Manuals / D-Link / Computer Equipment / Network Card

D-Link DFL-500 user manual Configuring IPSec redundancy

Models: DFL-500

1 122

Download 122 pages 7.35 Kb

Page 52

See Adding an AutoIKE key VPN tunnel.

Or, add a manual key VPN tunnel.

See Adding a manual key VPN tunnel.

•Add one encrypt policy between the member VPN and the VPN concentrator. Use the following configuration:

Source Destination Action VPN Tunnel Allow inbound Allow outbound Inbound NAT Outbound NAT

Member VPN address. VPN concentrator address.

ENCRYPT

The VPN tunnel added in step 2. Select allow inbound.

Select allow outbound.

Select inbound NAT if required. Select outbound NAT if required.

See Adding an encrypt policy.

•Add additional encrypt policies between the member VPNs. Use the following configuration:

Source Destination Action VPN Tunnel Allow inbound Allow outbound Inbound NAT Outbound NAT

Local member VPN address. Remote member VPN address

ENCRYPT

The VPN tunnel added in step 2. Select allow inbound.

Select allow outbound.

Select inbound NAT if required. Select outbound NAT if required.

Configuring IPSec redundancy

IPSec redundancy allows you to create a redundant AutoIKE key IPSec VPN configuration to two remote VPN gateway addresses.

For IPSec redundancy to work, both Internet connections must have static IP addresses.

To configure IPSec redundancy:

•Add two remote gateways with the same settings (including the same authentication key) but with different remote gateway addresses.

See Adding a remote gateway.

•Add two AutoIKE key tunnels with the same settings and add one of the remote gateways to each tunnel.

See Adding an AutoIKE key VPN tunnel.

•Add two outgoing encrypt policies.

