D-link international confidential and proprietary 1 d-link and thegreenbow solution d d f f l l - - 8 8 0 0 0 0 n n e e t t d d e e f f e e n n d d i i p p s s / / u u t t m m f f i i r r e e w w a a l l l l a a p p p p l l i i c c a a t t i i o o n n n n o o t t e e version 2.00 (2009-5-28).
D-link international confidential and proprietary 2 revision history date rev. Description editor 2009-4-24 1.0 interoperability compliance testing negotiate mode for phase1 and phase2 using thegreenbow vpn client software and d-link product’s dfl-800. John yoong 2009-5-28 2.0 added the function vpn...
D-link international confidential and proprietary 3 5. Network diagram note: router is set to allow ipsec pass through. 6. Configurations in this document, we will only describe the main configurations for this scenario. The configurations setting for all the d-link products will not be described he...
D-link international confidential and proprietary 4 the steps in this configuration are: • setup dfl-800 for vpn tunneling • setup pre-shared key • phase 1 and phase 2 algorithms setup • setting up ipsec-tunnel • setup ip rules • setup thegreenbow vpn client software • setup phase 1 • setup phase 2 ...
D-link international confidential and proprietary 5 6.1.1.2) phase 1 and phase 2 algorithms setup 1) at the “ike algorithms”, select the encryption and integrity algorithms for your phase 1 authenticate. 2) next is the “ipsec algorithms”, select the encryption and integrity algorithms for the phase ...
D-link international confidential and proprietary 6 6.1.1.3) setting up ipsec-tunnel 1) after we finish setting up the algorithms, next we will need to create the “ipsec-tunnel” as show below. 2) next, click on the “authentication” tab and select the “pre- shared key” you have setup at the steps 1..
D-link international confidential and proprietary 7 3) after selecting the pre-shared key, next is to enable the “dynamically add route” at the routing tab. 4) last step is to make sure the dh group at the ike setting is the same setting for the thegreenbow vpn client software. 6.1.1.4) setup ip rul...
D-link international confidential and proprietary 8 2) next, click “ip rules” and add a new ip rule as show below..
D-link international confidential and proprietary 9 6.1.2) setup thegreenbow vpn client software 6.1.2.1) setup phase 1 1) right click on the “root” to add a new “phase1”, next fill in the ip address for this vpn client and remote gateway ip follow by preshared key and ike setting. Note: the preshar...
D-link international confidential and proprietary 10 6.1.2.2) setup phase 2 1) right click on the “phase1” to add a new “phase2”, next fill in the vpn client address for this vpn client and remote gateway ip follow by esp setting. Note: the esp encryption and authentication setting must be the same ...
D-link international confidential and proprietary 11 6.2 thegreenbow vpn client software (x-auth) and d-link security solutions (vpn client Ædfl-800) in this scenario the client will be authenticate (x-auth) before the user can connect back to the headquarter database by using thegreenbow vpn client...
D-link international confidential and proprietary 12 6.2.1) setup dfl-800 for x-auth 6.2.1.1) enable the x-auth in dfl-800 1) at the “interfaces Æ ipsec”, select the ipsec tunnel you have created in the previous solution and at the “xauth” tab, enable the function as show below. 6.2.1.2) setup the e...
D-link international confidential and proprietary 13 2) select the “user authentication Æ external user database” and add a new “radius server” with the setting as show below. Note: the shared secret must be the same key in the radius server. 3) next, add a new rule in the “user authentication rules...
D-link international confidential and proprietary 14 4) at the “authentication options”, select the radius server you have created and select the radius method as “chap”. 5) save and activate the setting..
D-link international confidential and proprietary 15 6.2.2) setup thegreenbow vpn client software 6.2.2.1) enable the x-auth function ) enu, tick the box for the “x-auth popup”. 1 inside the “p1 advanced” m 2) click “ok” and “save &apply” the setting..
D-link international confidential and proprietary 16 6.2.3) setup winradius server 6.2.3.1) set the secret key 1) click the “system” from the “setting” drop down list 2) key in the “nas secret”. Note: the nas secret must be the same key set in the dfl-800 “shared key”. 3) click “ok”, close and start...
D-link international confidential and proprietary 17 7. Interoperability compliance testing 7.1) general test approach tunnel using different negotiate mode in phase 1 and a. Open the vpn phase 2: series negotiate mode phase 1 phase 2 aes-sha aes-sha aes-md5 aes-sha 3des-md5 aes-sha 3des-sha aes-sha...
D-link international confidential and proprietary 18 series negotiate mode phase 1 phase 2 3des-sha des-sha des-md5 des-sha des-sha des-sha aes-sha des-md5 aes-md5 des-md5 3des-md5 des-md5 3des-sha des-md5 des-md5 des-md5 des-sha des-md5 b. C rs in th ius and during the x-auth popup, key in the user...
D-link international confidential and proprietary 19 7.2) test result a. The vpn tunnel will be open at any negotiate mode set in phase 1 and phase 2. Thegreenbow vpn client software.
D-link international confidential and proprietary 20 b. The dfl-800 will show the tunnel is up at their vpn status. Dfl-800 ipsec b. Client is able to ping to the remote network..
D-link international confidential and proprietary 21 e. For the “x-auth”, when the valid users are enter in the x-auth popup. The radius server will show “users authentication ok” and open up the vpn tunnel. Thegreenbow vpn client software.
D-link international confidential and proprietary 22 8. Conclusion the application notes demonstrate how d-link vpn products and thegreenbow vpn software combined perfectly address the requirements of the small and medium businesses worldwide. The joint vpn solution offer advantages around multiple ...
D-link international confidential and proprietary 23 d-link inc. All rights reserved d-link is the worldwide leader and an award-winning designer, developer, and manufacturer of wi-fi and ethernet networking, broadband, multimedia, voice and data ommunications and digital electronics solutions. C.
