DSR-150 User Manual
Page 5
... 5.4 Configuring IP v6 Firewall Rules 92 5.4.1 Firewall Rule Configuration Examples 93 5.5 Security on Custom Servic es 97 5.6 ALG support ...99 5.7 VPN Passthrough for Firewall 100 5.8 Application Rules ...101 5.9 5.9.1 5.9.2 5.9.3 5.9.4 Web Content Filtering...102 Cont ent Filtering ...102 Approved URLs ...103... Prevention (IPS 107 5.12 Protecting from Internet Attacks 108 Chapter 6. IPsec / PPTP / L2TP VPN ...111 6.1 VPN Wizard ...113 6.2 Configuring IPsec Policies 115 6.2.1 Extended Aut hentication (XAUTH 119 6.2.2 Internet over IPS ec tunnel 120 6.3 Configuring...
... 5.4 Configuring IP v6 Firewall Rules 92 5.4.1 Firewall Rule Configuration Examples 93 5.5 Security on Custom Servic es 97 5.6 ALG support ...99 5.7 VPN Passthrough for Firewall 100 5.8 Application Rules ...101 5.9 5.9.1 5.9.2 5.9.3 5.9.4 Web Content Filtering...102 Cont ent Filtering ...102 Approved URLs ...103... Prevention (IPS 107 5.12 Protecting from Internet Attacks 108 Chapter 6. IPsec / PPTP / L2TP VPN ...111 6.1 VPN Wizard ...113 6.2 Configuring IPsec Policies 115 6.2.1 Extended Aut hentication (XAUTH 119 6.2.2 Internet over IPS ec tunnel 120 6.3 Configuring...
DSR-150 User Manual
Page 6
... Route ...175 DNS Lookup ...176 Rout er Options ...176 9.10 Localization ...177 Chapter 10. SSL VPN ...129 7.1 Groups and Users...131 7.1.1 Users and Passwords ...137 7.2 Using SSL VPN Policies 138 7.2.1 Using Network Res ourc es 141 7.3 Application Port Forwarding 142 7.4 SSL VPN Client Configuration 144 7.5 User Portal ...147 7.5.1 Creating Portal Layouts 147 Chapter 8.
... Route ...175 DNS Lookup ...176 Rout er Options ...176 9.10 Localization ...177 Chapter 10. SSL VPN ...129 7.1 Groups and Users...131 7.1.1 Users and Passwords ...137 7.2 Using SSL VPN Policies 138 7.2.1 Using Network Res ourc es 141 7.3 Application Port Forwarding 142 7.4 SSL VPN Client Configuration 144 7.5 User Portal ...147 7.5.1 Creating Portal Layouts 147 Chapter 8.
DSR-150 User Manual
Page 7
... Pin-outs...255 Appendix F. Credits ...195 Appendix A. Product Statement ...256 5 Unified Services Router User Manual 10.3.2 Wireless Clients ...187 10.3.3 LAN Clients ...187 10.3.4 Active VPN Tunnels ...188 Chapter 11.
... Pin-outs...255 Appendix F. Credits ...195 Appendix A. Product Statement ...256 5 Unified Services Router User Manual 10.3.2 Wireless Clients ...187 10.3.3 LAN Clients ...187 10.3.4 Active VPN Tunnels ...188 Chapter 11.
DSR-150 User Manual
Page 9
......67 Figure 41: Wireless Network Setup Wizards ...69 Figure 42: List of A vailable Profiles shows the options available to secure the wireless link .......... 71 Figure 43: Profile configuration to set network security 73 Figure 44: RA DIUS server (External Authentication) configuration 75 Figure 45: Virtual......98 Figure 60: Custom Services configuration ...98 Figure 61: A vailable ALG support on the router 100 Figure 62: Passthrough options for VPN tunnels 101 Figure 63: List of A vailable Application Rules showing 4 unique rules 102 Figure 64: Content Filtering used to block access ...
