background image

                                   

                                                              

D-Link International 

Confidential and proprietary 

 

1

 

 

D-Link And TheGreenBow Solution 

 

D

D

F

F

L

L

-

-

8

8

0

0

0

0

 

 

N

N

e

e

t

t

d

d

e

e

f

f

e

e

n

n

d

d

 

 

I

I

P

P

S

S

/

/

U

U

T

T

M

M

 

 

F

F

i

i

r

r

e

e

w

w

a

a

l

l

l

l

 

 

A

A

p

p

p

p

l

l

i

i

c

c

a

a

t

t

i

i

o

o

n

n

 

 

N

N

o

o

t

t

e

e

 

 

 
 
 
 
 

Version 2.00  

 (2009-5-28) 

Содержание DFL-800 - Security Appliance

Страница 1: ...onfidential and proprietary 1 D Link And TheGreenBow Solution D DF FL L 8 80 00 0 N Ne et td de ef fe en nd d I IP PS S U UT TM M F Fi ir re ew wa al ll l A Ap pp pl li ic ca at ti io on n N No ot te e Version 2 00 2009 5 28 ...

Страница 2: ...eenBow VPN software and are familiar with how to perform basic configurations Only important configurations such as those pertaining to interfacing and integrating will be described in this document For purpose of reference configuration files for each device are available for download 2 Audience This document is intended for project engineers or end users that need to implement DFL series and The...

Страница 3: ...roduct you can download their user guide 1 TheGreenBow VPN Client IPSec and D Link Security Solutions VPN Client Æ DFL 800 2 TheGreenBow VPN Client XAuth and D Link Security Solutions VPN Client Æ DFL 800 Æ Radius Server 6 1 TheGreenBow VPN Client IPSec and D Link Security Solutions VPN Client Æ DFL 800 In this scenario the user can connect back to the headquarter database by using TheGreenBow VPN...

Страница 4: ...red Key Phase 1 and Phase 2 algorithms setup Setting up IPSec Tunnel Setup IP Rules Setup TheGreenBow VPN Client software Setup Phase 1 Setup Phase 2 6 1 1 Setup DFL 800 for VPN tunneling 6 1 1 1 Setup Pre Shared Key 1 Login to the DFL 800 and click Authenticate Objects and add a new Pre shared Key and fill in the passphrase and name ...

Страница 5: ...tary 5 6 1 1 2 Phase 1 and Phase 2 algorithms setup 1 At the IKE Algorithms select the Encryption and Integrity algorithms for your phase 1 authenticate 2 Next is the IPSec Algorithms select the Encryption and Integrity algorithms for the Phase 2 ...

Страница 6: ...rietary 6 6 1 1 3 Setting up IPSec Tunnel 1 After we finish setting up the algorithms next we will need to create the IPSec Tunnel as show below 2 Next click on the Authentication tab and select the Pre Shared Key you have setup at the steps 1 ...

Страница 7: ...t the routing tab 4 Last step is to make sure the DH Group at the IKE setting is the same setting for the TheGreenBow VPN Client software 6 1 1 4 Setup IP Rules Now is to setup the IP Rules so there the DFL 800 knows where to direct all the traffic to 1 First add a new interface group name IPSec LAN by grouping up IPSec Tunnel and LAN ...

Страница 8: ...D Link International Confidential and proprietary 8 2 Next click IP Rules and add a new IP rule as show below ...

Страница 9: ...ow VPN Client Software 6 1 2 1 Setup Phase 1 1 Right click on the Root to add a new Phase1 next fill in the IP address for this VPN client and Remote gateway IP follow by Preshared Key and IKE setting Note the Preshared Key and IKE must be the same setting set in the DFL 800 ...

Страница 10: ... 2 Setup Phase 2 1 Right click on the Phase1 to add a new Phase2 next fill in the VPN Client address for this VPN client and Remote gateway IP follow by ESP setting Note the ESP Encryption and Authentication setting must be the same in the DFL 800 IPSec Tunnel ...

