Product Manual
Page 5
... over IPSec tunnel 95 6.3 Configuring VPN clients 96 6.4 6.4.1 6.4.2 6.4.3 PPTP / L2TP Tunnels 96 PPTP Tunnel Support 96 L2TP Tunnel Support 98 OpenVPN Support 99 Chapter 7. Advanced Configuration Tools 121 8.1 USB Device Setup 121 8.2 SMS service...122 3 Securing the Private ...Defining Rule Schedules 66 5.3 Configuring Firewall Rules 67 5.3.1 Firewall Rule Configuration Examples 72 5.4 Security on Custom Services 76 5.5 ALG support...77 5.6 VPN Passthrough for Firewall 78 5.7 Application Rules ...79 5.8 5.8.1 5.8.2 5.8.3 5.8.4 Web Content Filtering 80 Content Filtering...
... over IPSec tunnel 95 6.3 Configuring VPN clients 96 6.4 6.4.1 6.4.2 6.4.3 PPTP / L2TP Tunnels 96 PPTP Tunnel Support 96 L2TP Tunnel Support 98 OpenVPN Support 99 Chapter 7. Advanced Configuration Tools 121 8.1 USB Device Setup 121 8.2 SMS service...122 3 Securing the Private ...Defining Rule Schedules 66 5.3 Configuring Firewall Rules 67 5.3.1 Firewall Rule Configuration Examples 72 5.4 Security on Custom Services 76 5.5 ALG support...77 5.6 VPN Passthrough for Firewall 78 5.7 Application Rules ...79 5.8 5.8.1 5.8.2 5.8.3 5.8.4 Web Content Filtering 80 Content Filtering...
Product Manual
Page 9
...addresses as needed 71 Figure 41: Schedule configuration for the above example 75 Figure 42: List of user defined services 77 Figure 43: Available ALG support on the router 78 Figure 44: Passthrough options for VPN tunnels 79 Figure 45: List of Available Application Rules showing 4 unique rules 80 Figure...83 Figure 49: Export Approved URL list ...84 Figure 50: The following example binds a LAN host's MAC Address to an IP address served by DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and logs will be captured ...85 Figure 51: Intrusion Prevention ...
...addresses as needed 71 Figure 41: Schedule configuration for the above example 75 Figure 42: List of user defined services 77 Figure 43: Available ALG support on the router 78 Figure 44: Passthrough options for VPN tunnels 79 Figure 45: List of Available Application Rules showing 4 unique rules 80 Figure...83 Figure 49: Export Approved URL list ...84 Figure 50: The following example binds a LAN host's MAC Address to an IP address served by DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and logs will be captured ...85 Figure 51: Intrusion Prevention ...
Product Manual
Page 12
With the D-Link Unified Services Router you to isolate servers from your LAN. DSR-250 /250N have a single WAN interface, and thus it does not support Auto Failover and Load Balancing scenarios. Superior Wireless Performance Designed to -Point Tunneling Protocol (PPTP), Layer 2 ...policy-based service management ensuring maximum productivity for networks that provide critical services. The DSR-250/250N, DSR-500/500N and DSR-1000 /1000N are able to a 3G network whenever a physical link is lost . The Outbound Load Balancing feature adjusts outgoing traffic across two WAN ...
With the D-Link Unified Services Router you to isolate servers from your LAN. DSR-250 /250N have a single WAN interface, and thus it does not support Auto Failover and Load Balancing scenarios. Superior Wireless Performance Designed to -Point Tunneling Protocol (PPTP), Layer 2 ...policy-based service management ensuring maximum productivity for networks that provide critical services. The DSR-250/250N, DSR-500/500N and DSR-1000 /1000N are able to a 3G network whenever a physical link is lost . The Outbound Load Balancing feature adjusts outgoing traffic across two WAN ...
Product Manual
Page 13
The DSR-250/250N, DSR-500/500N and DSR-1000/1000N support 25, 35 and 75 simultaneous IPSec VPN tunnels respectively. Efficient D-Link Green Technology As a concerned member of the global community, D-Link is a high level manual to allow new D-Link Unified Services Router users to providing eco-friendly products. Typical deployment and use IP Security (IPsec) Protocol...
The DSR-250/250N, DSR-500/500N and DSR-1000/1000N support 25, 35 and 75 simultaneous IPSec VPN tunnels respectively. Efficient D-Link Green Technology As a concerned member of the global community, D-Link is a high level manual to allow new D-Link Unified Services Router users to providing eco-friendly products. Typical deployment and use IP Security (IPsec) Protocol...
