Apr 05

System Requirements:

IE 10 64bit

Windows 7 SP1 or Higher

Java 64 Bit

Microsoft Visual C++ 2005 (64bit)

Browser Configuration: Enter IE10 – Tools – Internet Options – Advanced Tab

establish SSL VPN tunnel to D-Link DSR Series

And Enable Enhanced Protected Mode* and Enable Smart Filter. Whilst inside Internet Options – Go to Security – Trusted sites and Enable Protected Mode the click on Sites.

124

Add the WAN IP of the device here (for example: https://111.250.29.140)

establish SSL VPN tunnel to D-Link DSR Series_1

Click Close. The next step is to configure the Account Control Settings.

establish SSL VPN tunnel to D-Link DSR Series_2

Click on Change User Account Control settings and configure as follows:

establish SSL VPN tunnel to D-Link DSR Series_3

When you click on OK, you will be presented with the following message:

establish SSL VPN tunnel to D-Link DSR Series_4

Before continuing with the SSL VPN tunnel ALL of the above must be installed and configured.

When all complete follow these instructions:

1. Open a browser and access the portal for SSL VPN tunnel

2.Accept the warning for this certificate.

3. Enter Login credentials

121

4. Click on VPN Tunnel tab

1212

5. Click on the icon to begin the connection. You will be presented with a message regarding User Accounts.

Click yes to accept changes. You should see the below message briefly whilst authentication and connection is being made.

When connection has been established you will be presented with the following screen.

1111

You are able make a further check for connectivity by right clicking on SSL VPN Tunnel icon in the taskbar.

11111

Tags: , ,

Apr 05

Network Configuration:

This setup consists of separating two networks by the creating two VLANS on the DSR Series Service Router. This example will use the following setup:

Network 1 – 192.168.10.0 /24 – Default

Network 2 – 192.168.20.0 /24 – VLAN20

Step 1 – Enter the web GUI interface of the DSR using its IP address in a web browser. In our example we have used the IP address of 192.168.10.1

DSR_Series_FW2_How_to_setup_Two_VLANS1

Accept any certificate warnings you may see, this is perfectly normal and safe

Step 2 – You should then be presented with the login page

DSR_Series_FW2_How_to_setup_Two_VLANS2

Username: admin

Password: admin

Click “Login”

Step 3 – Click on the following options to setup VLANS

Network > VLAN > VLAN Settings

DSR_Series_FW2_How_to_setup_Two_VLANS3

Step 4 – Here you must firstly enable VLAN then click “Save”

DSR_Series_FW2_How_to_setup_Two_VLANS4

Step 5 – Once saved, click “Add New VLAN”

DSR_Series_FW2_How_to_setup_Two_VLANS5

VLAN IP: 20
Name: VLAN20
Capital Portal: Off
Activate InterVLAN Routing: Off
(InterVLAN Routing can stay “Off” this way there is no way that both networks will see each other
Multi VLAN Subnet: 192.168.20.1
Subnet Mask: 255.255.255.0

Step 5 – Click on the option “DHCP Server”

DSR_Series_FW2_How_to_setup_Two_VLANS6

Domain Name:
DHCP_VLAN20

Starting IP Address: 192.168.20.2

Ending IP Address: 192.168.20.254

Default Gateway: 192.168.20.1

Primary DNS Server: 8.8.8.8

Secondary DNS Server: 8.8.4.4.

Lease Time: 24

LAN Proxy: On (Default)

If you have a DHCP available for this new subnet, then click “DHCP Relay” and configure according to this network requirements. Once done, click “Save”

Within our example, we have used VLANID 20 for network 192.168.20.0/24. After clicking on “Save” our second VLAN will have been created

DSR_Series_FW2_How_to_setup_Two_VLANS7

Step 6 – The next step is to associate the VLAN with a port or certain ports. We will associate with Port 4

DSR_Series_FW2_How_to_setup_Two_VLANS8

Network > VLAN > Port VLAN

DSR_Series_FW2_How_to_setup_Two_VLANS9

Step 7
– In our example we are going to associate VLAN20 to Port 4. To do this, place the mouse over Port 4 and Right-Click then click on “Edit”

DSR_Series_FW2_How_to_setup_Two_VLANS10

Step 8 – Once clicked on “Edit”, we will need to select “Mode” as “Access” with a PVID 20 (Step 5)

DSR_Series_FW2_How_to_setup_Two_VLANS11

Once done, click on “Save”

DSR_Series_FW2_How_to_setup_Two_VLANS12

NOTE: If you intend to connect a non-manageable switch to port 4 which doesn’t support VLANS then the mode “Access” is correct.

