Nov 06

This example will demonstrate how to create a Virtual private Network (VPN) between two remote locations through the Internet. The VPN policy will use 3DES IPSec to securely send/receive encrypted data over the Internet. When the VPN tunnel is enabled, the two offices will virtually appear to be on the same local network.

DI-804HV-back

This example will consist of two DI-804HV VPN Routers with a simple setup. The two remote offices in this example will be known as Office A and Office B. Both VPN Routers must already be set up and able to access each other. This is only an example, your setup will vary using the WAN IP address provided by your ISP.

Please note the differences in the IP addresses for each office.

We will begin by configuring the DI-804HV at Office A. Start by going into VPN Settings under the Basic Setup menu.

Step 1: In the Connection Name field, type in OfficeA. Click ADD.

Step 2: A properties screen will appear for the new connection you have made. Fill in the appropriate information for Office A:

di_804hv_ris4_nastroyka

  • Connection Name: OfficeA
  • Local IPSEC Identifier: Local
  • Remote IPSEC Identifier: Remote
  • Remote IP Network: 192.168.1.0
  • Remote IP Netmask: 255.255.255.0
  • Remote Gateway IP: 192.170.0.2
  • Network Interface: WAN ETHERNET
  • Secure Association: IKE
  • Perfect Forward Secure: Enabled
  • PreShared Key: enter key (123456 in this example)
  • Key Life: 28800
  • IKE Life Time: 3600

Step 3: Click SAVE. There should now be a VPN policy created for Office A. Now you will want to Save & Restart the DI-804HV.

Note: PreShared Key must be the same on both routers.

Office A setup is now complete, we will now configure Office B with the other DI-804HV, Follow the same steps previously with Ofice A to create a VPN policy.

Step 1: Please change the appropriate information.

  • Connection Name: OfficeB
  • Local IPSEC Identifier: Local
  • Remote IPSEC Identifier: Remote
  • Remote IP Network: 192.168.0.0
  • Remote IP Netmask: 255.255.255.0
  • Remote Gateway IP: 192.170.0.1
  • Network Interface: WAN ETHERNET
  • Secure Association: IKE
  • Perfect Forward Secure: Enabled
  • PreShared Key: enter desired key (123456 in this example)
  • Key Life: 28800
  • IKE Life Time: 3600

di_804hv_ris8_nastroyka

Step 2: Click SAVE. There should now be a VPN policy created for Office B. Now you will want to Save & Restart the DI-804HV.

After the VPN policies have been created for the two Offices, the two remote locations should authenticate and connect. To view the status of the VPN connection, go to the Device Status menu. On the bottom-left side of the menu, click on the VPN Status icon.

A VPN Status pop-up screen will appear showing VPN connection status. If a VPN tunnel is active, the State should indicate Q-Estab.

Go to a DOS prompt and ping the internal IP address of the remote network.

Tags: , ,

Oct 30

Step 1: The D-Link DWC-1000 will need to be registered with D-Link. The registration site is http://register.dlink.com.

A10608_image1

Step 2: Once logged into the registration site, click on License Key Activation on the left.

A10608_image2

Step 3: The OBU and Customer fields cannot be changed on the License Activation page. Enter the Serial Number of the DWC-1000 that will have the license. Enter the 20 digit license key into the License Key field. ClickGet Activation Code to complete the registration, and you will receive an email within 24 hours containing your Activation Code.

A10608_image3

Step 4: Log into the setup page of the DWC-1000.

Step 5: Click on the Tools tab, and select License on the left side.

A10608_image4

Step 6: Enter the received key in the Activation Code field. The DWC-1000 will show any applied licenses on this page. The DWC-1000 will support 1 VPN, and up to 3 AP6 licenses.

A10608_image5

Tags: , ,

Jun 18

Note: This example will demonstrate how to configure a LAN-to-LAN IPSec VPN tunnel between two D-Link DIR-130/DIR-330.

