D-link Netdefend firewall series User manual

Configuration examples for the D-Link

NetDefend Firewall series

Scenario: How to configure IPSec VPN LAN-to-LAN Tunnel

Platform Compatibility: All NetDefend Firewall Series

Last update: 2008-03-07

Overview

In this document, the notation Objects->Address book means that in the tree on the left

side of the screen Objects first should be clicked (expanded) and then Address Book.

Most of the examples in this document are adapted for the DFL-800. The same settings can

easily be used for all other models in the series. The only difference is the names of the

interfaces. Since the DFL-1600 and DFL-2500 has more than one lan interface, the lan

interfaces are named lan1, lan2 and lan3 not just lan.

The screenshots in this document is from firmware version 2.12.00. If you are using an

earlier version of the firmware, the screenshots may not be identical to what you see on

your browser.

How to configure IPSec VPN LAN-to-LAN Tunnel

Create one lan-to-lan IPsec VPN tunnel between firewall A and B.

1. Firewall A - Addresses

Go to Objects -> Address book -> InterfaceAddresses.

Edit the following items:

Change lan_ip to 192.168.1.1

Change lannet to 192.168.1.0/24

Change wan1_ip to 192.168.110.1

Change wan1net to 192.168.110.0/24

Go to Objects -> Address book.

Add a new Address Folder called RemoteHosts.

In the new folder, add a new IP address:

Name: fwB-remotenet

IP Address: 192.168.2.0/24

Click Ok

In the same folder, add a new IP address:

Name: fwB-remotegw

IP Address: 192.168.110.2

Click Ok

2. Firewall A – Pre-shared keys

Go to Objects -> Authentication Objects

Add a new Pre-Shared Key.

General:

Name: fwB-psk

Shared secret:

Select Passphrase and enter a shared secret

Click Ok.

3. Firewall A – IPsec interface

Go to Interfaces -> IPsec.

Add a new IPsec Tunnel.

In the General tab:

General:

Name: fwB-ipsec

Local Network: lannet

Remote Network: fwB-remotenet

Remote Endpoint: fwB-remotegw

Encapsulation Mode: Tunnel

Algorithms:

IKE Algorithms: High

IKE Life Time: 28800

IPsec Algorithms: High

IPsec Life Time: 3600

IPsec Life Time: 0

In the Authentication tab:

Authentication:

Select Pre-Shared Key and fwB-psk.

Click Ok.

4. Firewall A – Rules

Go to Rules -> IP Rules.

Create a new IP Rules Folder called lan_to_fwB-ipsec

In the new folder, create a new IP Rule.

In the General tab:

General:

Name: allow_all

Action: Allow

Service: all_services

Address Filter:

Source Interface: lan

Source Network: lannet

Destination Interface: fwB-ipsec

Destination Network: fwB-remotenet

Click Ok.

Create a second rule in the same folder.

In the General tab:

General:

Name: allow_all

Action: Allow

Service: all_services

Address Filter:

Source Interface: fwB-ipsec

Source Network: fwB-remotenet

Destination Interface: lan

Destination Network: lannet

Click Ok.

Save and activate the configuration on firewall A.

5. Firewall B - Addresses

Go to Objects -> Address book -> InterfaceAddresses.

Edit the following items:

Change lan_ip to 192.168.2.1

Change lannet to 192.168.2.0/24

Change wan1_ip to 192.168.110.2

Change wan1net to 192.168.110.0/24

Go to Objects -> Address book.

Add a new Address Folder called RemoteHosts.

In the new folder, add a new IP4 address:

Name: fwA-remotenet

IP Address: 192.168.1.0/24

Click Ok

In the same folder, add a new IP4 address:

Name: fwA-remotegw

IP Address: 192.168.110.1

Click Ok

6. Firewall B – Pre-shared keys

Go to Objects -> Authentication Objects.

Add a new Pre-Shared Key.

General:

Name: fwA-psk

Shared secret:

Select Passphrase and enter a shared secret

Click Ok.

7. Firewall B – IPsec interface

Go to Interfaces -> IPsec.

Add a new IPsec Tunnel.

