Product Manual
Page 3
...mapping / Virtual Servers 30 Add a new mapping 30 Delete mapping 31 Administrative users 32 Change Administrative User Password 32 Users 33 The DFL-200 RADIUS Support 33 Enable User Authentication via HTTP / HTTPS 34 Enable RADIUS Support 34 Add User ...35 Change User Password 35 Delete User...Protocol 43 Authentication Protocols 44 MPPE, Microsoft Point-To-Point Encryption 44 L2TP/PPTP Clients 45 L2TP/PPTP Servers 46 IPSec VPN between two networks 47 Creating a LAN-to-LAN IPSec VPN Tunnel 47 VPN between client and an internal network 48 Creating a Roaming Users IPSec Tunnel 48
...mapping / Virtual Servers 30 Add a new mapping 30 Delete mapping 31 Administrative users 32 Change Administrative User Password 32 Users 33 The DFL-200 RADIUS Support 33 Enable User Authentication via HTTP / HTTPS 34 Enable RADIUS Support 34 Add User ...35 Change User Password 35 Delete User...Protocol 43 Authentication Protocols 44 MPPE, Microsoft Point-To-Point Encryption 44 L2TP/PPTP Clients 45 L2TP/PPTP Servers 46 IPSec VPN between two networks 47 Creating a LAN-to-LAN IPSec VPN Tunnel 47 VPN between client and an internal network 48 Creating a Roaming Users IPSec Tunnel 48
Product Manual
Page 6
... in addition to PPTP and IPSec over the Internet. 6 Or a firewall can also run specific security functions based on the type of application or type of different access rights for different users, such as a firewall. In addition the DFL-200 also provides a user-friendly ...Security z VPN Server/Client Supported Supports IPSec LAN-to-LAN or Roaming user tunnels with an FTP or Telnet server. A firewall monitors all of the information moving to and from your network and analyzes each piece of hardware built specifically to act as Admin or Read-Only User. Introduction The DFL-200...
... in addition to PPTP and IPSec over the Internet. 6 Or a firewall can also run specific security functions based on the type of application or type of different access rights for different users, such as a firewall. In addition the DFL-200 also provides a user-friendly ...Security z VPN Server/Client Supported Supports IPSec LAN-to-LAN or Roaming user tunnels with an FTP or Telnet server. A firewall monitors all of the information moving to and from your network and analyzes each piece of hardware built specifically to act as Admin or Read-Only User. Introduction The DFL-200...
Product Manual
Page 42
... is unidirectional, so there will be used to enable encryption. Introduction to PPTP PPTP, Point-to-Point Tunneling Protocol, jointly developed by these parts: • Point-to provide IP security at the network layer. A PPTP based VPN is made up of two basic parts: • Internet.... IPSec, Internet Protocol Security, is the initial negotiation phase, where the two VPN endpoints agree on both ends must use the same Pre-shared key or set of Certificates and IPSec lifetime to make a VPN connection. The other remote access companies known collectively as that of the DFL-200,...
... is unidirectional, so there will be used to enable encryption. Introduction to PPTP PPTP, Point-to-Point Tunneling Protocol, jointly developed by these parts: • Point-to provide IP security at the network layer. A PPTP based VPN is made up of two basic parts: • Internet.... IPSec, Internet Protocol Security, is the initial negotiation phase, where the two VPN endpoints agree on both ends must use the same Pre-shared key or set of Certificates and IPSec lifetime to make a VPN connection. The other remote access companies known collectively as that of the DFL-200,...
Product Manual
Page 43
... Forwarding), is used to provide IP security at least one of the peers has to authenticate itself before the network layer protocol parameters can be negotiated using MPPE. When LCP and NCP negotiation is often encapsulated in IPSec for encryption instead of using NCP....8226; Link Control Protocols (LCP) to negotiate parameters, test and establish the link. • Network Control Protocol (NCP) to establish and negotiate different network layer protocols (DFL-200 only supports IP) • Data encapsulation to negotiate parameters and test the data link. To establish a PPP tunnel, both...
... Forwarding), is used to provide IP security at least one of the peers has to authenticate itself before the network layer protocol parameters can be negotiated using MPPE. When LCP and NCP negotiation is often encapsulated in IPSec for encryption instead of using NCP....8226; Link Control Protocols (LCP) to negotiate parameters, test and establish the link. • Network Control Protocol (NCP) to establish and negotiate different network layer protocols (DFL-200 only supports IP) • Data encapsulation to negotiate parameters and test the data link. To establish a PPP tunnel, both...
Product Manual
Page 45
... MPPE encryption - If configuring for data encryption. Interface IP - If enabled the tunnel will be sent over the PPP link unencrypted. Password/Confirm Password - Dial on ). If disabled the tunnel will be using IPSec instead of MPPE for L2TP, you most likely will only be initiated when needed. ...The password to use IPSec enable the checkbox and select PSK or ...
