How it Works
D-Link
Loading...
DS-601
User Manual
15 pgs1.45 Mb0

D-Link DS-601, DS-605 User Manual

Fax: +49
-
911-99.68.299
D-Link NetDefend VPN Client (DS-601/605)
A quick installation guide to setting up the D-Link NetDefend VPN Client in a VPNC scenario
These scenarios were developed by the VPN Consortium
Scenario 1. Client-to-Gateway using pre-shared secrets
Typical client-to-gateway VPN using a preshared secret for authentication. Description how to configure the NCP Secure Entry Client for Windows.
Document version 1.00 Using D-Link NetDefend Client v1.0
Prepared by:
NCP Engineering GmbH
Dombuehler Strasse 2, 90449 Nürnberg, Germany Phone: +49-911-99.68.0
Disclaimer
Considerable care has been taken in the preparation of this quick guide, errors in content, typographical or otherwise may occur. If you have any comments or recommendations concerning the accuracy, then please contact NCP as desired.
NCP makes no representations or warranties with respect to the contents or use of this quick guide, and explicitly disclaims all expressed or implied warranties of merchantability or use for any particular purpose. Furthermore, NCP reserves the right to revise this publication and to make amendments to the content, at any time, without obligation to notify any person or entity of such revisions and changes.
Copyright
This quick guide is the sole property of NCP and may not be copied for resale, commercial distribution or translated to another language without the express written permission of NCP engineering GmbH, Dombühler Str.2, D-90449 Nürnberg, Germany.
Trademarks
All trademarks or registered trademarks appearing in this manual belong to their respective owners.
© 2004 NCP Engineering GmbH. All rights reserved.
Version 0.90 Page 2 of 15 06.Sep.04
1. Scenario 1: Client-to-gateway with pre-shared secrets
1.1 Scenario Setup
The following is a typical client-to-gateway VPN that uses a preshared secret for authentication.
172.23.9.0/24 | |-­ +-----------+ /-^-^-^-^--\ +-----------+ | | Client A |=====| Internet |=====| Gateway B |-----| +-----------+AW \--v-v-v-v-/ BW+-----------+BL | Dynamically assigned 22.23.24.25 172.23.9.1 |-­ |
Figure 1.1.1: Scenario
Client A's WAN interface (AW) has the address dynamically assigned to it by the ISP. Client A will access Gateway B's internal LAN, by means of a secure tunnel.
Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway B's WAN (Internet) interface has the address 22.23.24.25. Gateway B's LAN interface address, 172.23.9.1, can be used for testing IPsec but is not needed for configuring Client A.
The IKE Phase 1 parameters used in Scenario 1 are:
Main mode TripleDES SHA-1 MODP group 2 (1024 bits) pre-shared secret of "hr5xb84l6aa9r6" SA lifetime of 28800 seconds (eight hours) with no kbytes rekeying
The IKE Phase 2 parameters used in Scenario 1 are:
TripleDES SHA-1 ESP tunnel mode MODP group 2 (1024 bits) Perfect forward secrecy for rekeying SA lifetime of 3600 seconds (one hour) with no kbytes rekeying
Selectors for all IP protocols, all ports, between the client and 172.23.9.0/24, using IPv4 subnets
1.2 Using the Configuration Assistant
Figure 1.2.1: Configuration Assistant
The first time you start up the D-Link VPN Client you may be prompted to create a profile if one doesn't already exist. You can either use the assistant as outlined in section 1.2, or modify an existing profile as in section 1.3.
Version 0.90 Page 3 of 15 06.Sep.04
Figure 1.2.2: Configuration Assistant: Connection Name
Several profiles can be created and each given different name. In this example, this profile is created and given the name Gateway B with Pre-Shared Key. Click Next >.
figure 1.2.3: Configuration Assistant: Link type (Dial up configuration)
The VPN Client supports different media types; the integrated dialer for example, can be used to establish a connection to the ISP with a modem (if available to the system) prior to building the VPN Tunnel. In this example, select LAN (over IP). Click Next >.
Version 0.90 Page 4 of 15 06.Sep.04
figure 1.2.4: Configuration Assistant: VPN gateway parameters
Enter in the gateway's IP address or DNS name. Click Next >.
figure 1.2.5: Configuration Assistant: Pre-shared keys
In this example, a pre-shared key or shared secret is used, identical passwords on the IPSec communicating peers. Enter in the given hr5xb84l6aa9r6 (see section 1.1) and confirm this to ensure that it is correctly entered in. The Finish button will not be available until the values have been correctly entered in and match.
Version 0.90 Page 5 of 15 06.Sep.04
Loading...
+ 10 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use