Manuals / D-Link / Computer Equipment / Network Card

D-Link DFL-500 user manual Adding an encrypt policy, Adding a VPN concentrator

Models: DFL-500

1 122

Download 122 pages 7.35 Kb

Page 61

•Select OK to add the VPN concentrator.

Adding a VPN concentrator

Adding an encrypt policy

Add encrypt policies to connect users on your internal network to a VPN tunnel. Encrypt policies are always Int ->Ext policies. The source of the encrypt policy must be an address on your internal network. The destination of this policy must be the address of the network behind the remote DFL-500 NPG gateway.

The policy must also include the VPN tunnel that you created to communicate with the remote DFL-500 NPG VPN gateway. When users on your internal network attempt to connect to the internal network behind the remote DFL-500 NPG gateway, the encrypt policy intercepts the connection attempt and starts the VPN tunnel added to the policy. The tunnel uses the remote gateway added to its configuration to connect to the remote DFL-500 NPG VPN gateway and the DFL-500 NPGs use their remote gateway and VPN tunnel configurations to establish a VPN tunnel between them.

Using encrypt policies, you can control:

•the direction of traffic flow through the VPN,

•the addresses that can connect to the VPN tunnel.

The source and destination addresses that you specify when you add an encrypt policy identify the computers or networks that can connect using the VPN. Users connecting from either the source or destination address will be able to connect to the other address securely using VPN.

The destination address can be a VPN client address on the Internet or the address of a network behind a remote VPN gateway.

To add an encrypt policy:

•Add the source address for the policy.

The source address is an IP address on your internal network that can connect to the VPN. For information about adding addresses, see Adding addresses.

•Add the destination address for the policy.

