Apr 05

System Requirements:

IE 10 64bit

Windows 7 SP1 or Higher

Java 64 Bit

Microsoft Visual C++ 2005 (64bit)

Browser Configuration: Enter IE10 – Tools – Internet Options – Advanced Tab

establish SSL VPN tunnel to D-Link DSR Series

And Enable Enhanced Protected Mode* and Enable Smart Filter. Whilst inside Internet Options – Go to Security – Trusted sites and Enable Protected Mode the click on Sites.

124

Add the WAN IP of the device here (for example: https://111.250.29.140)

establish SSL VPN tunnel to D-Link DSR Series_1

Click Close. The next step is to configure the Account Control Settings.

establish SSL VPN tunnel to D-Link DSR Series_2

Click on Change User Account Control settings and configure as follows:

establish SSL VPN tunnel to D-Link DSR Series_3

When you click on OK, you will be presented with the following message:

establish SSL VPN tunnel to D-Link DSR Series_4

Before continuing with the SSL VPN tunnel ALL of the above must be installed and configured.

When all complete follow these instructions:

1. Open a browser and access the portal for SSL VPN tunnel

2.Accept the warning for this certificate.

3. Enter Login credentials

121

4. Click on VPN Tunnel tab

1212

5. Click on the icon to begin the connection. You will be presented with a message regarding User Accounts.

Click yes to accept changes. You should see the below message briefly whilst authentication and connection is being made.

When connection has been established you will be presented with the following screen.

1111

You are able make a further check for connectivity by right clicking on SSL VPN Tunnel icon in the taskbar.

11111

Tags: , ,

Nov 03

Configuration of DI-824VUP Local Side

Step 1: Open your web browser and type in the IP address of the router (192.168.0.1 by default). Enter the username (admin by default) and password (blank by default), and then click OK.

Step 2: Select the Home tab and click VPN on the left side.

Step 3: Configure the VPN Settings as followed:

  • VPN: check to enable
  • NetBIOS broadcast: leave uncheck
  • Max. number of tunnels: enter the maximum number of VPN tunnels that can be established
  • ID 1: enter a name to identify the VPN tunnel under Tunnel Name and select IKE under Method.

Click Apply.

A10505_image1

Step 4: Select Home and click on VPN to go back to the previous page and select More next to Method.

A10505_image2

Step 5: Configure the VPN tunnel as followed:

  • Name: should already be entered from step 3
  • Aggressive Mode: leave unchecked
  • Local Subnet: enter the local subnet (192.168.1.0 in this example)
  • Local Netmask: enter the local netmask (255.255.255.0 in this example)
  • Remote Subnet: enter the remote subnet (192.168.0.0 in this example)
  • Remote Netmask: enter the remote netmask(255.255.255.0 in this example)
  • Remote Gateway: enter the remote gateway
  • IKE Keep Alive(Ping IP Address): enter the default gateway of the remote location
  • Preshare Key: enter a key (The preshare key must be the same on both side.)

Click Apply.

A10505_image3

Step 6: Select Home, VPN, More and click on Select IKE Proposal.

A10505_image4

Step 7: Configure the IKE Proposal ID 1 as followed:

  • Proposal Name: enter a name as desired
  • DH Group: select Group 1
  • Encrypt algorithm: select 3DES
  • Auth algorithm: select SHA1
  • Life Time: select 28800
  • Life Time Unit: select Sec.
  • Proposal ID: use the dropdown list and select 1 and click Add to so that the name of the proposal appears in the IKE Proposal index.

Click Apply.

A10505_image5

Step 8: Select Home, VPN, More and click on Select IPSec Proposal.

A10505_image6

Step 9: Configure the IPSec Proposal ID 1 as followed:

  • Proposal Name: enter a name as desired
  • DH Group: select Group 1
  • Encap protocol: select ESP
  • Encrypt algorithm: select 3DES
  • Auth algorithm: select SHA1
  • Life Time: select 3600
  • Life Time Unit: select Sec.
  • Proposal ID: use the dropdown list and select 1 and click Add to so that the name of the proposal appears in the IPSec Proposal index.

Click Apply.

A10505_image7


Configuration of DI-824VUP Remote Side

Step 1: Open your web browser and type in the IP address of the router (192.168.0.1 by default). Enter the username (admin by default) and password (blank by default), and then click OK.

Step 2: Select the Home tab and click VPN on the left side.

Step 3: Configure the VPN Settings as followed:

  • VPN: check to enable
  • NetBIOS broadcast: leave uncheck
  • Max. number of tunnels: enter the maximum number of VPN tunnels that can be established
  • ID 1: enter a name to identify the VPN tunnel under Tunnel Name and select IKE under Method.

Click Apply.

A10505_image8

Step 4: Select Home and click on VPN to go back to the previous page and select More next to Method.

A10505_image9

Step 5: Configure the VPN tunnel as followed:

  • Name: should already be entered from step 3
  • Aggressive Mode: leave unchecked
  • Local Subnet: enter the local subnet (192.168.0.0 in this example)
  • Local Netmask: enter the local netmask (255.255.255.0 in this example)
  • Remote Subnet: enter the remote subnet (192.168.1.0 in this example)
  • Remote Netmask: enter the remote netmask(255.255.255.0 in this example)
  • Remote Gateway: enter the remote gateway
  • IKE Keep Alive(Ping IP Address): enter the default gateway of the remote location
  • Preshared Key: enter a key (The preshared key must be the same on both side.)

