Main mode with no user group selected | D-Link DFL-500 manual

For each variation, the remote gateway field of the dialup server remote gateway configuration must be set to dialup user and all of the clients must have their remote gateway or equivalent set to the static IP address of the remote gateway server.

The following sections describe how to configure authentication on the server and clients for each of these variations.

A dialup user must use the same mode as the VPN dialup server.

For information about user groups, see Configuring user groups.

Main mode with no user group selected

In this configuration, the server and the clients use main mode for key exchange. A user group has not been added to the server dialup remote gateway. Clients authenticate with the server using their authentication keys.

Main mode without user group
Field		Server		Clients

User Group		None		None

Mode		Main (ID Protection)		Main (ID Protection)

Authentication Key The server and the clients must have the same authentication key.

Local ID

empty

empty

Main mode with a user group selected

In this configuration, the server and the clients use main mode for key exchange. A user group has been selected in the server dialup remote gateway. Clients authenticate with the server using their authentication keys. The client authentication key can be one of the following:

•The same as the server authentication key.

•A username and password in the user group added to the dialup server remote gateway. In this configuration, the clients pre-shared key must be formatted with a ` + ' between the user name and password ( username+password).

Main mode with a user group selected
Field		Server		Client configuration 1		Client configuration 2

User Group		Select a user group		N/A		N/A

Mode		Main (ID Protection)		Main (ID Protection)		Main (ID Protection)

Authentication Key Server authentication key Server authentication key username+password

Local ID

empty

empty

empty

Aggressive mode with no user group

In this configuration, the server and the clients use aggressive mode for key exchange. A user group has not been selected in the server dialup remote gateway. Clients authenticate with the server using their authentication keys.