......67 Figure 41: Wireless Network Setup Wizards ...69 Figure 42: List of A vailable Profiles shows the options available to secure the wireless link .......... 71 Figure 43: Profile configuration to set network security 73 Figure 44: RA DIUS server (External Authentication) configuration 75 Figure 45: Virtual......98 Figure 60: Custom Services configuration ...98 Figure 61: A vailable ALG support on the router 100 Figure 62: Passthrough options for VPN tunnels 101 Figure 63: List of A vailable Application Rules showing 4 unique rules 102 Figure 64: Content Filtering used to block access ...
DSR-150 User Manual
Page 10
...router and LAN from internet attacks 109 Figure 71: Example of Gateway-to-Gateway IPsec VPN tunnel using two DSR routers connected to the internal network through the DSR IPsec gateway ...112 Figure 73: VPN Wizard launch screen ...113 Figure 74: IPsec policy configuration ...116 Figure 75: IPsec...: OpenVP N configuration ...125 Figure 82: OpenVP N Remote Network ...126 Figure 83: OpenVP N Authentication ...127 Figure 84: Example of clientless SSL VPN connections to the DS R 130 Figure 85: List of groups ...131 Figure 86: User group configuration ...132 Figure 87: SSLVPN Settings...133 Figure ...
...router and LAN from internet attacks 109 Figure 71: Example of Gateway-to-Gateway IPsec VPN tunnel using two DSR routers connected to the internal network through the DSR IPsec gateway ...112 Figure 73: VPN Wizard launch screen ...113 Figure 74: IPsec policy configuration ...116 Figure 75: IPsec...: OpenVP N configuration ...125 Figure 82: OpenVP N Remote Network ...126 Figure 83: OpenVP N Authentication ...127 Figure 84: Example of clientless SSL VPN connections to the DS R 130 Figure 85: List of groups ...131 Figure 86: User group configuration ...132 Figure 87: SSLVPN Settings...133 Figure ...
DSR-150 User Manual
Page 11
...Figure 116: E-mail configuration as a Remote Logging option 168 Figure 117: Syslog server configuration for Remote Logging (continued 169 Figure 118: VPN logs displayed in GUI event viewer 170 Figure 119: Restoring configuration from a saved file will result in the current configuration being overwritten and ... Dynamic DNS configuration ...174 Figure 123: Router diagnostics tools available in split tunnel mode 146 Figure 99: List of configured SSL VPN portals. Unified Services Router User Manual Figure 98: Configured client routes only apply in the GUI 175 Figure 124: Sample trace route...
...Figure 116: E-mail configuration as a Remote Logging option 168 Figure 117: Syslog server configuration for Remote Logging (continued 169 Figure 118: VPN logs displayed in GUI event viewer 170 Figure 119: Restoring configuration from a saved file will result in the current configuration being overwritten and ... Dynamic DNS configuration ...174 Figure 123: Router diagnostics tools available in split tunnel mode 146 Figure 99: List of configured SSL VPN portals. Unified Services Router User Manual Figure 98: Configured client routes only apply in the GUI 175 Figure 124: Sample trace route...
DSR-150 User Manual
Page 12
Unified Services Router User Manual Figure 132: AP specific statistics...185 Figure 133: List of current Active Firewall Sessions 186 Figure 134: List of connected 802.11 clients per AP 187 Figure 135: List of LAN hosts ...188 Figure 136: List of current Active VPN Sessions 189 10
Unified Services Router User Manual Figure 132: AP specific statistics...185 Figure 133: List of current Active Firewall Sessions 186 Figure 134: List of connected 802.11 clients per AP 187 Figure 135: List of LAN hosts ...188 Figure 136: List of current Active VPN Sessions 189 10
DSR-150 User Manual
Page 13
... port can b e co n fig u red t o au t o mat ically s wit ch t o a 3G n et wo rk wh en ev er a phys ical link is olate s erv ers fro m y o u r LA N. DSR-150/150N/250 /250N have a s ingle W AN interface, and thus it io n al s ecure data connection for networks that provide critical s ervices . Th... capable of s imu lt an eo usly man ag in g 5, 5, 10, 20 Secu re So cket s Lay er (SSL) VPN t u n n els res p ectiv ely , emp o werin g y o u r mo b ile u s ers b y p ro v id in g SSL VPN t u n n els . In t eg rat ed h ig h -s p eed IEEE 802.11n an d 3G wireles s t ech n o lo g ies o...