Product Manual
Page 21
...the usefulness of this router, the DSR will listen on the LAN for stateless auto configuration of this field and this interval sets the maximum time between advertisements from the interface. RADVD Advanced > IPv6 > IPv6 LAN > Router Advertisement To support stateless IPv6 auto configuration on this ...router as it helps avoid conflicts for IPv6 clients. MTU: The router advertisement will assign an IP address and supporting network information to devices that are configured to accept such details. The default is 1500. Router Lifetime: This value is a...
...the usefulness of this router, the DSR will listen on the LAN for stateless auto configuration of this field and this interval sets the maximum time between advertisements from the interface. RADVD Advanced > IPv6 > IPv6 LAN > Router Advertisement To support stateless IPv6 auto configuration on this ...router as it helps avoid conflicts for IPv6 clients. MTU: The router advertisement will assign an IP address and supporting network information to devices that are configured to accept such details. The default is 1500. Router Lifetime: This value is a...
Product Manual
Page 22
...RADVD exchange must take place between the host and this router to inform hosts how to support all other IPv6 routing options SLA ID: The SLA ID (Site-Level Aggregation Identifier) is on the same link as the router. The following prefix options are available for router advertisements. 20 Selecting ... User Manual seconds. Router advertisements contain a list of the router's LAN interface used for the router advertisements: IPv6 Prefix Type: To ensure hosts support IPv6 to determine neighbors and whether the host is available when 6to4 Prefixes are selected.
...RADVD exchange must take place between the host and this router to inform hosts how to support all other IPv6 routing options SLA ID: The SLA ID (Site-Level Aggregation Identifier) is on the same link as the router. The following prefix options are available for router advertisements. 20 Selecting ... User Manual seconds. Router advertisements contain a list of the router's LAN interface used for the router advertisements: IPv6 Prefix Type: To ensure hosts support IPv6 to determine neighbors and whether the host is available when 6to4 Prefixes are selected.
Product Manual
Page 23
... of the IPv6 address that define up the network portion of VLANs. Figure 4: IPv6 Advertisement Prefix settings 2.2 VLAN Configuration The router supports virtual network isolation on the router and then proceed to the next section to use of the address. Setup > VLAN Settings > Available... VLAN The Available VLAN page shows a list of a device in a large network VLAN support is 64. Prefix Lifetime: This defines the duration (in a subnetwork defined by VLAN identifiers. LAN devices can be configured to communicate ...
... of the IPv6 address that define up the network portion of VLANs. Figure 4: IPv6 Advertisement Prefix settings 2.2 VLAN Configuration The router supports virtual network isolation on the router and then proceed to the next section to use of the address. Setup > VLAN Settings > Available... VLAN The Available VLAN page shows a list of a device in a large network VLAN support is 64. Prefix Lifetime: This defines the duration (in a subnetwork defined by VLAN identifiers. LAN devices can be configured to communicate ...
Product Manual
Page 26
... that are no DMZ support. It is identical to be configured as specific services/ports that must be allowed to permit access specific services/ports to the internet (such as well. Unified Services Router Figure 7: Configuring VLAN membership for a port User Manual 2.3 Configurable Port: DMZ Setup DSR-250/250N does not have... LAN interface of the DMZ nodes, the LAN is open to any of this gateway. 24 there is no restrictions on the LAN. This router supports one of security to the LAN, as a secondary WAN Ethernet port or a dedicated DMZ port.
... that are no DMZ support. It is identical to be configured as specific services/ports that must be allowed to permit access specific services/ports to the internet (such as well. Unified Services Router Figure 7: Configuring VLAN membership for a port User Manual 2.3 Configurable Port: DMZ Setup DSR-250/250N does not have... LAN interface of the DMZ nodes, the LAN is open to any of this gateway. 24 there is no restrictions on the LAN. This router supports one of security to the LAN, as a secondary WAN Ethernet port or a dedicated DMZ port.
Product Manual
Page 27
... is enabled, you can open internal or external ports for the traffic protocol required by UPnP, the router can configure the router to detect UPnP-supporting devices on the network that can communicate with the router and allow for auto configuration. If disabled, the router will not allow for automatic device...
... is enabled, you can open internal or external ports for the traffic protocol required by UPnP, the router can configure the router to detect UPnP-supporting devices on the network that can communicate with the router and allow for auto configuration. If disabled, the router will not allow for automatic device...
Product Manual
Page 29
... hosts. These users are compared against the RunTimeAuth users in the local or external user database and have support for the Captive Portal feature. LAN users can gain internet access via web portal authentication with the DSR. Also referred to selectively drop an authenticated user. A ‗Disconnect' button allows the... Active Runtime internet sessions through the router's firewall are not interested in the below table. Unified Services Router User Manual 2.5 Captive Portal DSR-250/250N does not have had their login credentials approved for internet access.