DFL-500 User Manual	52

Image 52

D-Link DFL-500 user manual Configuring IPSec redundancy

Contents

Link DFL-500 Regulatory Compliance Table of Contents Firewall configuration IPSec VPNs Logging and reporting Page NAT/Route mode and Transparent mode NAT/Route modeTransparent mode IntroductionFor more information Customer service and technical supportDFL-500 QuickStart Guide DFL-500 CLI Reference Guide Getting started Package contentsMounting Powering on Initial configuration Connecting to the web-based managerDFL-500 login Connecting to the command line interface CLIBits per second Data bits Parity Next stepsStop bits Flow control Preparing to configure NAT/Route mode NAT/Route mode installationNAT/Route mode settings Using the setup wizard Using the command line interfaceStarting the setup wizard Reconnecting to the web-based managerConnecting to your networks Set system route number 1 gw1Configuring your internal network Completing the configurationSetting the date and time DFL-500 NPG network connectionsTransparent mode installation Preparing to configure Transparent modeChanging to Transparent mode Transparent mode settings Administrator PasswordConfiguring the Transparent mode management IP address Set system management ip 10.10.10.2Connecting to your network Setting the date and timeConfigure the Transparent mode default gateway DFL-500 network connections Firewall configuration Default policyChanging to NAT/Route mode Adding NAT/Route mode policiesGo to Firewall Policy Source Destination Schedule Service Action AuthenticationDynamic IP Pool Fixed Port VPN TunnelContent filtering Web filterSource Destination Schedule Service Adding Transparent mode policiesAdding a NAT/Route Int -Ext policy Log Traffic Authentication Web filter Adding a Transparent mode Int -Ext policy Configuring policy listsPolicy matching in detail Changing the order of policies in a policy list AddressesEnabling and disabling policies Adding addresses Deleting addressesGo to Firewall Address Adding a firewall addressServices Organizing addresses into address groupsGo to Firewall Address Group Adding an internal address groupPredefined services Providing access to custom servicesGrouping services Go to Firewall Service CustomAdding a service group SchedulesCreating one-time schedules Go to Firewall Schedule One-timeVirtual IPs Creating recurring schedulesAdding a schedule to a policy Go to Firewall Schedule RecurringGo to Firewall Virtual IP Adding static NAT virtual IPsStatic NAT Port Forwarding Using port forwarding virtual IPs Adding a static NAT virtual IPAdding policies with virtual IPs Go to Firewall Policy Ext IntAdding a Port Forwarding virtual IP SourceAuthentication Log Traffic Web filter Destination Schedule Service ActionIP pools Go to Firewall IP/MAC Binding Setting IP/MAC bindingGo to Firewall IP/MAC Binding Static IP/MAC Adding an IP PoolConfiguring IP/MAC binding for packets going to the firewall Adding IP/MAC addressesIP/MAC settings Viewing the dynamic IP/MAC listEnabling IP/MAC binding Go to Firewall IP/MAC Binding Dynamic IP/MACUsers and authentication Setting authentication time outAdding user names and configuring authentication Adding user names and configuring authenticationDeleting user names from the internal database DisableAdding a user name Configuring Radius support Example Radius configurationAdding Radius servers Deleting Radius serversConfiguring user groups Adding user groupsDeleting user groups Adding a user groupIPSec VPNs Interoperability with IPSec VPN productsConfiguring AutoIKE key IPSec VPN See Adding a remote gatewayConfiguring dialup VPN Configuring manual key IPSec VPNConfiguring a VPN concentrator for hub and spoke VPN Configuring the VPN concentrator Configuring the member VPNsConfiguring IPSec redundancy Go to VPN Ipsec Remote Gateway Adding a remote gatewayLocal ID Nat-traversal Keepalive Frequency About dialup VPN authenticationAdding a remote gateway Dialup User selected Main mode with no user group selected About DH groups About the P1 proposalLocal ID Empty KeyAbout NAT traversal Adding an AutoIKE key VPN tunnelGo to VPN Ipsec AutoIKE Key About the P2 proposal About replay detectionAutokey Keep Alive Concentrator Adding an AutoIKE key VPN tunnelAbout perfect forward secrecy PFS Adding a manual key VPN tunnelGo to VPN Ipsec Manual Key Adding a VPN concentrator Adding a manual key VPN tunnelAdding an encrypt policy Adding a VPN concentratorAdding an encrypt policy Go to Firewall Policy Int-ExtVPN Tunnel Allow inbound Viewing VPN tunnel status Allow outbound InboundViewing dialup VPN connection status Testing a VPNAutoIKE key tunnel status Page Pptp VPN configuration Pptp and L2TP VPNsGo to VPN Pptp Pptp Range Configuring the DFL-500 NPG as a Pptp gatewayPptp VPN between a Windows client and the DFL-500 NPG Example Pptp Range configuration Source Destination Service ActionL2TP VPN configuration Configuring the DFL-500 NPG as an L2TP gatewayGo to VPN L2TP L2TP Range L2TP VPN between a Windows client and the DFL-500 NPGSample L2TP address range configuration Web content filtering Enabling web content FilteringBlocking web pages that contain unwanted content Configuring content filteringClearing the banned word list Changing the content block messageBacking up and restoring the banned word list Configuring URL blocking Blocking access to URLsGo to Web Filter URL Block Clearing the URL block list Changing the URL block messageDownloading the URL block list Uploading a URL block listRemoving scripts from web pages Exempting URLs from content or URL blockingGo to Web Filter Script Filter Adding URLs to the Exempt URL List Clearing the Exempt URL listDownloading the Exempt URL list Go to Web Filter Exempt URLUploading an Exempt URL list Configuring Logging Go to Log&Report Log settingLogging and reporting Recording logs on a remote computerExample log settings Configuring alert emailSelecting what to log Configuring alert email Go to System Network DNSAdministration System statusUpgrading the DFL-500 NPG firmware Execute pingEnter Local Address Enter Tftp Server AddressEnter File Name image.out Backing up system settings Restoring system settingsRestoring system settings to factory defaults Displaying the DFL-500 NPG serial numberChanging to Transparent mode Shutting down the DFL-500 NPG Restarting the DFL-500 NPGSystem status monitor Network configuration System status monitorCPU usage Memory usage Up time Total Number of Sessions Protocol From IP From Port To IP To Port Expire ClearConfiguring the internal interface Configuring the external interfaceConfiguring the internal interface Go to System Network InterfaceConfiguring the external interface with a static IP address Configuring the external interface for PPPoE Configuring the external interfaceHttps Ping SSH Snmp Configuring routing Configuring the management interface Transparent modeSetting DNS server addresses Adding routing gatewaysAdding routes to the routing table Adding a default routeGo to System Network Routing Table Configuring the routing table Adding routes Transparent modeEnabling RIP server support Go to System Network RoutingProviding Dhcp services to your internal network Default Route Exclusion RangeGo to System Network Dhcp Starting IP Ending IP Netmask Lease Duration DomainSample Dhcp settings System configurationExample Dynamic IP list Go to System Config Time Setting system date and timeExample date and time setting Adding and editing administrator accounts Go to System Config AdminChanging web-based manager options Read Write OnlyConfiguring Snmp Go to System Config Snmp100 Glossary 101102 103 Index 104CLI 105Dhcp 106Snmp 107PFS 108Transparent mode manual key Adding VPN tunnel IPSec VPN 109NTP 110Pptp 111Smtp 112VPN 113IPSec VPN Remote Gateway user groups Deleting 114115 Technical Support 116Registration Card 117118 Limited Warranty 119120 121 Registration 122