Manualshelf

User`s manual

ManualsBrandsD-Link ManualsComputer equipmentD DFL-500 DFL-500
51525354555657585960
Testing a VPN
To confirm that a VPN between two networks has been configured correctly, use the ping command from one
internal network to connect to a computer on the other internal network. The IPSec VPN tunnel starts
automatically when the first data packet destined for the VPN is intercepted by the DFL-500.
To confirm that a VPN between a network and one or more clients has been configured correctly, start a VPN
client and use the ping command to connect to a computer on the internal network. The VPN tunnel initializes
automatically when the client makes a connection attempt. You can start the tunnel and test it at the same
time by pinging from the client to an address on the internal network.
IPSec VPN pass through
Configure IPSec pass through so that users on your internal network can connect to a VPN on the Internet.
VPN pass through allows the VPN connection to pass-through your firewall and connect to the destination
VPN. The DFL-500 performs address translation on the connection, so that it seems to the target VPN
gateway that the connection to its VPN is originating from the external interface of your DFL-500.
IPSec VPN pass through is only supported in NAT mode.
Use VPN pass through so that:
A visitor using your internal network can connect through your DFL-500 to their organization's VPN
A subnet on your Internal network, protected by a VPN gateway, can connect through your DFL-500 to a
VPN on the Internet
No special VPN configuration is required for the client or VPN gateway on your internal network. The VPN
tunnel configuration of the VPN gateway on the Internet must be changed to accept connections from the IP
address of the external interface of the DFL-500.
This section describes how to create two IPSec VPN pass through configurations:
IPSec client to network VPN pass through
IPSec network to network VPN pass through
IPSec client to network VPN pass through
Use the following procedure to create the configuration shown in IPSec client connecting to a VPN in the
Internet using VPN pass through. In this configuration, the PC on your Internal network runs IPSec VPN client
software and connects to a VPN gateway on the Internet.
Configure the IPSec VPN client to connect to the IPSec VPN gateway as if the client computer is
connected directly to the Internet.
Add the external IP address of the DFL-500 firewall to the destination IPSec VPN gateway. See Adding
addresses.
Configure the destination IPSec VPN Gateway with a VPN tunnel and policy to accept VPN connections
from a VPN client with the static IP address of the external interface of the DFL-500 firewall.
For more information about configuring the VPN client and IPSec VPN Gateway, see Autokey IPSec VPN for
remote clients or Manual key exchange IPSec VPN for remote clients.
On the DFL-500 firewall, go to Firewall > Policy .
Select IPSEC Pass Through and click Apply.
When the IPSec client connects to the IPSec VPN gateway, the DFL-500 firewall accepts IPSec VPN
connections from the internal network and performs network address translation on them. The VPN packets
DFL-500 User’s Manual
53