In this example:

Local Network is on 192.168.0.0/24
Remote Network is on 192.168.1.0/24

Configuration of Local Network

Step 1: Open your web browser and type in the IP address of the DIR-130 router (192.168.0.1 by default). Enter the username (admin by default) and password (blank by default), and then click OK.

Step 2: Click on SETUP and select VPN SETTINGS. Choose IPSec from the ADD VPN PROFILE dropdown menu and click Add.

dir-330-vpn-1

Step 3: Configure the IPSec VPN as followed:

Enable Settings: check box to enable
Name: enter a name for the VPN
Encapsulation Mode: Tunnel
Remote IP: select Site to Site and enter the remote Gateway
Remote Local LAN Net /Mask: enter the remote LAN network and Subnet Mask
Authentication Protocol: enter a Pre-shared Key (must be the same as the Remote Side)
Phase 1 IKE Proposal List: leave as is
NAT-T Enabled: leave as is
PFS: check to enable
Phase 2 IPSec Proposal List: leave as is.

dir-330-vpn-2

dir-330-vpn-3

Step 4: Click Save Settings.

Configuration of Remote Network.

Note: Both sides cannot be on the same subnet.

Tags: , , ,

May 25

1.DIR-855 Media Router PPTP Setup

dir-855-pptp

Choose PPTP (Point-to-Point-Tunneling Protocol ) if your ISP uses a PPTP connection. Your ISP will provide you with a username and password. This option is typically used for DSL services.

Address Mode:Select Static if your ISP assigned you the IP address, subnet mask, gateway, and DNS server addresses. In most cases, select Dynamic.

PPTP IP Address:Enter the IP address (Static PPTP only).

PPTP Subnet Mask:Enter the Primary and Secondary DNS Server Addresses (Static PPTP only).

PPTP Gateway:Enter the Gateway IP Address provided by your ISP.

PPTP Server IP:Enter the Server IP provided by your ISP (optional).

Username:Enter your PPTP username.

Password:Enter your PPTP password and then retype the password in the next box.

Reconnect Mode:Select either Always-on, On-Demand, or Manual.

Maximum Idle Time:Enter a maximum idle time during which the Internet connection is maintained during inactivity. To disable this feature, enable Auto-reconnect.

DNS Servers:The DNS server information will be supplied by your ISP (Internet Service Provider.)

MTU:Maximum Transmission Unit – you may need to change the MTU for optimal performance with your specific ISP. 1400 is the default MTU.

MAC Address:The default MAC Address is set to the Internet port’s physical interface MAC address on the Broadband Router. It is not recommended that you change the default MAC address unless required by your ISP. You can use the Clone Your PC’s MAC Address button to replace the Internet port’s MAC address with the MAC address of your Ethernet card.

2.DIR-855 Media Router L2TP Setup

dir-855-l2tp

Choose L2TP (Layer 2 Tunneling Protocol) if your ISP uses a L2TP connection. Your ISP will provide you with a username and password. This option is typically used for DSL services.

Address Mode:Select Static if your ISP assigned you the IP address, subnet mask, gateway, and DNS server addresses. In most cases, select Dynamic.

L2TP IP Address:Enter the L2TP IP address supplied by your ISP (Static only).

L2TP Subnet Mask:Enter the Subnet Mask supplied by your ISP (Static only).

L2TP Gateway:Enter the Gateway IP Address provided by your ISP.

L2TP Server IP:Enter the Server IP provided by your ISP (optional).

Username:Enter your L2TP username.

Password:Enter your L2TP password and then retype the password in the next box.

Reconnect Mode:Select either Always-on, On-Demand, or Manual.

Maximum Idle Time:Enter a maximum idle time during which the Internet connection is maintained during inactivity. To disable this feature, enable Auto-reconnect.

DNS Servers:Enter the Primary and Secondary DNS Server Addresses (Static L2TP only).