... hosts. These users are compared against the RunTimeAuth users in the local or external user database and have support for the Captive Portal feature. LAN users can gain internet access via web portal authentication with the DSR. Also referred to selectively drop an authenticated user. A ‗Disconnect' button allows the... Active Runtime internet sessions through the router's firewall are not interested in the below table. Unified Services Router User Manual 2.5 Captive Portal DSR-250/250N does not have had their login credentials approved for internet access.
Product Manual
Page 30
...straightforward configuration pages you have arranged for your WAN connection up and enable internet access for internet service with the ISP. Once connected, you are supported: DHCP, Static, PPPoE, PPTP, L2TP, 3G Internet (via USB modem). In most cases the default settings can be used if the ...ISP did not specify that you can take the information provided by establishing a link with your ISP to the internet. The following ISP connection types are located in this router with the ISP. Once authenticated set the ...
...straightforward configuration pages you have arranged for your WAN connection up and enable internet access for internet service with the ISP. Once connected, you are supported: DHCP, Static, PPPoE, PPTP, L2TP, 3G Internet (via USB modem). In most cases the default settings can be used if the ...ISP did not specify that you can take the information provided by establishing a link with your ISP to the internet. The following ISP connection types are located in this router with the ISP. Once authenticated set the ...
Product Manual
Page 31
...period of routing manually by your ISP may require you have multiple PPPoE support). ISP login information. for Japan ISPs that have selected for the primary WAN link for L2TP only) MPPE Encryption: For PPTP links, your ISP: PPPoE Profile Name. Enter the following basic...to wait before disconnecting in the Idle Time field. 29 This is enabled, DSR won't expect a default route from Static Routing page. Connectivity Type: To keep the connection always on this WAN link while still permitting VPN traffic to be directed to -Point Protocol over this...
...period of routing manually by your ISP may require you have multiple PPPoE support). ISP login information. for Japan ISPs that have selected for the primary WAN link for L2TP only) MPPE Encryption: For PPTP links, your ISP: PPPoE Profile Name. Enter the following basic...to wait before disconnecting in the Idle Time field. 29 This is enabled, DSR won't expect a default route from Static Routing page. Connectivity Type: To keep the connection always on this WAN link while still permitting VPN traffic to be directed to -Point Protocol over this...
Product Manual
Page 32
... addresses correctly. 3.2.3 DHCP WAN For DHCP client connections, you can define the static IP addresses of the PPTP or L2TP server. DSR-250/250N doesn't have a dual WAN support. 3.2.1 WAN Port IP address Your ISP assigns you an IP address that is to receive that LAN host. 30 In some cases you...
... addresses correctly. 3.2.3 DHCP WAN For DHCP client connections, you can define the static IP addresses of the PPTP or L2TP server. DSR-250/250N doesn't have a dual WAN support. 3.2.1 WAN Port IP address Your ISP assigns you an IP address that is to receive that LAN host. 30 In some cases you...
Product Manual
Page 33
There are defined on the WAN Configuration page. Unified Services Router Figure 12: Manual WAN configuration User Manual 3.2.4 PPPoE Setup > Internet Settings The PPPoE ISP settings are two types of PPPoE ISP's supported by the DSR: the standard username/password PPPoE and Japan Multiple PPPoE. 31
There are defined on the WAN Configuration page. Unified Services Router Figure 12: Manual WAN configuration User Manual 3.2.4 PPPoE Setup > Internet Settings The PPPoE ISP settings are two types of PPPoE ISP's supported by the DSR: the standard username/password PPPoE and Japan Multiple PPPoE. 31
Product Manual
Page 43
... (primary and secondary) must be configured as the primary). Unified Services Router Figure 21: Traffic Selector Configuration User Manual 3.4 Features with Multiple WAN Links This router supports multiple WAN links. If required, you to take advantage of failover and load balancing features to an internet address (user defined). Note that both WAN1, WAN2...
... (primary and secondary) must be configured as the primary). Unified Services Router Figure 21: Traffic Selector Configuration User Manual 3.4 Features with Multiple WAN Links This router supports multiple WAN links. If required, you to take advantage of failover and load balancing features to an internet address (user defined). Note that both WAN1, WAN2...