However, if you are planning to connect a manageable switch that does understand VLANS then you will need to select “Trunk” and VLAN Membership 20

DSR_Series_FW2_How_to_setup_Two_VLANS13

Tags: ,

Apr 02

How to Setup VPN IPsec Between D-Link DSR-Series FW.2.x

Step 1 – Setup WAN port setup DSR1

Network > WAN1 Settings

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_1-1

Step 2 – Here you will need to select the ISP Connection Type

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_2

Wan1 Setup:

Connection Type: Static IP (In our example it was set as static)

IP Address: 1.1.1.1

IP Subnet Mask: 255.0.0.0

Domain Name System (DNS) Servers

Primary DNS Server: 8.8.8.8 (Google DNS)

Secondary DNS Server: 8.8.4.4 (Google DNS)

Click on “Save

Step 3 – Setup LAN Configuration DSR1

Network > LAN Settings

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_3

Step 4 – Enter an IP address for the LAN interface and DHCP Server

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_4

In our example we have given the IP: 192.168.10.1

IP Address Setup:

IP Address: 192.168.10.1

Subnet Mask: 255.255.255.0

DHCP Setup:

DHCP Mode: DHCP Server

Starting IP Address: 192.168.10.2

Ending IP Address: 192.168.10.254

Default Gateway: 192.168.10.1

Click on “Save

Step 4 – Setup WAN port setup DSR2

Network > WAN1 Settings

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_1

Step 5 – Here you will need to select the ISP Connection Type

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_2-1

Wan1 Setup:

Connection Type: Static IP (In our example it was set as static)

IP Address: 1.1.1.1

IP Subnet Mask: 255.0.0.0

Domain Name System (DNS) Servers

Primary DNS Server: 8.8.8.8 (Google DNS)

Secondary DNS Server: 8.8.4.4 (Google DNS)

Click on “Save

Step 6 – Setup LAN Configuration DSR2

Network > LAN Settings

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_5

Step 7 – Enter an IP address for the LAN interface and DHCP Server

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_6

In our example we have given the IP: 192.168.10.1

IP Address Setup:

IP Address: 192.168.20.1

Subnet Mask: 255.255.255.0

DHCP Setup:

DHCP Mode: DHCP Server

Starting IP Address: 192.168.20.2

Ending IP Address: 192.168.20.254

Default Gateway: 192.168.20.1

Click on “Save

VPN IPsec Setup – DSR1:

Step 8 – You will now need to setup an IPsec Policy

VPN > Policies

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_7

Step 9 – Click “Add New IPSec Policy” to configure a new IPsec Policy

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_8

IPSec Policy Configuration

General

Policy Name: VPN1

Policy Name: Auto Policy

IP Protocol Version: IPv4

IKE Version: IKEv1

L2TP Version: None

IPSec Model        Tunnel Model

Select Local Gateway: Dedicated WAN

Remote Endpoint: 2.2.2.2

Enable DHCP: Off

Local IP: Subnet

Local Start IP Address: 192.168.10.1 (LAN IP Address of DSR1)

Local Subnet Mask: 255.255.255.0

Remote IP: Subnet

Remote Start IP Address: 192.168.20.1

Remote Subnet Mask: 255.255.255.0

Enable Keepalive: Off

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_9

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_10
Phase 1 (IKE SA Parameters)

Exchange Mode: Main

Direction Type: Both

Nat traversal: On

NAT Keep Alive Frequency: 20

Remote Identifier Type: Local Wan IP

Remote Identifier Type: Remote Wan IP

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_11

Encryption Algorithm

DES: On                                 3DES: On

AES-128: On                        AES-192: On

AES-256: On

BLOWFISH: Off

CAST128: Off

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_12

Authentication Algorithm

MD5: On                                SHA-1: On

SHA2-256: Off                     SHA2-384: Off

SHA2-512: Off

Authentication Method: Pre-Shared Key

Pre-Shared Key: sharedkey

Diffie-Hellman (DH) Group: Group: Group 2 (1024 bit)

