D Link TW1130 Wireless VPN Router User Manual di714P manual 1 31

D Link Corporation Wireless VPN Router di714P manual 1 31

UserManual.wiki >

TW1130 User Manual >

User Manual Part 2

Contents

User Manual Part 2

29Using the Configuration MenuHome > VPN Settings > Tunnel > ManualRemote Subnet The subnet of the remote VPN gateway’s local network. Itcan be a host, a partial subnet, or a whole subnet.Remote Netmask The subnet of the remote VPN gateway’s local network.It can be a host, a partial subnet, or a whole subnet.Remote Gateway The WAN IP address of remote VPN gateway.Local Subnet The subnet of the VPN gateway’s local network. It can be ahost, a partial subnet, or a whole subnet.Local Netmask Local netmask combined with local subnet to form a subnetdomain.Aggressive Mode Enabling this mode will accelerate establishing tunnel, butthe device will have less security.Tunnel Name Current tunnel name.Remote SPI The value of the remote SPI should be set in hex format.Local SPI The value of the local SPI should be set in hex format.Method The set of rules applied when connecting to the VPN gateway.

30Using the Configuration MenuHome > VPN Settings > Tunnel > Manual Continued...EncapsulationProtocolThere are two protocols that can be selected: ESP and AH.EncryptionAlgorithmThere are two algorithms that can be selected: 3DES and DES.AuthenticationAlgorithmThere are two algorithms that can be selected: SHA1 and MD5.Encryption Key For DES, the encryption key is 8 bytes (16 Char.). For 3DES,the encryption key is 24 bytes (48 Char.).Authentication Key For MD5, the authentication algorithm is16 bytes (32 Char.).For SHA1, the authentication algorithm is 20 bytes.(40 Char.).Life Time Enter in the life time value.Life Time Unit There are two units that can be selected: Second and KB.

31Home > VPN Settings > Dynamic VPN TunnelUsing the Configuration MenuLocal Subnet The subnet of the VPN gateway’s local network. It can be ahost, a partial subnet, or a whole subnet.Local Netmask The netmask of the VPN gateway’s local network.Aggressive Mode Enabling this mode will accelerate establishing the tunnel,but the device will have less security.Tunnel Name Current tunnel name.This feature works with a VPN software client so the DI-824VUP does not need to know the IP address of the remoteclients.Dynamic VPNThere are three parts that are necessary to setup theconfiguration of IKE for the dedicated tunnel: basic setup, IKEproposal setup, and IPSec proposal setup. Basic setupincludes the setting of following items: local subnet, localnetmask, remote subnet, remote netmask, remote gateway,and pre-shared key. The tunnel name is derived from theprevious page of VPN setting. IKE proposal setup includesthe setting of a set of frequent-used IKE proposals and selectingfrom the set of IKE proposals.VPN Settings - IKE

32Using the Configuration MenuHome > VPN Settings > Dynamic VPN Tunnel Continued...Preshared Key The first key that supports IKE mechanism of both VPNgateways for negotiating further security keys. The pre-shared key must be the same for both endpoint gateways.IKE Proposal index Click the button to setup a set of frequent-used IKEproposals and select from the set of IKE proposals for thededicated tunnel.IPSec ProposalindexClick the button to setup a set of frequent-used IPSecproposals and select from the set of IKE proposals for thededicated tunnel.

33Using the Configuration MenuHome > VPN Settings > Dynamic VPN Tunnel > Set IKE ProposalIKE Proposal indexProposal NameDH GroupEncrypt algorithmAuth algorithmA list of selected proposal indexes from the IKE proposalpool listed below.There are three groups that can be selected: group 1(MODP768), group 2 (MODP1024), and group 5(MODP1536).There are two algorithms that can be selected: 3DES andDES.It indicates which IKE proposal to be focused.There are two algorithms that can be selected: SHA1 andMD5.

34Life Time Enter in the life time value.Life Time Unit There are two units that can be selected: second and KB.Proposal ID The identifier of IKE proposal can be chosen for adding thecorresponding proposal to the dedicated tunnel.Add to Click it to add the chosen proposal indicated by proposal IDto IKE Proposal index list.Using the Configuration MenuHome > VPN Settings > Dynamic VPN Tunnel > Set IKE ProposalContinued...

