D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: duffy on June 09, 2009, 03:34:56 PM
-
hi forum!
my scenario is very simple: there's a natted lan behind the dfl-200 and i want to reach that network with a vpn connection. if i create a pptp server on the fw, everything is ok [i can connect to it with xp or vista]. now i would upgrade my vpn to a l2tp over ipsec connection but the fw drops my requests. i also read this topic @http://forums.dlink.com/index.php?topic=2741.0 (http://forums.dlink.com/index.php?topic=2741.0) but there are too much differences between the models. where am i wrong? why the dfl-200 drops "destport=1701" if i activate [would like to activate :-\] a l2tp server on this port?
thank in advance for your feedback!! ;D
fw log:
[2009-06-09 23:43:16] <5>EFW: DROP: prio=2 rule=dropall-final action=drop recvif=WAN srcip="my_ip" destip="wan_ip" ipproto=UDP ipdatalen=115 srcport=34789 destport=1701 udptotlen=115
wan->lan policy [i don't know if it's important]:
allow lt2p-ipsec
allow l2tp-raw
l2tp vpn:
outer ip - wan ip
inner ip - lan ip
auth proto - pap, chap, mschap, mschapv2
require ipsec encryption with psk
-
That model is quite out of date and no longer supported, but it appears to have L2TP over IPsec support. It would not use multiple tunnels in conjunction as you would see on a DFL-210 for example, there is an IPsec configuration section on the L2TP server config.
Beyond that it is going to be up to your testing.