SA-Lifetime: 28800

Enable Dead Peer Detection: Off

Extended Authentication: None

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_13

Phase2 – (Auto Policy Parameters)

SA Lifetime: 3600  Seconds

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_14

Encryption Algorithm

DES: On                                 None: Off

3DES: On                              AES-128: On

AES-192: On                        AES-256: On

TWOFISH (128): Off          TWOFISH (192): Off

TWOFISH (256): Off

BLOWFISH: Off

CAST128: Off

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_12-1

Integrity Algorithm

MD5: On                                SHA1: On

SHA2-224: Off                     SHA2-256: Off

SHA2-384: Off                     SHA2-512: Off

PFS Key Group: Off

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_15

Click “Save
VPN IPsec Setup – DSR2:

Step 10 – You will now need to setup an IPsec Policy for the second DSR

VPN > Policies

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_7-1
Step 11 – Click “Add New IPSec Policy” to configure a new IPsec Policy
DSR_Series_FW2_How_to_setup_VPN_IPsec_between_17

IPSec Policy Configuration

General

Policy Name: VPN2

Policy Name: Auto Policy

IP Protocol Version: IPv4

IKE Version: IKEv1

L2TP Version: None

IPSec Model        Tunnel Model

Select Local Gateway: Dedicated WAN

Remote Endpoint: 2.2.2.2

Enable DHCP: Off

Local IP: Subnet

Local Start IP Address: 192.168.10.1 (LAN IP Address of DSR1)

Local Subnet Mask: 255.255.255.0

Remote IP: Subnet

Remote Start IP Address: 192.168.20.1

Remote Subnet Mask: 255.255.255.0

Enable Keepalive: Off

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_18

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_19

Phase 1 (IKE SA Parameters)

Exchange Mode: Main

Direction Type: Both

Nat traversal: On

NAT Keep Alive Frequency: 20

Remote Identifier Type: Local Wan IP

Remote Identifier Type: Remote Wan IP

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_11-1

Encryption Algorithm

DES: On                                 3DES: On

AES-128: On                        AES-192: On

AES-256: On

BLOWFISH: Off

CAST128: Off

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_12-3

Authentication Algorithm

MD5: On                                SHA-1: On

SHA2-256: Off                     SHA2-384: Off

SHA2-512: Off

Authentication Method: Pre-Shared Key

Pre-Shared Key: sharedkey

Diffie-Hellman (DH) Group: Group: Group 2 (1024 bit)

SA-Lifetime: 28800

Enable Dead Peer Detection: Off

Extended Authentication: None

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_12-2

Phase2 – (Auto Policy Parameters)

SA Lifetime: 3600  Seconds

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_14-1

Encryption Algorithm

DES: On                                 None: Off

3DES: On                              AES-128: On

AES-192: On                        AES-256: On

TWOFISH (128): Off          TWOFISH (192): Off

TWOFISH (256): Off

BLOWFISH: Off

CAST128: Off

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_12-4

Integrity Algorithm

MD5: On                                SHA1: On

SHA2-224: Off                     SHA2-256: Off

SHA2-384: Off                     SHA2-512: Off

PFS Key Group: Off

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_15-1

Click “Save

Step 12 – To view if the VPN connection has been established

STATUS > Active VPNs

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_20

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_21
Step 13 – If you see “IPsec SA Not Established”, Right-Click on a record then click “Connect

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_22

Tags: ,

Apr 02

Information:                       

The use of load balancing with multiple WAN links can provide simultaneous outbound traffic efficiency and optimizing bandwidth. The following is a typical scenario of load balancing that involves all Internet traffic and can dynamically share the WAN links RoundRobin Algorithm.

