D-Link DFL-200 manual VPN Advanced Settings

Page 51

VPN – Advanced Settings

Advanced settings for a VPN tunnel is used when one need change some characteristics of the tunnel when using for example trying to connect to a third party VPN Gateway. The different settings to set per tunnel is the following:

Limit MTU

Whit this setting it’s possible to limit the MTU (Max Transferable Unit) of the VPN tunnel.

IKE Mode

Specify if Main mode IKE or Aggressive Mode IKE should be used when establishing outbound VPN Tunnels. Inbound main mode connections will always be allowed. Inbound aggressive mode connections will only be allowed if this setting is set to aggressive mode.

IKE DH Group

Here it’s possible to configure the Diffie-Hellman group to 1 (modp 768-bit), 2 (modp 1024- bit) or 5 (modp 1536-bit).

PFS – Perfect Forward Secrecy

If PFS, Perfect Forwarding Secrecy, is enabled, a new Diffie-Hellman exchange is performed for each phase-2 negotiation. While this is slower, it makes sure that no keys are dependent on any other previously used keys; no keys are extracted from the same initial keying material. This is to make sure that, in the unlikely event that some key was compromised; no subsequent keys can be derived.

NAT Traversal

Here it’s possible to configure how the NAT Traversal code should behave.

Disabled - The firewall does not send the Vendor ID's that include NAT-T support when setting up the tunnel.

On if supported and need NAT - Will only use NAT-T if one of the VPN gateways is NATed.

On if supported - Always tries to use NAT-T when setting up the tunnel.

Keepalives

No keepalives Keep-alive is disabled.

Automatic keepalives - The firewall will send ICMP pings to IP Addresses automatically discovered from the VPN Tunnel settings.

Manually configured IP addresses - Configure the source and destination IP addresses used when sending the ICMP pings

Image 51
Contents Link DFL-200 Contents VPN Servers 111 125 122Introduction to Firewalls Features and BenefitsAccess Control supported IntroductionIntroduction to Local Area Networking Physical Connections LEDsSystem Requirements Package ContentsManaging D-Link DFL-200 Resetting the DFL-200Administrative Access Administration SettingsAdd Admin access to an interface Add ping access to an interfaceEnable Snmp access to an interface Add Read-only access to an interfaceSystem InterfacesChange IP of the LAN or DMZ interface WAN Interface Settings Using Static IP WAN Interface Settings Using DhcpIP Address The IP address of the WAN interface. This is Password WAN Interface Settings Using PPPoEWAN Interface Settings Using Pptp WAN Interface Settings Using BigPond MTU ConfigurationPassword The password supplied to you by your ISP Routing Add a new Static Route Remove a Static RouteGo to System and Routing Logging Enable Logging Enable Audit LoggingEnable E-mail alerting for ISD/IDP events Page Time Checking the Set the system time box Using NTP to sync timeSetting time and date manually Changing time zoneAction Types FirewallPolicy Policy modesService Filter Source and Destination FilterSchedule Add a new policy Intrusion Detection / PreventionChange order of policy Configure Intrusion DetectionEnable the Delete policy checkbox Enable the Intrusion Detection / Prevention checkboxConfigure Intrusion Prevention Add a new mapping Port mapping / Virtual ServersDelete mapping Enable the Delete mapping checkboxDFL-200 Radius Support UsersEnable Radius Support Enable User Authentication via Http / HttpsChange User Password Enable the Change password checkboxAdd User Delete User Enable the Delete user checkboxAdd new recurring schedule SchedulesAdding TCP, UDP or TCP/UDP Service ServicesAdding IP Protocol Grouping ServicesProtocol-independent settings Introduction to IPSec VPNIntroduction to Pptp Introduction to L2TPPoint-to-Point Protocol MPPE, Microsoft Point-To-Point Encryption Authentication ProtocolsL2TP/PPTP Clients Authentication protocolL2TP/PPTP Servers Authentication Protocol Introduction chapterMppe encryption Creating a LAN-to-LAN IPSec VPN Tunnel VPN between two networksCreating a Roaming Users IPSec VPN Tunnel VPN between client and an internal networkAdding a L2TP/PPTP VPN Server Adding a L2TP/PPTP VPN ClientVPN Advanced Settings Proposal Lists IKE Proposal ListIPSec Proposal List Certificates of remote peers CertificatesTrusting Certificates Local identitiesIdentities Active content handling Content FilteringEdit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Servers Dhcp Server SettingsEnable by checking the Use built-in Dhcp Server box Enable Dhcp ServerEnable Dhcp Relay Disable Dhcp Server/RelayerDNS Relayer Settings Enable DNS RelayerEnable by checking the Enable DNS Relayer box Disable DNS Relayer Ping ToolsAdd Dynamic DNS Settings Dynamic DNSPing Example Backup Exporting the DFL-200’s ConfigurationRestoring the DFL-200’s Configuration Restarting the DFL-200 Restart/ResetRestoring system settings to factory defaults Page Upgrade Upgrade FirmwareUpgrade IDS Signature-database Status SystemCPU Load Interfaces VPN Click Connections below it. a window will ConnectionsDhcp Server Logging Conn events How to read the logsUsage events Drop eventsClose Example Open ExampleStep by step guides LAN IP 192.168.4.1, Subnet mask LAN-to-LAN VPN using IPsecRemote Net 192.168.1.0/24 Enable Automatically add a route for the remote networkLocal net 192.168.1.0/24 LAN IP 192.168.1.1, Subnet maskRemote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Global policy parameters Settings for Main office Page Under Users in local database click Add new Select Local databasePage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Windows XP client and Pptp server Settings for the Windows XP clientSelect Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 104 Select Do not dial the initial connection and click Next Page Click Properties Page Name the new user HomeUser Enter password Retype password Page Windows XP client and L2TP server 112 Settings for Main office Page Content filtering Select HTTP/HTML Content Filtering in the ALG dropdown Firewall-ServicesPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Appendix a Icmp Types and Codes AppendixesPage ESP Appendix B Common IP Protocol NumbersLimited Warranty What Is Not Covered Wichtige Sicherheitshinweise Attenzione CE Mark WarningWarnung Advertencia de Marca de la CEVcci Warning Offices Singapore D-LINK International 132
Related manuals
Manual 14 pages 8.62 Kb Manual 12 pages 24 Kb