Click Apply.

A10505_image10

Step 6: Select Home, VPN, More and click on Select IKE Proposal.

A10505_image11

Step 7: Configure the IKE Proposal ID 1 as followed:

  • Proposal Name: enter a name as desired
  • DH Group: select Group 1
  • Encrypt algorithm: select 3DES
  • Auth algorithm: select SHA1
  • Life Time: select 28800
  • Life Time Unit: select Sec.
  • Proposal ID: use the dropdown list and select 1 and click Add to so that the name of the proposal appears in the IKE Proposal index.

Click Apply.

A10505_image12

Step 8: Select Home, VPN, More and click on Select IPSec Proposal.

A10505_image13

Step 9: Configure the IPSec Proposal ID 1 as followed:

  • Proposal Name: enter a name as desired
  • DH Group: select Group 1
  • Encap protocol: select ESP
  • Encrypt algorithm: select 3DES
  • Auth algorithm: select SHA1
  • Life Time: select 3600
  • Life Time Unit: select Sec.
  • Proposal ID: use the dropdown list and select 1 and click Add to so that the name of the proposal appears in the IPSec Proposal index.

Click Apply.

A10505_image14

Step 10: Select the Status tab and click on VPN Status. Click Refresh if the tunnel has not established.

A10505_image15

Tags: ,

Jan 24

Configuration of DI-LB604 (Local)

Note: This FAQ if for firmware version 1.01 or later. The current firmware version 1.01 does not support an IPSec VPN Server for roaming users.

Step 1: Open your web browser and type in the IP address of the D-Link DI-LB604 router (192.168.0.1 by default). Enter the username (admin by default) and password (no password by default), and then click OK.

Step 2: Select the Home tab and click on IPSec.

DI-LB604-IPSec-1

Step 3: Configure the IPSec VPN client as followed:
Tunnel Name: enter a name for the VPN
Tunnel State: check to enable
Connection Type: select Static
WAN Binding: select the WAN source
Local IP / Subnet: enter the local IP and subnet of the DI-LB604 (192.168.3.0/255.255.255.0 in this example)
Remote IP / Subnet: enter the remote IP and subnet of the remote device (192.168.0.0/255.255.255.0 in this example)
Remote Gateway: enter the remote gateway (172.68.140.140 in this example)
Key Method: AutoKey (IKE)
Preshared Key: enter the preshared key (This key must match with the IPSec Server.)
Local ID (Option): leave as NONE
Remote ID (Option): leave as NONE
Click Apply and click Continue.

DI-LB604-IPSec-2

Step 4: Click Continue Setup and configure the Proposals as followed:
Phase 1
Negotiation Type: Main Mode
DH Group: DH Group 2 (1024-bit)
Encryption Method: 3DES
Authentication Method: SHA1
SA Lifetime: 28800 (default)

Phase 2
Encapsulation Format: ESP
Encryption Method: 3DES
Authentication Method: SHA1
Perfect Forward Secrecy: DH Group 2 (1024-bit)
Key Lifetime: 3600 (default)

Advanced
NetBIOS Broadcast: enabled by default
NAT Traversal: check to enable
Auto Reconnected: check to enable
IKE Keep Alive (Ping): enter the default gateway of the IPSec Server
Click Apply and click Continue.

Configuration of DI-LB604 (Remote)

Step 1: Open your web browser and type in the IP address of the DI-LB604 router (192.168.0.1 by default). Enter the username (admin by default) and password (no password by default), and then click OK.

Step 2: Select the Home tab and click on IPSec.

Step 3: Configure the IPSec VPN client as followed:
Tunnel Name: enter a name for the VPN
Tunnel State: check to enable
Connection Type: select Static
WAN Binding: select the WAN source
Local IP / Subnet: enter the local IP and subnet of the DI-LB604 (192.168.0.0/255.255.255.0 in this example)
Remote IP / Subnet: enter the remote IP and subnet of the remote device (192.168.3.0/255.255.255.0 in this example)
Remote Gateway: enter the remote gateway (172.140.140.140 in this example)
Key Method: AutoKey (IKE)
Preshared Key: enter the preshared key (This key must match with the IPSec Server.)
Local ID (Option): leave as NONE
Remote ID (Option): leave as NONE
Click Apply and click Continue.

Step 4: Click Continue Setup and configure the Proposals as followed:
Phase 1
Negotiation Type: Main Mode
DH Group: DH Group 2 (1024-bit)
Encryption Method: 3DES
Authentication Method: SHA1
SA Lifetime: 28800 (default)

Phase 2
Encapsulation Format: ESP
Encryption Method: 3DES
Authentication Method: SHA1
Perfect Forward Secrecy: DH Group 2 (1024-bit)
Key Lifetime: 3600 (default)

Advanced
NetBIOS Broadcast: enabled by default
NAT Traversal: check to enable
Auto Reconnected: check to enable
IKE Keep Alive (Ping): enter the default gateway of the IPSec Server
Click Apply and click Continue.

DI-LB604-IPSec-4

Step 5: Click Tunnel test. The tunnel should now be connected. To verify, click on the Status tab and click on IPSec Stats.

DI-LB604-IPSec-6

Note: The unit that initiates the connection will have Initiator (Quick): established as the Negotiation Status.

Tags: , ,

css.php