Страница 11: ...urations are based on DFL 800 F W 2 20 03 08 8257 TheGreenBow VPN Client F W 4 60 0 0 and WinRadius Version 4 00 Note Before configuration this solution please make sure that your DFL 800 and VPN Client had the IPSec setting configured Please refer to 6 1 TheGreenBow VPN Client software IPSec and D Link Security Solutions VPN Client Æ DFL 800 The steps in this configuration are Setup DFL 800 for X...

Страница 12: ...ble the X Auth in DFL 800 1 At the Interfaces Æ IPSec select the IPSec tunnel you have created in the previous solution and at the XAuth tab enable the function as show below 6 2 1 2 Setup the External Authentication Server i e Radius 1 Add the IP Address for the Radius Server in the Address Book ...

Страница 13: ...etary 13 2 Select the User Authentication Æ External User Database and add a new Radius Server with the setting as show below Note the Shared Secret must be the same key in the Radius Server 3 Next add a New Rule in the User Authentication Rules ...

Страница 14: ...D Link International Confidential and proprietary 14 4 At the Authentication Options select the Radius Server you have created and select the Radius Method as CHAP 5 Save and activate the setting ...

Страница 15: ...onal Confidential and proprietary 15 6 2 2 Setup TheGreenBow VPN Client software 6 2 2 1 Enable the X Auth Function enu tick the box for the X Auth Popup 1 Inside the P1 Advanced m 2 Click Ok and Save Apply the setting ...

Страница 16: ...6 2 3 Setup WinRadius Server 6 2 3 1 Set the Secret Key 1 Click the System from the Setting drop down list 2 Key in the NAS Secret Note The NAS Secret must be the same key set in the DFL 800 Shared Key 3 Click OK close and start the WinRadius Server again ...

Страница 17: ...S SHA AES MD5 AES SHA 3DES MD5 AES SHA 3DES SHA AES SHA DES MD5 AES SHA DES SHA AES SHA AES SHA AES MD5 AES MD5 AES MD5 3DES MD5 AES MD5 3DES SHA AES MD5 DES MD5 AES MD5 DES SHA AES MD5 AES SHA 3DES SHA AES MD5 3DES SHA 3DES MD5 3DES SHA 3DES SHA 3DES SHA DES MD5 3DES SHA DES SHA 3DES SHA AES SHA 3DES MD5 AES MD5 3DES MD5 3DES MD5 3DES MD5 3DES SHA 3DES MD5 DES MD5 3DES MD5 DES SHA 3DES MD5 AES SH...

Страница 18: ...hase 1 Phase 2 3DES SHA DES SHA DES MD5 DES SHA DES SHA DES SHA AES SHA DES MD5 AES MD5 DES MD5 3DES MD5 DES MD5 3DES SHA DES MD5 DES MD5 DES MD5 DES SHA DES MD5 b C rs in th ius and during the X Auth popup key in the users ID and Password from the WinRadius reate use e WinRad ...

Страница 19: ...D Link International Confidential and proprietary 19 7 2 Test Result a The VPN tunnel will be open at any negotiate mode set in Phase 1 and Phase 2 TheGreenBow VPN Client software ...

Страница 20: ...D Link International Confidential and proprietary 20 b The DFL 800 will show the tunnel is up at their VPN status DFL 800 IPSec b Client is able to Ping to the remote network ...

Страница 21: ...ional Confidential and proprietary 21 e For the X Auth when the valid users are enter in the X Auth popup The Radius Server will show Users Authentication OK and open up the VPN tunnel TheGreenBow VPN Client software ...

Страница 22: ... VPN software combined perfectly address the requirements of the small and medium businesses worldwide The joint VPN solution offer advantages around multiple access control and authorization mechanisms for users and tunneling capabilities to access the entire corporate network it can also provide different access rights to different users ...

Страница 23: ...etary 23 D Link Inc All Rights Reserved D Link is the worldwide leader and an award winning designer developer and manufacturer of Wi Fi and Ethernet networking broadband multimedia voice and data ommunications and digital electronics solutions c ...

Отзывы: