About dialup vpn authentication – D-Link DFL-500 User Manual

DFL-500 User Manual

54

Mode. Enter the IP address of the dialup user or the domain name of the dialup user (for
example, domain.com). If you do not add a local ID, the DFL-500 external interface
automatically becomes the Local ID. For information about the Local ID, see

About dialup

VPN authentication

.

Nat-traversal

Select Enable if you expect the IPSec VPN traffic to go through a gateway that performs NAT.
If no NAT device is detected, enabling NAT traversal will have no effect. Both ends of the
gateway must have the same NAT traversal setting. See

About NAT traversal

.

Keepalive
Frequency

If you enable NAT-traversal, you can change the number of seconds in the Keepalive
Frequency field. This number specifies, in seconds, how frequently empty UDP packets are
sent through the NAT device to ensure that the NAT mapping does not change until P1 and
P2 keylife expires. The keepalive frequency can be from 0 to 900 seconds.

• Select OK to save the remote gateway.

Adding a remote gateway (Dialup User selected)

About dialup VPN authentication

For dialup VPN authentication to work you must create compatible configurations on the DFL-500 NPG that is
the dialup server and its dialup clients. The configurations required for the server and the clients are different
for different dialup gateway configurations. There are four possible dialup VPN authentication configurations:

•

Main mode with no user group selected

•

Main mode with a user group selected

•

Aggressive mode with no user group

•

Aggressive mode with a user group selected