Product Manual
Page 3
...36 Add Administrative User 36 Change Administrative User Access level 37 Change Administrative User Password 37 Delete Administrative User 38 Users 39 The DFL-700 RADIUS Support 39 Enable User Authentication via HTTP / HTTPS 40 Enable RADIUS Support 40 Add User ...41 Change User Password 41 Delete...Adding TCP, UDP or TCP/UDP Service 45 Adding IP Protocol 46 Grouping Services 46 Protocol-independent settings 47 VPN...48 Introduction to IPSec 48 Introduction to PPTP 48 Introduction to L2TP 49 Point-to-Point Protocol 49 Authentication Protocols 50 MPPE, Microsoft Point-To-Point ...
...36 Add Administrative User 36 Change Administrative User Access level 37 Change Administrative User Password 37 Delete Administrative User 38 Users 39 The DFL-700 RADIUS Support 39 Enable User Authentication via HTTP / HTTPS 40 Enable RADIUS Support 40 Add User ...41 Change User Password 41 Delete...Adding TCP, UDP or TCP/UDP Service 45 Adding IP Protocol 46 Grouping Services 46 Protocol-independent settings 47 VPN...48 Introduction to IPSec 48 Introduction to PPTP 48 Introduction to L2TP 49 Point-to-Point Protocol 49 Authentication Protocols 50 MPPE, Microsoft Point-To-Point ...
Product Manual
Page 4
... client and an internal network 54 Creating a Roaming Users IPSec Tunnel 54 Adding an L2TP/PPTP VPN Client 55 Adding an L2TP/PPTP VPN Server 55 VPN - Perfect Forward Secrecy 56 NAT Traversal 56 Keepalives 56 Proposal Lists 57 IKE Proposal List 57 IPSec Proposal List 57 Certificates 58 ...Disable DNS Relayer 64 Tools 65 Ping ...65 Ping Example 65 Dynamic DNS 66 Add Dynamic DNS Settings 66 Backup 67 Exporting the DFL-700's Configuration 67 Restoring the DFL-700's Configuration 67 Restart/Reset 68 4 Advanced Settings 56 Limit MTU...56 IKE Mode ...56 IKE DH Group 56 PFS -
... client and an internal network 54 Creating a Roaming Users IPSec Tunnel 54 Adding an L2TP/PPTP VPN Client 55 Adding an L2TP/PPTP VPN Server 55 VPN - Perfect Forward Secrecy 56 NAT Traversal 56 Keepalives 56 Proposal Lists 57 IKE Proposal List 57 IPSec Proposal List 57 Certificates 58 ...Disable DNS Relayer 64 Tools 65 Ping ...65 Ping Example 65 Dynamic DNS 66 Add Dynamic DNS Settings 66 Backup 67 Exporting the DFL-700's Configuration 67 Restoring the DFL-700's Configuration 67 Restart/Reset 68 4 Advanced Settings 56 Limit MTU...56 IKE Mode ...56 IKE DH Group 56 PFS -
Product Manual
Page 5
... IPSec 80 Settings for Main office 82 LAN-to-LAN VPN using PPTP 84 Settings for Main office 86 LAN-to-LAN VPN using L2TP 90 Settings for Branch office 90 Settings for Main office 93 A more secure LAN-to-LAN VPN solution 97 Settings for Branch office 97 Settings for Main office 100 Windows... XP client and PPTP server 101 Settings for the Windows XP client 101 Settings for Main office 108 Windows XP client ...
... IPSec 80 Settings for Main office 82 LAN-to-LAN VPN using PPTP 84 Settings for Main office 86 LAN-to-LAN VPN using L2TP 90 Settings for Branch office 90 Settings for Main office 93 A more secure LAN-to-LAN VPN solution 97 Settings for Branch office 97 Settings for Main office 100 Windows... XP client and PPTP server 101 Settings for the Windows XP client 101 Settings for Main office 108 Windows XP client ...
Product Manual
Page 7
... A firewall can also run specific security functions based on the type of application or type of criteria configured by the administrator. In addition the DFL-700 also provides a user-friendly Web UI...users to set of port that is called packet filtering. Features and Benefits z Firewall Security z VPN Server/Client Supported Supports IPSec LAN-to-LAN or Roaming user tunnels with specific UDP... TCP ports to allow certain applications or games to work with AES encryption in addition to PPTP and IPSec over the Internet. If any networked computer's Web browser using a Web browser ...
... A firewall can also run specific security functions based on the type of application or type of criteria configured by the administrator. In addition the DFL-700 also provides a user-friendly Web UI...users to set of port that is called packet filtering. Features and Benefits z Firewall Security z VPN Server/Client Supported Supports IPSec LAN-to-LAN or Roaming user tunnels with specific UDP... TCP ports to allow certain applications or games to work with AES encryption in addition to PPTP and IPSec over the Internet. If any networked computer's Web browser using a Web browser ...
