Manuals / D-Link / Computer Equipment / Network Card

D-Link DFL-500 user manual About dialup VPN authentication, Nat-traversal Keepalive Frequency

Models: DFL-500

1 122

Download 122 pages 7.35 Kb

Page 54

Nat-traversal

Keepalive Frequency

Mode. Enter the IP address of the dialup user or the domain name of the dialup user (for example, domain.com). If you do not add a local ID, the DFL-500 external interface automatically becomes the Local ID. For information about the Local ID, see About dialup VPN authentication.

Select Enable if you expect the IPSec VPN traffic to go through a gateway that performs NAT. If no NAT device is detected, enabling NAT traversal will have no effect. Both ends of the gateway must have the same NAT traversal setting. See About NAT traversal.

If you enable NAT-traversal, you can change the number of seconds in the Keepalive Frequency field. This number specifies, in seconds, how frequently empty UDP packets are sent through the NAT device to ensure that the NAT mapping does not change until P1 and P2 keylife expires. The keepalive frequency can be from 0 to 900 seconds.

•Select OK to save the remote gateway.

Adding a remote gateway (Dialup User selected)

About dialup VPN authentication

For dialup VPN authentication to work you must create compatible configurations on the DFL-500 NPG that is the dialup server and its dialup clients. The configurations required for the server and the clients are different for different dialup gateway configurations. There are four possible dialup VPN authentication configurations:

•Main mode with no user group selected

•Main mode with a user group selected

•Aggressive mode with no user group

•Aggressive mode with a user group selected

DFL-500 User Manual	54

Image 54

D-Link DFL-500 user manual About dialup VPN authentication, Nat-traversal Keepalive Frequency

