²µ

D-L±nk DIR-130 User Manual

Sect±on 3 - Configurat±on

DHCP Reservation

If you want a computer or device to always have the same IP address assigned, you can create a DHCP reservation.

The router will assign the IP address only to that computer or device.

Note:

This IP address must be within the DHCP IP Address Range.

Check the box under the first column to enable

the reservation.

Enter the computer name or select from the

drop-down menu (last column) and click

<<

.

Enter the IP address you want to assign to the

computer or device. This IP Address must be

within the DHCP IP Address Range.

Enter the MAC address of the computer or

device.

If you want to assign an IP address to the

computer you are currently on, click this button

to populate the fields.

Click

Save

to save your entry. You must click

Save Settings

at the top to activate your

reservations.

DHCP

Reservations List:

Computer Name:

IP Address:

MAC Address:

Copy Your PC’s

MAC Address:

Save:

²¶

D-L±nk DIR-130 User Manual

Sect±on 3 - Configurat±on

VPN Settings

The DIR-130 supports IPSec, PPTP, and L2TP VPN as the Server Endpoint.

Select

IPSec

or

PPTP/L2TP

from the drop-down

menu and then click

Add

.

Add VPN Profile:

²·

D-L±nk DIR-130 User Manual

Sect±on 3 - Configurat±on

IPSec Settings

Check this box to enable IPSec.

Enter a name for your VPN.

Enter the local (LAN) subnet and mask.

(ex. 192.168.0.0/24)

Select Site to Site or Remote User for the

required VPN configuration.

•

Site to Site

- Network-to-network VPN in

which two entire LAN networks are virtually

connected across the Internet. If selected,

enter the destination gateway IP address in

the box which is the public WAN IP or host

address of the remote VPN server endpoint.

•

Remote User

– Client-to-server VPN in

which remote VPN clients can to connect to

the router from the Internet and access Local

Network resources.

If

Site to Site

is selected, enter the Destination

subnet and mask of the remote network.

(ex. 192.168.1.0/24)

Select Pre-shared Key or X.509 Certificate Authentication. One of these two authentication methods must be selected.

•

Pre-shared Key

- Manually enter ASCII passphrase in box.

•

X.509 Certificate

- For certificate authentication, certificates must be manually uploaded to the router. See the “Certificates”

section for details.

Enable:

Name:

Local Net/ Mask:

Remote IP:

Remote Local

LAN Net/ Mask:

Authentication:

²¸

D-L±nk DIR-130 User Manual

Sect±on 3 - Configurat±on

Main / Aggressive Mode:

NAT-T Enable:

• Additional Authentication Methods (Optional)

XAUTH

- Check this box to include additional username and password authentication requirements for the VPN.

Select

Server Mode

or

Client Mode

.

•

Server Mode

- Select a group from the Authentication database drop-down menu containing the list

of user credentials permitted.

•

Client Mode

- Enter the user name and password if required by the remote VPN server endpoint

configured in xAuth Server Mode.

Local/Remote ID

- Check this box to include additional ID authentication requirements for the VPN using a specific

IP Address, FQDN, ASN1, or a Custom String.

•

Local ID

- Select one of the options from the drop-down menu. Enter an ID to identify and authenticate

the local VPN endpoint.

•

Remote ID

- Select one of the options from the drop-down menu. Enter an ID to identify and authenticate

the remote VPN endpoint.

Select Main Mode or Aggressive Mode for IKE Phase 1 negotiation.

•

Main Mode

- Select this option to configure the standard negotiation parameters for IKE Phase 1 of

the VPN Tunnel. (Recommended Setting)

•

Aggressive Mode

- Select this option to configure IKE Phase 1 of the VPN Tunnel to carry out

negotiation in a shorter amount of time. (Not Recommended - Less Secure)

Check this box to enable NAT Traversal. Enabling this option will allow IPSec traffic from this endpoint to traverse

through the translation process during NAT. The remote VPN endpoint must also support this feature and it must

be enabled to function properly over the VPN.

30

D-L±nk DIR-130 User Manual

Sect±on 3 - Configurat±on

Keep Alive / DPD:

DH Group:

IKE Proposal List:

IKE Lifetime:

PFS Enable:

PFS DH Group:

IPSec Proposal List:

IPSec Lifetime:

Select

None

,

Keep Alive

, or

DPD

(Dead Peer

Connection).

•

None

- Select this option to disable Keep Alive.

•

Keep Alive

- Select this option to send

random ping

requests from this endpoint to the remote endpoint

keeping the tunnel established during long idle

periods of inactivity.

•

DPD

- Select this option to delete the VPN tunnel if

there is no traffic detected. The VPN will re-establish

once traffic is again sent through the tunnel.

Select a DH Group from the drop-down menu. As the DH

Group number increases, the higher the level of encryption

implemented for Phase 1.

Select the Cipher and Hash from the drop-down menus.

The proposal listing is evaluated in order with #1 being the

first proposal to attempt in IKE negotiation.

Enter the number of seconds for the IKE Lifetime. The period of time to pass before establishing a new IKE security

association (SA) with the remote endpoint. The default value is 28800.

Check to enable or uncheck to disable. PFS is an additional security protocol.

Select a PFS DH Group from the drop-down menu. As the DH Group number increases, the higher the level of

encryption implemented for PFS.

Select the Cipher and Hash from the drop-down menus. The proposal listing is evaluated in order with #1 being

the first proposal to attempt in IPSec negotiation.

Enter the number of seconds for the IPSec Lifetime. The period of time to pass before establishing a new IPSec

security association (SA) with the remote endpoint. The default value is 3600.