Manuals / Brands / Computer Equipment / Network Cables / D-Link / Computer Equipment / Network Cables

D-Link DFL-200 Proposal Lists , IKE Proposal List , IPSec Proposal List

1 133

Download 133 pages, 1.68 Mb

52

Proposal Lists

To agree on the VPN connection parameters, a negotiation process is performed. As the

result of the negotiations, the IKE and IPSec security associations (SAs) are established. As

the name implies, a proposal is the starting point for the negotiation. A proposal defines

encryption parameters, for instance encryption algorithm, life times etc, that the VPN gateway

supports.

There are two types of proposals, IKE proposals and IPSec proposals. IKE proposals are

used during IKE Phase-1 (IKE Security Negotiation), while IPSec pro posals are using during

IKE Phase-2 (IPSec Security Negotiation).

A Proposal List is used to group several proposals. During the neg otiation process, the

proposals in the proposal list are offered to the remote VPN gateway one after another until a

matching proposal is found.

IKE Proposal List

Cipher – Specifies the encryption algorithm used in this IKE proposal. S upported

algorithms are AES, 3DES, DES, Blowfish, Twofish and CAST128.

Hash – Specifies the hash function used to calculate a check sum that reveals if the data

packet is altered while being transmitted. MD5 and SHA1 are supported algorithms.

Life Times – Specifies in KB or seconds when the securit y associations for the VPN

tunnel need to be re-negotiated.

IPSec Proposal List

Cipher – Specifies the encryption algorithm used in this IPSec proposal. Supported

algorithms are AES, 3DES, DES, Blowfish, Twofish and CAST128.

HMAC – Specifies the hash function used to calculate a check sum that reveals if the data

packet is altered while being transmitted. MD5 and SHA1 are supported algorithms.

Life Times – Specifies in KB or seconds when the secu rity associations for the VPN

tunnel need to be re-negotiated.

Contents

Main Contents Page Page Page Page Introduction Features and Benefits Introduction to Firewalls Introduction to Local Area Networking LEDs Physical Connections Page Managing D-Link DFL-200 When a change is done to the configuration a new icon named Activate Changes Resetting the DFL-200 Administration Settings Administrative Access Add ping access to an interface Add Admin access to an interface Add Read-only access to an interface Enable SNMP access to an interface System Interfaces Change IP of the LAN or DMZ interface WAN Interface Settings Using Static IP WAN Interface Settings Using DHCP WAN Interface Settings Using PPPoE WAN Interface Settings Using PPTP WAN Interface Settings Using BigPond MTU Configuration Routing Add a new Static Route Remove a Static Route Logging Enable Logging Enable Audit Logging Enable E-mail alerting for ISD/IDP events Page Page Changing time zone Using NTP to sync time Setting time and date manually Firewall Policy Policy modes Action Types Source and Destination Filter Service Filter Schedule Intrusion Detection / Prevention Add a new policy Change order of policy Delete policy Configure Intrusion Detection Configure Intrusion Prevention Port mapping / Virtual Servers Add a new mapping Delete mapping Users The DFL-200 RADIUS Support Enable User Authentication via HTTP / HTTPS Enable RADIUS Support Add User Change User Password Delete User Schedules Add new recurring schedule Services Adding TCP, UDP or TCP/UDP Service Adding IP Protocol Grouping Services Protocol-independent settings VPN Introduction to IPSec Introduction to PPTP Introduction to L2TP Point-to-Point Protocol Authentication Protocols PAP CHAP MS-CHAP v1 L2TP/PPTP Clients L2TP/PPTP Servers Page VPN between two networks Creating a LAN-to-LAN IPSec VPN Tunnel VPN between client and an internal network Creating a Roaming Users IPSec VPN Tunnel Adding a L2TP/PPTP VPN Client Adding a L2TP/PPTP VPN Server VPN Advanced Settings Proposal Lists IKE Proposal List IPSec Proposal List Certificates Trusting Certificates Local identities Certificates of remote peers Certificate Authorities Identities Content Filtering Active content handling Edit the URL Global Whitelist Edit the URL Global Blacklist Page Servers DHCP Server Settings Enable DHCP Server Enable DHCP Relay Disable DHCP Server/Relayer DNS Relayer Settings Enable DNS Relayer Page Too ls Ping Ping Example Dynamic DNS Add Dynamic DNS Settings Backup Exporting the DFL-200s Configuration Restoring the DFL-200s Configuration Page Page Page Upgrade Upgrade Firmware Upgrade IDS Signature-database Status System Interfaces VPN Connections DHCP Server Page How to read the logs USAGE events DROP events CONN events Page Step by step guides LAN-to-LAN VPN using IPsec Page Page Page LAN-to-LAN VPN using PPTP Page Page Page Page Page Page LAN-to-LAN VPN using L2TP Page Page Page Page Page Page A more secure LAN-to-LAN VPN solution Page Page Page Windows XP client and PPTP server Settings for the Windows XP client Page Page Page Page Page Page Page Page Page Windows XP client and L2TP server Settings for the Windows XP client Page Page Page Content filtering Page Page Page Intrusion detection and prevention Page Page Appendixes Appendix A: ICMP Types and Codes Page Appendix B: Common IP Protocol Numbers LIMITED WARRANTY Product Type Warranty Period Limited Software Warranty: What You Must Do For Warranty Service: What Is Not Covered: Disclaimer of Other Warranties: Limitation of Liability: GOVERNING LAW: This Limited Warranty shall be governed by the laws of the state of California. Page Page Offices