Introduction to Pptp, Introduction to L2TP | D-Link DFL-700 specs

Introduction to PPTP

PPTP, Point-to-Point Tunneling Protocol, is used to provide IP security at the network layer.

A PPTP based VPN is made up by these parts:

•Point-to-Point Protocol (PPP)

•Authentication Protocols (PAP, CHAP, MS-CHAP v1, MS-CHAP v2)

•Microsoft Point-To-Point Encryption (MPPE)

•Generic Routing Encapsulation (GRE)

PPTP uses TCP port 1723 for it's control connection and uses GRE (IP protocol 47) for the PPP data. PPTP supports data encryption by using MPPE.

Introduction to L2TP

L2TP, Layer 2 Tunneling Protocol, is used to provide IP security at the network layer.

An L2TP based VPN is made up by these parts:

•Point-to-Point Protocol (PPP)

•Authentication Protocols (PAP, CHAP, MS-CHAP v1, MS-CHAP v2)

•Microsoft Point-To-Point Encryption (MPPE)

L2TP uses UDP to transport the PPP data, this is often encapsulated in IPSec for encryption instead of using MPPE.

Point-to-Point Protocol

PPP(Point-to-Point Protocol) is a standard for transporting datagram’s over point-to-point links. It is used to encapsulate IP packets for transport between two peers.

PPPconsists of these three components:

•Link Control Protocols (LCP), to negotiate parameters, test and establish the link.

•Network Control Protocol (NCP), to establish and negotiate different network layer protocols (DFL-700 only supports IP)

•Data encapsulation, to encapsulate datagram’s over the link.

To establish a PPP tunnel, both sides send LCP frames to negotiate parameters and test the data link. If authentication is used, at least one of the peers has to authenticate itself before the network layer protocol parameters can be negotiated using NCP. During the LCP and NCP negotiation optional parameters such as encryption, can be negotiated. When LCP and NCP negotiation is done, IP datagram’s can be sent over the link.

48

Image 48

D-Link DFL-700 manual Introduction to Pptp, Introduction to L2TP, Point-to-Point Protocol

Contents

Link DFL-700 Contents Firewall Servers Status 129 132 Features and Benefits Access Control supportedIntroduction Introduction to Firewalls Introduction to Local Area Networking LEDs Physical Connections Package Contents System Requirements Resetting the DFL700 Managing D-Link DFL-700 Administration Settings Administrative Access Add ping access to an interface Add Admin access to an interface Add Read-only access to an interface Enable Snmp access to an interface System InterfacesChange IP of the LAN or DMZ interface WAN Interface Settings Using Static IP WAN Interface Settings Using DhcpIP Address The IP address of the WAN interface. This is WAN Interface Settings Using PPPoE Password WAN Interface Settings Using Pptp WAN Interface Settings Using BigPond Password The password supplied to you by your ISPTraffic Shaping MTU Configuration Routing Add a new Static Route Remove a Static RouteGo to System and Routing Logging Enable Logging Enable Audit LoggingEnable E-mail alerting for ISD/IDP events Page Time Using NTP to sync time Setting time and date manuallyChanging time zone Checking the Set the system time box Firewall PolicyPolicy modes Action Types Service Filter Source and Destination FilterSchedule Intrusion Detection / Prevention Traffic Shaping Add a new policy Configure Intrusion Detection Enable the Delete policy checkboxEnable the Intrusion Detection / Prevention checkbox Change order of policy Configure Intrusion Prevention Port mapping / Virtual Servers Add a new mapping Enable the Delete mapping checkbox Delete mapping Administrative users Add Administrative User Change Administrative User Access level Change Administrative User PasswordEnable the Change password checkbox Delete Administrative User Enable the Delete user checkbox Users DFL-700 Radius Support Enable User Authentication via Http / Https Enable Radius Support Change User Password Add User Delete User Schedules Add new recurring schedule Services Adding TCP, UDP or TCP/UDP Service Grouping Services Adding IP Protocol Protocol-independent settings VPN Introduction to IPsec Introduction to Pptp Introduction to L2TPPoint-to-Point Protocol Authentication Protocols MPPE, Microsoft Point-To-Point Encryption Authentication protocol L2TP/PPTP Clients Authentication Protocol Introduction chapter L2TP/PPTP Servers Mppe encryption VPN between two networks Creating a LAN-to-LAN IPSec VPN Tunnel VPN between client and an internal network Creating a Roaming Users IPSec VPN Tunnel Adding a L2TP/PPTP VPN Client Adding a L2TP/PPTP VPN Server VPN Advanced Settings Proposal Lists IKE Proposal ListIPSec Proposal List Certificates Trusting CertificatesLocal identities Certificates of remote peers Certificate Authorities Identities Content Filtering Active content handling Edit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Dhcp Server Settings Servers Enable Dhcp Server Enable Dhcp RelayDisable Dhcp Server/Relayer Enable by checking the Use built-in Dhcp Server box DNS Relayer Settings Enable DNS RelayerEnable by checking the Enable DNS Relayer box Disable DNS Relayer Tools PingPing Example Add Dynamic DNS Settings Dynamic DNS Backup Exporting the DFL-700’s ConfigurationRestoring the DFL-700’s Configuration Restart/Reset Restoring system settings to factory defaultsRestarting the DFL-700 Page Upgrade Upgrade FirmwareUpgrade IDS Signature-database Status SystemCPU Load Interfaces VPN Connections Dhcp Server Users How to read the logs Usage eventsDrop events Conn events Open Example Close Example Step by step guides LAN-to-LAN VPN using IPsec LAN IP 192.168.4.1, Subnet maskLocal net 192.168.4.0/24 Enable Automatically add a route for the remote network Remote Net 192.168.1.0/24 LAN IP 192.168.1.1, Subnet mask Local net 192.168.1.0/24 Remote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Activate and wait for the firewall to restart Settings for Main office Page Select Local database Under Users in local database click Add newPage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Settings for Main office Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Settings for the Windows XP client Windows XP client and Pptp server Select Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 108 Select Do not dial the initial connection and click Next Page Click Properties Page Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Windows XP client and L2TP server 116 Settings for Main office Page Content filtering Firewall-Services Select HTTP/HTML Content Filtering in the ALG dropdownPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Limit bandwidth to a service Traffic shaping Guarantee bandwidth to a service Page Appendixes Appendix a Icmp Types and CodesPage Appendix B Common IP Protocol Numbers ESP Limited Warranty What Is Not Covered Wichtige Sicherheitshinweise CE Mark Warning WarnungAdvertencia de Marca de la CE Attenzione Vcci Warning Offices 138 Page 140