D-Link DBG-2000 Product Manual 1 - Page 101

VPN Topology, VPN Settings

Get D-Link DBG-2000 PDF manuals and user guides View all D-Link DBG-2000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 101 highlights

DBG-2000 User Guide Remote Client (client-to-gateway VPN tunnel): A remote client initiates a VPN tunnel as the IP address of the remote PC client is not known in advance. The gateway, in this case, acts as a responder. Remote Client behind a NAT router: The client has a dynamic IP address and is behind a NAT Router. The remote PC client at the NAT router initiates a VPN tunnel as the IP address of the remote NAT router is not known in advance. The gateway WAN port acts as a responder. PPTP server tunnel for PPTP client connections L2TP server tunnel for L2TP client connections OpenVPN server tunnel for OpenVPN client connections GRE tunnel In this chapter, you will learn how to configure the VPN protocols supported by the cloud gateway. This chapter covers the following topics: Site to Site VPN As the name suggests, site-to-site VPN is a technique that allows connectivity between the offices located at multiple locations by setting up an IPSec tunnel over the Internet to access the intranet. In short, a site-to-site VPN builds a secure path over an insecure path. The Nuclias cloud gateway allows users to establish a VPN tunnel without manually entering the tunnel endpoint details and the local/remote networks. Instead, the Nuclias cloud gateway maintains these details, and users select the networks based on their requirements. The site-to-site VPN page consists of the following two sections: 1. VPN Topology VPN topology discusses how all the clients and networks are connected over the IPSec tunnel. The Quick VPN field allows users to build VPN tunnels between DBG-2000 devices deployed in the same Organization of the Nuclias cloud. There are the following three modes in the Quick VPN field: Disable (Manual) Site-to-Site Hub-and-Spoke When you select Site-to-Site or Hub-and-Spoke mode in Quick VPN, each participating DBG-2000 device automatically performs the following functions: Advertises its local subnets that are participating in the VPN Advertises its WAN IP addresses on the available WAN ports Applies the global VPN route table Applies the necessary configuration for establishing the VPN tunnel and traffic encryption The net result is an automatic site-to-site VPN solution that is configured with a single click. 2. VPN Settings Disable (Manual) When you select Disable (manual) mode, DBG-2000 does not participate in the site-to-site or hub-and-spoke VPN, and the user will not be able to join the site-to-site or hub-and-spoke VPN connection automatically. Instead, the user can manually configure it in the Manual VPN Configuration section and build IPSec VPN tunnels. This mode is useful when you try to establish a tunnel between two DBG-2000 devices deployed in different Nuclias cloud organizations or when you try to establish a tunnel between DBG-2000 and/or with any third-party gateway. The fields available in the Manual VPN configuration table are as follows: Field Name Remote gateway Description It displays the name of the VPN. It displays the remote IP address to which the VPN tunnel is established. 101

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
Remote Client (client-to-gateway VPN tunnel): A remote client initiates a VPN tunnel as the IP address of the remote PC client is not
known in advance. The gateway, in this case, acts as a responder.
Remote Client behind a NAT router: The client has a dynamic IP address and is behind a NAT Router. The
remote PC client at the NAT router initiates a VPN tunnel as the IP address of the remote NAT router is not known in advance. The
gateway WAN port acts as a responder.
PPTP server tunnel for PPTP client connections
L2TP server tunnel for L2TP client connections
OpenVPN server tunnel for OpenVPN client connections
GRE tunnel
In this chapter, you will learn how to configure the VPN protocols supported by the cloud gateway.
This chapter covers the following topics:
Site to Site VPN
As the name suggests, site-to-site VPN is a technique that allows connectivity between the offices located at multiple locations by setting up an
IPSec tunnel over the Internet to access the intranet. In short, a site-to-site VPN builds a secure path over an insecure path. The Nuclias cloud
gateway allows users to establish a VPN tunnel without manually entering the tunnel endpoint details and the local/remote networks. Instead, the
Nuclias cloud gateway maintains these details, and users select the networks based on their requirements. The site-to-site VPN page consists of
the following two sections:
1. VPN Topology
VPN topology discusses how all the clients and networks are connected over the IPSec tunnel. The
field allows users to build VPN
Quick VPN
tunnels between DBG-2000 devices deployed in the same Organization of the Nuclias cloud. There are the following three modes in the
Quick
field:
VPN
Disable (Manual)
Site-to-Site
Hub-and-Spoke
When you select Site-to-Site or Hub-and-Spoke mode in Quick VPN, each participating DBG-2000 device automatically performs the following
functions:
Advertises its local subnets that are participating in the VPN
Advertises its WAN IP addresses on the available WAN ports
Applies the global VPN route table
Applies the necessary configuration for establishing the VPN tunnel and traffic encryption
The net result is an automatic site-to-site VPN solution that is configured with a single click.
2. VPN Settings
Disable (Manual)
When you select
mode, DBG-2000 does not participate in the site-to-site or hub-and-spoke VPN, and the user will not be able
Disable (manual)
to join the site-to-site or hub-and-spoke VPN connection automatically. Instead, the user can manually configure it in the
Manual VPN
section and build IPSec VPN tunnels. This mode is useful when you try to establish a tunnel between two DBG-2000 devices
Configuration
deployed in different Nuclias cloud organizations or when you try to establish a tunnel between DBG-2000 and/or with any third-party gateway.
The fields available in the
table are as follows:
Manual VPN configuration
Field
Description
Name
It displays the name of the VPN.
Remote gateway
It displays the remote IP address to which the VPN tunnel is established.
DBG-2000 User Guide
101