Product Manual
Page 5
... Firewall Rules ...65 5.2 Defining Rule Schedules 66 5.3 Configuring Firewall Rules 67 5.3.1 Firewall Rule Configuration Examples 72 5.4 Security on Custom Services 76 5.5 ALG support...77 5.6 VPN Passthrough for Firewall 78 5.7 Application Rules ...79 5.8 5.8.1 5.8.2 5.8.3 5.8.4 Web Content Filtering 80 Content Filtering...80 Approved URLs ...81 Blocked... Authentication (XAUTH 95 6.2.2 Internet over IPSec tunnel 95 6.3 Configuring VPN clients 96 6.4 6.4.1 6.4.2 6.4.3 PPTP / L2TP Tunnels 96 PPTP Tunnel Support 96 L2TP Tunnel Support 98 OpenVPN Support 99 Chapter 7.
... Firewall Rules ...65 5.2 Defining Rule Schedules 66 5.3 Configuring Firewall Rules 67 5.3.1 Firewall Rule Configuration Examples 72 5.4 Security on Custom Services 76 5.5 ALG support...77 5.6 VPN Passthrough for Firewall 78 5.7 Application Rules ...79 5.8 5.8.1 5.8.2 5.8.3 5.8.4 Web Content Filtering 80 Content Filtering...80 Approved URLs ...81 Blocked... Authentication (XAUTH 95 6.2.2 Internet over IPSec tunnel 95 6.3 Configuring VPN clients 96 6.4 6.4.1 6.4.2 6.4.3 PPTP / L2TP Tunnels 96 PPTP Tunnel Support 96 L2TP Tunnel Support 98 OpenVPN Support 99 Chapter 7.
Product Manual
Page 9
...addresses as needed 71 Figure 41: Schedule configuration for the above example 75 Figure 42: List of user defined services 77 Figure 43: Available ALG support on the router 78 Figure 44: Passthrough options for VPN tunnels 79 Figure 45: List of Available Application Rules showing 4 unique rules 80 Figure...83 Figure 49: Export Approved URL list ...84 Figure 50: The following example binds a LAN host's MAC Address to an IP address served by DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and logs will be captured ...85 Figure 51: Intrusion Prevention ...
...addresses as needed 71 Figure 41: Schedule configuration for the above example 75 Figure 42: List of user defined services 77 Figure 43: Available ALG support on the router 78 Figure 44: Passthrough options for VPN tunnels 79 Figure 45: List of Available Application Rules showing 4 unique rules 80 Figure...83 Figure 49: Export Approved URL list ...84 Figure 50: The following example binds a LAN host's MAC Address to an IP address served by DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and logs will be captured ...85 Figure 51: Intrusion Prevention ...
Product Manual
Page 12
...automatically switch to experience a diverse set of small and medium businesses. The DSR-250/250N, DSR-500/500N and DSR-1000 /1000N are able to a 3G network whenever a physical link is lost . Introduction D-Link Unified Services Routers offer a secure, high performance networking solution to -Point... 10, 20 Secure Sockets Layer (SSL) VPN tunnels respectively, empowering your LAN. DSR-250 /250N have a single WAN interface, and thus it does not support Auto Failover and Load Balancing scenarios. Superior Wireless Performance Designed to deliver superior wireless ...
...automatically switch to experience a diverse set of small and medium businesses. The DSR-250/250N, DSR-500/500N and DSR-1000 /1000N are able to a 3G network whenever a physical link is lost . Introduction D-Link Unified Services Routers offer a secure, high performance networking solution to -Point... 10, 20 Secure Sockets Layer (SSL) VPN tunnels respectively, empowering your LAN. DSR-250 /250N have a single WAN interface, and thus it does not support Auto Failover and Load Balancing scenarios. Superior Wireless Performance Designed to deliver superior wireless ...
Product Manual
Page 13
... page in this document: Product Name - Monitoring > Router Status Important note - 11 The DSR-250/250N, DSR-500/500N and DSR-1000/1000N support 25, 35 and 75 simultaneous IPSec VPN tunnels respectively. Efficient D-Link Green Technology As a concerned member of Hazardous Substances) and WEEE (Waste Electrical and Electronic Equipment) directives make...
