Nov 06

This example will demonstrate how to create a Virtual private Network (VPN) between two remote locations through the Internet. The VPN policy will use 3DES IPSec to securely send/receive encrypted data over the Internet. When the VPN tunnel is enabled, the two offices will virtually appear to be on the same local network.

DI-804HV-back

This example will consist of two DI-804HV VPN Routers with a simple setup. The two remote offices in this example will be known as Office A and Office B. Both VPN Routers must already be set up and able to access each other. This is only an example, your setup will vary using the WAN IP address provided by your ISP.

Please note the differences in the IP addresses for each office.

We will begin by configuring the DI-804HV at Office A. Start by going into VPN Settings under the Basic Setup menu.

Step 1: In the Connection Name field, type in OfficeA. Click ADD.

Step 2: A properties screen will appear for the new connection you have made. Fill in the appropriate information for Office A:

di_804hv_ris4_nastroyka

  • Connection Name: OfficeA
  • Local IPSEC Identifier: Local
  • Remote IPSEC Identifier: Remote
  • Remote IP Network: 192.168.1.0
  • Remote IP Netmask: 255.255.255.0
  • Remote Gateway IP: 192.170.0.2
  • Network Interface: WAN ETHERNET
  • Secure Association: IKE
  • Perfect Forward Secure: Enabled
  • PreShared Key: enter key (123456 in this example)
  • Key Life: 28800
  • IKE Life Time: 3600

Step 3: Click SAVE. There should now be a VPN policy created for Office A. Now you will want to Save & Restart the DI-804HV.

Note: PreShared Key must be the same on both routers.

Office A setup is now complete, we will now configure Office B with the other DI-804HV, Follow the same steps previously with Ofice A to create a VPN policy.

Step 1: Please change the appropriate information.

  • Connection Name: OfficeB
  • Local IPSEC Identifier: Local
  • Remote IPSEC Identifier: Remote
  • Remote IP Network: 192.168.0.0
  • Remote IP Netmask: 255.255.255.0
  • Remote Gateway IP: 192.170.0.1
  • Network Interface: WAN ETHERNET
  • Secure Association: IKE
  • Perfect Forward Secure: Enabled
  • PreShared Key: enter desired key (123456 in this example)
  • Key Life: 28800
  • IKE Life Time: 3600

di_804hv_ris8_nastroyka

Step 2: Click SAVE. There should now be a VPN policy created for Office B. Now you will want to Save & Restart the DI-804HV.

After the VPN policies have been created for the two Offices, the two remote locations should authenticate and connect. To view the status of the VPN connection, go to the Device Status menu. On the bottom-left side of the menu, click on the VPN Status icon.

A VPN Status pop-up screen will appear showing VPN connection status. If a VPN tunnel is active, the State should indicate Q-Estab.

Go to a DOS prompt and ping the internal IP address of the remote network.

Tags: , ,

Oct 31

How do I configure my Mac OS X computer to connect to a L2TP over IPsec Tunnel on my DFL Series Firewall?

Step 1: Please open the Internet Connect Utility, it can be found at Applications->Internet Connect.

A10521_image1

Step 2: Please choose VPN (L2TP) then choose Configuration->Edit Configurations..

A10521_image2

Step 3: Fill in Authentication details, Click OK when finished.

A10521_image3

Click Connect, you should now be connected to your VPN.

Tags: , , ,

Sep 14

The D-Link DIR-506L connects to your cable modem, DSL modem, or other Internet source and shares your Internet connection with your devices wirelessly, providing Internet access for an entire home or office. You can also share files with other computers or devices on your wireless network by using the SharePort Mobile feature.

D-Link DIR-506L Features and Hardware Overview

• Faster Wireless Networking

– The provides an up to 150 Mbps* wireless connection with other 802.11n wireless clients. This capability allows users to participate in real-time activities online, such as video streaming, online gaming, and real-time audio.

