User`s manual

ManualsBrandsD-Link ManualsComputer equipmentD DFL-500 DFL-500

Use the following procedures to configure an IPSec Autokey IKE VPN that allows VPN clients to connect to

an internal network:

• Configuring the VPN tunnel for the client VPN

• Adding internal and external addresses

• Adding an IPSec VPN policy

• Configuring the IPSec VPN client

Configuring the VPN tunnel for the client VPN

A VPN tunnel consists of a name for the tunnel, the remote gateway IP address (which is the IP address of

the client), the keylife for the tunnel, and the authentication key to be used to start the tunnel.

You can either create multiple VPN tunnels, one for each VPN client, or you can create one VPN tunnel with a

remote gateway address set to 0.0.0.0. This VPN tunnel accepts connections from any Internet address.

You must create complementary VPN tunnels on the VPN gateway and the clients. On both, the tunnel must

have the same name, keylife, and authentication key.

Example VPN Tunnel configuration

shows the information required to configure the VPN tunnel for the VPN in

Example VPN between an internal network and remote clients.

Example VPN Tunnel configuration

Description

Example

Setting

VPN Tunnel

Name

Use the same name on both ends of the tunnel. The name can contain numbers (0-

9) and upper and lower case letters (A-Z, a-z), and the special characters - and _.

Spaces and the @ character are not allowed.

Client_VPN

To accept connections from a client at a static IP address (for example, 2.2.2.2). 2.2.2.2

Remote

Gateway

To accept connections from any Internet address (for a client with a dynamic IP

address).

0.0.0.0

Keylife

The amount of time (5 to 1440 minutes) before the encryption key expires. When the

key expires, the VPN gateway and the client generate a new key without interrupting

service.

100

Select the Encryption algorithms to propose for Phase 1 of the IPSec VPN

connection.

DES and

3DES

P1 Proposal

Select the Authentication algorithms to propose for Phase 1 of the IPSec VPN

connection.

MD5

P2 Proposal

Select the algorithms to propose for Phase 2 of the IPSec VPN connection. For

more information, see See About P1 and P2 proposals

Authentication

Key

Enter up to 20 characters. The VPN gateway and clients must have the same key

and it should only be known by network administrators.

ddcHH01887d

Complete the following procedure on the DFL-500 VPN gateway.

• Go to VPN > IPSEC > Autokey IKE .

• Click New to add a new Autokey IKE VPN tunnel.

• Enter the VPN Tunnel Name, Remote Gateway, Keylife, and Authentication Key.

• Select the P1 Proposal and the P2 Proposal algorithms.

• Click OK to save the Autokey IKE VPN tunnel.

DFL-500 User’s Manual