Manuals / D-Link / Computer Equipment / Network Card

D-Link DFL-700 manual Vpn, Introduction to IPsec

Models: DFL-700

1 141

Download 141 pages 4.85 Kb

Page 47

VPN

Introduction to IPsec

This chapter introduces IPsec, the method, or rather set of methods used to provide VPN functionality. IPSec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering Task Force, to provide IP security at the network layer.

An IPsec based VPN, such as DFL-700 VPN, is made up by two parts:

•Internet Key Exchange protocol (IKE)

•IPSec protocols (ESP)

The first part, IKE, is the initial negotiation phase, where the two VPN endpoints agree on which methods will be used to provide security for the underlying IP traffic. Furthermore, IKE is used to manage connections, by defining a set of Security Associations, SAs, for each connection. SAs are unidirectional, so there will be at least two SAs per IPSec connection. The other part is the actual IP data being transferred, using the encryption and authentication methods agreed upon in the IKE negotiation. This can be accomplished in a number of ways; by using the IPSec protocol ESP.

To set up a Virtual Private Network (VPN), you do not need to configure an Access Policy to enable encryption. Just fill in the following settings: VPN Name, Source Subnet (Local Net), Destination Gateway (If LAN-to-LAN), Destination Subnet (If LAN-to-LAN) and Authentication Method (Pre-shared key or Certificate). The firewalls on both ends must use the same Pre- shared key or set of Certificates and IPSec lifetime to make a VPN connection.

Image 47

D-Link DFL-700 manual Vpn, Introduction to IPsec

Contents

Link DFL-700 Contents Firewall Servers Status 132 129Introduction to Firewalls Features and BenefitsAccess Control supported IntroductionIntroduction to Local Area Networking Physical Connections LEDsSystem Requirements Package ContentsManaging D-Link DFL-700 Resetting the DFL700Administrative Access Administration SettingsAdd Admin access to an interface Add ping access to an interfaceEnable Snmp access to an interface Add Read-only access to an interfaceChange IP of the LAN or DMZ interface SystemInterfaces IP Address The IP address of the WAN interface. This is WAN Interface Settings Using Static IPWAN Interface Settings Using Dhcp Password WAN Interface Settings Using PPPoEWAN Interface Settings Using Pptp Traffic Shaping WAN Interface Settings Using BigPondPassword The password supplied to you by your ISP MTU Configuration Routing Go to System and Routing Add a new Static RouteRemove a Static Route Logging Enable E-mail alerting for ISD/IDP events Enable LoggingEnable Audit Logging Page Time Checking the Set the system time box Using NTP to sync timeSetting time and date manually Changing time zoneAction Types FirewallPolicy Policy modesIntrusion Detection / Prevention Service FilterSource and Destination Filter ScheduleTraffic Shaping Add a new policy Change order of policy Configure Intrusion DetectionEnable the Delete policy checkbox Enable the Intrusion Detection / Prevention checkboxConfigure Intrusion Prevention Add a new mapping Port mapping / Virtual ServersDelete mapping Enable the Delete mapping checkboxAdd Administrative User Administrative usersEnable the Change password checkbox Change Administrative User Access levelChange Administrative User Password Enable the Delete user checkbox Delete Administrative UserDFL-700 Radius Support UsersEnable Radius Support Enable User Authentication via Http / HttpsAdd User Change User PasswordDelete User Add new recurring schedule SchedulesAdding TCP, UDP or TCP/UDP Service ServicesAdding IP Protocol Grouping ServicesProtocol-independent settings Introduction to IPsec VPNPoint-to-Point Protocol Introduction to PptpIntroduction to L2TP MPPE, Microsoft Point-To-Point Encryption Authentication ProtocolsL2TP/PPTP Clients Authentication protocolL2TP/PPTP Servers Authentication Protocol Introduction chapterMppe encryption Creating a LAN-to-LAN IPSec VPN Tunnel VPN between two networksCreating a Roaming Users IPSec VPN Tunnel VPN between client and an internal networkAdding a L2TP/PPTP VPN Server Adding a L2TP/PPTP VPN ClientVPN Advanced Settings IPSec Proposal List Proposal ListsIKE Proposal List Certificates of remote peers CertificatesTrusting Certificates Local identitiesIdentities Certificate AuthoritiesActive content handling Content FilteringEdit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Servers Dhcp Server SettingsEnable by checking the Use built-in Dhcp Server box Enable Dhcp ServerEnable Dhcp Relay Disable Dhcp Server/RelayerEnable by checking the Enable DNS Relayer box DNS Relayer SettingsEnable DNS Relayer Disable DNS Relayer Ping Example ToolsPing Dynamic DNS Add Dynamic DNS SettingsRestoring the DFL-700’s Configuration BackupExporting the DFL-700’s Configuration Restarting the DFL-700 Restart/ResetRestoring system settings to factory defaults Page Upgrade IDS Signature-database UpgradeUpgrade Firmware CPU Load StatusSystem Interfaces VPN Connections Dhcp Server Users Conn events How to read the logsUsage events Drop eventsClose Example Open ExampleStep by step guides Local net 192.168.4.0/24 LAN-to-LAN VPN using IPsecLAN IP 192.168.4.1, Subnet mask Remote Net 192.168.1.0/24 Enable Automatically add a route for the remote networkLocal net 192.168.1.0/24 LAN IP 192.168.1.1, Subnet maskRemote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Activate and wait for the firewall to restart Settings for Main office Page Under Users in local database click Add new Select Local databasePage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Settings for Main office Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Windows XP client and Pptp server Settings for the Windows XP clientSelect Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 108 Select Do not dial the initial connection and click Next Page Click Properties Page Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Windows XP client and L2TP server 116 Settings for Main office Page Content filtering Select HTTP/HTML Content Filtering in the ALG dropdown Firewall-ServicesPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Traffic shaping Limit bandwidth to a serviceGuarantee bandwidth to a service Page Appendix a Icmp Types and Codes AppendixesPage ESP Appendix B Common IP Protocol NumbersLimited Warranty What Is Not Covered Wichtige Sicherheitshinweise Attenzione CE Mark WarningWarnung Advertencia de Marca de la CEVcci Warning Offices 138 Page 140