DFL-500 User Manual	61

Image 61

D-Link DFL-500 user manual Adding an encrypt policy, Adding a VPN concentrator

Contents

Link DFL-500 Regulatory Compliance Table of Contents Firewall configuration IPSec VPNs Logging and reporting Page NAT/Route mode NAT/Route mode and Transparent modeTransparent mode IntroductionFor more information Customer service and technical supportDFL-500 QuickStart Guide DFL-500 CLI Reference Guide Getting started Package contentsMounting Powering on Connecting to the web-based manager Initial configurationDFL-500 login Connecting to the command line interface CLIBits per second Data bits Parity Next stepsStop bits Flow control Preparing to configure NAT/Route mode NAT/Route mode installationNAT/Route mode settings Using the command line interface Using the setup wizardStarting the setup wizard Reconnecting to the web-based managerSet system route number 1 gw1 Connecting to your networksCompleting the configuration Configuring your internal networkSetting the date and time DFL-500 NPG network connectionsPreparing to configure Transparent mode Transparent mode installationChanging to Transparent mode Transparent mode settings Administrator PasswordSet system management ip 10.10.10.2 Configuring the Transparent mode management IP addressConnecting to your network Setting the date and timeConfigure the Transparent mode default gateway DFL-500 network connections Default policy Firewall configurationChanging to NAT/Route mode Adding NAT/Route mode policiesGo to Firewall Policy Authentication Source Destination Schedule Service ActionDynamic IP Pool Fixed Port VPN TunnelWeb filter Content filteringSource Destination Schedule Service Adding Transparent mode policiesAdding a NAT/Route Int -Ext policy Log Traffic Authentication Web filter Adding a Transparent mode Int -Ext policy Configuring policy listsPolicy matching in detail Changing the order of policies in a policy list AddressesEnabling and disabling policies Deleting addresses Adding addressesGo to Firewall Address Adding a firewall addressOrganizing addresses into address groups ServicesGo to Firewall Address Group Adding an internal address groupProviding access to custom services Predefined servicesGrouping services Go to Firewall Service CustomSchedules Adding a service groupCreating one-time schedules Go to Firewall Schedule One-timeCreating recurring schedules Virtual IPsAdding a schedule to a policy Go to Firewall Schedule RecurringGo to Firewall Virtual IP Adding static NAT virtual IPsStatic NAT Port Forwarding Adding a static NAT virtual IP Using port forwarding virtual IPsGo to Firewall Policy Ext Int Adding policies with virtual IPsAdding a Port Forwarding virtual IP SourceAuthentication Log Traffic Web filter Destination Schedule Service ActionIP pools IP/MAC binding Go to Firewall IP/MAC Binding SettingGo to Firewall IP/MAC Binding Static IP/MAC Adding an IP PoolAdding IP/MAC addresses Configuring IP/MAC binding for packets going to the firewallViewing the dynamic IP/MAC list IP/MAC settingsEnabling IP/MAC binding Go to Firewall IP/MAC Binding Dynamic IP/MACSetting authentication time out Users and authenticationAdding user names and configuring authentication Adding user names and configuring authenticationDeleting user names from the internal database DisableAdding a user name Example Radius configuration Configuring Radius supportAdding Radius servers Deleting Radius serversAdding user groups Configuring user groupsAdding a user group Deleting user groupsInteroperability with IPSec VPN products IPSec VPNsSee Adding a remote gateway Configuring AutoIKE key IPSec VPNConfiguring dialup VPN Configuring manual key IPSec VPNConfiguring a VPN concentrator for hub and spoke VPN Configuring the member VPNs Configuring the VPN concentratorConfiguring IPSec redundancy Go to VPN Ipsec Remote Gateway Adding a remote gatewayLocal ID Nat-traversal Keepalive Frequency About dialup VPN authenticationAdding a remote gateway Dialup User selected Main mode with no user group selected About the P1 proposal About DH groupsLocal ID Empty KeyAbout NAT traversal Adding an AutoIKE key VPN tunnelGo to VPN Ipsec AutoIKE Key About replay detection About the P2 proposalAutokey Keep Alive Concentrator Adding an AutoIKE key VPN tunnelAbout perfect forward secrecy PFS Adding a manual key VPN tunnelGo to VPN Ipsec Manual Key Adding a manual key VPN tunnel Adding a VPN concentratorAdding a VPN concentrator Adding an encrypt policyAdding an encrypt policy Go to Firewall Policy Int-ExtVPN Tunnel Allow inbound Allow outbound Inbound Viewing VPN tunnel statusViewing dialup VPN connection status Testing a VPNAutoIKE key tunnel status Page Pptp and L2TP VPNs Pptp VPN configurationGo to VPN Pptp Pptp Range Configuring the DFL-500 NPG as a Pptp gatewayPptp VPN between a Windows client and the DFL-500 NPG Source Destination Service Action Example Pptp Range configurationConfiguring the DFL-500 NPG as an L2TP gateway L2TP VPN configurationGo to VPN L2TP L2TP Range L2TP VPN between a Windows client and the DFL-500 NPGSample L2TP address range configuration Enabling web content Filtering Web content filteringBlocking web pages that contain unwanted content Configuring content filteringClearing the banned word list Changing the content block messageBacking up and restoring the banned word list Configuring URL blocking Blocking access to URLsGo to Web Filter URL Block Changing the URL block message Clearing the URL block listDownloading the URL block list Uploading a URL block listRemoving scripts from web pages Exempting URLs from content or URL blockingGo to Web Filter Script Filter Clearing the Exempt URL list Adding URLs to the Exempt URL ListDownloading the Exempt URL list Go to Web Filter Exempt URLUploading an Exempt URL list Go to Log&Report Log setting Configuring LoggingLogging and reporting Recording logs on a remote computerExample log settings Configuring alert emailSelecting what to log Go to System Network DNS Configuring alert emailSystem status AdministrationExecute ping Upgrading the DFL-500 NPG firmwareEnter Local Address Enter Tftp Server AddressEnter File Name image.out Restoring system settings Backing up system settingsRestoring system settings to factory defaults Displaying the DFL-500 NPG serial numberChanging to Transparent mode Shutting down the DFL-500 NPG Restarting the DFL-500 NPGSystem status monitor System status monitor Network configurationCPU usage Memory usage Up time Total Number of Sessions Protocol From IP From Port To IP To Port Expire ClearConfiguring the external interface Configuring the internal interfaceConfiguring the internal interface Go to System Network InterfaceConfiguring the external interface with a static IP address Configuring the external interface Configuring the external interface for PPPoEHttps Ping SSH Snmp Configuring the management interface Transparent mode Configuring routingSetting DNS server addresses Adding routing gatewaysAdding routes to the routing table Adding a default routeGo to System Network Routing Table Adding routes Transparent mode Configuring the routing tableEnabling RIP server support Go to System Network RoutingDefault Route Exclusion Range Providing Dhcp services to your internal networkGo to System Network Dhcp Starting IP Ending IP Netmask Lease Duration DomainSample Dhcp settings System configurationExample Dynamic IP list Go to System Config Time Setting system date and timeExample date and time setting Go to System Config Admin Adding and editing administrator accountsChanging web-based manager options Read Write OnlyGo to System Config Snmp Configuring Snmp100 101 Glossary102 103 104 Index105 CLI106 Dhcp107 Snmp108 PFS109 Transparent mode manual key Adding VPN tunnel IPSec VPN110 NTP111 Pptp112 Smtp113 VPN114 IPSec VPN Remote Gateway user groups Deleting115 116 Technical Support117 Registration Card118 119 Limited Warranty120 121 122 Registration