DFL-500 User Manual	55

Image 55

D-Link DFL-500 user manual Main mode with no user group selected

Contents

Link DFL-500 Regulatory Compliance Table of Contents Firewall configuration IPSec VPNs Logging and reporting Page Introduction NAT/Route mode and Transparent modeNAT/Route mode Transparent mode For more information Customer service and technical supportDFL-500 QuickStart Guide DFL-500 CLI Reference Guide Getting started Package contentsMounting Powering on Connecting to the web-based manager Initial configuration DFL-500 login Connecting to the command line interface CLIBits per second Data bits Parity Next stepsStop bits Flow control Preparing to configure NAT/Route mode NAT/Route mode installationNAT/Route mode settings Reconnecting to the web-based manager Using the setup wizardUsing the command line interface Starting the setup wizard Set system route number 1 gw1 Connecting to your networks DFL-500 NPG network connections Configuring your internal networkCompleting the configuration Setting the date and time Transparent mode settings Administrator Password Transparent mode installationPreparing to configure Transparent mode Changing to Transparent mode Set system management ip 10.10.10.2 Configuring the Transparent mode management IP address Connecting to your network Setting the date and timeConfigure the Transparent mode default gateway DFL-500 network connections Default policy Firewall configuration Changing to NAT/Route mode Adding NAT/Route mode policiesGo to Firewall Policy VPN Tunnel Source Destination Schedule Service ActionAuthentication Dynamic IP Pool Fixed Port Web filter Content filtering Source Destination Schedule Service Adding Transparent mode policiesAdding a NAT/Route Int -Ext policy Log Traffic Authentication Web filter Adding a Transparent mode Int -Ext policy Configuring policy listsPolicy matching in detail Changing the order of policies in a policy list AddressesEnabling and disabling policies Adding a firewall address Adding addressesDeleting addresses Go to Firewall Address Adding an internal address group ServicesOrganizing addresses into address groups Go to Firewall Address Group Go to Firewall Service Custom Predefined servicesProviding access to custom services Grouping services Go to Firewall Schedule One-time Adding a service groupSchedules Creating one-time schedules Go to Firewall Schedule Recurring Virtual IPsCreating recurring schedules Adding a schedule to a policy Go to Firewall Virtual IP Adding static NAT virtual IPsStatic NAT Port Forwarding Adding a static NAT virtual IP Using port forwarding virtual IPs Source Adding policies with virtual IPsGo to Firewall Policy Ext Int Adding a Port Forwarding virtual IP Authentication Log Traffic Web filter Destination Schedule Service ActionIP pools Adding an IP Pool Go to Firewall IP/MAC Binding SettingIP/MAC binding Go to Firewall IP/MAC Binding Static IP/MAC Adding IP/MAC addresses Configuring IP/MAC binding for packets going to the firewall Go to Firewall IP/MAC Binding Dynamic IP/MAC IP/MAC settingsViewing the dynamic IP/MAC list Enabling IP/MAC binding Adding user names and configuring authentication Users and authenticationSetting authentication time out Adding user names and configuring authentication Deleting user names from the internal database DisableAdding a user name Deleting Radius servers Configuring Radius supportExample Radius configuration Adding Radius servers Adding user groups Configuring user groups Adding a user group Deleting user groups Interoperability with IPSec VPN products IPSec VPNs See Adding a remote gateway Configuring AutoIKE key IPSec VPN Configuring dialup VPN Configuring manual key IPSec VPNConfiguring a VPN concentrator for hub and spoke VPN Configuring the member VPNs Configuring the VPN concentrator Configuring IPSec redundancy Go to VPN Ipsec Remote Gateway Adding a remote gatewayLocal ID Nat-traversal Keepalive Frequency About dialup VPN authenticationAdding a remote gateway Dialup User selected Main mode with no user group selected Key About DH groupsAbout the P1 proposal Local ID Empty About NAT traversal Adding an AutoIKE key VPN tunnelGo to VPN Ipsec AutoIKE Key Adding an AutoIKE key VPN tunnel About the P2 proposalAbout replay detection Autokey Keep Alive Concentrator About perfect forward secrecy PFS Adding a manual key VPN tunnelGo to VPN Ipsec Manual Key Adding a manual key VPN tunnel Adding a VPN concentrator Adding a VPN concentrator Adding an encrypt policy Adding an encrypt policy Go to Firewall Policy Int-ExtVPN Tunnel Allow inbound Allow outbound Inbound Viewing VPN tunnel status Viewing dialup VPN connection status Testing a VPNAutoIKE key tunnel status Page Pptp and L2TP VPNs Pptp VPN configuration Go to VPN Pptp Pptp Range Configuring the DFL-500 NPG as a Pptp gatewayPptp VPN between a Windows client and the DFL-500 NPG Source Destination Service Action Example Pptp Range configuration L2TP VPN between a Windows client and the DFL-500 NPG L2TP VPN configurationConfiguring the DFL-500 NPG as an L2TP gateway Go to VPN L2TP L2TP Range Sample L2TP address range configuration Configuring content filtering Web content filteringEnabling web content Filtering Blocking web pages that contain unwanted content Clearing the banned word list Changing the content block messageBacking up and restoring the banned word list Configuring URL blocking Blocking access to URLsGo to Web Filter URL Block Uploading a URL block list Clearing the URL block listChanging the URL block message Downloading the URL block list Removing scripts from web pages Exempting URLs from content or URL blockingGo to Web Filter Script Filter Go to Web Filter Exempt URL Adding URLs to the Exempt URL ListClearing the Exempt URL list Downloading the Exempt URL list Uploading an Exempt URL list Recording logs on a remote computer Configuring LoggingGo to Log&Report Log setting Logging and reporting Example log settings Configuring alert emailSelecting what to log Go to System Network DNS Configuring alert email System status Administration Execute ping Upgrading the DFL-500 NPG firmware Enter Local Address Enter Tftp Server AddressEnter File Name image.out Displaying the DFL-500 NPG serial number Backing up system settingsRestoring system settings Restoring system settings to factory defaults Changing to Transparent mode Shutting down the DFL-500 NPG Restarting the DFL-500 NPGSystem status monitor Protocol From IP From Port To IP To Port Expire Clear Network configurationSystem status monitor CPU usage Memory usage Up time Total Number of Sessions Go to System Network Interface Configuring the internal interfaceConfiguring the external interface Configuring the internal interface Configuring the external interface with a static IP address Configuring the external interface Configuring the external interface for PPPoE Https Ping SSH Snmp Adding routing gateways Configuring routingConfiguring the management interface Transparent mode Setting DNS server addresses Adding routes to the routing table Adding a default routeGo to System Network Routing Table Go to System Network Routing Configuring the routing tableAdding routes Transparent mode Enabling RIP server support Starting IP Ending IP Netmask Lease Duration Domain Providing Dhcp services to your internal networkDefault Route Exclusion Range Go to System Network Dhcp Sample Dhcp settings System configurationExample Dynamic IP list Go to System Config Time Setting system date and timeExample date and time setting Read Write Only Adding and editing administrator accountsGo to System Config Admin Changing web-based manager options Go to System Config Snmp Configuring Snmp 100 101 Glossary 102 103 104 Index 105 CLI 106 Dhcp 107 Snmp 108 PFS 109 Transparent mode manual key Adding VPN tunnel IPSec VPN 110 NTP 111 Pptp 112 Smtp 113 VPN 114 IPSec VPN Remote Gateway user groups Deleting 115 116 Technical Support 117 Registration Card 118 119 Limited Warranty 120 121 122 Registration