Note: In this FAQ scenario the DFL-200/700/1100 is on 192.168.3.0/24 and the DFL-210/260/800/860/1600 is on 192.168.1.0/24.
Step 1: Open the web browser and type the IP address of the router in the address bar (default is 192.168.1.1) and press Enter.
Step 2: Click on the plus sign next to Objects and select Address Book.
Step 3: Click Add and select Address Folder from the drop-down menu.
Step 4: Enter a name as desired (IPSec_tunnels in this example) and click OK.
Step 5: Click Add and select IP Address from the dropdown menu.
Step 6: Configure the IP Address as followed:
• Name: Name as desired (remote_net in this example)
• IP Address: The network identifier of the DFL-200/700/1100 (192.168.3.0/24)
Click on OK.
Step 7: Configure the IP Address as followed:
• Name: Name as desired (remote_wan in this example)
• IP Address: The external WAN address of the DFL-200/700/1100
Click on OK.
Step 8: Click on the plus sign next to Authentication Objects and select Pre-Shared Keys.
Click on OK.
Step 9: Click on the plus sign next to Interfaces and select IPSec Tunnels.
Step 10: Click Add and select IPSec Tunnel from the dropdown menu.
Step 11: Configure the IPSec Tunnel as followed:
• Name: Name as desired (test in this example)
• Local Network: lannet
• Remote Network: remote_net (created in step 6)
• Remote Endpoint: remote_wan (created in step 7)
• Encapsulation Mode: Tunnel
• IKE Algorithms: High
• IKE Life Time: 28800 seconds
• IPSec Algorithms: High
• IPSec Life Time: 3600 seconds
Step 12: Click on the Authentication tab, select Pre-Shared Key and select the configured key (IPSec_PSK from step 8) from the drop-down menu.
Step 13: Click on the IKE Settings tab and configure as followed:
• IKE: Main
• IKE DH Group: 2
• PFS: PFS
• PFS DH Group: 2
• NAT Traversal: On if supported and NATed
Step 14: Click on the Keep-Alive Tab
• Keep-alive—Auto
Click on OK.
Step 15: Click on the plus sign next to Rules and then select IP Rules.
Step 16: Click on Add and then select IP Rule Folder from the dropdown menu.
Step 17: Enter a name as desired (IPSec_rules in this example) and then click on OK.
Step 18: Click on Add and select IP Rule from the dropdown menu.
Step 19: Create the IP Rule as followed:
• Name: Name as desired (fromIPSec in this example)
• Action: Allow
• Service: all_services
• Schedule: None
• Source interface: test (from step 11)
• Source network: remote_net (from step 6)
• Destination interface: lan
• Destination network: lannet
Tags: DFL-210, VPN connection
thanks for sharing. this very helpful such a great job!