Page 36 / 114 Scroll up to view Page 31 - 35
31
D-Link DIR-330 User Manual
Section 3 - Configuration
IPSec Settings
Check this box to enable IPSec.
Enter a name for your VPN.
Enter the local (LAN) subnet and mask.
(ex. 192.168.0.0/24)
Select Site to Site or Remote User for the
required VPN configuration.
Site to Site
- Network-to-network VPN in
which two entire LAN networks are virtually
connected across the Internet. If selected,
enter the destination gateway IP address in
the box which is the public WAN IP or host
address of the remote VPN server endpoint.
Remote User
– Client-to-server VPN in
which remote VPN clients can to connect to
the router from the Internet and access Local
Network resources.
If
Site to Site
is selected, enter the Destination
subnet and mask of the remote network.
(ex. 192.168.1.0/24)
Select Pre-shared Key or X.509 Certificate Authentication. One of these two authentication methods must be selected.
Pre-shared Key
- Manually enter ASCII passphrase in box.
X.509 Certificate
- For certificate authentication, certificates must be manually uploaded to the router. See the “Certificates”
section for details.
Enable:
Name:
Local Net/ Mask:
Remote IP:
Remote Local
LAN Net/ Mask:
Authentication:
Page 37 / 114
32
D-Link DIR-330 User Manual
Section 3 - Configuration
Main / Aggressive
Mode:
NAT-T Enable:
• Additional Authentication Methods (Optional)
XAUTH
- Check this box to include additional username and password authentication requirements for the VPN. Select
Server Mode
or
Client Mode
.
Server Mode
- Select a group from the Authentication database drop-down menu containing the list of user
credentials permitted.
Client Mode
- Enter the user name and password if required by the remote VPN server endpoint configured in
xAuth Server Mode.
Local/Remote ID
- Check this box to include additional ID authentication requirements for the VPN using a specific IP Address,
FQDN, ASN1, or a Custom String.
Local ID
- Select one of the options from the drop-down menu. Enter an ID to identify and authenticate the local
VPN endpoint.
Remote ID
- Select one of the options from the drop-down menu. Enter an ID to identify and authenticate the
remote VPN endpoint.
Select Main Mode or Aggressive Mode for IKE Phase 1 negotiation.
Main Mode
- Select this option to configure the standard negotiation parameters for IKE Phase 1 of the VPN
Tunnel. (Recommended Setting)
Aggressive Mode
- Select this option to configure IKE Phase 1 of the VPN Tunnel to carry out negotiation in a
shorter amount of time. (Not Recommended - Less Secure)
Check this box to enable NAT Traversal. Enabling this option will allow IPSec traffic from this endpoint to traverse through the
translation process during NAT. The remote VPN endpoint must also support this feature and it must be enabled to function
properly over the VPN.
Page 38 / 114
33
D-Link DIR-330 User Manual
Section 3 - Configuration
Keep Alive /
DPD:
DH Group:
IKE Proposal
List:
IKE Lifetime:
PFS Enable:
PFS DH Group:
IPSec Proposal
List:
IPSec Lifetime:
Select
None
,
Keep Alive
, or
DPD
(Dead Peer Connection).
None
- Select this option to disable Keep Alive.
Keep Alive
- Select this option to send
random ping requests
from this endpoint to the remote endpoint keeping the tunnel
established during long idle periods of inactivity.
DPD
- Select this option to delete the VPN tunnel if there is no
traffic detected. The VPN will re-establish once traffic is again
sent through the tunnel.
Select a DH Group from the drop-down menu. As the DH Group
number increases, the higher the level of encryption implemented
for Phase 1.
Select the Cipher and Hash from the drop-down menus. The proposal
listing is evaluated in order with #1 being the first proposal to attempt
in IKE negotiation.
Enter the number of seconds for the IKE Lifetime. The period of time
to pass before establishing a new IKE security association (SA) with
the remote endpoint. The default value is 28800.
Check to enable or uncheck to disable. PFS is an additional security protocol.
Select a PFS DH Group from the drop-down menu. As the DH Group number increases, the higher the level of encryption
implemented for PFS.
Select the Cipher and Hash from the drop-down menus. The proposal listing is evaluated in order with #1 being the first
proposal to attempt in IPSec negotiation.
Enter the number of seconds for the IPSec Lifetime. The period of time to pass before establishing a new IPSec security
association (SA) with the remote endpoint. The default value is 3600.
Page 39 / 114
34
D-Link DIR-330 User Manual
Section 3 - Configuration
PPTP/L2TP Settings
Check this box to enable.
Enter a name for your VPN.
Select
PPTP
,
L2TP
, or
L2TP over IPsec
.
Enter the VPN Server IP address which is the LAN
IP of the router. (i.e. 192.168.0.1).
Assign a range of IP addresses. The assigned IP
range should be on the same IP network but not
the in the same range as your DHCP IP range. For
example, if your network is 192.168.0.xxx and you
set the DHCP range to 192.168.0.100-200, the
remote IP range cannot be within 192.168.0.100-
200.
Select the desired authentication protocol (PAP/
CHAP/MS-CHAP v2).
Select the level of encryption (None/40-bit/128-
bit).
Select a user group from the drop-down menu.
You can create user groups in the
Advanced
>
User Group
section.
Enable Setting:
Name:
Connection
Type:
VPN Server IP:
Remote IP
Range:
Authentication
Protocol:
MPPE
Encryption
Mode:
Authentication
Database:
PPTP uses TCP port 1723 for its control connection and uses GRE (IP protocol 47) for the PPP data. PPTP supports
data encryption by used MPPE. L2TP uses UDP protocol to transport the PPP data. This is often encapsulated in
IPsec encryption instead of MPPE.
Page 40 / 114
35
D-Link DIR-330 User Manual
Section 3 - Configuration
SSL VPN Settings
Select a certificate to use for SSL. You can add a
new certificate by clicking
New
, which will take you
to the
Advanced > Certificates
page.
Check this box to enable SSL VPN.
Enter a name for your VPN.
Select a User Group to include in your SSL VPN.
Enter the LAN IP network in which connected SSL
VPN clients are allowed access.
Example:
If these are the current settings,
Router IP Address: 192.168.0.1
Router Subnet Mask: 255.255.255.0
Use the following configuration,
Client Accessible Range: 192.168.0.0/24
Certificate
Select:
Enable
SSLVPN:
Name:
User Group:
Client
Accessible
Range:

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top