User manual D-LINK DFL-200 NETDEFEND

[. . . ] D-Link DFL-200 Network Security Firewall Manual Building Networks for People Ver. 1. 01 2005/01/13 Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Features and Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Introduction to Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ] This can be accomplished in a number of ways; by using the IPSec protocol ESP. To set up a Virtual Private Network (VPN), you do not need to configure an Access Policy to enable encryption. Just fill in the following settings: VPN Name, Source Subnet (Local Net), Destination Gateway (If LAN-to-LAN), Destination Subnet (If LAN-to-LAN) and Authentication Method (Pre-shared key or Certificate). The firewalls on both ends must use the same Preshared key or set of Certificates and IPSec lifetime to make a VPN connection. 42 Introduction to PPTP PPTP, Point-to-Point Tunneling Protocol, is used to provide IP security at the network layer. A PPTP based VPN is made up by these parts: · · · · Point-to-Point Protocol (PPP) Authentication Protocols (PAP, CHAP, MS-CHAP v1, MS-CHAP v2) Microsoft Point-To-Point Encryption (MPPE) Generic Routing Encapsulation (GRE) PPTP uses TCP port 1723 for it's control connection and uses GRE (IP protocol 47) for the PPP data. PPTP supports data encryption by using MPPE. Introduction to L2TP L2TP, Layer 2 Tunneling Protocol, is used to provide IP security at the network layer. An L2TP based VPN is made up by these parts: · · · Point-to-Point Protocol (PPP) Authentication Protocols (PAP, CHAP, MS-CHAP v1, MS-CHAP v2) Microsoft Point-To-Point Encryption (MPPE) L2TP uses UDP to transport the PPP data, this is often encapsulated in IPSec for encryption instead of using MPPE. Point-to-Point Protocol PPP (Point-to-Point Protocol) is a standard for transporting datagram's over point-to-point links. PPP consists of these three components: · · · Link Control Protocols (LCP), to negotiate parameters, test and establish the link. Network Control Protocol (NCP), to establish and negotiate different network layer protocols (DFL-200 only supports IP) Data encapsulation, to encapsulate datagram's over the link. To establish a PPP tunnel, both sides send LCP frames to negotiate parameters and test the data link. If authentication is used, at least one of the peers has to authenticate itself before the network layer protocol parameters can be negotiated using NCP. During the LCP and NCP negotiation optional parameters such as encryption, can be negotiated. When LCP and NCP negotiation is done, IP datagram's can be sent over the link. Authentication Protocols PPP supports different authentication protocols, PAP, CHAP, MS-CHAP v1 and MSCHAP v2 is supported. Which authentication protocol to use is negotiated during LCP negotiation. PAP PAP (Password Authentication Protocol) is a simple, plaintext authentication scheme, which means that user name and password are sent in plaintext. PAP is therefore not a secure authentication protocol. CHAP CHAP (Challenge Handshake Authentication Protocol) is a challenge-response authentication protocol specified in RFC 1994. CHAP uses a MD5 one-way encryption scheme to hash the response to a challenge issued by the DFL-200. CHAP is better then PAP in that the password is never sent over the link. That means that CHAP requires passwords to be stored in a reversibly encrypted form. MS-CHAP v1 MS-CHAP v1 (Microsoft Challenge Handshake Authentication Protocol version 1) is similar to CHAP, the main difference is that with MS-CHAP v1 the password only needs to be stored as a MD4 hash instead of a reversibly encrypted form. Another difference is that MSCHAP v1 uses MD4 instead of MD5. MS-CHAP v2 MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 1) is more secure then MS-CHAP v1 as it provides two ­way authentication. MPPE, Microsoft Point-To-Point Encryption MPPE is used is used to encrypt Point-to-Point Protocol (PPP) packets. The length of the session key to be used for the encryption can be negotiated. MPPE currently supports 40-bit, 56-bit and 128-bit RC4 session keys. 44 L2TP/PPTP Clients General parameters Name ­ Specifies a name for the PPTP/L2TP Client. Password/Confirm Password - The password to use for this PPTP/L2TP Client. Interface IP. - Specifies if the L2TP/PPTP Client should try to use a specified IP or get one from the server. [. . . ] Note that some web pages don't work very well if these options are enabled. Pages that are safe or trusted can be added to the whitelist by clicking Edit global URL whitelist. To enable all subdomains of eg google. com (eg gmail. google. com) and all possible pages on that site, enter *. google. com/* in this list. This will allow for example www. google. com/about. html and gmail. google. com. [. . . ]