35Using the Configuration MenuHome > VPN Settings > Dynamic VPN Tunnel > Set IPSEC ProposalIPSec ProposalindexA list of selected proposal indexes from the IPSec proposalpool listed below.Proposal NameDH Group There are three groups that can be selected: group 1(MODP768), group 2 (MODP1024), and group 5(MODP1536).Encap protocol There are two protocols that can be selected: ESP and AH.Encrypt algorithm There are two algorithms that can be selected: 3DES andDES.This is the name used to classify the IPSec proposal.Auth algorithm There are two algorithms that can be selected: SHA1 andMD5.

36Using the Configuration MenuHome > VPN Settings > Dynamic VPN Tunnel > Set IPSEC ProposalContinued...Life Time Enter in a life time value.Life Time Unit There are two units that can be selected: second and KB.Proposal ID The identifier of IPSec proposal can be chosen for adding thecorresponding proposal to the dedicated tunnel.Add to Click it to add the chosen proposal indicated by proposal IDto IPSec Proposal index list.

37Home > VPN Settings > L2TP Server SettingUsing the Configuration MenuEnable L2TPServerClick to enable the L2TP Server function.Virtual IP ofL2TP ServerEnter your Virtual IP address to access the L2PT server.AuthenticationProtocolSelect one of the following authentication protocols: PAP,CHAP, or MSCHAP.Tunnel Name Current tunnel name.User NamePassword Enter in the password for the L2TP account.Enter in the username for the L2TP account.

38Home > VPN Settings > PPTP Server SettingUsing the Configuration MenuEnable PPTPServerClick to enable the PPTP Server function.Virtual IP ofPPTP ServerEnter your Virtual IP address to access thePPPT server.AuthenticationProtocolSelect one of the following authentication protocols: PAP,CHAP, or MSCHAP.Tunnel Name Current tunnel name.User NamePassword Enter in the password for the PPTP account.Enter in the username for the PPTP account.

39Advanced > Virtual ServerUsing the Configuration MenuThe DI-824VUP can be configured as a virtual server so that remote users accessingWeb or FTP services via the public IP address can be automatically redirected to localservers in the LAN (Local Area Network).The DI-824VUP firewall feature filters out unrecognized packets to protect your LANnetwork so all computers networked with the DI-824VUP are invisible to the outsideworld. If you wish, you can make some of the LAN computers accessible from theInternet by enabling Virtual Server. Depending on the requested service, the DI-824VUPredirects the external service request to the appropriate server within the LAN network.Protocol Type The protocol used for the virtual service.Public Port The port number on the WAN side that will be used to accessthe virtual service.Private IP The server computer in the LAN network that will be providingthe virtual services.Name The name referencing the virtual service.Private Port The port number of the service used by the Private IP computer.Schedule Select Always, or choose From and enter the time period dur-ing which the virtual service will be available.

40Using the Configuration MenuAdvanced > ApplicationSome applications require multiple connections, such as Internet gaming, videoconferencing, Internet telephony, and others. These applications have difficulties workingthrough NAT (Network Address Translation). Special Applications makes some of theseapplications work with the DI-824VUP. If you need to run applications that require multipleconnections, specify the port normally associated with an application in the Triggerfield, then enter the public ports associated with the trigger port into the IncomingPorts field.At the bottom of the screen, there are already defined special applications. To use them,select one from the drop down list and select an ID number you want to use. Then clickthe “Copy to” button and the router will fill in the appropriate information to the list. Youwill then need to enable the service. If the mechanism of Special Applications fails tomake an application work, try using DMZ host instead.Note! Only one PC can use each Special Application tunnel.Trigger Port This is the port used to trigger the application. It can beeither a single port or a range of ports.Public Ports This is the port number on the WAN side that will be used toaccess the application. You may define a single port or a rangeof ports. You can use a comma to add multiple ports or portranges.Enabled Select to activate the policy.

