HOW to Setup VPN IPsec Between DSR-Series FW.2.x

Step 1 – Setup WAN port setup DSR1

Network > WAN1 Settings  

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_1

Step 2 – Here you will need to select the ISP Connection Type

D-Link

Wan1 Setup:

Connection Type: Static IP (In our example it was set as static)

IP Address: 1.1.1.1

IP Subnet Mask: 255.0.0.0

Domain Name System (DNS) Servers

Primary DNS Server: 8.8.8.8 (Google DNS)

Secondary DNS Server: 8.8.4.4 (Google DNS)

Click on “Save

Step 3 – Setup LAN Configuration DSR1

Network > LAN Settings

D-Link

Step 4 – Enter an IP address for the LAN interface and DHCP Server

D-Link

In our example we have given the IP: 192.168.10.1

IP Address Setup:

IP Address: 192.168.10.1

Subnet Mask: 255.255.255.0

DHCP Setup:

DHCP Mode: DHCP Server

Starting IP Address: 192.168.10.2

Ending IP Address: 192.168.10.254

Default Gateway: 192.168.10.1

Click on “Save

Step 4 – Setup WAN port setup DSR2

Network > WAN1 Settings 

DSR_Series_FW2_How_to_setup_VPN_IPsec_between_1

Step 5 – Here you will need to select the ISP Connection Type

D-Link

Wan1 Setup:

Connection Type: Static IP (In our example it was set as static)

IP Address: 1.1.1.1

IP Subnet Mask: 255.0.0.0

Domain Name System (DNS) Servers

Primary DNS Server: 8.8.8.8 (Google DNS)

Secondary DNS Server: 8.8.4.4 (Google DNS)

Click on “Save

Step 6 – Setup LAN Configuration DSR2

Network > LAN Settings

D-Link

Step 7 – Enter an IP address for the LAN interface and DHCP Server

D-Link

In our example we have given the IP: 192.168.10.1

IP Address Setup:

IP Address: 192.168.20.1

Subnet Mask: 255.255.255.0

DHCP Setup:

DHCP Mode: DHCP Server

Starting IP Address: 192.168.20.2

Ending IP Address: 192.168.20.254

Default Gateway: 192.168.20.1

Click on “Save

VPN IPsec Setup – DSR1:

Step 8 – You will now need to setup an IPsec Policy

VPN > Policies

D-Link

Step 9 – Click “Add New IPSec Policy” to configure a new IPsec Policy

D-Link

IPSec Policy Configuration

General

Policy Name: VPN1

Policy Name: Auto Policy

IP Protocol Version: IPv4

IKE Version: IKEv1

L2TP Version: None

IPSec Model        Tunnel Model

Select Local Gateway: Dedicated WAN

Remote Endpoint: 2.2.2.2

Enable DHCP: Off

Local IP: Subnet

Local Start IP Address: 192.168.10.1 (LAN IP Address of DSR1)

Local Subnet Mask: 255.255.255.0

Remote IP: Subnet

Remote Start IP Address: 192.168.20.1

Remote Subnet Mask: 255.255.255.0

Enable Keepalive: Off

D-Link

D-Link
Phase 1 (IKE SA Parameters)

Exchange Mode: Main

Direction Type: Both

Nat traversal: On

NAT Keep Alive Frequency: 20

Remote Identifier Type: Local Wan IP

Remote Identifier Type: Remote Wan IP

D-Link

Encryption Algorithm

DES: On                                 3DES: On

AES-128: On                        AES-192: On

AES-256: On

BLOWFISH: Off

CAST128: Off

D-Link

Authentication Algorithm

MD5: On                                SHA-1: On

SHA2-256: Off                     SHA2-384: Off

SHA2-512: Off

Authentication Method: Pre-Shared Key

Pre-Shared Key: sharedkey

Diffie-Hellman (DH) Group: Group: Group 2 (1024 bit)

SA-Lifetime: 28800

Enable Dead Peer Detection: Off

Extended Authentication: None

D-Link

Phase2 – (Auto Policy Parameters)

SA Lifetime: 3600  Seconds

D-Link

Encryption Algorithm

DES: On                                 None: Off

3DES: On                              AES-128: On

AES-192: On                        AES-256: On

TWOFISH (128): Off          TWOFISH (192): Off

TWOFISH (256): Off

BLOWFISH: Off

CAST128: Off

D-Link 

Integrity Algorithm

MD5: On                                SHA1: On

SHA2-224: Off                     SHA2-256: Off

SHA2-384: Off                     SHA2-512: Off

PFS Key Group: Off

D-Link 

Click “Save
VPN IPsec Setup – DSR2:

Step 10 – You will now need to setup an IPsec Policy for the second DSR

VPN > Policies

D-Link
Step 11 – Click “Add New IPSec Policy” to configure a new IPsec Policy
D-Link

IPSec Policy Configuration

General

Policy Name: VPN2

Policy Name: Auto Policy

IP Protocol Version: IPv4

IKE Version: IKEv1

L2TP Version: None

IPSec Model        Tunnel Model

Select Local Gateway: Dedicated WAN

Remote Endpoint: 2.2.2.2

Enable DHCP: Off

Local IP: Subnet

Local Start IP Address: 192.168.10.1 (LAN IP Address of DSR1)

Local Subnet Mask: 255.255.255.0

Remote IP: Subnet

Remote Start IP Address: 192.168.20.1

Remote Subnet Mask: 255.255.255.0

Enable Keepalive: Off

 D-Link

D-Link

Phase 1 (IKE SA Parameters)

Exchange Mode: Main

Direction Type: Both

Nat traversal: On

NAT Keep Alive Frequency: 20

Remote Identifier Type: Local Wan IP

Remote Identifier Type: Remote Wan IP

D-Link 

Encryption Algorithm

DES: On                                 3DES: On

AES-128: On                        AES-192: On

AES-256: On

BLOWFISH: Off

CAST128: Off

D-Link 

Authentication Algorithm

MD5: On                                SHA-1: On

SHA2-256: Off                     SHA2-384: Off

SHA2-512: Off

Authentication Method: Pre-Shared Key

Pre-Shared Key: sharedkey

Diffie-Hellman (DH) Group: Group: Group 2 (1024 bit)

SA-Lifetime: 28800

Enable Dead Peer Detection: Off

Extended Authentication: None

D-Link 

Phase2 – (Auto Policy Parameters)

SA Lifetime: 3600  Seconds

D-Link 

Encryption Algorithm

DES: On                                 None: Off

3DES: On                              AES-128: On

AES-192: On                        AES-256: On

TWOFISH (128): Off          TWOFISH (192): Off

TWOFISH (256): Off

BLOWFISH: Off

CAST128: Off

D-Link 

Integrity Algorithm

MD5: On                                SHA1: On

SHA2-224: Off                     SHA2-256: Off

SHA2-384: Off                     SHA2-512: Off

PFS Key Group: Off

D-Link 

Click “Save

Step 12 – To view if the VPN connection has been established

STATUS > Active VPNs

D-Link

D-Link
Step 13 – If you see “IPsec SA Not Established”, Right-Click on a record then click “Connect

D-Link

Rank: 1.5