![D-Link DSR-150 [117/274] Configuring ipsec policies](/img/pdf.png)
D-Link DSR-150 [117/274] Configuring ipsec policies
![D-Link DSR-150 [117/274] Configuring ipsec policies](/views2/1459659/page117/bg75.png)
Unified Services Router User Manual
115
The VPN Wizard is the recommended method to set up an Auto IPsec policy.
Once the Wizard creates the matching IKE and VPN policies required by the Auto
policy, one can modify the required fields through the edit link. Refer to the online
help for details.
Easy Setup Site to Site VPN Tunnel:
If you find it difficult to configure VPN policies through VPN wizard use easy setup
site to site VPN tunnel. This will add VPN policies by importing a file containing vpn
policies.
6.2 Configuring IPsec Policies
Setup > VPN Settings > IPsec > IPsec Policies
An IPsec policy is between this router and another gateway or this router and a IPsec
client on a remote host. The IPsec mode can be either tunnel or transport depending
on the network being traversed between the two policy endpoints.
Transport: This is used for end-to-end communication between this router and the
tunnel endpoint, either another IPsec gateway or an IPsec VPN client on a host.
Only the data payload is encrypted and the IP header is not modified or encrypted.
Tunnel: This mode is used for network-to-network IPsec tunnels where this
gateway is one endpoint of the tunnel. In this mode the entire IP packet including
the header is encrypted and/or authenticated.
When tunnel mode is selected, you can enable NetBIOS and DHCP over IPsec.
DHCP over IPsec allows this router to serve IP leases to hosts on the remote LAN. As
well in this mode you can define the single IP address, range of IPs, or subnet on both
the local and remote private networks that can communicate over the tunnel.
Содержание
- Page 1 1
- Unified services router 2
- User manual 2
- Copyright notice 3
- Disclaimer 3
- Dsr 150 150n 250 250n dsr 500 500n 1000 1000n unified services router version 1 7 3
- Limitations of liability 3
- User manual 3
- Table of contents 4
- List of figures 8
- Chapter 1 introduction 13
- About this user manual 14
- Router status 14
- Typographical conventions 14
- Chapter 2 configuring your network lan setup 15
- Lan configuration 15
- Figure 1 setup page for lan tcp ip settings 17
- Lan dhcp reserved ips 17
- Figure 2 lan dhcp reserved ips 18
- Lan dhcp leased clients 18
- Figure 3 lan dhcp leased clients 19
- Ip mod 19
- Ipv6 lan config 19
- Lan configuration in an ipv6 network 19
- Lan settings 19
- Figure 4 ipv6 lan and dhcpv6 configuration 20
- Configuring ipv6 router advertisements 21
- Ipv6 address pools 21
- Prefix delegation 21
- Router advertisement 22
- Advertisement prefixes 23
- Figure 5 configuring the router advertisement daemon 23
- Available vlan 24
- Figure 6 ipv6 advertisement prefix settings 24
- Vlan configuration 24
- Associating vlans to ports 25
- Figure 7 adding vlan memberships to the lan 25
- Port vlan 25
- Figure 8 port vlan list 26
- Figure 9 configuring vlan membership for a port 27
- Multi vlan settings 27
- Multiple vlan subnets 27
- Figure 10 multiple vlan subnets 28
- Vlan configuration 28
- Vlanconfiguration 28
- Configurable port dmz setup 29
- Dmz setup configuration 29
- Figure 11 vlan configuration 29
- Configurable port 30
- Figure 12 dmz configuration 30
- Universal plug and play upnp 30
- Figure 13 upnp configuration 31
- Captive portal 32
- Captive portal sessions 32
- Captive portal setup 32
- Figure 14 active runtime sessions 32
- Figure 15 captive portal setup 34
- Figure 16 customized captive portal setup 35
- Chapter 3 connecting to the internet wan setup 36
- Figure 17 internet connection setup wizard 36
- Internet 36
- Internet setup wizard 36
- Wan configuration 37
- Wan port ip address 37
- Wan1 setup 37
- Dhcp wan 38
- Figure 18 manual wan configuration 38
- Internet settings 38
- Wan dns servers 38
- Figure 19 pppoe configuration for standard isps 39
- Figure 20 wan configuration for japanese multiple pppoe part 1 40
- Figure 21 wan configuration for multiple pppoe part 2 41
- Russia l2tp and pptp wan 41
- Figure 22 russia l2tp isp configuration 42
- Russia dual access pppoe 42
- Figure 23 russia dual access pppoe configuration 43
- Ipv6 wan1 config 43
- Wan configuration in an ipv6 network 43
