VPN Advanced Settings | D-Link DFL-700 instruction

VPN – Advanced Settings

Advanced settings for a VPN tunnel is used when one need change some characteristics of the tunnel when using for example trying to connect to a third party VPN Gateway. The different settings to set per tunnel is the following:

Limit MTU

Whit this setting it’s possible to limit the MTU (Max Transferable Unit) of the VPN tunnel.

IKE Mode

Specify if Main mode IKE or Aggressive Mode IKE should be used when establishing outbound VPN Tunnels. Inbound main mode connections will always be allowed. Inbound aggressive mode connections will only be allowed if this setting is set to aggressive mode.

IKE DH Group

Here it’s possible to configure the Diffie-Hellman group to 1 (modp 768-bit), 2 (modp 1024- bit) or 5 (modp 1536-bit).

PFS – Perfect Forward Secrecy

If PFS, Perfect Forwarding Secrecy, is enabled, a new Diffie-Hellman exchange is performed for each phase-2 negotiation. While this is slower, it makes sure that no keys are dependent on any other previously used keys; no keys are extracted from the same initial keying material. This is to make sure that, in the unlikely event that some key was compromised; no subsequent keys can be derived.

NAT Traversal

Here it’s possible to configure how the NAT Traversal code should behave.

Disabled - The firewall does not send the Vendor ID's that include NAT-T support when setting up the tunnel.

On if supported and need NAT - Will only use NAT-T if one of the VPN gateways is NATed.

On if supported - Always tries to use NAT-T when setting up the tunnel.

Keepalives

No keepalives – Keep-alive is disabled.

Automatic keepalives - The firewall will send ICMP pings to IP Addresses automatically discovered from the VPN Tunnel settings.

Manually configured IP addresses - Configure the source and destination IP addresses used when sending the ICMP pings

56

Image 56

D-Link DFL-700 manual VPN Advanced Settings

Contents

Link DFL-700 Contents Firewall Servers Status 129 132 Features and Benefits Access Control supportedIntroduction Introduction to Firewalls Introduction to Local Area Networking LEDs Physical Connections Package Contents System Requirements Resetting the DFL700 Managing D-Link DFL-700 Administration Settings Administrative Access Add ping access to an interface Add Admin access to an interface Add Read-only access to an interface Enable Snmp access to an interface Change IP of the LAN or DMZ interface SystemInterfaces IP Address The IP address of the WAN interface. This is WAN Interface Settings Using Static IPWAN Interface Settings Using Dhcp WAN Interface Settings Using PPPoE Password WAN Interface Settings Using Pptp Traffic Shaping WAN Interface Settings Using BigPondPassword The password supplied to you by your ISP MTU Configuration Routing Go to System and Routing Add a new Static RouteRemove a Static Route Logging Enable E-mail alerting for ISD/IDP events Enable LoggingEnable Audit Logging Page Time Using NTP to sync time Setting time and date manuallyChanging time zone Checking the Set the system time box Firewall PolicyPolicy modes Action Types Service Filter Source and Destination FilterSchedule Intrusion Detection / Prevention Traffic Shaping Add a new policy Configure Intrusion Detection Enable the Delete policy checkboxEnable the Intrusion Detection / Prevention checkbox Change order of policy Configure Intrusion Prevention Port mapping / Virtual Servers Add a new mapping Enable the Delete mapping checkbox Delete mapping Administrative users Add Administrative User Enable the Change password checkbox Change Administrative User Access levelChange Administrative User Password Delete Administrative User Enable the Delete user checkbox Users DFL-700 Radius Support Enable User Authentication via Http / Https Enable Radius Support Change User Password Add User Delete User Schedules Add new recurring schedule Services Adding TCP, UDP or TCP/UDP Service Grouping Services Adding IP Protocol Protocol-independent settings VPN Introduction to IPsec Point-to-Point Protocol Introduction to PptpIntroduction to L2TP Authentication Protocols MPPE, Microsoft Point-To-Point Encryption Authentication protocol L2TP/PPTP Clients Authentication Protocol Introduction chapter L2TP/PPTP Servers Mppe encryption VPN between two networks Creating a LAN-to-LAN IPSec VPN Tunnel VPN between client and an internal network Creating a Roaming Users IPSec VPN Tunnel Adding a L2TP/PPTP VPN Client Adding a L2TP/PPTP VPN Server VPN Advanced Settings IPSec Proposal List Proposal ListsIKE Proposal List Certificates Trusting CertificatesLocal identities Certificates of remote peers Certificate Authorities Identities Content Filtering Active content handling Edit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Dhcp Server Settings Servers Enable Dhcp Server Enable Dhcp RelayDisable Dhcp Server/Relayer Enable by checking the Use built-in Dhcp Server box Enable by checking the Enable DNS Relayer box DNS Relayer SettingsEnable DNS Relayer Disable DNS Relayer Ping Example ToolsPing Add Dynamic DNS Settings Dynamic DNS Restoring the DFL-700’s Configuration BackupExporting the DFL-700’s Configuration Restarting the DFL-700 Restart/ResetRestoring system settings to factory defaults Page Upgrade IDS Signature-database UpgradeUpgrade Firmware CPU Load StatusSystem Interfaces VPN Connections Dhcp Server Users How to read the logs Usage eventsDrop events Conn events Open Example Close Example Step by step guides Local net 192.168.4.0/24 LAN-to-LAN VPN using IPsecLAN IP 192.168.4.1, Subnet mask Enable Automatically add a route for the remote network Remote Net 192.168.1.0/24 LAN IP 192.168.1.1, Subnet mask Local net 192.168.1.0/24 Remote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Activate and wait for the firewall to restart Settings for Main office Page Select Local database Under Users in local database click Add newPage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Settings for Main office Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Settings for the Windows XP client Windows XP client and Pptp server Select Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 108 Select Do not dial the initial connection and click Next Page Click Properties Page Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Windows XP client and L2TP server 116 Settings for Main office Page Content filtering Firewall-Services Select HTTP/HTML Content Filtering in the ALG dropdownPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Limit bandwidth to a service Traffic shaping Guarantee bandwidth to a service Page Appendixes Appendix a Icmp Types and CodesPage Appendix B Common IP Protocol Numbers ESP Limited Warranty What Is Not Covered Wichtige Sicherheitshinweise CE Mark Warning WarnungAdvertencia de Marca de la CE Attenzione Vcci Warning Offices 138 Page 140