D-Link DRO-210i 11.8 QoS

Frequently Asked Questions

Dlink DRO-210i User Guide 77

Ans: No. VPN provides security b y encrypting and decrypting data that passes through a

VPN connection; it does not offer protection from viruses.

Q28. How should I configure my VPN Tunnel to ensure maximum security?

Ans: Configure the VPN Tunnel in the following manner to ensure maximum security:

 In Phase 1 Proposal, use Main Mode instead of Aggressive Mode, because Main

Mode has more messages to ensure secure exchange of encryption keys.

 In Phase 2 Proposal, use ESP IPSec Operation instead of AH, because ESP

encrypts the traffic unlike AH. And use ESP Transform of AES or 3DES

algorithms since they are more secure.

 In both Phase 1 and Phase 2, use DH Group/PFS Mode of Group 2 because it

uses a 1024-bit prime number, which is longer than the 768-bit prime number

used by Group 1.

Q29. What are the different IPSec VPN solutions that have been tested with the DRO-

2XX products?

Ans: For the pu rpose of site-to-site VPN connectivity, the DRO-2XX has been tested &

interoperating successfully with DFW-100i (Powered by Intoto’s VPN implementation),

OpenSwan (formerly called FreeSwan) and DFL series of routers.

For the purpose of secure remote access (i.e. Server Tunnels for Roaming Users), the

product has been tested & interoperates successfully with SafeNet SoftRemote VPN

client and D-Link VPN client.

Q30. What is the maximum number of VPN Tunnels supported by the router?

Ans: The router supports up to 32 VPN Tunnels. This includes both Peer-To-Peer as well

as Roaming User Tunnels.

11.8 QoS

Q31. I have a ISP Connection with 128kbps upstream bandwidth. And I want to ensure

that my email traffic is always guaranteed atleast 50 kbps. How can I do this?

Ans: Configure QoS on the WAN Interface in the following manner:

 Add a HTB Root Node with interface bandwidth as 128kbps. Set the Default

Class ID as 3.

 Add a HTB Class Node (for Email Traffic) with Priority 0, Guaranteed Rate

50kbps, Maximum Rate 128kbps, Parent ID 1 and Class ID 2.

 Add another HTB Class Node (for all other traffic) with Priority 1, Guaranteed

Rate 78kbps, Maximum Rate 128kbps, Parent ID 1 and Class ID 3.

 Add a HTB Filter on th e corresponding WAN interface for Email Traffic. The

Protocol and Destination Port Number should correspond to the Email Protocol

and set the Class ID as 2.