... port can b e co n fig u red t o au t o mat ically s wit ch t o a 3G n et wo rk wh en ev er a phys ical link is olate s erv ers fro m y o u r LA N. DSR-150/150N/250 /250N have a s ingle W AN interface, and thus it io n al s ecure data connection for networks that provide critical s ervices . Th... capable of s imu lt an eo usly man ag in g 5, 5, 10, 20 Secu re So cket s Lay er (SSL) VPN t u n n els res p ectiv ely , emp o werin g y o u r mo b ile u s ers b y p ro v id in g SSL VPN t u n n els . In t eg rat ed h ig h -s p eed IEEE 802.11n an d 3G wireles s t ech n o lo g ies o...
DSR-150 User Manual
Page 14
... r mo re d et ailed s et u p in g eco -frien d ly p ro d u ct s . The DSR-150/150N, DSR-250/250N, DSR-500/500N and DSR1000/ 1000N s u p p o rt 10, 25, 35 an d 75 s imu lt an eo u s IPSec VPN t u n n els res pectively . Efficien t D-Lin k Green Tech n o lo g y A s a co... n cern ed memb er o f t h e g lo b al co mmu n it y , D -Lin k is a h ig h lev el man u al t o allo w n ew D-Lin k Un ified Serv ices Ro u t er u s ers t o co n fig u re co n n ect iv it y t h ro u g h en cry p t ed virtual links...
... r mo re d et ailed s et u p in g eco -frien d ly p ro d u ct s . The DSR-150/150N, DSR-250/250N, DSR-500/500N and DSR1000/ 1000N s u p p o rt 10, 25, 35 an d 75 s imu lt an eo u s IPSec VPN t u n n els res pectively . Efficien t D-Lin k Green Tech n o lo g y A s a co... n cern ed memb er o f t h e g lo b al co mmu n it y , D -Lin k is a h ig h lev el man u al t o allo w n ew D-Lin k Un ified Serv ices Ro u t er u s ers t o co n fig u re co n n ect iv it y t h ro u g h en cry p t ed virtual links...
DSR-150 User Manual
Page 29
Th e LA N n et wo rk is ab lin g t h e VLA N fu n ct io n o n t h e ro u t er. Ch eck t h e En ab le VLA N b o x t o ad d VLA N fu n ct io n alit y t o t h e LA N. 27 Unified Services Router Figure 10: M ultiple VLAN Subne ts User Manual 2.2.3 VLAN configuration Setup > VLAN Settings > VLANconfiguration Th is p ag e allo ws en ab lin g o r d is co n s id ered t h e d efau lt VLA N. Virt u al LA Ns can b e creat ed in t h is ro ut er t o p ro vid e seg men t at io n cap ab ilit ies fo r firewall ru les an d VPN p o licies .
Th e LA N n et wo rk is ab lin g t h e VLA N fu n ct io n o n t h e ro u t er. Ch eck t h e En ab le VLA N b o x t o ad d VLA N fu n ct io n alit y t o t h e LA N. 27 Unified Services Router Figure 10: M ultiple VLAN Subne ts User Manual 2.2.3 VLAN configuration Setup > VLAN Settings > VLANconfiguration Th is p ag e allo ws en ab lin g o r d is co n s id ered t h e d efau lt VLA N. Virt u al LA Ns can b e creat ed in t h is ro ut er t o p ro vid e seg men t at io n cap ab ilit ies fo r firewall ru les an d VPN p o licies .