- Figure 24 ipv6 wan setup page 44
- Checking wan status 45
- Wan1 status 45
- Bandwidth controls 46
- Bandwidth profiles 46
- Figure 25 connection status information for both wan ports 46
- Figure 26 list of configured bandwidth profiles 47
- Custom services 48
- Figure 27 bandwidth profile configuration page 48
- Traffic selectors 48
- Auto failover 49
- Features with multiple wan links 49
- Figure 28 traffic selector configuration 49
- Wan mode 49
- Load balancing 50
- Figure 29 load balancing is available when multiple wan ports are configured and 52
- Protocol bindings 52
- Protocol bindings have been defined 52
- And or destination network 53
- Figure 30 protocol binding setup to associate a service and or lan source to a wan 53
- Ip aliasing 53
- Figure 31 configuring the ip alias 54
- Figure 32 ip alias configuration 54
- Routing configuration 55
- Routing mode 55
- Figure 33 routing mode is used to configure traffic routing between wan and lan as well as dynamic routing rip 56
- Dynamic routing rip 57
- Routing mode 57
- Ipv6 static routing 58
- Static routing 58
- Figure 34 static route configuration fields 59
- Ospfv2 59
- Figure 35 ospfv2 configured parameters 60
- Figure 36 ospfv2 configuration 61
- Ospfv3 61
- Figure 37 ospfv3 configured parameters 62
- Figure 38 ospfv3 configuration 63
- Figure 39 6 to 4 tunneling 63
- To4 tunneling 63
- Configurable port wan option 64
- Figure 40 64
- Isatap tunnels 64
- To4 tunneling 64
- Wan 3 3g configuration 65
- Wan3 setup 65
- Figure 41 wan3 configuration for 3g internet 66
- Wan3 statu 66
- Wan port settings 67
- Wan port setup 67
- Figure 42 physical wan port settings 68
- Chapter 4 wireless access point setup 69
- Wireless settings 69
- Wireless settings wizard 69
- Add wireless device with wps 70
- Figure 43 wireless network setup wizards 70
- Wireless network setup wizard 70
- Access point 71
- Manual wireless network setup 71
- Profiles 71
- Wireless profiles 71
- Figure 44 list of available profiles shows the options available to secure the 72
- Wep security 72
- Wireless link 72
- Figure 45 profile configuration to set network security 73
- Radius authentication 73
- Radius settings 73
- Wpa or wpa2 with psk 73
- Access point 75
- Access points 75
- Creating and using access points 75
- Figure 46 radius server external authentication configuration 75
- Access point 76
- Figure 47 virtual ap configuration 76
- Figure 48 list of configured access points virtual aps shows one enabled access 77
- Point on the radio broadcasting its ssid 77
- Primary benefits of virtual aps 77
- Figure 49 radio card configuration options 78
- Radio settings 78
- Tuning radio specific settings 78
- Figure 50 wi fi multimedia 79
- Wireless distribution system wds 79
- Figure 51 wireless distribution system 80
- Advanced wireless 81
- Advanced wireless settings 81
- Figure 52 advanced wireless communication settings 82
- Wi fi protected setup wps 82
- Figure 53 wps configuration for an ap with wpa wpa2 profile 83
- Chapter 5 securing the private network 85
- Firewall rules 85
- Default outbound polic 86
- Defining rule schedules 86
- Figure 54 list of available firewall rules 86
- Schedules 86
- Configuring firewall rules 87
- Figure 55 list of available schedules to bind to a firewall rule 87
- Firewall rules 87
- Figure 57 the firewall rule configuration page allows you to define the 91
- To from zone service action schedules and specify source destination ip addresses as needed 91
- Configuring ipv6 firewall rules 92
- Ipv6 firewall rules 92
- Figure 58 the ipv6 firewall rule configuration page allows you to define 93
- The to from zone service action schedules and specify source destination ip addresses as needed 93
- Figure 59 list of available ipv6 firewall rules 94
- Firewall rule configuration examples 94
- Figure 60 schedule configuration for the above example 97
- Custom services 98
- Security on custom services 98
- Figure 61 list of user defined services 100
- Figure 62 custom services configuration 100
- Alg support 101
- Figure 63 available alg support on the router 102
- Vpn passthrough 102
- Vpn passthrough for firewall 102
- Application rules 103
- Figure 64 passthrough options for vpn tunnels 103
- Content filtering 104