In the General tab:

General:

Name: fwA-ipsec

Local Network: lannet

Remote Network: fwA-remotenet

Remote Endpoint: fwA-remotegw

Encapsulation Mode: Tunnel

Algorithms:

IKE Algorithms: High

IKE Life Time: 28800

IPsec Algorithms: High

IPsec Life Time: 3600

IPsec Life Time: 0

In the Authentication tab:

Authentication:

Select Pre-Shared Key and fwA-psk.

Click Ok.

8. Firewall B – Rules

Go to Rules -> IP Rules.

Create a new IP Rules Folder called lan_to_fwA-ipsec

In the new folder, create a new IP Rule.

In the General tab:

General:

Name: allow_all

Action: Allow

Service: all_services

Address Filter:

Source Interface: lan

Source Network: lannet

Destination Interface: fwA-ipsec

Destination Network: fwA-remotenet

Click Ok.

Create a second rule in the same folder.

In the General tab:

General:

Name: allow_all

Action: Allow

Service: all_services

Address Filter:

Source Interface: fwA-ipsec

Source Network: fwA-remotenet

Destination Interface: lan

Destination Network: lannet

Click Ok.

Save and activate the configuration on firewall B.

This manual suits for next models

Other D-Link Firewall manuals

D-Link

D-Link DFL-800 - Security Appliance User manual

D-Link

D-Link NetDefend DFL-260E User manual

D-Link

D-Link DFL-1100 - Security Appliance User manual

D-Link

D-Link DFL-800 - Security Appliance User manual

D-Link

D-Link NetDefend DFL-2560G Manual

D-Link

D-Link DFL-700 - Security Appliance User manual

D-Link

D-Link NetDefend SOHO DFL-160 User manual

D-Link

D-Link NetDefend SOHO DFL-160 User manual

D-Link

D-Link DFL-1000 User manual

D-Link

D-Link DFL-1000 User manual

D-Link

D-Link DFL-1600 - Security Appliance User manual

D-Link

D-Link NetDefend DFL-800 User manual

D-Link

D-Link DFL-210 - NetDefend - Security Appliance Instruction Manual

D-Link

D-Link DFL-210 - NetDefend - Security Appliance User manual

D-Link

D-Link NetDefend SOHO DFL-160 User manual

D-Link

D-Link NetDefend DFL-260E User manual

D-Link

D-Link DFL-1660-WCF-12 User manual

D-Link

D-Link DFL-1100 - Security Appliance User manual

D-Link

D-Link NetDefend DFL-1660 User manual

D-Link

D-Link NetDefend DFL-1660 User manual

D-Link

D-Link DFL-210 - NetDefend - Security Appliance User manual

D-Link

D-Link DFL-200 - Security Appliance User manual

D-Link

D-Link NetDefend DFL-260E User manual

D-Link

D-Link DFL-80 User manual

Popular Firewall manuals by other brands

Draytek

Draytek Vigor2960 user guide

Cisco

Cisco PIX 506 - Firewall quick start guide

ZyXEL Communications

ZyXEL Communications ZyWALL 110 Series user guide

Fortinet

Fortinet FortiGate-100 installation guide

PaloAlto Networks

PaloAlto Networks PA-1400 Series Hardware reference

Untangle

Untangle u25xw Setup guide

IBM

IBM QRadar XGS 5200 Replacement instructions

Cisco

Cisco ASA 5506-X installation guide

Barracuda

Barracuda F100 quick start guide

NETGEAR

NETGEAR ProSafe FVX538 installation guide

Fortinet

Fortinet Fortiwifi fortiwifi-60 Administration guide

IS5 COMMUNICATIONS

IS5 COMMUNICATIONS RAPTOR iMX950 Hardware installation guide

Fortinet

Fortinet FortiGate FortiGate-4000 installation guide

Fortinet

Fortinet FortiManager-3000B quick start guide

Fortinet

Fortinet FortiGate FortiGate-1000 installation guide

8e6 Technologies

8e6 Technologies Enterprise Filter Authentication R3000 user guide

PaloAlto Networks

PaloAlto Networks PA-400 Series Hardware reference

PaloAlto Networks

PaloAlto Networks PA-7050 PAN-AIRDUCT Hardware reference guide

D-Link NetDefend Firewall Series User manual

Popular Firewall manuals by other brands