Product Manual
Page 48
... Policy to enable encryption. This can be used to manage connections, by defining a set of Security Associations (SA), for each connection. A PPTP based VPN is used to provide security for the PPP data. VPN Introduction to IPSec This chapter introduces IPSec, the method, or rather set of Certificates and IPSec ...IKE, is the initial negotiation phase, where the two VPN endpoints agree on both ends must use the same Pre-shared key or set up of the DFL-700, is made up by the IETF, Internet Engineering Task Force, to provide IP security at the network layer. Just fill in a number...
... Policy to enable encryption. This can be used to manage connections, by defining a set of Security Associations (SA), for each connection. A PPTP based VPN is used to provide security for the PPP data. VPN Introduction to IPSec This chapter introduces IPSec, the method, or rather set of Certificates and IPSec ...IKE, is the initial negotiation phase, where the two VPN endpoints agree on both ends must use the same Pre-shared key or set up of the DFL-700, is made up by the IETF, Internet Engineering Task Force, to provide IP security at the network layer. Just fill in a number...
Product Manual
Page 49
...network layer protocol parameters can be sent over the link. If authentication is done, IP datagram's can be negotiated. When LCP and NCP negotiation is used, at least one of the peers has to provide IP security at the network layer. Point-to-Point Protocol ... to -point links. PPP consists of using NCP. An L2TP based VPN is made up by these three components: • Link Control Protocols (LCP) to negotiate parameters, test and establish the link. • Network Control Protocol (NCP) to establish and negotiate different network layer protocols (DFL-700 only supports IP...
...network layer protocol parameters can be sent over the link. If authentication is done, IP datagram's can be negotiated. When LCP and NCP negotiation is used, at least one of the peers has to provide IP security at the network layer. Point-to-Point Protocol ... to -point links. PPP consists of using NCP. An L2TP based VPN is made up by these three components: • Link Control Protocols (LCP) to negotiate parameters, test and establish the link. • Network Control Protocol (NCP) to establish and negotiate different network layer protocols (DFL-700 only supports IP...
Product Manual
Page 52
...this field Blank for more information about each type. Outer IP - IP Pool and settings - Primary/Secondary DNS - IP addresses of the VPN tunnel. IP of the Windows Internet Name Service (WINS) servers that data will be used, select the desired level of encryption key (MPPE...If utilizing the DNS Relay function, be sent over the PPP link unencrypted. Specify which uses the NetBIOS Name Servers (NBNS) to assign IP addresses to clients. If configuring for data encryption. Inner IP - Leave this PPTP/L2TP Server. Information related to ensure proper DNS info. MPPE ...
...this field Blank for more information about each type. Outer IP - IP Pool and settings - Primary/Secondary DNS - IP addresses of the VPN tunnel. IP of the Windows Internet Name Service (WINS) servers that data will be used, select the desired level of encryption key (MPPE...If utilizing the DNS Relay function, be sent over the PPP link unencrypted. Specify which uses the NetBIOS Name Servers (NBNS) to assign IP addresses to clients. If configuring for data encryption. Inner IP - Leave this PPTP/L2TP Server. Information related to ensure proper DNS info. MPPE ...
Product Manual
Page 55
... changes. Step 4. Specify if the IP should be received from the server or if a static one should be handed out to add an L2TP or PPTP VPN Server configuration that will be the IP of unused IP's on the LAN interface that listens on the WAN IP. Specify the Remote Gateway; Step... 3. Step 2. Click the Apply button below to apply the change or click Cancel to Firewall and VPN and choose Add new PPTP client or Add new L2TP client in the L2TP/PPTP Clients section. Enter a Name for this should be left blank in the name field. this should be used. ...
... changes. Step 4. Specify if the IP should be received from the server or if a static one should be handed out to add an L2TP or PPTP VPN Server configuration that will be the IP of unused IP's on the LAN interface that listens on the WAN IP. Specify the Remote Gateway; Step... 3. Step 2. Click the Apply button below to apply the change or click Cancel to Firewall and VPN and choose Add new PPTP client or Add new L2TP client in the L2TP/PPTP Clients section. Enter a Name for this should be left blank in the name field. this should be used. ...
Product Manual
Page 84
LAN-to-LAN VPN using PPTP Settings for Branch office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup PPTP client, Firewall->VPN: Under PPTP/L2TP clients click Add new PPTP client Name the tunnel toMainOffice 84
LAN-to-LAN VPN using PPTP Settings for Branch office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup PPTP client, Firewall->VPN: Under PPTP/L2TP clients click Add new PPTP client Name the tunnel toMainOffice 84
Product Manual
Page 87
2. Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check Use unit's own DNS relayer addresses Leave WINS settings blank
2. Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check Use unit's own DNS relayer addresses Leave WINS settings blank
Product Manual
Page 89
... empty (could also be set here the IP pool from the PPTP server settings are used). Set Networks behind user to -LAN VPN solution section. This example will allow all traffic between the two offices. To get a more secure solution read the A more secure LAN-to 192.168.4.0/24 Click Apply 6. If no IP...
