Configuring ipsec redundancy – D-Link DFL-500 User Manual
Page 52
DFL-500 User Manual
52
See
Adding an AutoIKE key VPN tunnel
.
Or, add a manual key VPN tunnel.
See
Adding a manual key VPN tunnel
.
• Add one encrypt policy between the member VPN and the VPN concentrator. Use the following
configuration:
Source
Member VPN address.
Destination
VPN concentrator address.
Action
ENCRYPT
VPN Tunnel
The VPN tunnel added in step 2.
Allow inbound
Select allow inbound.
Allow outbound Select allow outbound.
Inbound NAT
Select inbound NAT if required.
Outbound NAT
Select outbound NAT if required.
See
Adding an encrypt policy
.
• Add additional encrypt policies between the member VPNs. Use the following configuration:
Source
Local member VPN address.
Destination
Remote member VPN address
Action
ENCRYPT
VPN Tunnel
The VPN tunnel added in step 2.
Allow inbound
Select allow inbound.
Allow outbound Select allow outbound.
Inbound NAT
Select inbound NAT if required.
Outbound NAT
Select outbound NAT if required.
Configuring IPSec redundancy
IPSec redundancy allows you to create a redundant AutoIKE key IPSec VPN configuration to two remote
VPN gateway addresses.
For IPSec redundancy to work, both Internet connections must have static IP addresses.
To configure IPSec redundancy:
• Add two remote gateways with the same settings (including the same authentication key) but with
different remote gateway addresses.
See
Adding a remote gateway
.
• Add two AutoIKE key tunnels with the same settings and add one of the remote gateways to each
tunnel.
See
Adding an AutoIKE key VPN tunnel
.
• Add two outgoing encrypt policies.