... page in this document: Product Name - Monitoring > Router Status Important note - 11 The DSR-250/250N, DSR-500/500N and DSR-1000/1000N support 25, 35 and 75 simultaneous IPSec VPN tunnels respectively. Efficient D-Link Green Technology As a concerned member of Hazardous Substances) and WEEE (Waste Electrical and Electronic Equipment) directives make...
Product Manual
Page 21
... required in an IPv6 network is required for stateless auto configuration of the router. RADVD Advanced > IPv6 > IPv6 LAN > Router Advertisement To support stateless IPv6 auto configuration on the LAN, set this low/medium/high parameter determines the preference associated with router advisements. The actual duration between advertisements... The default is 1500. Router Lifetime: This value is 3600 19 By configuring the Router Advertisement Daemon on this router, the DSR will set the RADVD status to use the administered /stateful protocol for address auto configuration.
... required in an IPv6 network is required for stateless auto configuration of the router. RADVD Advanced > IPv6 > IPv6 LAN > Router Advertisement To support stateless IPv6 auto configuration on the LAN, set this low/medium/high parameter determines the preference associated with router advisements. The actual duration between advertisements... The default is 1500. Router Lifetime: This value is 3600 19 By configuring the Router Advertisement Daemon on this router, the DSR will set the RADVD status to use the administered /stateful protocol for address auto configuration.
Product Manual
Page 22
... are selected. Router advertisements contain a list of the router's LAN interface used for the router advertisements: IPv6 Prefix Type: To ensure hosts support IPv6 to determine neighbors and whether the host is available when 6to4 Prefixes are available for router advertisements. 20 This should be the interface ID... router. Upon expiration of this value, a new RADVD exchange must take place between the host and this router to inform hosts how to support all other IPv6 routing options SLA ID: The SLA ID (Site-Level Aggregation Identifier) is on the same...
... are selected. Router advertisements contain a list of the router's LAN interface used for the router advertisements: IPv6 Prefix Type: To ensure hosts support IPv6 to determine neighbors and whether the host is available when 6to4 Prefixes are available for router advertisements. 20 This should be the interface ID... router. Upon expiration of this value, a new RADVD exchange must take place between the host and this router to inform hosts how to support all other IPv6 routing options SLA ID: The SLA ID (Site-Level Aggregation Identifier) is on the same...
Product Manual
Page 23
...VLAN identifier and the numerical VLAN ID which is assigned to the VLAN membership. Figure 4: IPv6 Advertisement Prefix settings 2.2 VLAN Configuration The router supports virtual network isolation on the router and then proceed to the next section to DHCP lease time in an IPv4 network. In the VLAN ... and from that physical port can be isolated from the general LAN. A VLAN membership entry consists of a device in a large network VLAN support is disabled by default in the router. A VLAN membership can be created by clicking the Add button below the List of Available VLANs. LAN...
...VLAN identifier and the numerical VLAN ID which is assigned to the VLAN membership. Figure 4: IPv6 Advertisement Prefix settings 2.2 VLAN Configuration The router supports virtual network isolation on the router and then proceed to the next section to DHCP lease time in an IPv4 network. In the VLAN ... and from that physical port can be isolated from the general LAN. A VLAN membership entry consists of a device in a large network VLAN support is disabled by default in the router. A VLAN membership can be created by clicking the Add button below the List of Available VLANs. LAN...
Product Manual
Page 26
...the LAN. there is identical to the LAN configuration. Unified Services Router Figure 7: Configuring VLAN membership for a port User Manual 2.3 Configurable Port: DMZ Setup DSR-250/250N does not have to be allowed to permit access specific services/ports to the DMZ from both the LAN or WAN. A DMZ is a subnetwork...to the LAN interface of the DMZ nodes, the LAN is not necessarily vulnerable as a secondary WAN Ethernet port or a dedicated DMZ port. This router supports one of the physical ports to be identical to the IP address given to any of this gateway. 24 There are no DMZ...
...the LAN. there is identical to the LAN configuration. Unified Services Router Figure 7: Configuring VLAN membership for a port User Manual 2.3 Configurable Port: DMZ Setup DSR-250/250N does not have to be allowed to permit access specific services/ports to the DMZ from both the LAN or WAN. A DMZ is a subnetwork...to the LAN interface of the DMZ nodes, the LAN is not necessarily vulnerable as a secondary WAN Ethernet port or a dedicated DMZ port. This router supports one of the physical ports to be identical to the IP address given to any of this gateway. 24 There are no DMZ...
