Справочник Пользователя для D-Link DSR-1000
Unified Services Router
User Manual
92
Parameter
Default value from Wizard
Exchange Mode
Aggressive (Client policy ) or Main (Gateway policy)
ID Type
FQDN
Local WAN ID
wan_local.com (only applies to Client policies)
Remote WAN ID
wan_remote.com (only applies to Client policies)
Encryption Algorithm
3DES
Authentication Algorithm
SHA-1
Authentication Method
Pre-shared Key
PFS Key-Group
DH-Group 2(1024 bit)
Life Time (Phase 1)
24 hours
NETBIOS
Enabled (only applies to Gateway policies)
The VPN Wizard is the recommended method to set up an Auto IPsec policy.
Once the Wizard creates the matching IKE and VPN policies required by the Auto
policy, one can modify the required fields through the edit link. Refer to the online
help for details.
Once the Wizard creates the matching IKE and VPN policies required by the Auto
policy, one can modify the required fields through the edit link. Refer to the online
help for details.
Easy Setup Site to Site VPN Tunnel:
If you find it difficult to configure VPN policies through VPN wizard use easy setup
site to site VPN tunnel. This will add VPN policies by importing a file containing vpn
policies.
If you find it difficult to configure VPN policies through VPN wizard use easy setup
site to site VPN tunnel. This will add VPN policies by importing a file containing vpn
policies.
6.2 Configuring IPsec Policies
Setup > VPN Settings > IPsec > IPsec Policies
An IPsec policy is between this router and another gateway or this router and a IPsec
client on a remote host. The IPsec mode can be either tunnel or transport depending
on the network being traversed between the two policy endpoints.
client on a remote host. The IPsec mode can be either tunnel or transport depending
on the network being traversed between the two policy endpoints.
Transport: This is used for end -to-end communication between this router and the
tunnel endpoint, either another IPsec gateway or an IPsec VPN client on a host.
Only the data payload is encrypted and the IP header is not modified or encrypted.
Tunnel: This mode is used for network -to-network IPsec tunnels where this
gateway is one endpoint of the tunnel. In this mode the entire IP packet including
the header is encrypted and/or authenticated.
When tunnel mode is selected, you can enable NetBIOS and DHCP over IPsec.
DHCP over IPsec allows this router to serve IP leases to hosts on the remote LAN. As
well in this mode you can define the single IP address, range of IPs, or subnet on both
the local and remote private networks that can communicate over the tunnel.
DHCP over IPsec allows this router to serve IP leases to hosts on the remote LAN. As
well in this mode you can define the single IP address, range of IPs, or subnet on both
the local and remote private networks that can communicate over the tunnel.