Contents

Link DFL-500 Regulatory Compliance Table of Contents Firewall configuration IPSec VPNs Logging and reporting Page Transparent mode NAT/Route mode and Transparent modeNAT/Route mode IntroductionCustomer service and technical support For more informationDFL-500 QuickStart Guide DFL-500 CLI Reference Guide Package contents Getting startedMounting Powering on Initial configuration Connecting to the web-based managerConnecting to the command line interface CLI DFL-500 loginBits per second Next steps Data bits ParityStop bits Flow control NAT/Route mode installation Preparing to configure NAT/Route modeNAT/Route mode settings Starting the setup wizard Using the setup wizardUsing the command line interface Reconnecting to the web-based managerConnecting to your networks Set system route number 1 gw1Setting the date and time Configuring your internal networkCompleting the configuration DFL-500 NPG network connectionsChanging to Transparent mode Transparent mode installationPreparing to configure Transparent mode Transparent mode settings Administrator PasswordConfiguring the Transparent mode management IP address Set system management ip 10.10.10.2Setting the date and time Connecting to your networkConfigure the Transparent mode default gateway DFL-500 network connections Firewall configuration Default policyAdding NAT/Route mode policies Changing to NAT/Route modeGo to Firewall Policy Dynamic IP Pool Fixed Port Source Destination Schedule Service ActionAuthentication VPN TunnelContent filtering Web filterAdding Transparent mode policies Source Destination Schedule ServiceAdding a NAT/Route Int -Ext policy Log Traffic Authentication Web filter Configuring policy lists Adding a Transparent mode Int -Ext policyPolicy matching in detail Addresses Changing the order of policies in a policy listEnabling and disabling policies Go to Firewall Address Adding addressesDeleting addresses Adding a firewall addressGo to Firewall Address Group ServicesOrganizing addresses into address groups Adding an internal address groupGrouping services Predefined servicesProviding access to custom services Go to Firewall Service CustomCreating one-time schedules Adding a service groupSchedules Go to Firewall Schedule One-timeAdding a schedule to a policy Virtual IPsCreating recurring schedules Go to Firewall Schedule RecurringAdding static NAT virtual IPs Go to Firewall Virtual IPStatic NAT Port Forwarding Using port forwarding virtual IPs Adding a static NAT virtual IPAdding a Port Forwarding virtual IP Adding policies with virtual IPsGo to Firewall Policy Ext Int SourceDestination Schedule Service Action Authentication Log Traffic Web filterIP pools Go to Firewall IP/MAC Binding Static IP/MAC Go to Firewall IP/MAC Binding SettingIP/MAC binding Adding an IP PoolConfiguring IP/MAC binding for packets going to the firewall Adding IP/MAC addressesEnabling IP/MAC binding IP/MAC settingsViewing the dynamic IP/MAC list Go to Firewall IP/MAC Binding Dynamic IP/MACAdding user names and configuring authentication Users and authenticationSetting authentication time out Adding user names and configuring authenticationDisable Deleting user names from the internal databaseAdding a user name Adding Radius servers Configuring Radius supportExample Radius configuration Deleting Radius serversConfiguring user groups Adding user groupsDeleting user groups Adding a user groupIPSec VPNs Interoperability with IPSec VPN productsConfiguring AutoIKE key IPSec VPN See Adding a remote gatewayConfiguring manual key IPSec VPN Configuring dialup VPNConfiguring a VPN concentrator for hub and spoke VPN Configuring the VPN concentrator Configuring the member VPNsConfiguring IPSec redundancy Adding a remote gateway Go to VPN Ipsec Remote GatewayLocal ID About dialup VPN authentication Nat-traversal Keepalive FrequencyAdding a remote gateway Dialup User selected Main mode with no user group selected Local ID Empty About DH groupsAbout the P1 proposal KeyAdding an AutoIKE key VPN tunnel About NAT traversalGo to VPN Ipsec AutoIKE Key Autokey Keep Alive Concentrator About the P2 proposalAbout replay detection Adding an AutoIKE key VPN tunnelAdding a manual key VPN tunnel About perfect forward secrecy PFSGo to VPN Ipsec Manual Key Adding a VPN concentrator Adding a manual key VPN tunnelAdding an encrypt policy Adding a VPN concentratorGo to Firewall Policy Int-Ext Adding an encrypt policyVPN Tunnel Allow inbound Viewing VPN tunnel status Allow outbound InboundTesting a VPN Viewing dialup VPN connection statusAutoIKE key tunnel status Page Pptp VPN configuration Pptp and L2TP VPNsConfiguring the DFL-500 NPG as a Pptp gateway Go to VPN Pptp Pptp RangePptp VPN between a Windows client and the DFL-500 NPG Example Pptp Range configuration Source Destination Service ActionGo to VPN L2TP L2TP Range L2TP VPN configurationConfiguring the DFL-500 NPG as an L2TP gateway L2TP VPN between a Windows client and the DFL-500 NPGSample L2TP address range configuration Blocking web pages that contain unwanted content Web content filteringEnabling web content Filtering Configuring content filteringChanging the content block message Clearing the banned word listBacking up and restoring the banned word list Blocking access to URLs Configuring URL blockingGo to Web Filter URL Block Downloading the URL block list Clearing the URL block listChanging the URL block message Uploading a URL block listExempting URLs from content or URL blocking Removing scripts from web pagesGo to Web Filter Script Filter Downloading the Exempt URL list Adding URLs to the Exempt URL ListClearing the Exempt URL list Go to Web Filter Exempt URLUploading an Exempt URL list Logging and reporting Configuring LoggingGo to Log&Report Log setting Recording logs on a remote computerConfiguring alert email Example log settingsSelecting what to log Configuring alert email Go to System Network DNSAdministration System statusUpgrading the DFL-500 NPG firmware Execute pingEnter Tftp Server Address Enter Local AddressEnter File Name image.out Restoring system settings to factory defaults Backing up system settingsRestoring system settings Displaying the DFL-500 NPG serial numberChanging to Transparent mode Restarting the DFL-500 NPG Shutting down the DFL-500 NPGSystem status monitor CPU usage Memory usage Up time Total Number of Sessions Network configurationSystem status monitor Protocol From IP From Port To IP To Port Expire ClearConfiguring the internal interface Configuring the internal interfaceConfiguring the external interface Go to System Network InterfaceConfiguring the external interface with a static IP address Configuring the external interface for PPPoE Configuring the external interfaceHttps Ping SSH Snmp Setting DNS server addresses Configuring routingConfiguring the management interface Transparent mode Adding routing gatewaysAdding a default route Adding routes to the routing tableGo to System Network Routing Table Enabling RIP server support Configuring the routing tableAdding routes Transparent mode Go to System Network RoutingGo to System Network Dhcp Providing Dhcp services to your internal networkDefault Route Exclusion Range Starting IP Ending IP Netmask Lease Duration DomainSystem configuration Sample Dhcp settingsExample Dynamic IP list Setting system date and time Go to System Config TimeExample date and time setting Changing web-based manager options Adding and editing administrator accountsGo to System Config Admin Read Write OnlyConfiguring Snmp Go to System Config Snmp100 Glossary 101102 103 Index 104CLI 105Dhcp 106Snmp 107PFS 108Transparent mode manual key Adding VPN tunnel IPSec VPN 109NTP 110Pptp 111Smtp 112VPN 113IPSec VPN Remote Gateway user groups Deleting 114115 Technical Support 116Registration Card 117118 Limited Warranty 119120 121 Registration 122