- Figure 65 list of available application rules showing 4 unique rules 104
- Web content filtering 104
- Approved urls 105
- Figure 66 content filtering used to block access to proxy servers and 105
- Prevent activex controls from being downloaded 105
- Www yahoo co 105
- Yahoo co uk 105
- Blocked keywords 106
- Figure 67 two trusted domains added to the approved urls list 106
- Export 107
- Export web filter 107
- Figure 68 one keyword added to the block list 107
- Figure 69 export approved url list 108
- Ip mac binding 108
- Figure 70 the following example binds a lan host s mac address to an 109
- Intrusion prevention ips 109
- Ip address served by dsr if there is an ip mac binding violation the violating packet will be dropped and logs will be captured 109
- Attack checks 110
- Figure 71 intrusion prevention features on the router 110
- Protecting from internet attacks 110
- Figure 72 protecting the router and lan from internet attacks 111
- Chapter 6 ipsec pptp l2tp vpn 113
- Dsr routers connected to the internet 113
- Figure 73 example of gateway to gateway ipsec vpn tunnel using two 113
- Figure 74 example of three ipsec client connections to the internal 114
- Network through the dsr ipsec gateway 114
- Figure 75 vpn wizard launch screen 115
- Vpn wizard 115
- Configuring ipsec policies 117
- Ipsec policies 117
- Figure 76 ipsec policy configuration 118
- Figure 77 ipsec policy configuration continued auto policy via ike 119
- Extended authentication xauth 121
- Figure 78 ipsec policy configuration continued auto manual phase 2 121
- Active vpn 122
- Configuring vpn clients 122
- Internet over ipsec tunnel 122
- Pptp client 122
- Pptp l2tp tunnels 122
- Pptp tunnel support 122
- Figure 79 pptp tunnel configuration pptp client 123
- Figure 80 pptp vpn connection status 123
- Pptp server 123
- Figure 81 pptp tunnel configuration pptp server 124
- L2tp server 124
- L2tp tunnel support 124
- Figure 82 l2tp tunnel configuration l2tp server 125
- Openvpn configuration 125
- Openvpn support 125
- Figure 83 openvpn configuration 127
- Openvpn remote network 127
- Openvpn remote network site to site 127
- Figure 84 openvpn remote network 128
- Openvpn authentication 128
- Figure 85 openvpn authentication 129
- Chapter 7 ssl vpn 131
- Figure 86 example of clientless ssl vpn connections to the dsr 132
- Figure 87 list of groups 133
- Groups 133
- Groups and users 133
- Figure 88 user group configuration 134
- Figure 89 sslvpn settings 135
- Figure 90 group login policies options 136
- Figure 91 browser policies options 137
- Figure 92 ip policies options 138
- Figure 93 available users with login status and associated group 139
- Users and passwords 139
- Figure 94 user configuration options 140
- Ssl vpn policies 140
- Using ssl vpn policies 140
- Figure 95 list of ssl vpn polices global filter 141
- Figure 96 ssl vpn policy configuration 142
- Resources 143
- Using network resources 143
- Application port forwarding 144
- Figure 97 list of configured resources which are available to assign to 144
- Internal host servers or tcp applications must be specified as being made accessible to remote users allowing access to a lan server requires entering the local server ip address and tcp port number of the application to be tunnelled the table below lists some common applications and corresponding tcp port numbers 144
- Port forwarding 144
- Port forwarding allows remote ssl users to access specified network applications or services after they login to the user portal and launch the port forwarding service traffic from the remote user to the router is detected and re routed based on configured port forwarding rules 144
- Ssl vpn policies 144
- Unified services router user manual 144
- Figure 98 list of available applications for ssl port forwarding 146
- Ssl vpn client 146
- Ssl vpn client configuration 146
- Figure 99 ssl vpn client adapter and access configuration 147
- Configured client routes 148
- Figure 100 configured client routes only apply in split tunnel mode 148
- Bin userportal portal 149
- Can then be associated with an authentication domain 149
- Creating portal layouts 149
- Figure 101 list of configured ssl vpn portals the configured portal 149
- Https 192 68 0 scgi 149
- User portal 149
- Figure 102 ssl vpn portal configuration 151