DSR_how_to_setup_load_balancing_with_multiple_wan_links_FW_21

Step 1 – Login to the DSR using its IP address

DSR_how_to_setup_load_balancing_with_multiple_wan_links_FW_22

Network > WAN Mode

DSR_how_to_setup_load_balancing_with_multiple_wan_links_FW_23

Step 2 – Select “Load Balancing” from the drop-down list and select “Round Robin

DSR_how_to_setup_load_balancing_with_multiple_wan_links_FW_24

Round Robin:

This is when the new Internet connections alternate between WANs available.

Spillover:

This will use a single WAN link for all connections up until the maximum bandwidth limit (pre-configured) has been reached. After that the other WAN link is used for the new connections

Step 3 – For the DSR to check the status of connections WANs have three options to configure WAN health check. They are as follows:

DSR_how_to_setup_load_balancing_with_multiple_wan_links_FW_25

  • WAN DNS Servers (This will use the DNS servers configured in the WAN)
  • DNS Servers (This allows you to enter the addresses you want to use)
  • PingThese IP Addresses (This allows you to enter the public IP address you want)

Once you have selected the verification mode, click “Save

DSR_how_to_setup_load_balancing_with_multiple_wan_links_FW_26

Note:

Binding Protocol – Network > Routing > Protocol Binding

DSR_how_to_setup_load_balancing_with_multiple_wan_links_FW_27

This is a key component with regards to “Load Balancing”.

This protocol allows a specific service to be associated with one of the available WAN links.

A description of this can be seen below:

  • Service: The user specifies the service name (choosing from the list of predefined or custom services). Custom services can be configured in the Firewall Menu – Security > Firewall > Custom Services

DSR_how_to_setup_load_balancing_with_multiple_wan_links_FW_28

 

  • Local Gateway: You can assign a specific WAN link to the service configured above
  • Source Network: The user specifies the LAN hosts assigned to the Protocol-Binding rule. Only those hosts that are linked to the protocol can therefore transmit or receive traffic through the WAN selected, meanwhile the other hosts will transmit traffic via the other WAN port(s). The user may choose to assign the rule for any host or a single machine within the LAN and / or alongside hosts within an IP pool.
  • Destination Network: The user specifies the LAN hosts assigned to the Protocol Binding Rule. The user can choose to assign the rule to any host, a single machine on the LAN or set of hosts within a pools of IP addresses

When a user adds a rule, the device updates the new entry and displays it in the Protocol Bindings List table. The table shows information about the service, the network source and destination and also if the link-up is enabled or not. The user can enable, disable and or edit a binding standard and also remove configured links if and when needed.

Tags: ,

Feb 17

Network Configuration:

This setup consists of two networks separated by two VLANS. This example will use the following setup:

Network 1 – 192.168.10.0 /24 – SSID: NET – Corporate Wireless Network
Network 2 – 172.16.0.0 /16 – SSID: Guest – Wireless Guest Network

DSR_Series_How_to_setup_captive_portal0001

Step 1
– Enter the web GUI interface of the DSR using its IP address in a web browser. In our example we have used the IP address of 192.168.10.1

DSR_Series_How_to_setup_captive_portal0012

Accept any certificate warnings you may see, this is perfectly normal and safe

Step 2 – We first now need to create VLANs to separate the traffic

Network > VLAN Settings

DSR_Series_How_to_setup_captive_portal0023

Step 3 – Click on “Add New VLAN”

DSR_Series_How_to_setup_captive_portal0029

VLAN ID: 100
Name: Guest
Captive Portal: ON
Multi VLAN Subnet
IP Address: 172.16.0.1
Subnet: 255.255.0.0
Use the scroll bar to the left to scroll down…

DSR_Series_How_to_setup_captive_portal0030

DHCP Mode: DHCP
Domain Name: Guest
Starting IP Address: 172.16.0.2
Ending IP Address: 172.16.0.1
Primary DNS Server: 172.16.0.1
Lease Time: 24
Click “Save”

Step 4 – We should see the following summary for our VLANS

DSR_Series_How_to_setup_captive_portal0031

Step 5 – We need to create our two profiles, “NET” and “Guest”

Wireless > Profiles

DSR_Series_How_to_setup_captive_portal0032

Step 6 – Right-click on “default1” and click “Edit”

