D-Link DFL-200 manual VPN between two networks, Creating a LAN-to-LAN IPSec VPN Tunnel

Page 48

VPN between two networks

In the following example users on the main office internal network can connect to the branch office internal network vice versa. Communication between the two networks takes place in an encrypted VPN tunnel that connects the two DFLs Network Security Firewall across the Internet. Users on the internal networks are not aware that when they connect to a computer on the other network that the connection runs across the Internet.

As shown in the example, you can use the DFL to protect a branch office and a small main office. Both of these DFLs can be configured as IPSec VPN gateways to create the VPN that connects the branch office network to the main office network.

The example shows a VPN between two internal networks, but you can also create VPNs between an internal network behind one VPN gateway and a DMZ network behind another or between two DMZ networks. The networks at the

ends of the VPN tunnel are selected when you configure the VPN policy.

Creating a LAN-to-LAN IPSec VPN Tunnel

Follow these steps to add LAN-to-LAN Tunnel.

Step 1. Go to Firewall and VPN and choose Add new in the IPSec tunnels section.

Step 2. Enter a Name for the new tunnel in the name field. The name can contain numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters - and _. No other special characters and spaces are allowed.

Step 3. Specify your local network, or your side of the tunnel, for example 192.168.1.0/255.255.255.0, in the Local Net field.

Step 4. Choose authentication type, either PSK (Pre-shared Key) or Certificate-based. If you choose PSK make sure both firewalls use exactly the same PSK.

Step 5. As Tunnel Type choose LAN-to-LAN tunnel and specify the network behind the other DFL-200 as Remote Net also specify the external IP of the other DFL-200, this can be an IP or a DNS name.

Click the Apply button below to apply the change or click Cancel to discard changes.

Repeat this on the firewall on the other site.

48

Image 48
Contents Link DFL-200 Contents VPN Servers 111 122 125Features and Benefits Access Control supportedIntroduction Introduction to FirewallsIntroduction to Local Area Networking LEDs Physical ConnectionsPackage Contents System RequirementsResetting the DFL-200 Managing D-Link DFL-200Administration Settings Administrative AccessAdd ping access to an interface Add Admin access to an interfaceAdd Read-only access to an interface Enable Snmp access to an interfaceSystem InterfacesChange IP of the LAN or DMZ interface WAN Interface Settings Using Static IP WAN Interface Settings Using DhcpIP Address The IP address of the WAN interface. This is WAN Interface Settings Using PPPoE PasswordWAN Interface Settings Using Pptp WAN Interface Settings Using BigPond MTU ConfigurationPassword The password supplied to you by your ISP Routing Add a new Static Route Remove a Static RouteGo to System and Routing Logging Enable Logging Enable Audit LoggingEnable E-mail alerting for ISD/IDP events Page Time Using NTP to sync time Setting time and date manuallyChanging time zone Checking the Set the system time boxFirewall PolicyPolicy modes Action TypesService Filter Source and Destination FilterSchedule Intrusion Detection / Prevention Add a new policyConfigure Intrusion Detection Enable the Delete policy checkboxEnable the Intrusion Detection / Prevention checkbox Change order of policyConfigure Intrusion Prevention Port mapping / Virtual Servers Add a new mappingEnable the Delete mapping checkbox Delete mappingUsers DFL-200 Radius SupportEnable User Authentication via Http / Https Enable Radius SupportChange User Password Enable the Change password checkboxAdd User Enable the Delete user checkbox Delete UserSchedules Add new recurring scheduleServices Adding TCP, UDP or TCP/UDP ServiceGrouping Services Adding IP ProtocolProtocol-independent settings VPN Introduction to IPSecIntroduction to Pptp Introduction to L2TPPoint-to-Point Protocol Authentication Protocols MPPE, Microsoft Point-To-Point EncryptionAuthentication protocol L2TP/PPTP ClientsAuthentication Protocol Introduction chapter L2TP/PPTP ServersMppe encryption VPN between two networks Creating a LAN-to-LAN IPSec VPN TunnelVPN between client and an internal network Creating a Roaming Users IPSec VPN TunnelAdding a L2TP/PPTP VPN Client Adding a L2TP/PPTP VPN ServerVPN Advanced Settings Proposal Lists IKE Proposal ListIPSec Proposal List Certificates Trusting CertificatesLocal identities Certificates of remote peersIdentities Content Filtering Active content handlingEdit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Dhcp Server Settings ServersEnable Dhcp Server Enable Dhcp RelayDisable Dhcp Server/Relayer Enable by checking the Use built-in Dhcp Server boxDNS Relayer Settings Enable DNS RelayerEnable by checking the Enable DNS Relayer box Disable DNS Relayer Tools PingAdd Dynamic DNS Settings Dynamic DNSPing Example Backup Exporting the DFL-200’s ConfigurationRestoring the DFL-200’s Configuration Restart/Reset Restarting the DFL-200Restoring system settings to factory defaults Page Upgrade Upgrade FirmwareUpgrade IDS Signature-database Status SystemCPU Load Interfaces VPN Connections Click Connections below it. a window willDhcp Server Logging How to read the logs Usage eventsDrop events Conn eventsOpen Example Close ExampleStep by step guides LAN-to-LAN VPN using IPsec LAN IP 192.168.4.1, Subnet maskEnable Automatically add a route for the remote network Remote Net 192.168.1.0/24LAN IP 192.168.1.1, Subnet mask Local net 192.168.1.0/24Remote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Global policy parameters Settings for Main office Page Select Local database Under Users in local database click Add newPage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Settings for the Windows XP client Windows XP client and Pptp serverSelect Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 104 Select Do not dial the initial connection and click Next Page Click Properties Page Name the new user HomeUser Enter password Retype password Page Windows XP client and L2TP server 112 Settings for Main office Page Content filtering Firewall-Services Select HTTP/HTML Content Filtering in the ALG dropdownPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Appendixes Appendix a Icmp Types and CodesPage Appendix B Common IP Protocol Numbers ESPLimited Warranty What Is Not Covered Wichtige Sicherheitshinweise CE Mark Warning WarnungAdvertencia de Marca de la CE AttenzioneVcci Warning Offices Singapore D-LINK International 132
Related manuals
Manual 14 pages 8.62 Kb Manual 12 pages 24 Kb