Configuring the vpn concentrator, Configuring the member vpns – D-Link DFL-500 User Manual
Page 51

DFL-500 User Manual
Configuring the VPN concentrator
On the VPN concentrator network, you must create one VPN tunnel for each of the prospective VPN
concentrator members and then add these tunnels to a VPN concentrator. You can add both AutoIKE and
manual key VPN tunnels to a VPN concentrator.
Encrypt policies control the direction of traffic through the VPN concentrator. You must create a separate
encrypt policy for each VPN added to the concentrator. These policies allow inbound and outbound VPN
connections between the concentrator and the member VPN tunnels. The encrypt policy for each member
VPN tunnel must include the member VPN tunnel name.
To configure the VPN concentrator:
• Add the required number of remote gateways.
Each AutoIKE key tunnel requires a remote gateway.
Adding a remote gateway
• Add the required number of AutoIKE key VPN tunnels and include the remote gateways added in
step 1.
Adding an AutoIKE key VPN tunnel
• Add the required number of manual key VPN tunnels.
Adding a manual key VPN tunnel
• Add a VPN concentrator that includes the tunnels added in steps 2 and 3.
Adding a VPN concentrator
• Add one encrypt policy for each member VPN. Use the following configuration for each policy:
VPN concentrator address.
Member VPN address.
VPN Tunnel
The member VPN tunnel name.
Allow inbound
Select allow inbound.
Allow outbound Select allow outbound
Inbound NAT
Select inbound NAT if required.
Outbound NAT
Select outbound NAT if required.
Adding an encrypt policy
Configuring the member VPNs
For each member VPN, you must create a VPN tunnel to the VPN concentrator network. This tunnel can be
an AutoIKE key or manual key tunnel.
You must create an encrypt policy that allows inbound and outbound VPN connections between the member
VPN and the concentrator.
You must create additional encrypt policies that allow inbound and outbound VPN connections between each
of the member VPNs.
The policy between the member VPN and the concentrator must be arranged in the policy list above the
policies between member VPNs. Each encrypt policy must include the same tunnel name.
To configure each member VPN:
• Add a remote gateway if you are adding AutoIKE key tunnels.
Adding a remote gateway
• Add an AutoIKE key VPN tunnel and include the remote gateway added in step 1.