41Using the Configuration MenuAdvanced > Filter > IP FilterIP FilterUse IP Filters to deny LAN IP addresses access to the internet.ProtocolIP AddressEnter in the IP address range of the computers that you want the policy to apply to. If itis only a single computer that you want the policy applied to, then enter the IP address ofthat computer in the Start Source IP and leave the End Source IP blank.Use IP (Internet Protocol)filters to allow or denycomputers access to theInternet based on their IPaddress.Port RangeEnter in the port range of the TCP/UDP ports that you want the policy to apply to. If it isonly a single port that you want the policy applied to, then enter the port number in theStart Port field and leave the End Port field blank. If you want to use all the ports, youcan leave the port range empty.Enabled or DisabledClick Enabled to apply the filter policy or click Disabled to enter an inactive filter policy.(You can reactivate the policy later.)Select the protocol type to allow or deny certain types of IP addresses.ScheduleSelect Always, or choose From and enter the time period during which the IP filter policywill be in effect.

42Using the Configuration MenuAdvanced > Filter > MAC FiltersMAC (Media Access Control) Filters are used to allow or deny LAN (Local Area Network)computers from accessing the Internet and network by their MAC address.At the bottom of the screen, there is a list of MAC addresses from the DHCP clientcomputers connected to the DI-824VUP. To use them, select one from the drop downlist. Then click the “Apply” button and the DI-824VUP will fill in the appropriate informationto the list.Disabled MAC FilterSelect this option if you do not want to use MAC filters.Only allow computers with MAC address listed below to access the networkSelect this option to only allow computers that are in the list to access the networkand Internet. All other computers will be denied access to the network andInternet.Only deny computers with MAC address listed below to access the networkSelect this option to only deny computers that are in the list to access the networkand Internet. All other computers will be allowed access to the network and Internet.Enter the MAC Address of the client that will be filtered.MAC Address

43Using the Configuration MenuAdvanced > Filter > URL BlockingUse URL Blocking to deny LAN computers from accessing specific web sites by itsURL. A URL is a specially formatted text string that defines a location on the Internet.If any part of the URL contains the blocked word, the site will not be accessible andthe web page will not display.Disabled URL BlockingSelect this option if you do not want to use URL Blocking.

44Using the Configuration MenuAdvanced > Filter > Domain BlockingUse Domain Blocking to allow or deny computers access to specific Internet domainswhether it is through www, ftp, snmp, etc.Disabled Domain BlockingSelect this option if you do not want to use Domain Blocking.Allow users to access all domains except “Blocked Domains”Select this option to allow users to access the specified Internet domains listed below.Users will be denied access to all other Internet domains.Deny users to access all domains except “Permitted Domains”Select this option to deny users to access the specified Internet domains listed below.Users will be allowed access to all other Internet domains.

45Using the Configuration MenuAdvanced > FirewallFirewall Rules is an advance feature used to allow or deny traffic from passing throughthe device. It works in the same way as IP Filters with additional settings. You cancreate more detailed rules for the device.Enabled or DisabledClick Enabled to apply the filter policy or click Disabled to enter an inactive filter policy(You can reactivate the policy later).NameEnter the name of the Firewall Rule.ActionSelect Allow or Deny to allow or deny traffic to pass through the DI-824VUP.SourceChoose between a LAN or WAN source. An asterisk signifies the selection of bothsources.IP StartThe starting IP address for the filter policy. Leaving the field blank selects all IPs.IP EndThe ending IP address for the filter policy. Leaving the field blank sleects all IPs.DestinationChoose between a LAN or WAN destination. An asterisk signifies the selection of bothdestinations.

46Using the Configuration MenuAdvanced > Firewall ContinuedScheduleSelect Always, or choose From and enter the time period during which the virtual ser-vice will be available.IP AddressEnter in the IP address range of the computers that you want the policy to apply to. If itis only a single computer that you want the policy applied to, then enter the IP address ofthat computer in the Start Source IP and leave the End Source IP blank.Port RangeEnter in the port range of the TCP/UDP ports that you want the policy to apply to. If it isonly a single port that you want the policy applied to, then enter the port number in theStart Port field and leave the End Port field blank. If you want to use all the ports, youcan leave the port range empty.ProtocolSelect one of the following protocols: TCP, UDP, or ICMP.