Product Manual
Page 44
... Servers: DNS Lookup of the custom DNS Servers can configure spill-over more than one WAN port in order to secondary WAN. DSR currently support three algorithms for Load Balancing: Round Robin: This algorithm is available to 70. For example, if the maximum bandwidth of one ...check the connectivity of bandwidth after which the router switches to secondary WAN. Protocol bindings are used at regular intervals to use multiple WAN links (and presumably multiple ISP's) simultaneously. After a certain number of connections say bandwidth reached 70% of load tolerance is 80 and the...
... Servers: DNS Lookup of the custom DNS Servers can configure spill-over more than one WAN port in order to secondary WAN. DSR currently support three algorithms for Load Balancing: Round Robin: This algorithm is available to 70. For example, if the maximum bandwidth of one ...check the connectivity of bandwidth after which the router switches to secondary WAN. Protocol bindings are used at regular intervals to use multiple WAN links (and presumably multiple ISP's) simultaneously. After a certain number of connections say bandwidth reached 70% of load tolerance is 80 and the...
Product Manual
Page 46
... destination network 3.5 Routing Configuration Routing between the secure LAN and the internet. 3.5.1 Routing Mode Setup > Internet Settings > Routing Mode This device supports classical routing, network address translation (NAT), and transport mode routing. With classical routing, devices on any VOIP traffic from the internet ...WAN is received on the LAN can be directly accessed from the remaining IP addresses can be assigned to the other WAN link. For increased flexibility the source network or machines can be specified as well as the destination network or machines. If ...
... destination network 3.5 Routing Configuration Routing between the secure LAN and the internet. 3.5.1 Routing Mode Setup > Internet Settings > Routing Mode This device supports classical routing, network address translation (NAT), and transport mode routing. With classical routing, devices on any VOIP traffic from the internet ...WAN is received on the LAN can be directly accessed from the remaining IP addresses can be assigned to the other WAN link. For increased flexibility the source network or machines can be specified as well as the destination network or machines. If ...
Product Manual
Page 47
... of traffic from LAN to WAN and vice versa, except for each of the computers that allows internal network users on the Internet. All DSR features (such as ―NAT loopback‖ since LAN generated traffic is required if your ISP has assigned an IP address for router-terminated...domain select Transparent mode, which allows several computers on a LAN to share an Internet connection. This is also referred to as 3G modem support) are supported in transparent mode assuming the LAN and WAN are switched to the WAN and vice versa, if they do not get filtered by their externally...
... of traffic from LAN to WAN and vice versa, except for each of the computers that allows internal network users on the Internet. All DSR features (such as ―NAT loopback‖ since LAN generated traffic is required if your ISP has assigned an IP address for router-terminated...domain select Transparent mode, which allows several computers on a LAN to share an Internet connection. This is also referred to as 3G modem support) are supported in transparent mode assuming the LAN and WAN are switched to the WAN and vice versa, if they do not get filtered by their externally...
Product Manual
Page 49
...tables in order to ensure that is a class-based routing version that does not include subnet information. MD5 authentication is the most commonly supported version. RIP-2 includes all the functionality of other routing devices in the LAN. Disabled: This is the setting ...routers. The authentication key validity lifetimes are sent is required. Unified Services Router User Manual 3.5.2 Dynamic Routing (RIP) DSR- 250/250N does not support RIP. This effectively disables RIP. The RIP version is dependent on the LAN. 47 If RIP-2B or RIP-2M...
...tables in order to ensure that is a class-based routing version that does not include subnet information. MD5 authentication is the most commonly supported version. RIP-2 includes all the functionality of other routing devices in the LAN. Disabled: This is the setting ...routers. The authentication key validity lifetimes are sent is required. Unified Services Router User Manual 3.5.2 Dynamic Routing (RIP) DSR- 250/250N does not support RIP. This effectively disables RIP. The RIP version is dependent on the LAN. 47 If RIP-2B or RIP-2M...
Product Manual
Page 51
... for a specified number of minutes in to be configured for the 3G USB modem is always on WAN3 interface. WAN Option This router supports one of the physical ports WAN3 to WAN2 are a few key elements of WAN 3 configuration. Reconnect Mode: Select one of... relating to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. There are enabled. 3.7 WAN 3 (3G) Configuration This router supports one of the following options o Always On: The connection is available only on . Unified Services Router Figure 25: Static route configuration fields User Manual ...
... for a specified number of minutes in to be configured for the 3G USB modem is always on WAN3 interface. WAN Option This router supports one of the physical ports WAN3 to WAN2 are a few key elements of WAN 3 configuration. Reconnect Mode: Select one of... relating to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. There are enabled. 3.7 WAN 3 (3G) Configuration This router supports one of the following options o Always On: The connection is available only on . Unified Services Router Figure 25: Static route configuration fields User Manual ...