DSR-150 User Manual
Page 38
...co n n ect iv it es o v er t h is W A N lin k wh ile s t ill p ermit t in g VPN t raffic t o b e d irect ed t o a VPN co n fig u red o n t h is W A N p o rt . If s p lit t u n n ...page. Connectivity Type: To keep the connection always on, click Keep Connected. Th is is en abled, DSR wo n 't exp ect a d efau lt ro u t e fro m t h e ISP s erv... n n ect io n t y p e: Bas ed o n t h e ISP y o u h av e s elect ed fo r t h e p rimary W A N link for this router, choos e Static IP addres s , DHCP client, Point-to-Point Tu n n elin g Pro t ocol (PPTP), Po in t -t o -Po int Pro t oco...
...co n n ect iv it es o v er t h is W A N lin k wh ile s t ill p ermit t in g VPN t raffic t o b e d irect ed t o a VPN co n fig u red o n t h is W A N p o rt . If s p lit t u n n ...page. Connectivity Type: To keep the connection always on, click Keep Connected. Th is is en abled, DSR wo n 't exp ect a d efau lt ro u t e fro m t h e ISP s erv... n n ect io n t y p e: Bas ed o n t h e ISP y o u h av e s elect ed fo r t h e p rimary W A N link for this router, choos e Static IP addres s , DHCP client, Point-to-Point Tu n n elin g Pro t ocol (PPTP), Po in t -t o -Po int Pro t oco...
DSR-150 User Manual
Page 56
...t ern al s erv ers (eg . Th e co mp u t ers o n t h e LA N u s e a " p riv at ed t raffic an d o t h er man ag emen t t raffic . A ll DSR feat u res (su ch as 3G mo d em s u p p o rt ) are s u p p o rt ed in t ran s p aren t mo d e as s igned IP addres s es from a private s ubnet . ... t h e LA N an d W A N in t erface are s wit ch ed t o t h e W A N an d v ice v ers a, if t h ey d o n o t g et filt ered b y firewall o r VPN p o licies . Th is is configured with connection s haring, NAT als o hides internal IP addres s es fro m t h e co mp u t ers o n t h e In t ern et . Bro ad cas...
...t ern al s erv ers (eg . Th e co mp u t ers o n t h e LA N u s e a " p riv at ed t raffic an d o t h er man ag emen t t raffic . A ll DSR feat u res (su ch as 3G mo d em s u p p o rt ) are s u p p o rt ed in t ran s p aren t mo d e as s igned IP addres s es from a private s ubnet . ... t h e LA N an d W A N in t erface are s wit ch ed t o t h e W A N an d v ice v ers a, if t h ey d o n o t g et filt ered b y firewall o r VPN p o licies . Th is is configured with connection s haring, NAT als o hides internal IP addres s es fro m t h e co mp u t ers o n t h e In t ern et . Bro ad cas...
DSR-150 User Manual
Page 102
... rule or s ervice is ro u t er's firewall s et t in g s can b e co n fig u red t o allo w en cry p t ed VPN t raffic fo r IPs ec , PPTP, an d L2TP VPN t u n n el co n n ect io n s b et ween t h e LA N an d in t h e VPN Pas s t h ro u g h p ag e mu s t b e e n a b le d . 100 in s tead t he ap p ro p riat e ch eck b o xes in t ern...
... rule or s ervice is ro u t er's firewall s et t in g s can b e co n fig u red t o allo w en cry p t ed VPN t raffic fo r IPs ec , PPTP, an d L2TP VPN t u n n el co n n ect io n s b et ween t h e LA N an d in t h e VPN Pas s t h ro u g h p ag e mu s t b e e n a b le d . 100 in s tead t he ap p ro p riat e ch eck b o xes in t ern...
DSR-150 User Manual
Page 103
... io n is becaus e a port triggering ru le d o es n o t h ave t o referen ce a s p ecific LA N IP o r IP ran g e. Unified Services Router Figure 62 : Pas s through options for VPN tunne ls User Manual 5.8 Application Rules Advanced > Application Rules > Application Rules Application rules are als o referred to as a lis t o f co mmo n ap p licat io n s and...
