- Network topology WAN IP: 9.68.0.3/4 DFL-800 LAN IP: 9.68.3./4 WAN Static IP: 9.68.0.4/4 Remote LAN Internal LAN IP: 9.68.3.0/4 DFL-600 LAN IP: 9.68../4 PC IP: 9.68.3.00/4 Internal LAN IP: 9.68..0/4 PC IP: 9.68..0/4 Objectives Two firewalls communicate to each other by IPsec tunnel. The client of local-net can ping to the client of remote-net The logic of configuration Create VPN Object( pre-shared key) Configure IPsec tunnel Create the IP rule for IPsec tunnel Please configure the LAN and WAN IP parameter of the Firewalls base on the network diagram before you configure the IPSec VPN parameter.
VPN Configuration (DFL-600) For users to authenticate VPN tunnels types of method to enter PSK ASCII and HEX ASCII type in passphrase HEX type in passphrase and use generate to cipher passphrase 3 VPN Objects Pre Shared Keys 3 4
VPN Objects Pre Shared Keys Created 5 IKE Algorithms Predefined IKE Algorithms by default High Very Secured Medium Secured You can defined your own algorithms 6 3
IKE Algorithms 3 4 7 IKE Algorithms Created 8 4
IPsec Algorithms Predefined IPSec Algorithms by default High Very Secured Medium Secured You can defined your own algorithms 9 IPsec Algorithms 3 4 0 5
IPsec Algorithms Created Create objects for IP address of remote IP address and network Click Address in Objects Click Add IP4 Host/Network 6
3 4 7
5 VPN IP Network Object Created 6 8
Create the IPsec tunnel Click IPsec Tunnels in Interface Click Add IPSec Tunnel 7 3 8 9
9 0 0
IPSec Tunnel Created Combine two interfaces to one interface group Click Interface Groups in this Interface Click Add Interface Group
3 Interface Group Created 4
Create IP Rules for IPSec tunnel Click IP Rules in Rules Click Add IP Rule 5 3 6 3
7 IP Rule Created 8 4
After all configuration, Click configuration on main menu bar Click Save and Activate 9 30 5
3 VPN Configuration (DFL-800) Please ensure that the VPN Parameter is identical between DFL-800 & DFL-600 3 6
VPN Objects Pre Shared Keys 3 33 VPN Objects Pre Shared Keys Created 34 7
IKE Algorithms Predefined IKE Algorithms by default High Very Secured Medium Secured You can defined your own algorithms 35 IKE Algorithms 3 4 36 8
IKE Algorithms Created 37 IPsec Algorithms Predefined IPSec Algorithms by default High Very Secured Medium Secured You can defined your own algorithms 38 9
IPsec Algorithms 3 4 39 IPsec Algorithms Created 40 0
Create objects for IP address of remote IP address and network Click Address in Objects Click Add IP4 Host/Network 4 4
43 44
VPN IP Network Object Created 45 Create the IPsec tunnel Click IPsec Tunnels in Interface Click Add IPSec Tunnel 46 3
3 47 48 4
49 IPSec Tunnel Created 50 5
Combine two interfaces to one interface group Click Interface Groups in this Interface Click Add Interface Group 5 5 6
Interface Group Created 53 Create IP Rules for IPSec tunnel Click IP Rules in Rules Click Add IP Rule 54 7
3 55 56 8
IP Rule Created 57 After all configuration, Click configuration on main menu bar Click Save and Activate 58 9
59 60 30
After IPSec VPN Tunnel establish between DFL-800 & DFL-600, PC can ping to PC at remote network 6 - Network topology WAN Static IP: 9.68.0.4/4 PC3 (Running IPSec Client) IP: 9.68.0.99/4 DFL-600 LAN IP: 9.68../4 6 Internal LAN IP: 9.68..0/4 PC IP: 9.68..0/4 3
Objectives PC with D-Link IPSec Client communicate with firewalls by IPsec tunnel. The IPSec client can ping to the client of remote VPN network after VPN Tunnel Eastablish The logic of configuration Configure Dynamic IPsec tunnel in Firewall for IPSec Client Remote Access Configure IPSec Client in PC Please configure the LAN and WAN IP parameter of the Firewall base on the network diagram before you configure the IPSec VPN parameter. 63 Create Dynamic IPsec tunnel for Remote IPSec Client Click IPsec Tunnels in Interface Click Add IPSec Tunnel 64 3
3 65 66 33
67 68 34
69 Dynamic IPSec Tunnel Created 70 35
Combine the IPSec and LAN interfaces to one interface group Click Interface Groups in this Interface Click IPSec_LAN Interface Groups that Created previously 7 Add the newly created IPSec_Dyn interface to the interface group 7 36
After all configuration, Click configuration on main menu bar Click Save and Activate 73 74 37
75 Re-login to DFL-600 76 38
Click Configuration Phonebook IPSec Client Configuration 77 Click New Entry IPSec Client Configuration 78 39
IPSec Client Configuration Enter IPSec Connection Name, click Next 79 Select LAN (Over IP), click Next IPSec Client Configuration 80 40
IPSec Client Configuration Enter VPN Gateway (WAN IP of the Remote VPN Gateway), click Next 8 Enter Pre-shared key, click Finish IPSec Client Configuration 8 4
IPSec Client Configuration IPSec Client Created, select it and click Configure 83 Select IPSec General Settings IPSec Client Configuration 84 4
Click Policy editor IPSec Client Configuration 85 Select IKE Policy, click New Entry IPSec Client Configuration 86 43
IPSec Client Configuration Enter IKE Policy Name, Select IKE Policy, click OK 87 Select IPSec Policy, click New Entry IPSec Client Configuration 88 44
IPSec Client Configuration Enter IPSec Policy Name, Select IPSec Policy, click OK 89 IPSec Client Configuration Both IKE Policy and IPSec Policy are created. Click Close 90 45
IPSec Client Configuration Select IKE Policy and IPSec Policy. Click Identities 9 IPSec Client Configuration Verify Configuration, Click IP Address Assignment 9 46
IPSec Client Configuration Tick DNS/Wins server, Enter DNS server. Click Remote Networks 93 IPSec Client Configuration Enter Remote Networks address and Subnet masks. Click OK 94 47
IPSec Client Configuration IPSec Client Phonebook Created. Click OK 95 Select the IPSec Client just created IPSec Client Configuration 96 48
Click Connection Connect. IPSec Client Configuration 97 IPSec Client Configuration IPSec Client connected to remote VPN Gateway 98 49
IPSec Client Configuration PC3 with IPSec Client can ping to PC at Remote Network 99 50