HOW to Setup VPN IPsec Between DSR-Series

Devices Used:

DSR-500N (DSR1)
DSR-1000N (DSR2)
DSR1: WAN 1.1.1.1 LAN: 192.168.10.1
DSR2: WAN 2.2.2.2 LAN: 192.168.20.1

WAN and LAN Setup:

Step 1 – Setup WAN port setup DSR1

SETUP > Internet Settings > WAN1 Settings > WAN1 Setup

Step 2 – Here you will need to select the ISP Connection Type

D-Link

In our example we have selected “Static”

Once configured click “Save Settings”

Step 3 – Setup LAN Configuration DSR1

SETUP > Network Setting > LAN Setup Configuration

Step 4 – Enter an IP address for the LAN interface and DHCP Server

D-Link

In our example we have given the IP: 192.168.10.1

Once configured click “Save Settings”

Step 5 – Setup WAN port setup DSR2

SETUP > Internet Settings > WAN1 Settings > WAN1 Setup

Step 6 – Here you will need to select the ISP Connection Type

D-Link

In our example we have selected “Static”

Once configured click “Save Settings”

Step 7 – Setup LAN Configuration DSR1

SETUP > Network Setting > LAN Setup Configuration

Step 8 – Here you will need to select the ISP Connection Type

D-Link

In our example we have selected “Static”

Once configured click “Save Settings”

VPN IPsec Setup – DSR1:

Step 9 – You will now need to setup an IPsec Policy

D-Link

SETUP > VPN Settings > IPSec > IPsec Policies

Step 10 – Click on “Add” to configure an IPsec Policy

DSR_Series_How_to_setup_VPN_IPsec_between_DSR10

D-Link

General:

Policy Name: VPN1

Policy Type: Auto Policy

L2TP Mode: None

Select Local Gateway: Dedicated WAN

Remote Endpoint: IP Address

: 2.2.2.2 (WAN IP DSR2)

Protocol: ESP

Details from DSR1

Local IP: Subnet

Local Start IP Address: 192.168.10.0

Local Subnet Mask: 255.255.255.0

Details from DSR2

Remote IP: Subnet

Remote Start IP Address: 192.168.20.0

Remote Subnet Mask: 255.255.255.0

D-Link

Phase1 (IKE SA Parameters):

Exchange Mode: Main

Direction Type: Auto Policy

NAT Traversal: Selected
NAT Keep Alive Frequency (in seconds): 20

Local Identifier Type: Local Wan IP
Local Identifier: 1.1.1.1

Remote Identifier Type: Remote Wan IP
Remote Identifier: 2.2.2.2

Encryption Algorithm:
DES: Select
JDES: Select
AES-128: Select
AES-192: Select
AES-256: Select

Integrity Algorithm:
MDS: Select
SHA-1: Select

Authentication Method: Pre-shared Key
Pre-shared key: shared key (example)
Diffie-Hellman(DH)Group: Group 2 (1024 bit)
SA-Lifetime (sec): 28800

Extended Authentication Type: None

D-Link

Phase2 (Manual Policy Parameters):

SA Lifetime: 3600 seconds

Encryption Algorithm:
DES: Select
JDES: Select
AES-128: Select
AES-192: Select
AES-256: Select

Integrity Algorithm:
MDS: Select
SHA-1: Select

Click “Save Settings”

D-Link

VPN IPsec Setup – DSR2:

Step 11 – You will now need to setup an IPsec Policy

SETUP > VPN Settings > IPSec > IPsec Policies

Step 12 – Click on “Add” to configure an IPsec Policy

D-Link

D-Link

General:

Policy Name: VPN2

Policy Type: Auto Policy

L2TP Mode: None

Select Local Gateway: Dedicated WAN

Remote Endpoint: IP Address

: 1.1.1.1 (WAN IP DSR1)

Protocol: ESP

Details from DSR2

Local IP: Subnet

Local Start IP Address: 192.168.20.0

Local Subnet Mask: 255.255.255.0

Details from DSR1

Remote IP: Subnet

Remote Start IP Address: 192.168.10.0

Remote Subnet Mask: 255.255.255.0

D-Link

Phase1 (IKE SA Parameters):

Exchange Mode: Main

Direction Type: Auto Policy

NAT Traversal: Selected
NAT Keep Alive Frequency (in seconds): 20

Local Identifier Type: Local Wan IP
Local Identifier: 2.2.2.2

Remote Identifier Type: Remote Wan IP
Remote Identifier: 1.1.1.1

Encryption Algorithm:
DES: Select
JDES: Select
AES-128: Select
AES-192: Select
AES-256: Select

Integrity Algorithm:
MDS: Select
SHA-1: Select

Authentication Method: Pre-shared Key
Pre-shared key: shared key (example)
Diffie-Hellman(DH)Group: Group 2 (1024 bit)
SA-Lifetime (sec): 28800

Extended Authentication Type: None

D-Link