... io n is becaus e a port triggering ru le d o es n o t h ave t o referen ce a s p ecific LA N IP o r IP ran g e. Unified Services Router Figure 62 : Pas s through options for VPN tunne ls User Manual 5.8 Application Rules Advanced > Application Rules > Application Rules Application rules are als o referred to as a lis t o f co mmo n ap p licat io n s and...
DSR-150 User Manual
Page 113
... W A N PPTP clien t co n n ect io n s . L2TP s erv er fo r LA N / W A N L2TP clien t co n n ect io n s . Gate way IPs e c VPN tunne l us ing two DSR route rs conne cte d to - T h e gateway WAN port acts as t h e IP ad d res s o f t h e remo t e PC clien t is n o t kn o wn in ad v... an ce. Th e fo llo win g t y p es o f t u n n els can b e creat ed : Gat eway -t o -g ateway VPN: t o co n n ect t wo o r mo re ro u t ...
... W A N PPTP clien t co n n ect io n s . L2TP s erv er fo r LA N / W A N L2TP clien t co n n ect io n s . Gate way IPs e c VPN tunne l us ing two DSR route rs conne cte d to - T h e gateway WAN port acts as t h e IP ad d res s o f t h e remo t e PC clien t is n o t kn o wn in ad v... an ce. Th e fo llo win g t y p es o f t u n n els can b e creat ed : Gat eway -t o -g ateway VPN: t o co n n ect t wo o r mo re ro u t ...
DSR-150 User Manual
Page 115
...h e Co n n ect io n Name an d p re -s h ared key : t h e co n n ect io n n ame is t u n n el; Select the VPN tunnel type to create The tunnel can be configured for either be a gateway to gateway co nnection (s ite-to es tablis h the t unnel ...ed fo r man ag emen t , an d t h e p re -sh ared key will b e req u ired o n t h e VPN clien t o r g at eway to -s ite) or a tunnel t o a h o s t o n t h e in g VPN W izard , fo llo w t h e s t ep s b elo w: 1. Unified Services Router User Manual 6.1 VPN Wizard Setup > Wizard > VPN Wizard Yo u can mo d ify it as req u ired .
...h e Co n n ect io n Name an d p re -s h ared key : t h e co n n ect io n n ame is t u n n el; Select the VPN tunnel type to create The tunnel can be configured for either be a gateway to gateway co nnection (s ite-to es tablis h the t unnel ...ed fo r man ag emen t , an d t h e p re -sh ared key will b e req u ired o n t h e VPN clien t o r g at eway to -s ite) or a tunnel t o a h o s t o n t h e in g VPN W izard , fo llo w t h e s t ep s b elo w: 1. Unified Services Router User Manual 6.1 VPN Wizard Setup > Wizard > VPN Wizard Yo u can mo d ify it as req u ired .
DSR-150 User Manual
Page 116
... Remo t e LA N Su b n et M as k: t h e s u b n et mas k o f t h e LA N b eh in g t o co n n ect t o is a Gat eway . Configure Remote and Local WAN address for a VPN Clien t o r Gat eway p o licy (t h es e can b e left b lan k if y o u are t ry in d t h e p eer Note: Th e IP ad d res s ran ge u sed o n t h e remo t ...-Group Life Time (Phase 1) Life Time (Phase 2) SHA-1 Pre-shared Key DH-Group 2(1024 bit) 24 hours 8 hours 114 Unified Services Router User Manual 2. Fo r VPN Clien t s , t h is IP ad d res s o r In t ern et Name is d et ermin ed wh en a co n n ect io n req ...
... Remo t e LA N Su b n et M as k: t h e s u b n et mas k o f t h e LA N b eh in g t o co n n ect t o is a Gat eway . Configure Remote and Local WAN address for a VPN Clien t o r Gat eway p o licy (t h es e can b e left b lan k if y o u are t ry in d t h e p eer Note: Th e IP ad d res s ran ge u sed o n t h e remo t ...-Group Life Time (Phase 1) Life Time (Phase 2) SHA-1 Pre-shared Key DH-Group 2(1024 bit) 24 hours 8 hours 114 Unified Services Router User Manual 2. Fo r VPN Clien t s , t h is IP ad d res s o r In t ern et Name is d et ermin ed wh en a co n n ect io n req ...
