D-link Netdefend firewall series User manual

Configuration examples for the D-Link

NetDefend Firewall series

Scenario: How to configure IPSec VPN LAN-to-LAN Tunnel

Platform Compatibility: All NetDefend Firewall Series

Last update: 2008-03-07

Overview

In this document, the notation Objects->Address book means that in the tree on the left

side of the screen Objects first should be clicked (expanded) and then Address Book.

Most of the examples in this document are adapted for the DFL-800. The same settings can

easily be used for all other models in the series. The only difference is the names of the

interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan

interfaces are named lan1, lan2 and lan3 not just lan.

The screenshots in this document is from firmware version 2.12.00. If you are using an

earlier version of the firmware, the screenshots may not be identical to what you see on

your browser.

How to configure IPSec VPN LAN-to-LAN Tunnel

Create one lan-to-lan IPsec VPN tunnel between firewall A and B.

1. Firewall A - Addresses

Go to Objects -> Address book -> InterfaceAddresses.

Edit the following items:

Change lan_ip to 192.168.1.1

Change lannet to 192.168.1.0/24

Change wan1_ip to 192.168.110.1

Change wan1net to 192.168.110.0/24

Go to Objects -> Address book.

Add a new Address Folder called RemoteHosts.

In the new folder, add a new IP address:

Name: fwB-remotenet

IP Address: 192.168.2.0/24

Click Ok

In the same folder, add a new IP address:

Name: fwB-remotegw

IP Address: 192.168.110.2

Click Ok

2. Firewall A – Pre-shared keys

Go to Objects -> Authentication Objects

Add a new Pre-Shared Key.

General:

Name: fwB-psk

Shared secret:

Select Passphrase and enter a shared secret

Click Ok.

3. Firewall A – IPsec interface

Go to Interfaces -> IPsec.

Add a new IPsec Tunnel.

In the General tab:

General:

Name: fwB-ipsec

Local Network: lannet

Remote Network: fwB-remotenet

Remote Endpoint: fwB-remotegw

Encapsulation Mode: Tunnel

Algorithms:

IKE Algorithms: High

IKE Life Time: 28800

IPsec Algorithms: High

IPsec Life Time: 3600

IPsec Life Time: 0

In the Authentication tab:

Authentication:

Select Pre-Shared Key and fwB-psk.

Click Ok.

4. Firewall A – Rules

Go to Rules -> IP Rules.

Create a new IP Rules Folder called lan_to_fwB-ipsec

In the new folder, create a new IP Rule.

In the General tab:

General:

Name: allow_all

Action: Allow

Service: all_services

Address Filter:

Source Interface: lan

Source Network: lannet

Destination Interface: fwB-ipsec

Destination Network: fwB-remotenet

Click Ok.

Create a second rule in the same folder.

In the General tab:

General:

Name: allow_all

Action: Allow

Service: all_services

Address Filter:

Source Interface: fwB-ipsec

Source Network: fwB-remotenet

Destination Interface: lan

Destination Network: lannet

Click Ok.

Save and activate the configuration on firewall A.

5. Firewall B - Addresses

Go to Objects -> Address book -> InterfaceAddresses.

Edit the following items:

Change lan_ip to 192.168.2.1

Change lannet to 192.168.2.0/24

Change wan1_ip to 192.168.110.2

Change wan1net to 192.168.110.0/24

Go to Objects -> Address book.

Add a new Address Folder called RemoteHosts.

In the new folder, add a new IP4 address:

Name: fwA-remotenet

IP Address: 192.168.1.0/24

Click Ok

In the same folder, add a new IP4 address:

Name: fwA-remotegw

IP Address: 192.168.110.1

Click Ok

6. Firewall B – Pre-shared keys

Go to Objects -> Authentication Objects.

Add a new Pre-Shared Key.

General:

Name: fwA-psk

Shared secret:

Select Passphrase and enter a shared secret

Click Ok.

7. Firewall B – IPsec interface

Go to Interfaces -> IPsec.

Add a new IPsec Tunnel.

