D-Link DWC-1000 User Manual
Wireless Controller
User Manual
121
Parameter
Default value from Wizard
Exchange Mode
Aggressive (Client policy ) or Main (Gateway policy)
ID Type
FQDN
Local WAN ID
wan_local.com (only applies to Client policies)
Remote WAN ID
wan_remote.com (only applies to Client policies)
Encryption Algorithm
3DES
Authentication Algorithm
SHA-1
Authentication Method
Pre-shared Key
PFS Key-Group
DH-Group 2(1024 bit)
Life Time (Phase 1)
24 hours
NETBIOS
Enabled (only applies to Gateway policies)
The VPN Wizard is the recommended method to set up an Auto IPsec policy.
Once the Wizard creates the matching IKE and VPN policies required by t he Auto
policy, one can modify the required fields through the edit link. Refer to the online
help for details.
Once the Wizard creates the matching IKE and VPN policies required by t he Auto
policy, one can modify the required fields through the edit link. Refer to the online
help for details.
Easy Setup Site to Site VPN Tunnel:
If you find it difficult to configure VPN policies through VPN wizard use easy setup
site to site VPN tunnel. This will add VPN policies by importing a file containing vpn
policies.
If you find it difficult to configure VPN policies through VPN wizard use easy setup
site to site VPN tunnel. This will add VPN policies by importing a file containing vpn
policies.
6.2 Configuring IPsec Policies
Setup > VPN Settings > IPsec > IPsec Policies
An IPsec policy is between this controller and another gateway or this controller and
a IPsec client on a remote host. The IPsec mode can be either tunnel or transport
depending on the network being traversed between the two policy endpoints.
a IPsec client on a remote host. The IPsec mode can be either tunnel or transport
depending on the network being traversed between the two policy endpoints.
Transport: This is used for end-to-end communication between this controller and
the tunnel endpoint, either another I Psec gateway or an IPsec VPN client on a host.
Only the data payload is encrypted and the IP header is not modified or encrypted.
Tunnel: This mode is used for network -to-network IPsec tunnels where this
gateway is one endpoint of the tunnel. In this mo de the entire IP packet including
the header is encrypted and/or authenticated.
When tunnel mode is selected, you can enable NetBIOS and DHCP over IPsec.
DHCP over IPsec allows this controller to serve IP leases to hosts on the remote LAN.
As well in this mode you can define the single IP address, range of IPs, or subnet on
both the local and remote private networks that can communicate over the tunnel.
DHCP over IPsec allows this controller to serve IP leases to hosts on the remote LAN.
As well in this mode you can define the single IP address, range of IPs, or subnet on
both the local and remote private networks that can communicate over the tunnel.