• Compatible with 802.11g Devices

– The is still fully compatible with the IEEE 802.11g standards, so it can connect with existing 802.11g devices.

• Advanced Firewall Features

– The Web-based user interface displays a number of advanced network management features including:

• Content Filtering

– Easily applied content filtering based on MAC address and website address.

• Filter Scheduling

– These filters can be scheduled to be active on certain days or for a duration of hours or minutes.

• Secure Multiple/Concurrent Sessions

– The can pass through VPN sessions. It supports multiple and concurrent IPSec and PPTP sessions, so users behind the can securely access corporate networks.

• User-friendly Setup Wizard

– Through its easy-to-use Web-based user interface, the lets you control what information is accessible to those on the wireless network, whether from the Internet or from your company’s server. Configure your router to your specific settings within minutes.

Hardware Overview

D-Link DIR-506L Features and Hardware Overview

1.Device Status LED Indicator

If Device Status LED is flashing green when the device is on, power is being provided by the battery.
If Device Status LED is solid green when the device is on, battery is fully charged and power adapter attached.
If Device Status LED is solid amber when the device is on, the device is charging the battery.
If Device Status LED is solid amber when the device is off with the battery inside, the battery is charging.
If Device Status LED is solid red when the device is on, the battery is low.
If Device Status LED is flashing red when the device is on, the battery temperature is high.
If Device Status LED is off and the power adapter is plugged in, and battery has finished charging.
If Device Status LED is off, no power adapter is plugged in and no battery is inside.

2.WPS Button

Pressing the WPS button allows additional devices to connect securely and automatically.

3.Reset Button

Pressing the Reset button restores the DIR-506L to its original factory default settings.

4.USB Port

Connect a USB flash drive to configure the wireless settings using SharePort™ Mobile and SharePort™ Web File Access.
Both allow you to share a USB or a storage device with your local network.

5.USB LED Indicator

If the USB LED is solid green, a USB storage device is attached.
If the USB LED is flashing green, the DIR-506L is accessing files in the USB storage device.

6.Ethernet LED Indicator

If the Ethernet LED is solid green, an Ethernet connection is established
If the Ethernet LED is flashing green, data packets are being transferred via Ethernet

7.Wi-Fi LED Indicator

If the Wi-Fi LED is flashing green, a data packet transferred.
If the Wi-Fi LED is flashing green every second for two minutes, it is showing the WPS status.

D-Link DIR-506L Router Setup Diagram

D-Link DIR-506L Router Setup Diagram

D-Link DIR-506L Router Setup Diagram

Tags: , , , , ,

Jan 24

Configuration of DI-LB604 (Local)

Note: This FAQ if for firmware version 1.01 or later. The current firmware version 1.01 does not support an IPSec VPN Server for roaming users.

Step 1: Open your web browser and type in the IP address of the D-Link DI-LB604 router (192.168.0.1 by default). Enter the username (admin by default) and password (no password by default), and then click OK.

Step 2: Select the Home tab and click on IPSec.

DI-LB604-IPSec-1

Step 3: Configure the IPSec VPN client as followed:
Tunnel Name: enter a name for the VPN
Tunnel State: check to enable
Connection Type: select Static
WAN Binding: select the WAN source
Local IP / Subnet: enter the local IP and subnet of the DI-LB604 (192.168.3.0/255.255.255.0 in this example)
Remote IP / Subnet: enter the remote IP and subnet of the remote device (192.168.0.0/255.255.255.0 in this example)
Remote Gateway: enter the remote gateway (172.68.140.140 in this example)
Key Method: AutoKey (IKE)
Preshared Key: enter the preshared key (This key must match with the IPSec Server.)
Local ID (Option): leave as NONE
Remote ID (Option): leave as NONE
Click Apply and click Continue.

