D-Link DFL-200 User Manual
48
VPN between two networks
In the following example users on the main
office internal network can connect to the branch
office internal network vice versa. Communication
between the two networks takes place in an
encrypted VPN tunnel that connects the two DFLs
Network Security Firewall across the Internet. Users
on the internal networks are not aware that when
they connect to a computer on the other network
that the connection runs across the Internet.
office internal network vice versa. Communication
between the two networks takes place in an
encrypted VPN tunnel that connects the two DFLs
Network Security Firewall across the Internet. Users
on the internal networks are not aware that when
they connect to a computer on the other network
that the connection runs across the Internet.
As shown in the example, you can use the DFL
to protect a branch office and a small main office.
Both of these DFLs can be configured as IPSec
VPN gateways to create the VPN that connects the
branch office network to the main office network.
Both of these DFLs can be configured as IPSec
VPN gateways to create the VPN that connects the
branch office network to the main office network.
The example shows a VPN between two
internal networks, but you can also create VPNs
between an internal network behind one VPN
gateway and a DMZ network behind another or
between two DMZ networks. The networks at the
ends of the VPN tunnel are selected when you configure the VPN policy.
between an internal network behind one VPN
gateway and a DMZ network behind another or
between two DMZ networks. The networks at the
ends of the VPN tunnel are selected when you configure the VPN policy.
Creating a LAN-to-LAN IPSec VPN Tunnel
Follow these steps to add LAN-to-LAN Tunnel.
Step 1. Go to Firewall and VPN and choose Add new in the IPSec tunnels section.
Step 2. Enter a Name for the new tunnel in the name field. The name can contain
numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters -
and _. No other special characters and spaces are allowed.
numbers (0-9) and upper and lower case letters (A-Z, a-z), and the special characters -
and _. No other special characters and spaces are allowed.
Step 3. Specify your local network, or your side of the tunnel, for example
192.168.1.0/255.255.255.0, in the Local Net field.
192.168.1.0/255.255.255.0, in the Local Net field.
Step 4. Choose authentication type, either PSK (Pre-shared Key) or Certificate-based. If
you choose PSK make sure both firewalls use exactly the same PSK.
you choose PSK make sure both firewalls use exactly the same PSK.
Step 5. As Tunnel Type choose LAN-to-LAN tunnel and specify the network behind the
other DFL-200 as Remote Net also specify the external IP of the other DFL-200, this can
be an IP or a DNS name.
other DFL-200 as Remote Net also specify the external IP of the other DFL-200, this can
be an IP or a DNS name.
Click the Apply button below to apply the change or click Cancel to discard changes.
Repeat this on the firewall on the other site.