DSR_Series_How_to_setup_captive_portal0033

Step 7 – Change the default values to your SSID. In our example we are using “NET” as our corporative wireless SSID

DSR_Series_How_to_setup_captive_portal0034

SSID: NET
Broadcast SSID: ON
Security: WPA+WPA2
Encryption: TKIP+CCMP
Authentication: PSK
WPA Password: (enter a password for this SSID)
Click “Save”

Step 8 – Click on “Add New Profile” to create a profile for our Guest SSID

DSR_Series_How_to_setup_captive_portal0002

Profile Name: Guest
SSID: Guest
Broadcast SSID: ON
Security: OPEN (Due to our Guest users will need to authenticate with a user and password we will define later)
Click “Save”

Step 9 – You should have two Wireless Profiles (as per our example)

DSR_Series_How_to_setup_captive_portal0003

Step 10 – We now need to add an extra access-point to our configuration to deal with the profile “Guest”

Wireless > Access Points

DSR_Series_How_to_setup_captive_portal0004

Step 11 – Click on “Add New Access Point”

DSR_Series_How_to_setup_captive_portal0005

AP Name: ap2
Profile Name: Guest (Drop down box to display profiles available)
WLAN Partition: ON
*Active Time: Here you can set a time for from and to you would like the access-point to be available.

DSR_Series_How_to_setup_captive_portal0006

In our example, we have chosen not to use this feature

Click “Save”

Step 12 – We now need to associate the Guest SSID to VLAN100

Network > Port VLAN

DSR_Series_How_to_setup_captive_portal0007

Step 13 – Right-click on “Guest” and enter for PVID 100 (The VLAN we created in step 3)

DSR_Series_How_to_setup_captive_portal0008

DSR_Series_How_to_setup_captive_portal0009

Click “Save”

Step 14 – So that our guest users are able to login and authenticate against the local database, we need to add a new Group – Security > Internal User Database > Groups

DSR_Series_How_to_setup_captive_portal0010

DSR_Series_How_to_setup_captive_portal0011

Step 15 – Click on “Add New Group”

DSR_Series_How_to_setup_captive_portal0013

Group Name: CP
Description: Captive Portal
User Type: Network  Captive Portal User: ON
Idle Timeout: 10

Click “Save”

Group List Summary:

DSR_Series_How_to_setup_captive_portal0014

Step 16 – We now need to a associate a User to our new Group – Security > Internal User Database > Users

DSR_Series_How_to_setup_captive_portal0015

Step 17
– Click on “Add New User”

DSR_Series_How_to_setup_captive_portal0016

User Name
: CP
First Name: CP
Last Name: CP
Select Group: CP
MultiLogin: ON
Password: (Enter the password the guest will need to use for authentication)

Click “Save”

Users List Summary:

DSR_Series_How_to_setup_captive_portal0017

Login from a Laptop with Window 7:

Step 18 – Open your wireless card adapter and now search for SSID “Guest”

DSR_Series_How_to_setup_captive_portal0018

Step 19 – Once connected, open a web browser and try to go to a web site, for example dlink.com

DSR_Series_How_to_setup_captive_portal0019

Username: CP (User created in Step 17)

Password: (Password created in Step 17)

Click “Login”

DSR_Series_How_to_setup_captive_portal0020

Login from a Windows Phone:

DSR_Series_How_to_setup_captive_portal0021

Login from an iPad:

DSR_Series_How_to_setup_captive_portal0025DSR_Series_How_to_setup_captive_portal0024DSR_Series_How_to_setup_captive_portal0022

Step 20 – To see the clients connected – Status > Network Information > CaptivePortal Sessions

DSR_Series_How_to_setup_captive_portal0026

Step 21 – Within this section you are able to manage ALL connected devices by right-clicking over the session and choose between; “Disconnect” or “Blocking Device”

DSR_Series_How_to_setup_captive_portal0027

Disconnect – This will simply disconnect the wireless device from the session and will be forced to login via the portal

Block Device – This will block the wireless device and will automatically be placed into the Firewall Blocked Client List

DSR_Series_How_to_setup_captive_portal0028

Tags: ,



 
1 2 Next
css.php