47Using the Configuration MenuAdvanced > SNMPSNMP (Simple Network Management Protocol) is a widely used network monitoring andcontrol protocol that reports activity on each network device to the administrator of thenetwork. SNMP can be used to monitor traffic and statistics of the DI-824VUP. The DI-824VUP supports SNMP v1 or v2c.Enable SNMPGet Community(Simple Network Management Protocol.)Enter the password public in this field to allow “Read only” ac-cess to network administration using SNMP. You can view thenetwork, but no configuration is possible wth this setting.Set Community Enter the password private in this field to gain “Read and Write”access to the network using SNMP software. The administra-tor can configure the network with this setting.LocalRemote WAN (Wide Area Network).LAN (Local Area Network).SNMP v1 Simple Network Management Protocol (SNMP) is an applica-tion layer protocol that facilitates the exchange of managementinformation between nework devices.SNMP v2 Enhanced version of SNMP v1 with additional protocol opera-tions such as UDP, IP, CLNS, DDP, and IPX.

48Using the Configuration MenuAdvanced > DDNSDDNS (Dynamic Domain Name System) keeps dynamic IP addresses (e.g., IPaddresses assigned by a DHCP capable router or server) linked to a domain name.Users who have a Dynamic DNS account may use this feature on the DI-824VUP.DDNS When an IP address is automatically assigned by a DHCPserver, DDNS automatically updates the DNS server. SelectDisabled or Enabled.Provider Select from the pull-down menu.Host Name Enter the Host name.Username/Email Enter the username or email address.Password/Key Enter the password or key.

49Using the Configuration MenuAdvanced > RoutingStatic routes can be added ifyou require specific routeswithin your internal network.These routes will not apply tothe WAN (Internet) network.Enable Select this option for the specified static route to take effect.Hop Count - In a transmission path, each link is terminated at a network devicesuch as a router or gateway. The number of hops equals the number of routers orgateways that data must pass through before reaching the destination.Dynamic Routing Settings allow the VPN Router to route IPpackets to another network automatically. The RIP protocol isapplied, and broadcasts the routing information to other routerson the network regularly.Dynamic RoutingRIP v1 Protocol in which the IP address is routed through the internet.RIP v2 Enhanced version of RIP v1with added features such as Au-thentication, Routing Domain, Next Hop Fowarding, and Subnet-mask Exchange.Destination Enter in the IP of the specified network that you want toaccess using the static route.Subnet Mask Enter in the subnet mask to be used for the specified network.Gateway Enter in the gateway IP address to the specified network.Hop Enter in the amount of hops it will take to the specifiednetwork.By default, it is set to disable. Check to enable (RIPv1 / RIPv2)protocol.

50Using the Configuration MenuAdvanced > DMZIf you have a computer that cannot run Internet applications properly from behind the DI-824VUP, then you can allow that computer to have unrestricted Internet access. Enterthe IP address of that computer as a DMZ (Demilitarized Zone) host with unrestrictedInternet access. Adding a client to the DMZ may expose that computer to a variety ofsecurity risks; so only use this option as a last resort.

51Using the Configuration MenuAdvanced > PerformanceBeacon Interval Beacons are packets sent by an Access Point to synchronize awireless network. Specify a value. 100 is the default setting and isrecommended.TX Rates Select the data rate. Default is 1-2-5.5-11-22-54Mbps.DTIM interval (Delivery Traffic Indication Message) 3 is the default setting. A DTIMis a countdown informing clients of the next window for listening tobroadcast and multicast messages.Wireless ModeG ModeThe DI-824VUP will use either B or G mode depending on whichmode has a stronger frequency.Mixed ModeThe DI-824VUP will only use G mode.Select either mix mode or G mode.

52Shared Key In this mode, in order to access the DI-824VUP on the network,the device must be listed in the MAC Address Control List. Both In this mode, all devices on the network can access theDI-824VUP.Authentication Select Open system, Shared Key or Both.SSID Broadcast Enable is the default setting. Choose Enable to broadcast the SSIDacross the network. All devices on a network must share the sameSSID (Service Set Identifier) to establish communication. ChooseDisable if you do not wish to broadcast the SSID over the network.The DI-824VUP will be visible to all devices on the network. This isthe default setting.Open SystemUsing the Configuration MenuAdvanced > Performance (Continued)8x Enable 8X Mode on the wireless client and the DI-824VUP toincrease data transmission speed. 8X Mode will only work withwireless devices that also support 8X Mode.