Product Manual
Page 27
... for automatic device configuration. Configure the following settings to use UPnP: 25 If a network device is enabled, you can configure the router to detect UPnP-supporting devices on the network that can open internal or external ports for the traffic protocol required by UPnP, the router can communicate with the router...
... for automatic device configuration. Configure the following settings to use UPnP: 25 If a network device is enabled, you can configure the router to detect UPnP-supporting devices on the network that can open internal or external ports for the traffic protocol required by UPnP, the router can communicate with the router...
Product Manual
Page 29
...in the local or external user database and have support for the Captive Portal feature. These users are compared against the RunTimeAuth users in the below table. Unified Services Router User Manual 2.5 Captive Portal DSR-250/250N does not have had their login credentials approved ...for internet access. LAN users can gain internet access via web portal authentication with the DSR. Also referred to selectively drop an authenticated user. The login...
...in the local or external user database and have support for the Captive Portal feature. These users are compared against the RunTimeAuth users in the below table. Unified Services Router User Manual 2.5 Captive Portal DSR-250/250N does not have had their login credentials approved ...for internet access. LAN users can gain internet access via web portal authentication with the DSR. Also referred to selectively drop an authenticated user. The login...
Product Manual
Page 30
... you can be used if the ISP did not specify that can take the information provided by establishing a link with the administrator password for internet service with the ISP. Once connected, you are supported: DHCP, Static, PPPoE, PPTP, L2TP, 3G Internet (via USB modem). Unified Services Router User Manual Chapter 3. Please contact...
... you can be used if the ISP did not specify that can take the information provided by establishing a link with the administrator password for internet service with the ISP. Once connected, you are supported: DHCP, Static, PPPoE, PPTP, L2TP, 3G Internet (via USB modem). Unified Services Router User Manual Chapter 3. Please contact...
Product Manual
Page 31
... as needed and as provided by configuring the routing from the ISP server. for Japan ISPs that have selected for the primary WAN link for PPTP and L2TP connection). Enter the following basic settings to enable Internet connectivity: ISP Connection type: Based on the ... your LAN hosts to access internet sites over this WAN port. If split tunnel is supported on , click Keep Connected. The Internet Connection Setup Wizard assists with a USB modem is enabled, DSR won't expect a default route from Static Routing page. Connectivity Type: To keep the ...
... as needed and as provided by configuring the routing from the ISP server. for Japan ISPs that have selected for the primary WAN link for PPTP and L2TP connection). Enter the following basic settings to enable Internet connectivity: ISP Connection type: Based on the ... your LAN hosts to access internet sites over this WAN port. If split tunnel is supported on , click Keep Connected. The Internet Connection Setup Wizard assists with a USB modem is enabled, DSR won't expect a default route from Static Routing page. Connectivity Type: To keep the ...
Product Manual
Page 32
... address is statically provided by the ISP. Server IP Address: Enter the IP address of the PPTP or L2TP server. DSR-250/250N doesn't have a dual WAN support. 3.2.1 WAN Port IP address Your ISP assigns you an IP address that is either dynamic (newly generated each login. Unified Services Router User...
... address is statically provided by the ISP. Server IP Address: Enter the IP address of the PPTP or L2TP server. DSR-250/250N doesn't have a dual WAN support. 3.2.1 WAN Port IP address Your ISP assigns you an IP address that is either dynamic (newly generated each login. Unified Services Router User...
Product Manual
Page 33
Unified Services Router Figure 12: Manual WAN configuration User Manual 3.2.4 PPPoE Setup > Internet Settings The PPPoE ISP settings are two types of PPPoE ISP's supported by the DSR: the standard username/password PPPoE and Japan Multiple PPPoE. 31 There are defined on the WAN Configuration page.
Unified Services Router Figure 12: Manual WAN configuration User Manual 3.2.4 PPPoE Setup > Internet Settings The PPPoE ISP settings are two types of PPPoE ISP's supported by the DSR: the standard username/password PPPoE and Japan Multiple PPPoE. 31 There are defined on the WAN Configuration page.
Product Manual
Page 43
...rolled over to be configured. Unified Services Router Figure 21: Traffic Selector Configuration User Manual 3.4 Features with Multiple WAN Links This router supports multiple WAN links. The secondary WAN port is used for all internet traffic will remain unconnected until a failure is assigned as defined ...number of unstable WAN connectivity on the internet or ping to ensure certain internet dependent services are prioritized in case the primary link goes down . 3.4.1 Auto Failover In this feature. The secondary WAN port will be configured to connect to the respective ...