... empty (could also be set here the IP pool from the PPTP server settings are used). Set Networks behind user to -LAN VPN solution section. This example will allow all traffic between the two offices. To get a more secure solution read the A more secure LAN-to 192.168.4.0/24 Click Apply 6. If no IP...
Product Manual
Page 90
Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup L2TP client, Firewall->VPN: Under L2TP / PPTP client click Add new L2TP client Name the server toMainOffice 90 LAN-to-LAN VPN using L2TP Settings for Branch office 1.
Setup interfaces, System->Interfaces: WAN IP: 194.0.2.10 LAN IP: 192.168.4.1, Subnet mask: 255.255.255.0 2. Setup L2TP client, Firewall->VPN: Under L2TP / PPTP client click Add new L2TP client Name the server toMainOffice 90 LAN-to-LAN VPN using L2TP Settings for Branch office 1.
Product Manual
Page 93
Settings for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Setup L2TP server, Firewall->VPN: Under L2TP / PPTP Server click Add new L2TP server Name the server l2tpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check Use unit's own DNS relayer addresses Leave WINS settings blank
Settings for Main office 1. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Setup L2TP server, Firewall->VPN: Under L2TP / PPTP Server click Add new L2TP server Name the server l2tpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168.1.100 - 192.168.1.199 Check Proxy ARP dynamically added routes Check Use unit's own DNS relayer addresses Leave WINS settings blank
Product Manual
Page 108
Select the Networking tab and change Type of VPN to the Main office. All settings needed for Main office 1. Once we have configured the server on the firewall you should be able to click Connect to establish the connection to PPTP VPN. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 108 13. Settings for the XP client are now complete. Click OK.
Select the Networking tab and change Type of VPN to the Main office. All settings needed for Main office 1. Once we have configured the server on the firewall you should be able to click Connect to establish the connection to PPTP VPN. Setup interfaces, System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 108 13. Settings for the XP client are now complete. Click OK.
Product Manual
Page 109
... 5. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer Leave Outer IP and Inner IP blank Set client IP pool to restart... the new user HomeUser Enter password: 1234567890 Retype password: 1234567890 Leave static client IP empty (could also be set here the IP pool from the PPTP server settings are used).
... 5. Click Activate and wait for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4. Setup PPTP server, Firewall->VPN: Under L2TP / PPTP Server click Add new PPTP server Name the server pptpServer Leave Outer IP and Inner IP blank Set client IP pool to restart... the new user HomeUser Enter password: 1234567890 Retype password: 1234567890 Leave static client IP empty (could also be set here the IP pool from the PPTP server settings are used).
Product Manual
Page 111
The only changes to L2TP IPSec VPN. Windows XP client and L2TP server The Windows XP client to L2TP server setup is quite similar to the PPTP setup above for the Windows XP client To setup a L2TP connection from Windows XP to the Main office firewall, please follow the steps in the PPTP guide above . In step 13, change the Type of VPN to the PPTP guide are: 1. Settings for the client side.
The only changes to L2TP IPSec VPN. Windows XP client and L2TP server The Windows XP client to L2TP server setup is quite similar to the PPTP setup above for the Windows XP client To setup a L2TP connection from Windows XP to the Main office firewall, please follow the steps in the PPTP guide above . In step 13, change the Type of VPN to the PPTP guide are: 1. Settings for the client side.
Product Manual
Page 113
..., System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Setup policies for Main office 1. Setup L2TP server, Firewall->VPN: Under L2TP / PPTP Server click Add new L2TP server Name the server l2tpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168... 3. Set up authentication source, Firewall->Users: Select Local database Click Apply Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4.
..., System->Interfaces: WAN IP: 194.0.2.20 LAN IP: 192.168.1.1, Subnet mask: 255.255.255.0 2. Setup policies for Main office 1. Setup L2TP server, Firewall->VPN: Under L2TP / PPTP Server click Add new L2TP server Name the server l2tpServer Leave Outer IP and Inner IP blank Set client IP pool to 192.168... 3. Set up authentication source, Firewall->Users: Select Local database Click Apply Settings for the new tunnel, Firewall->Policy: Click Global policy parameters Enable Allow all VPN traffic: internal->VPN, VPN->internal and VPN->VPN Click Apply 4.
Product Manual
Page 114
Click Apply 6. This example will allow all traffic from the PPTP server settings are used). Add a new user, Firewall->Users: Under Users in local database click Add new Name the new user HomeUser Enter password: 1234567890 ... also be set here the IP pool from the client to the main office network. If no IP is set to restart. To get a more secure LAN-toLAN VPN solution section. 114 5. Click Activate and wait for the Main office part of the A more...
Click Apply 6. This example will allow all traffic from the PPTP server settings are used). Add a new user, Firewall->Users: Under Users in local database click Add new Name the new user HomeUser Enter password: 1234567890 ... also be set here the IP pool from the client to the main office network. If no IP is set to restart. To get a more secure LAN-toLAN VPN solution section. 114 5. Click Activate and wait for the Main office part of the A more...