- Chapter 8 advanced configuration tools 152
- Usb device setup 152
- Usb status 152
- Figure 103 usb device detection 153
- Usb share port 153
- Usb shareport 153
- Figure 104 usb shareport 154
- Figure 105 sms service send sms 155
- Sms service 155
- Authentication certificates 156
- Certificates 156
- Figure 106 sms service receive sms 156
- Figure 107 certificate summary for ipsec and https management 157
- Advanced switch configuration 158
- Figure 108 advanced switch settings 158
- Package manager 158
- Switch settings 158
- Figure 109 device drivers 160
- Figure 110 installation of driver language pack 161
- Figure 111 selection of installed language 162
- Admin settings 163
- Chapter 9 administration management 163
- Configuration access control 163
- Figure 112 user login policy configuration 163
- Figure 113 admin settings 164
- Remote management 164
- Cli access 165
- Figure 114 remote management from the wan 165
- Snmp configuration 165
- Figure 115 snmp users traps and access control 166
- Snmp system info 166
- Configuring time zone and ntp 167
- Date and time 167
- Figure 116 snmp system information for this router 167
- Defining what to log 168
- Figure 117 date time and ntp server setup 168
- Log configuration 168
- Logs facility 168
- Figure 118 facility settings for logging 170
- Logs configuration 170
- Figure 119 log configuration options for traffic through router 172
- Ipv6 logging 172
- Figure 120 ipv6 log configuration options for traffic through router 173
- Remote logging 173
- Sending logs to e mail or syslog 173
- Figure 121 e mail configuration as a remote logging option 174
- Event log viewer in gui 175
- Figure 122 syslog server configuration for remote logging continued 175
- Logs configuration 175
- Logs facility 175
- View all logs 175
- Vpn logs 175
- Backing up and restoring configuration settings 176
- Figure 123 vpn logs displayed in gui event viewer 176
- System 176
- Current configuration being overwritten and a reboot 177
- Device statu 177
- Figure 124 restoring configuration from a saved file will result in the 177
- Firmware 177
- Upgrading router firmware 177
- Figure 125 firmware version information and upgrade option 178
- Firmware via usb 178
- Upgrading router firmware via usb 178
- Dynamic dns 179
- Dynamic dns setup 179
- Figure 126 firmware upgrade and configuration restore backup via usb 179
- Figure 127 dynamic dns configuration 180
- System check 180
- Using diagnostic tools 180
- Figure 128 router diagnostics tools available in the gui 181
- Trace route 181
- Dns lookup 182
- Figure 129 sample trace route output 182
- Router options 182
- Figure 130 localization 183
- Localization 183
- Set language 183
- Chapter 10 router status and statistics 184
- Device status 184
- System overview 184
- Figure 131 device status display 185
- Dashboard 186
- Figure 132 device status display continued 186
- Resource utilization 186
- Figure 133 resource utilization statistics 187
- Device statistics 189
- Figure 135 resource utilization data continued 189
- Traffic statistics 189
- Wired port statistics 189
- Access point 190
- Figure 136 physical port statistics 190
- Wireless statistics 190
- Active connections 191
- Active sessions 191
- Figure 137 ap specific statistics 191
- Sessions through the router 191
- Figure 139 list of connected 802 1 clients per ap 193
- Lan clients 193
- Wireless clients 193
- Active vpn tunnels 194
- Active vpns 194
- Figure 140 list of lan hosts 194
- All active ssl vpn connections both for vpn tunnel and vpn port forwarding are displayed on this page as well table fields are as follows 195
- Figure 141 list of current active vpn sessions 195
- Unified services router user manual 195
- Chapter 11 trouble shooting 196
- Internet connection 196
- Ethernet isp 197
- Http 192 68 0 197
- Router statu 197
- Setting 197
- Www google co 197
- Date and time 198
- Pinging to test lan connectivity 198
- Router 198
- Testing the lan path from your pc to your 198
- Time zon 198
- Device 199
- Testing the lan path from your pc to a remote 199
- Ethernet isp setting 200
- Restoring factory default configuration settings 200
- Settings backup upgrad 200
- Chapter 12 credits 201
- Appendix a glossary 202
- Unified services router user manual 202
- Unified services router user manual 203