...rolled over to be configured. Unified Services Router Figure 21: Traffic Selector Configuration User Manual 3.4 Features with Multiple WAN Links This router supports multiple WAN links. The secondary WAN port is used for all internet traffic will remain unconnected until a failure is assigned as defined ...number of unstable WAN connectivity on the internet or ping to ensure certain internet dependent services are prioritized in case the primary link goes down . 3.4.1 Auto Failover In this feature. The secondary WAN port will be configured to connect to the respective ...
Product Manual
Page 44
After configuring more than one link. DSR currently support three algorithms for new connections. Protocol binding is established the bandwidth increases. If the link bandwidth goes above configured failure detection method. Failover after: This sets the number of retries after ...Balancing This feature allows you can configure spill-over the next connections to secondary WAN. After this case you to use multiple WAN links (and presumably multiple ISP's) simultaneously. Now every time a new connection is explained in next section. Protocol Bindings: Refer Section 3.4.3 ...
After configuring more than one link. DSR currently support three algorithms for new connections. Protocol binding is established the bandwidth increases. If the link bandwidth goes above configured failure detection method. Failover after: This sets the number of retries after ...Balancing This feature allows you can configure spill-over the next connections to secondary WAN. After this case you to use multiple WAN links (and presumably multiple ISP's) simultaneously. Now every time a new connection is explained in next section. Protocol Bindings: Refer Section 3.4.3 ...
Product Manual
Page 46
...network 3.5 Routing Configuration Routing between the secure LAN and the internet. 3.5.1 Routing Mode Setup > Internet Settings > Routing Mode This device supports classical routing, network address translation (NAT), and transport mode routing. With classical routing, devices on any VOIP traffic from the...addresses (assuming appropriate firewall settings). For increased flexibility the source network or machines can be assigned to the other WAN link. Unified Services Router User Manual traffic can be assigned to go over only one WAN is configured. Protocol bindings ...
...network 3.5 Routing Configuration Routing between the secure LAN and the internet. 3.5.1 Routing Mode Setup > Internet Settings > Routing Mode This device supports classical routing, network address translation (NAT), and transport mode routing. With classical routing, devices on any VOIP traffic from the...addresses (assuming appropriate firewall settings). For increased flexibility the source network or machines can be assigned to the other WAN link. Unified Services Router User Manual traffic can be assigned to go over only one WAN is configured. Protocol bindings ...
Product Manual
Page 47
...FTP server) using their external name. 45 Broadcast and multicast packets that arrive on the Internet. This is also referred to as 3G modem support) are supported in transparent mode assuming the LAN and WAN are switched to the WAN and vice versa, if they do not get filtered by their ...externally-known domain name. All DSR features (such as ―NAT loopback‖ since LAN generated traffic is redirected through the router will need to reach ...
...FTP server) using their external name. 45 Broadcast and multicast packets that arrive on the Internet. This is also referred to as 3G modem support) are supported in transparent mode assuming the LAN and WAN are switched to the WAN and vice versa, if they do not get filtered by their ...externally-known domain name. All DSR features (such as ―NAT loopback‖ since LAN generated traffic is redirected through the router will need to reach ...
Product Manual
Page 49
... routing tables in order to adapt to ensure that does not include subnet information. Unified Services Router User Manual 3.5.2 Dynamic Routing (RIP) DSR- 250/250N does not support RIP. If RIP-2B or RIP-2M is required. Choose between this router and other routers (configured with the same RIP version) is the...
... routing tables in order to adapt to ensure that does not include subnet information. Unified Services Router User Manual 3.5.2 Dynamic Routing (RIP) DSR- 250/250N does not support RIP. If RIP-2B or RIP-2M is required. Choose between this router and other routers (configured with the same RIP version) is the...
Product Manual
Page 51
... of the physical ports WAN3 to the ISP. WAN Option This router supports one of the following options o Always On: The connection is selected to be a secondary WAN interface, all configuration pages relating to WAN2 are a few key ...
... of the physical ports WAN3 to the ISP. WAN Option This router supports one of the following options o Always On: The connection is selected to be a secondary WAN interface, all configuration pages relating to WAN2 are a few key ...