Applicable to Version: 9.4.0 build 2 onwards

This article describes a detailed configuration example that demonstrates how to configure net-to-net IPSec VPN tunnel between a Cyberoam and D-Link (DI-808HV) Broadband VPN Router.

It is assumed that the reader has a working knowledge of Cyberoam and D-Link configuration.

Throughout the article we will use the following network parameters:

Cyberoam Configuration

Step 1: Create VPN Policy

Go to VPN ® Policy ® Create Policy and create policy with the following values:

Policy Name: dlink_policy

Using Template: None

Keying Method: Automatic

Allow Re-keying: Yes

Pass Data In Compressed Format: Yes

Perfect Forward Secrecy (PFS): Yes

Action When Peer Is Not Active: Hold

Phase 1

Encryption Algorithm – 3DES

Authentication algorithm – SHA1

Other parameters as per your requirement

Phase 2

Encryption Algorithm – 3DES

Authentication algorithm – MD5

Other parameters as per your requirement

Step 2: Create IPSec connection

Go to VPN ® IPSec Connection ® Create Connection and create connection with the following values:

Connection name: CR_DL

Policy: dlink_policy

Action on restart: As required

Mode: Tunnel

Connection Type: Net to Net

Authentication Type – Preshared key

Preshared key – Specify Preshared key. Forward this key to the remote peer (D-Link) as same preshared key should be used by both the peers.

Local server IP address (WAN IP address) – 202.134.168.202

Local Internal Network – 192.168.21.0/24

Remote server IP address (WAN IP address) – 202.134.168.208

Remote Internal Network – 192.168.22.0/24

User Authentication Mode: As required

Protocol: As required

Step 3. Activate Connection and establish Tunnel

Go to VPN ® IPSec Connection ® Manage Connection

To activate the connection, click  under Connection Status against the CR_DL connection

  under Connection Status indicates that the connection is successfully activated

Note

At a time only one connection can be active if both the types of connection - Digital Certificate and Preshared Key - are created with the same source and destination. In such situation, at the time of activation, you will receive error ‘unable to activate connection’ hence you need to deactivate all other connections.

D-Link Configuration

Step 4. Add VPN settings

Go to VPN ® Home and configure with the following values:

VPN: Enable

Max. number of tunnels: 1

Tunnel Name: DL_CR

Method: IKE

Click More button to define Connection settings.

 

 

Step 5. Define Local and Remote Network

Tunnel Name: DL_CR (as defined in the previous step)

Local Subnet: 192.168.22.0

Local Netmask: 255.255.255.0

Remote Subnet: 192.168.21.0

Remote Netmask: 255.255.255.0

Remote Gateway: 202.134.168.202

Preshared Key: Same as defined in Cyberoam configuration in step 1

Click

 

 

Step 6. Define Phase 1 parameters

Click Select IKE Proposal to defined Phase 1 parameters and input following values:

Proposal Name: 3des_sha1

DH Group: 1

Encryption algorithm: 3DES

Authentication algorithm: sha1

Life Time: 3600

Life Time Unit: Sec.

Click

 

 

Step 7. Define Phase 2 parameters

Click Select IPSec Proposal to defined Phase 2 parameters and input following values:

Proposal Name: 3des_md5_360

DH Group: Group 2

Encap protocol: ESP

Encryption algorithm: 3DES

Auth algorithm: MD5

Life Time: 3600

Life Time Unit: Sec

Click

 

 

Step 8. View VPN connection status

Go to VPN ® Status to check the connection status.

Reference Documents

·     VPN Troubleshooting Guide

Document Version: 9402-1.0-05/04/2007