... MPPE encryption - If configuring for data encryption. Interface IP - If enabled the tunnel will be sent over the PPP link unencrypted. Password/Confirm Password - Dial on ). If disabled the tunnel will be using IPSec instead of MPPE for L2TP, you most likely will only be initiated when needed. ...The password to use IPSec enable the checkbox and select PSK or ...
Product Manual
Page 46
...an IP address pool to assign dynamic IP addresses to client IP assignment. Require IPSec encryption - Inner IP - IP Pool and settings - If utilizing the DNS Relay function, be sent over the PPP link unencrypted. If MPPE encryption is to the Authentication Protocols section for the LAN IP...L2TP, you most likely will be used, select the desired level of the primary and secondary DNS servers. Refer to be using IPSec instead of the VPN tunnel. If configuring for data encryption. Client IP Pool - Primary/Secondary WINS - L2TP/PPTP Servers Settings for the WAN IP. ...
...an IP address pool to assign dynamic IP addresses to client IP assignment. Require IPSec encryption - Inner IP - IP Pool and settings - If utilizing the DNS Relay function, be sent over the PPP link unencrypted. If MPPE encryption is to the Authentication Protocols section for the LAN IP...L2TP, you most likely will be used, select the desired level of the primary and secondary DNS servers. Refer to be using IPSec instead of the VPN tunnel. If configuring for data encryption. Client IP Pool - Primary/Secondary WINS - L2TP/PPTP Servers Settings for the WAN IP. ...
Product Manual
Page 47
... the branch office internal network and vice versa. DFL-200 Firewall As shown in an encrypted IPSec VPN tunnel that connects the branch office network to create a VPN tunnel that connects the two DFL-200 NetDefend Firewalls across the Internet. The networks at the ends of the tunnel, for the new tunnel in the Local Net field. The name...
... the branch office internal network and vice versa. DFL-200 Firewall As shown in an encrypted IPSec VPN tunnel that connects the branch office network to create a VPN tunnel that connects the two DFL-200 NetDefend Firewalls across the Internet. The networks at the ends of the tunnel, for the new tunnel in the Local Net field. The name...
Product Manual
Page 48
...internal network, but you can also create a VPN tunnel that connects the DFL-200 and the roaming users across the Internet. Go to add a roaming user tunnel. If you configure the VPN policy. Step 5. Creating a Roaming Users IPSec Tunnel Follow these steps to Firewall and VPN and choose ...Add new under IPSec. Step 1. The name can connect...
...internal network, but you can also create a VPN tunnel that connects the DFL-200 and the roaming users across the Internet. Go to add a roaming user tunnel. If you configure the VPN policy. Step 5. Creating a Roaming Users IPSec Tunnel Follow these steps to Firewall and VPN and choose ...Add new under IPSec. Step 1. The name can connect...
Product Manual
Page 49
...(09) and upper and lower case letters (A-Z, a-z), and the special characters '-' and '_'. Enter a Name for this tunnel in the L2TP/PPTP Server section. If you are using IPSec encryption for the L2TP or PPTP Client choose authentication type, either PSK (Pre-shared Key) or Certificate-based. Click the.... Enter a Name for the PPTP or L2TP Client. Step 3. Specify the Client IP Pool; Enter the username and password for the new tunnel in most scenarios. Step 5. Specify if the IP should be received from the server or if a static one should be used. This field...
...(09) and upper and lower case letters (A-Z, a-z), and the special characters '-' and '_'. Enter a Name for this tunnel in the L2TP/PPTP Server section. If you are using IPSec encryption for the L2TP or PPTP Client choose authentication type, either PSK (Pre-shared Key) or Certificate-based. Click the.... Enter a Name for the PPTP or L2TP Client. Step 3. Specify the Client IP Pool; Enter the username and password for the new tunnel in most scenarios. Step 5. Specify if the IP should be received from the server or if a static one should be used. This field...
Product Manual
Page 51
...proposal defines encryption parameters, for the VPN tunnel need to calculate a check sum that reveals if the data packet is altered while being transmitted. Specifies the hash function used in KB or seconds when the security associations for instance encryption algorithm, life ... process is found. Hash - Specifies the hash function used during IKE Phase-1 (IKE Security Negotiation), while IPSec proposals are offered to calculate a check sum that the VPN gateway supports. IPSec Proposal List Cipher - Supported algorithms are AES, 3DES, DES, Blowfish, Twofish, and CAST128...
...proposal defines encryption parameters, for the VPN tunnel need to calculate a check sum that reveals if the data packet is altered while being transmitted. Specifies the hash function used in KB or seconds when the security associations for instance encryption algorithm, life ... process is found. Hash - Specifies the hash function used during IKE Phase-1 (IKE Security Negotiation), while IPSec proposals are offered to calculate a check sum that the VPN gateway supports. IPSec Proposal List Cipher - Supported algorithms are AES, 3DES, DES, Blowfish, Twofish, and CAST128...