In the General tab:

General:

Name: fwA-ipsec

Local Network: lannet

Remote Network: fwA-remotenet

Remote Endpoint: fwA-remotegw

Encapsulation Mode: Tunnel

Algorithms:

IKE Algorithms: High

IKE Life Time: 28800

IPsec Algorithms: High

IPsec Life Time: 3600

IPsec Life Time: 0

In the Authentication tab:

Authentication:

Select Pre-Shared Key and fwA-psk.

Click Ok.

8. Firewall B – Rules

Go to Rules -> IP Rules.

Create a new IP Rules Folder called lan_to_fwA-ipsec

In the new folder, create a new IP Rule.

In the General tab:

General:

Name: allow_all

Action: Allow

Service: all_services

Address Filter:

Source Interface: lan

Source Network: lannet

Destination Interface: fwA-ipsec

Destination Network: fwA-remotenet

Click Ok.

Create a second rule in the same folder.

In the General tab:

General:

Name: allow_all

Action: Allow

Service: all_services

Address Filter:

Source Interface: fwA-ipsec

Source Network: fwA-remotenet

Destination Interface: lan

Destination Network: lannet

Click Ok.

Save and activate the configuration on firewall B.

This manual suits for next models

Other D-Link Firewall manuals

D-Link

D-Link NetDefend DFL-800 User manual

D-Link

D-Link DFL-700 - Security Appliance User manual

D-Link

D-Link DFL-210 - NetDefend - Security Appliance Instruction Manual

D-Link

D-Link DFL-600 User manual

D-Link

D-Link DFL-1000 User manual

D-Link

D-Link DFL-870 User manual

D-Link

D-Link D DFL-500 DFL-500 User manual

D-Link

D-Link DFL-210 - NetDefend - Security Appliance User manual

D-Link

D-Link DFL-210 - NetDefend - Security Appliance User manual

D-Link

D-Link NetDefend DFL-860 User manual

D-Link

D-Link NetDefend DFL-260E User manual

D-Link

D-Link DFL-500 User manual

D-Link

D-Link DFL-200 - Security Appliance User manual

D-Link

D-Link DIR-330 - Wireless G VPN Router User manual

D-Link

D-Link NetDefend DFL-260E User manual

D-Link

D-Link NetDefend DFL-CP310 User manual

D-Link

D-Link DFL-210 - NetDefend - Security Appliance User manual

D-Link

D-Link DFL-600 User manual

D-Link

D-Link NetDefend DFL-260E User manual

D-Link

D-Link NetDefend DFL-260E User manual

D-Link

D-Link DFL-300 - Security Appliance User manual

D-Link

D-Link DFL-1100 - Security Appliance User manual

D-Link

D-Link DFL-1000 User manual

D-Link

D-Link NetDefend SOHO DFL-160 User manual

Popular Firewall manuals by other brands

IS5 COMMUNICATIONS

IS5 COMMUNICATIONS RAPTOR iMX950 Hardware installation guide

Uplogix

Uplogix 32-port installation guide

Fortinet

Fortinet FortiGate FortiGate-500A Administration guide

Draytek

Draytek Vigor2860 Series user guide

Barracuda Networks

Barracuda Networks NG FIREWALL 5.0.3 Release notes

Fortinet

Fortinet FortiGate-100 quick start guide

Forcepoint

Forcepoint V5000 quick start guide

IBM

IBM GX7 Series Replacement instructions

Fortinet

Fortinet FortiWiFi 60CX-ADSL-A quick start guide

IS5 COMMUNICATIONS

IS5 COMMUNICATIONS RAPTOR Series installation guide

SonicWALL

SonicWALL TZ 170 quick start guide

NETGEAR

NETGEAR FVS336G - ProSafe Dual WAN Gigabit Firewall Reference manual

Fortinet

Fortinet FortiNDR 1000F quick start guide

McAfee

McAfee MAP-3300-SWG - Web Security Appliance 3300 Product guide

Fortinet

Fortinet FortiManager 400C quick start guide

Meraki

Meraki MX68W installation guide

NETGEAR

NETGEAR ProSafe FWAG114 installation guide

NETGEAR

NETGEAR ProSafe FR328S Reference manual

D-Link NetDefend Firewall Series User manual

Popular Firewall manuals by other brands