- Appendix b factory default settings 205
- Appendix c standard services available for 206
- Port forwarding firewall configuration 206
- Appendix d log output reference 207
- Facility system networking 207
- Unified services router user manual 207
- Unified services router user manual 208
- Unified services router user manual 209
- Unified services router user manual 210
- Unified services router user manual 211
- Unified services router user manual 212
- Unified services router user manual 213
- Unified services router user manual 214
- Facility system vpn 215
- Unified services router user manual 215
- Unified services router user manual 216
- Unified services router user manual 217
- Unified services router user manual 218
- Unified services router user manual 219
- Facility system admin 220
- Unified services router user manual 220
- Unified services router user manual 221
- Unified services router user manual 222
- Unified services router user manual 223
- Unified services router user manual 224
- Facility system firewall 225
- Unified services router user manual 225
- Unified services router user manual 226
- Unified services router user manual 227
- Unified services router user manual 228
- Unified services router user manual 229
- Facility local0 wireless 230
- Unified services router user manual 230
- Unified services router user manual 231
- Unified services router user manual 232
- Unified services router user manual 233
- Unified services router user manual 234
- Unified services router user manual 235
- Unified services router user manual 236
- Unified services router user manual 237
- Unified services router user manual 238
- Unified services router user manual 239
- Facility kernel 240
- Unified services router user manual 240
- Unified services router user manual 241
- Unified services router user manual 242
- Unified services router user manual 243
- Unified services router user manual 244
- Unified services router user manual 245
- Unified services router user manual 246
- Unified services router user manual 247
- Unified services router user manual 248
- Unified services router user manual 249
- Unified services router user manual 250
- Unified services router user manual 251
- Unified services router user manual 252
- Unified services router user manual 253
- Unified services router user manual 254
- Unified services router user manual 255
- Unified services router user manual 256
- Unified services router user manual 257
- Unified services router user manual 258
- Unified services router user manual 259
- Unified services router user manual 260
- Appendix e rj 45 pin outs 261
- Unified services router user manual 261
- Appendix f product statement 262
- Dsr 1000n 262
- Unified services router user manual 262
- Unified services router user manual 263
- Unified services router user manual 264
- Unified services router user manual 265
- Dsr 500n 266
- Unified services router user manual 266
- Unified services router user manual 267
- Unified services router user manual 268
- Unified services router user manual 269
- Dsr 250n 270
- Unified services router user manual 270
- Unified services router user manual 271
- Dsr 150n 272
- Unified services router user manual 272
- Unified services router user manual 273
- Unified services router user manual 274
Похожие устройства
- D-Link DSR-500AC Руководство пользователя _CLI_
- D-Link DSR-1000AC Руководство пользователя _CLI_
- D-Link DSA-3110 Руководство пользователя
- D-Link DIR-615/GF Краткое руководство по установке
- D-Link DIR-615/GF Руководство пользователя
- D-Link DIR-620S Краткое руководство по установке
- D-Link DIR-620S Руководство пользователя
- D-Link DIR-640L Краткое руководство по установке
- D-Link DIR-640L Руководство пользователя
- D-Link DIR-825/ACF Краткое руководство по установке
- D-Link DIR-825/ACF Руководство пользователя
- D-Link DIR-841 Краткое руководство по установке
- D-Link DIR-841 Руководство пользователя
- D-Link DIR-842 Краткое руководство по установке
- D-Link DIR-842 Руководство пользователя
- D-Link DIR-882 Краткое руководство по установке
- D-Link DIR-882 Руководство пользователя
- D-Link DWR-910 Краткое руководство по установке
- D-Link DWR-921 Краткое руководство по установке
- D-Link DWR-921 Руководство пользователя