Product Manual
Page 67
.... The two graphs display the send and receive rate through the selected VPN tunnel during the last 24 hours. So under the IPSec SA listing each roaming user connected to this example, a tunnel named vpntunnel1 is selected. VPN Click on the DFL-200. This is shown. A window will appear providing information about the first VPN...
.... The two graphs display the send and receive rate through the selected VPN tunnel during the last 24 hours. So under the IPSec SA listing each roaming user connected to this example, a tunnel named vpntunnel1 is selected. VPN Click on the DFL-200. This is shown. A window will appear providing information about the first VPN...
Product Manual
Page 73
Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup IPSec tunnel, Firewall->VPN: Under IPSec tunnels click Add new Name the tunnel ToMainOffice Local net: 192.168.4.0/24 PSK: 1234567890 (Do not use this as your PSK) Retype PSK: 1234567890 LAN-to-LAN VPN using IPSec Settings for Branch office 1.
Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup IPSec tunnel, Firewall->VPN: Under IPSec tunnels click Add new Name the tunnel ToMainOffice Local net: 192.168.4.0/24 PSK: 1234567890 (Do not use this as your PSK) Retype PSK: 1234567890 LAN-to-LAN VPN using IPSec Settings for Branch office 1.
Product Manual
Page 75
You should use a key that is hard to guess) Retype PSK: 1234567890 Select Tunnel type: LAN-to-LAN tunnel Remote Net: 192.168.4.0/24 Remote Gateway: 194.0.2.10 Enable "Automatically add a route for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Settings for the remote network" Click Apply Setup IPSec tunnel, Firewall->VPN: Under IPSec tunnels click add new Name the tunnel ToBranchOffice Local net: 192.168.1.0/24 PSK: 1234567890 (Note!
You should use a key that is hard to guess) Retype PSK: 1234567890 Select Tunnel type: LAN-to-LAN tunnel Remote Net: 192.168.4.0/24 Remote Gateway: 194.0.2.10 Enable "Automatically add a route for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Settings for the remote network" Click Apply Setup IPSec tunnel, Firewall->VPN: Under IPSec tunnels click add new Name the tunnel ToBranchOffice Local net: 192.168.1.0/24 PSK: 1234567890 (Note!
Product Manual
Page 79
Under MPPE encryption 128 bit should be the only checked option. Setup policies for Main office 1. Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Click Activate and wait for the firewall to restart. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 Leave Use IPSec encryption unchecked Click Apply 3.
Under MPPE encryption 128 bit should be the only checked option. Setup policies for Main office 1. Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Click Activate and wait for the firewall to restart. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 Leave Use IPSec encryption unchecked Click Apply 3.
Product Manual
Page 81
Setup policies for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply Under MPPE encryption 128 bit should be the only checked option. Leave Use IPsec encryption unchecked Click Apply 3. Under authentication MSCHAPv2 should be the only checked option.
Setup policies for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply Under MPPE encryption 128 bit should be the only checked option. Leave Use IPsec encryption unchecked Click Apply 3. Under authentication MSCHAPv2 should be the only checked option.
Product Manual
Page 85
You should be checked Check Use IPsec encryption Enter key 1234567890 (Note! Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Setup policies for the firewall to guess) Retype key 1234567890 Click Apply 3. Under MPPE encryption only None should use a key that is hard to restart
You should be checked Check Use IPsec encryption Enter key 1234567890 (Note! Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Setup policies for the firewall to guess) Retype key 1234567890 Click Apply 3. Under MPPE encryption only None should use a key that is hard to restart
Product Manual
Page 102
...Click Apply 5. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. If no IP is set to eg 192.168.1.200. Setup policies for the firewall to 192.168.1.100 -...Leave static client IP empty (could also be the only checked option. Under MPPE encryption 128 bit should be the only checked option. Leave Use IPSec encryption unchecked Click Apply 3. 2. Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer...
...Click Apply 5. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. If no IP is set to eg 192.168.1.200. Setup policies for the firewall to 192.168.1.100 -...Leave static client IP empty (could also be the only checked option. Under MPPE encryption 128 bit should be the only checked option. Leave Use IPSec encryption unchecked Click Apply 3. 2. Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer...
Product Manual
Page 106
... WINS settings blank Under authentication MSCHAPv2 should be the only checked option Under MPPE encryption None should be the only checked option Check the Use IPSec encryption box Enter the pre-shared key, 1234567890, and retype same pre-shared key Click Apply 3. Setup policies for Main office 1. Settings for the new...
... WINS settings blank Under authentication MSCHAPv2 should be the only checked option Under MPPE encryption None should be the only checked option Check the Use IPSec encryption box Enter the pre-shared key, 1234567890, and retype same pre-shared key Click Apply 3. Setup policies for Main office 1. Settings for the new...