Filter
Top Products
DFL-500 User Manual
5
0
See Adding an encrypt policy.
Configuring manual key IPSec VPN
A manual key VPN configuration consists of a manual key VPN tunnel, the source and destination addresses
for both ends of the tunnel, and an encrypt policy to control access to the VPN tunnel.
To create a manual key VPN configuration:
•
Add a manual key VPN tunnel.
See Adding a manual key VPN tunnel
.
•
Add an encrypt policy that includes the tunnel, source address, and destination address for both ends
of the tunnel.
See Adding an encrypt policy
.
Configuring dialup VPN
Use a dialup VPN configuration to allow remote clients or VPN gateways with dynamic IP addresses to
connect to a DFL-500 VPN gateway. Clients or gateways with dynamic IP addresses can be home or
travelling users who dial into the Internet and are dynamically assigned an IP address by their ISP (using
PPPoE, DHCP, or a similar protocol).
A dialup VPN configuration consists of a remote gateway and one or more VPN tunnels for this remote
gateway. For each VPN tunnel, you must add an encrypt policy to control access to the VPN tunnel.
Dialup VPN has several configurations for user authentication. For information about dialup VPN
authentication, see About dialup VPN authentication
.
To create a dialup VPN configuration:
• Add a remote gateway and select Dialup User.
See Adding a remote gateway
.
When you configure the Remote Gateway, you can require users to authenticate before accessing
the remote gateway by choosing a user group in the User Group field. Selecting a user group is
optional. For information about user groups, see Configuring user groups
.
•
Add one or more AutoIKE key VPN tunnels that include the remote gateway added in step 1.
See Adding an AutoIKE key VPN tunnel
.
• Add an incoming encrypt policy with External_All as the source address to allow all dialup users to
access the VPN tunnel.
See Adding an encrypt policy
.
Configuring a VPN concentrator for hub and spoke VPN
A hub and spoke VPN consists of a VPN concentrator on a central DFL-500 NPG (the hub) and two or more
VPN tunnels (the spokes). The spoke VPNs communicate with each other through the hub VPN concentrator.
To create a hub and spoke configuration, you must create a VPN concentrator on the central DFL-500 NPG.
You must configure encrypt policies from each VPN spoke network to the VPN concentrator network and to
the other VPN spoke networks.
This section describes:
• Configuring the VPN concentrator
• Configuring the member VPNs