MTU:Maximum Transmission Unit – you may need to change the MTU for optimal performance with your specific ISP. 1400 is the default MTU.

Clone MAC Address:The default MAC Address is set to the Internet port’s physical interface MAC address on the Broadband Router. It is not recommended that you change the default MAC address unless required by your ISP. You can use the Clone Your PC’s MAC Address button to replace the Internet port’s MAC address with the MAC address of your Ethernet card.

Tags: , , ,

Apr 21

1. Introduction

The objective of this document is to provide a guide describing how to configure the devices to achieve the same environment as show at the network topology. Users of this document are expected to already possess basic knowledge of D-Link devices and TheGreenBow VPN program, and are familiar with how to perform basic configurations. Only important configurations, such as those pertaining to interfacing and integrating, will be described in this document.

2. Product used

TheGreenBow_VPN_Client 4.61.003 and DFL-800 are used in the FAQ. The same applies to all other DFL products with Netdefend OS.

3. Network Diagram

Note: Router is set to allow IPSec pass through.

4. Configurations

In this document, we will only describe the main configurations for this Scenario. The configurations setting for all the D-Link products will not be described here and for more detail about the product you can download their user guide.

4.1 TheGreenBow VPN client and DFL-800

In this scenario the user can connect back to the headquarter database by using TheGreenBow VPN client tunneling to DFL-800.

All configurations are based on DFL-800 and TheGreenBow
VPN Client (F/W: 4.61.003)
The steps in this configuration are:
• Setup DFL-800 for VPN tunneling
• Setup Pre-shared Key
• Phase 1 and Phase 2 algorithms setup
• Setting up IPSec-Tunnel
• Setup IP Rules
• Setup TheGreenBow VPN client
• Setup Phase 1
• Setup Phase 2

4.1.1) Setup DFL-800 for VPN tunneling
4.1.1.1) Setup Pre-Shared Key

1) Login to the DFL-800 and click “Authenticate Objects” and add a new “Pre-shared Key” and fill in the passphrase and name

4.1.1.2) Phase 1 and Phase 2 algorithms setup

1) At the “IKE Algorithms”, select the Encryption and Integrity algorithms for your phase 1 authenticate.

2) Next is the “IPSec Algorithms”, select the Encryption and Integrity algorithms for the phase 2.

4.1.1.3) Setting up IPSec-Tunnel

1) After we finish setting up the algorithms, next we will need to create the “IPSec-Tunnel” as show below.

2) Next, click on the “Authentication” tab and select the “PreShared Key” you have setup at the steps 1.

3) After selecting the Pre-Shared Key, next is to enable the “Dynamically add route” at the routing tab.

4) Last step is to make sure the DH Group at the IKE setting is the same setting for the TheGreenBow Client.

4.1.1.4) Setup IP Rules

Now is to setup the IP Rules so there the DFL-800 knows where to direct all the traffic to.

1) First add a new interface group name “IPSec-LAN” by grouping up “IPSec-Tunnel” and “LAN”

2) Next, click “IP Rules” and add a new IP rule as show below.

4.1.2) Setup TheGreenBow VPN Client
4.1.2.1) Setup Phase 1

1) Right click on the “Root” to add a new “Phase1”, next fill in the IP address for this VPN client and Remote gateway IP follow by Preshared Key and IKE setting.

Note: the Preshared Key and IKE must be the same setting set in the DFL-800

4.1.2.2) Setup Phase 2

1) Right click on the “Phase1” to add a new “Phase2”, next fill in the VPN Client address for this VPN client and Remote gateway IP follow by ESP setting.

Note: the ESP Encryption and Authentication setting must be the same in the DFL-800 IPSec-Tunnel.

5.1) Test Result

a. The VPN tunnel will be open at any negotiate mode set in Phase 1 and Phase 2.

b. The DFL will show the tunnel is up at their VPN status.

c. Client is able to Ping to the remote network.

Tags: , , ,



 
1 2 Next
css.php