beautypg.com

Erver, 3 ipsec server – D-Link DRO-210i User Manual

Page 53

background image

Virtual Private Network

Dlink DRO-210i User Guide

53

as 192.168.20.0 with subnet mask 255.255.255.0 and outgoing device same as that of
the source interface which was specified in the corresponding tunnel entry.

8.3

IPSec Server


IPSec server allows tele-workers to connect to their corporate office securely from
anywhere in the world. Since the remote user’s IP Address will vary based on the user’s
current location, the IPSec server tunnel ignores the client's address. Instead it recognizes
the clients based on their remote IDs, which can be configured separately through the
Remote ID page.

The IPSec Server tunnel can be configured in Main Mode or Aggressive Mode. Many
Aggressive Mode Server tunnels may be added simultaneously, however only one Main
Mode Server tunnel can be configured.

Select VPN

IPSec Server

Server to configure the IPSec Server Configurations

as explained below.

IPSec Server Configurations

Add/Modify Tunnel

Tunnel Name

Enter the name of the IPSec server tunnel.

Tunnel Source
Interface

Select the WAN interface, which serves as the tunnel's source endpoint.

Shared Key

Enter the secret key that is used to establish Phase I negotiation. This key
should be entered exactly the same way on both endpoints. This key is
used for the IPSec peers to authenticate each other.

Tunnel Type

Select the type of VPN Tunnel. Only Public IPSec VPN tunnels are
supported.

Phase 1 Proposal

Mode

Select the Phase 1 negotiation mode. User can select from:

Main mode - all communications between the two endpoints of an
IPSec VPN tunnel are encrypted.

Aggressive mode - there is no encryption in the Phase 1 negotiation.

DH Group

Select the DH algorithm to generate shared keys in a secure manner. This
shared key is used for deriving encryption and hash algorithm keys used
during Phase 1 negotiation.

Group 1 generates a 768-bit key

Group 2 generates a 1024-bit key.

The same DH Group must be used on both ends of an IPSec VPN tunnel.

IKE Life Duration

Enter the life duration (in seconds) of Phase 1 key. When this timer
expires, the two IPSec peers should trigger Phase 1 negotiation again to
set up a fresh IPSec tunnel. The minimum life duration is 300 seconds and

Web UI

See also other documents in the category D-Link Hardware: