Feb 20

Note: In this FAQ scenario the DFL-200/700/1100 is on 192.168.3.0/24 and the DFL-210/260/800/860/1600 is on 192.168.1.0/24.

Step 1: Open the web browser and type the IP address of the router in the address bar (default is 192.168.1.1) and press Enter.

Step 2: Click on the plus sign next to Objects and select Address Book.

DFL-200-1

Step 3: Click Add and select Address Folder from the drop-down menu.

DFL-200-2

Step 4: Enter a name as desired (IPSec_tunnels in this example) and click OK.

DFL-200-3

Step 5: Click Add and select IP Address from the dropdown menu.

DFL-200-4

Step 6: Configure the IP Address as followed:

Name: Name as desired (remote_net in this example)
IP Address: The network identifier of the DFL-200/700/1100 (192.168.3.0/24)

DFL-200-5

Click on OK.

Step 7: Configure the IP Address as followed:

Name: Name as desired (remote_wan in this example)
IP Address: The external WAN address of the DFL-200/700/1100

Click on OK.

Step 8: Click on the plus sign next to Authentication Objects and select Pre-Shared Keys.

DFL-200-6

Click on OK.

Step 9: Click on the plus sign next to Interfaces and select IPSec Tunnels.

DFL-200-7

Step 10: Click Add and select IPSec Tunnel from the dropdown menu.

Step 11: Configure the IPSec Tunnel as followed:
Name: Name as desired (test in this example)
Local Network: lannet
Remote Network: remote_net (created in step 6)
Remote Endpoint: remote_wan (created in step 7)
Encapsulation Mode: Tunnel
IKE Algorithms: High
IKE Life Time: 28800 seconds
IPSec Algorithms: High
IPSec Life Time: 3600 seconds

DFL-200-8

Step 12: Click on the Authentication tab, select Pre-Shared Key and select the configured key (IPSec_PSK from step 8) from the drop-down menu.

DFL-200-9

Step 13: Click on the IKE Settings tab and configure as followed:
IKE: Main
IKE DH Group: 2
PFS: PFS
PFS DH Group: 2
NAT Traversal: On if supported and NATed

DFL-200-10

Step 14: Click on the Keep-Alive Tab
• Keep-alive—Auto

Click on OK.

Step 15: Click on the plus sign next to Rules and then select IP Rules.

Step 16: Click on Add and then select IP Rule Folder from the dropdown menu.

Step 17: Enter a name as desired (IPSec_rules in this example) and then click on OK.

Step 18: Click on Add and select IP Rule from the dropdown menu.

Step 19: Create the IP Rule as followed:
Name: Name as desired (fromIPSec in this example)
Action: Allow
Service: all_services
Schedule: None
Source interface: test (from step 11)
Source network: remote_net (from step 6)
Destination interface: lan
Destination network: lannet

Tags: ,

css.php