Page 31 / 83 Scroll up to view Page 26 - 30
²µ
D-L±nk DIR-130 User Manual
Sect±on 3 - Configurat±on
DHCP Reservation
If you want a computer or device to always have the same IP address assigned, you can create a DHCP reservation.
The router will assign the IP address only to that computer or device.
Note:
This IP address must be within the DHCP IP Address Range.
Check the box under the first column to enable
the reservation.
Enter the computer name or select from the
drop-down menu (last column) and click
<<
.
Enter the IP address you want to assign to the
computer or device. This IP Address must be
within the DHCP IP Address Range.
Enter the MAC address of the computer or
device.
If you want to assign an IP address to the
computer you are currently on, click this button
to populate the fields.
Click
Save
to save your entry. You must click
Save Settings
at the top to activate your
reservations.
DHCP
Reservations List:
Computer Name:
IP Address:
MAC Address:
Copy Your PC’s
MAC Address:
Save:
Page 32 / 83
²¶
D-L±nk DIR-130 User Manual
Sect±on 3 - Configurat±on
VPN Settings
The DIR-130 supports IPSec, PPTP, and L2TP VPN as the Server Endpoint.
Select
IPSec
or
PPTP/L2TP
from the drop-down
menu and then click
Add
.
Add VPN Profile:
Page 33 / 83
²·
D-L±nk DIR-130 User Manual
Sect±on 3 - Configurat±on
IPSec Settings
Check this box to enable IPSec.
Enter a name for your VPN.
Enter the local (LAN) subnet and mask.
(ex. 192.168.0.0/24)
Select Site to Site or Remote User for the
required VPN configuration.
Site to Site
- Network-to-network VPN in
which two entire LAN networks are virtually
connected across the Internet. If selected,
enter the destination gateway IP address in
the box which is the public WAN IP or host
address of the remote VPN server endpoint.
Remote User
– Client-to-server VPN in
which remote VPN clients can to connect to
the router from the Internet and access Local
Network resources.
If
Site to Site
is selected, enter the Destination
subnet and mask of the remote network.
(ex. 192.168.1.0/24)
Select Pre-shared Key or X.509 Certificate Authentication. One of these two authentication methods must be selected.
Pre-shared Key
- Manually enter ASCII passphrase in box.
X.509 Certificate
- For certificate authentication, certificates must be manually uploaded to the router. See the “Certificates”
section for details.
Enable:
Name:
Local Net/ Mask:
Remote IP:
Remote Local
LAN Net/ Mask:
Authentication:
Page 34 / 83
²¸
D-L±nk DIR-130 User Manual
Sect±on 3 - Configurat±on
Main / Aggressive Mode:
NAT-T Enable:
• Additional Authentication Methods (Optional)
XAUTH
- Check this box to include additional username and password authentication requirements for the VPN.
Select
Server Mode
or
Client Mode
.
Server Mode
- Select a group from the Authentication database drop-down menu containing the list
of user credentials permitted.
Client Mode
- Enter the user name and password if required by the remote VPN server endpoint
configured in xAuth Server Mode.
Local/Remote ID
- Check this box to include additional ID authentication requirements for the VPN using a specific
IP Address, FQDN, ASN1, or a Custom String.
Local ID
- Select one of the options from the drop-down menu. Enter an ID to identify and authenticate
the local VPN endpoint.
Remote ID
- Select one of the options from the drop-down menu. Enter an ID to identify and authenticate
the remote VPN endpoint.
Select Main Mode or Aggressive Mode for IKE Phase 1 negotiation.
Main Mode
- Select this option to configure the standard negotiation parameters for IKE Phase 1 of
the VPN Tunnel. (Recommended Setting)
Aggressive Mode
- Select this option to configure IKE Phase 1 of the VPN Tunnel to carry out
negotiation in a shorter amount of time. (Not Recommended - Less Secure)
Check this box to enable NAT Traversal. Enabling this option will allow IPSec traffic from this endpoint to traverse
through the translation process during NAT. The remote VPN endpoint must also support this feature and it must
be enabled to function properly over the VPN.
Page 35 / 83
30
D-L±nk DIR-130 User Manual
Sect±on 3 - Configurat±on
Keep Alive / DPD:
DH Group:
IKE Proposal List:
IKE Lifetime:
PFS Enable:
PFS DH Group:
IPSec Proposal List:
IPSec Lifetime:
Select
None
,
Keep Alive
, or
DPD
(Dead Peer
Connection).
None
- Select this option to disable Keep Alive.
Keep Alive
- Select this option to send
random ping
requests from this endpoint to the remote endpoint
keeping the tunnel established during long idle
periods of inactivity.
DPD
- Select this option to delete the VPN tunnel if
there is no traffic detected. The VPN will re-establish
once traffic is again sent through the tunnel.
Select a DH Group from the drop-down menu. As the DH
Group number increases, the higher the level of encryption
implemented for Phase 1.
Select the Cipher and Hash from the drop-down menus.
The proposal listing is evaluated in order with #1 being the
first proposal to attempt in IKE negotiation.
Enter the number of seconds for the IKE Lifetime. The period of time to pass before establishing a new IKE security
association (SA) with the remote endpoint. The default value is 28800.
Check to enable or uncheck to disable. PFS is an additional security protocol.
Select a PFS DH Group from the drop-down menu. As the DH Group number increases, the higher the level of
encryption implemented for PFS.
Select the Cipher and Hash from the drop-down menus. The proposal listing is evaluated in order with #1 being
the first proposal to attempt in IPSec negotiation.
Enter the number of seconds for the IPSec Lifetime. The period of time to pass before establishing a new IPSec
security association (SA) with the remote endpoint. The default value is 3600.

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top