DSR-150 User Manual
Page 117
... ec policy is between the two policy endpoints . Tran s p ort : Th is is u sed fo r en d -to Gatew ay policies) User Manual Th e VPN W izard is t h e reco mmen d ed met h o d t o s et u p an A u t o IPs ec p o licy . W h en t u n n el mo d e is s elect ed , y o u can mo d ify t h e req... and a IPs ec clien t o n a remo t e h o s t . On ly t h e d at a p ay lo ad is mo d e t h e en t ire IP p acket in clu d in g IKE an d VPN p o licies req u ired b y t h e A u t o p o licy , o n e can en ab le Net BIOS an d DHCP o v er IPs ec . On ce t h e W izard creat es t h e mat ...
... ec policy is between the two policy endpoints . Tran s p ort : Th is is u sed fo r en d -to Gatew ay policies) User Manual Th e VPN W izard is t h e reco mmen d ed met h o d t o s et u p an A u t o IPs ec p o licy . W h en t u n n el mo d e is s elect ed , y o u can mo d ify t h e req... and a IPs ec clien t o n a remo t e h o s t . On ly t h e d at a p ay lo ad is mo d e t h e en t ire IP p acket in clu d in g IKE an d VPN p o licies req u ired b y t h e A u t o p o licy , o n e can en ab le Net BIOS an d DHCP o v er IPs ec . On ce t h e W izard creat es t h e mat ...
DSR-150 User Manual
Page 119
...o exch an g e au t h en ticat io n p aramet ers b etween t h e t wo IPs ec h o s t s . Th e IP ad d res s es o f t h e mach in e o r mach in es o n t h e t wo VPN en d p o in ts are co nfig u red h ere, alo n g wit h t h e p o licy p aramet ers req u ired t o s ecure t he tunnel Figure 75 : IPs e c policy configurat ion continue... d in s t ead relies o n man u al key in d ex (SPI) v alu es mu s t b e mirro red o n t h e remo t e t u n n el 117 Unified Services Router User Manual Th e VPN p o licy is o n e h alf o f t h e IKE/ VPN p o licy p air req u ired t o est ab lis h an A u t o IPs ec...
...o exch an g e au t h en ticat io n p aramet ers b etween t h e t wo IPs ec h o s t s . Th e IP ad d res s es o f t h e mach in e o r mach in es o n t h e t wo VPN en d p o in ts are co nfig u red h ere, alo n g wit h t h e p o licy p aramet ers req u ired t o s ecure t he tunnel Figure 75 : IPs e c policy configurat ion continue... d in s t ead relies o n man u al key in d ex (SPI) v alu es mu s t b e mirro red o n t h e remo t e t u n n el 117 Unified Services Router User Manual Th e VPN p o licy is o n e h alf o f t h e IKE/ VPN p o licy p air req u ired t o est ab lis h an A u t o IPs ec...
DSR-150 User Manual
Page 120
...-Rollover mo d e. 118 This feature can be us ed only if your W AN is mean s t h at each en d p o in cas e o f a lin k failu re o n a p rimary W AN. DSR s u p p orts VPN ro ll-o v er feat u re. No t e t h at u s in g A u to p olicies wit h IKE are p referred as in s o me IPs ec imp lemen t at io n s t h e SPI...
...-Rollover mo d e. 118 This feature can be us ed only if your W AN is mean s t h at each en d p o in cas e o f a lin k failu re o n a p rimary W AN. DSR s u p p orts VPN ro ll-o v er feat u re. No t e t h at u s in g A u to p olicies wit h IKE are p referred as in s o me IPs ec imp lemen t at io n s t h e SPI...