specified. This is used only for identifying the tunnel for
management purposes in the web interface.
The Local Network is the network attached to the LAN or DMZ interface which will communicate
through the IPsec tunnel.
B. Authentication
This is the Pre-shared Key (PSK) that provides the initial means to set up the tunnel. The key should
be the same for both end points of the tunnel for communication to succeed.
A PSK can be any alphanumeric character string.
Security using digital certificates is not possible with the DFL-160 but is possible with higher-end
D-Link NetDefend products.
C. Tunnel Type
An IPsec tunnel can be one of two types:
• Roaming Users.
If clients will be connecting through the tunnel via the WAN port then this option should be
enabled. If XAuth is required then this means a user must give a username and password listed in
the user database (see Section 4.5, "VPN Users").
• Lan-to-Lan.
If the tunnel is being used to connect a remote network on the WAN interface to a local network
on the LAN or DMZ
The tunnel's remote endpoint may require XAuth authentication in which case a valid username
49
Chapter 4. The Firewall Menu