DI-LB604-IPSec-2

Step 4: Click Continue Setup and configure the Proposals as followed:
Phase 1
Negotiation Type: Main Mode
DH Group: DH Group 2 (1024-bit)
Encryption Method: 3DES
Authentication Method: SHA1
SA Lifetime: 28800 (default)

Phase 2
Encapsulation Format: ESP
Encryption Method: 3DES
Authentication Method: SHA1
Perfect Forward Secrecy: DH Group 2 (1024-bit)
Key Lifetime: 3600 (default)

Advanced
NetBIOS Broadcast: enabled by default
NAT Traversal: check to enable
Auto Reconnected: check to enable
IKE Keep Alive (Ping): enter the default gateway of the IPSec Server
Click Apply and click Continue.

Configuration of DI-LB604 (Remote)

Step 1: Open your web browser and type in the IP address of the DI-LB604 router (192.168.0.1 by default). Enter the username (admin by default) and password (no password by default), and then click OK.

Step 2: Select the Home tab and click on IPSec.

Step 3: Configure the IPSec VPN client as followed:
Tunnel Name: enter a name for the VPN
Tunnel State: check to enable
Connection Type: select Static
WAN Binding: select the WAN source
Local IP / Subnet: enter the local IP and subnet of the DI-LB604 (192.168.0.0/255.255.255.0 in this example)
Remote IP / Subnet: enter the remote IP and subnet of the remote device (192.168.3.0/255.255.255.0 in this example)
Remote Gateway: enter the remote gateway (172.140.140.140 in this example)
Key Method: AutoKey (IKE)
Preshared Key: enter the preshared key (This key must match with the IPSec Server.)
Local ID (Option): leave as NONE
Remote ID (Option): leave as NONE
Click Apply and click Continue.

Step 4: Click Continue Setup and configure the Proposals as followed:
Phase 1
Negotiation Type: Main Mode
DH Group: DH Group 2 (1024-bit)
Encryption Method: 3DES
Authentication Method: SHA1
SA Lifetime: 28800 (default)

Phase 2
Encapsulation Format: ESP
Encryption Method: 3DES
Authentication Method: SHA1
Perfect Forward Secrecy: DH Group 2 (1024-bit)
Key Lifetime: 3600 (default)

Advanced
NetBIOS Broadcast: enabled by default
NAT Traversal: check to enable
Auto Reconnected: check to enable
IKE Keep Alive (Ping): enter the default gateway of the IPSec Server
Click Apply and click Continue.

DI-LB604-IPSec-4

Step 5: Click Tunnel test. The tunnel should now be connected. To verify, click on the Status tab and click on IPSec Stats.

DI-LB604-IPSec-6

Note: The unit that initiates the connection will have Initiator (Quick): established as the Negotiation Status.

Tags: , ,

Jun 18

Note: This example will demonstrate how to configure a LAN-to-LAN IPSec VPN tunnel between two D-Link DIR-130/DIR-330.

In this example:

Local Network is on 192.168.0.0/24
Remote Network is on 192.168.1.0/24

Configuration of Local Network

Step 1: Open your web browser and type in the IP address of the DIR-130 router (192.168.0.1 by default). Enter the username (admin by default) and password (blank by default), and then click OK.

Step 2: Click on SETUP and select VPN SETTINGS. Choose IPSec from the ADD VPN PROFILE dropdown menu and click Add.

dir-330-vpn-1

Step 3: Configure the IPSec VPN as followed:

Enable Settings: check box to enable
Name: enter a name for the VPN
Encapsulation Mode: Tunnel
Remote IP: select Site to Site and enter the remote Gateway
Remote Local LAN Net /Mask: enter the remote LAN network and Subnet Mask
Authentication Protocol: enter a Pre-shared Key (must be the same as the Remote Side)
Phase 1 IKE Proposal List: leave as is
NAT-T Enabled: leave as is
PFS: check to enable
Phase 2 IPSec Proposal List: leave as is.

dir-330-vpn-2

dir-330-vpn-3

Step 4: Click Save Settings.

Configuration of Remote Network.

Note: Both sides cannot be on the same subnet.

Tags: , , ,



 
1 2 Next
css.php