D-Link DSR series

Introduction

This guide will walk you through the process of establishing a Site-to-Site VPN tunnel between your Harmony SASE network and your D-Link environment.

Breakdown of topics

1. Pre-requisites
2. Configuration Steps
3. Verifying the Setup
4. Troubleshooting
5. Support Contacts

Pre-requisites

To successfully follow this guide, ensure that:

1. An active Harmony SASE account and an established network.
2. The Harmony SASE application is installed on the necessary devices.
3. An operational D-Link setup with the required administrative access.

Configuration Steps

Configuring the tunnel in the Management Platform

1. Select the network tab from the menu on the left side of the screen. Choose the network that contains the gateway in your network to which you'd like to create the tunnel. Select the three-dotted icon besides the gateway's name and select Add Tunnel.
   

2. Select IPSec Site-2-Site Tunnel and select Continue.

3. In the General Settings section fill in the following information:

• Name: Choose whatever name you find suitable for the tunnel.
• Shared Secret: Enter a character string of your own or use Generate.
• Public IP/Remote ID: Enter the public IP from which the D-Link device is connected to the internet.
• Harmony SASE Gateway Proposal Subnets: Choose the specified subnet. By default, this should be set to 10.2XX.0.0/16.
• Remote Gateway Proposal Subnets: Select Specified Subnets and specify according to your local LAN Subnets.

4. In the Advanced Settings section fill in the following:

• IKE Version: V1
• Encryption (Phase 1): AES256
• Encryption (Phase 2): AES256
• Integrity (Phase 1): SHA512
• Integrity (Phase 2): SHA512
• Diffie-Hellman Groups (Phase 1): 5
• Diffie-Hellman Groups (Phase 2): 5
• DPD detection: 30s
• DPD timeout: 10s

Leave the rest of the fields with the default values (as shown in the attached image) and click on add a tunnel.

Configuring the tunnel in the D-Link Web Interface

1. Open the D-link management interface and select the VPN tab.
   
2. In the left panel, under 'IPSec VPN', select 'Policies.
3. Click 'Add New IPSec Policy'
   
4. Fill in the following information:
   
   Policy Name: Enter a name of your choice (ex: P81).
   Policy Type: Auto Policy
   IP Protocol Version: IPv4
   IKE Version: IKEv1
   L2TP Mode: None
   IPSec Mode: Tunnel Mode
   Select Local Gateway: Dedicated WAN
   Remote Endpoint: IP Address
   IP Address / FQDN: Enter your Harmony SASE gateway IP
   Enable Config Mode: Off
   
   Enable NetBIOS: Off
   Enable RollOver: Off
   Protocol: ESP
   Enable DHCP: Off
   Local IP: Subnet
   Local Start IP Address: Your Local Subnet as defined by D-Link
   Local Subnet Mask: Matching Subnet Mask from your D-Link
   Remote IP: Subnet
   Remote Start IP Address: 10.255.0.0
   Remote Subnet Mask: 255.255.0.0
   Enable Keepalive: Off
   For 'Phase1 (IKE SA Parameters)' enter the following:
   Exchange Mode: Main
   Direction / Type: Responder
   NAT Traversal: Off
   Local Identifier Type: Local WAN IP
   Remote Identifier Type: Remote WAN IP
   For 'Encryption Algorithm' select the following:
   AES-256: On
   For 'Authentication Algorithm' select the following:
   SHA2-512: On
   Authentication Method: Pre-Shared Key
   Pre-Shared Key: Enter the same key you entered in the Harmony SASE portal.
   Diffie-Hellman (DH) Group: Group 5
   SA-Lifetime: 28800
   Enable Dead Peer Detection: On
   Detection Period: 10
   Reconnect after failure: 3
   For 'Phase2-(Auto Policy Parameters)' enter the following:SA Lifetime: 3600 seconds
   And for 'Encryption Algorithm' select the following:
   AES-256: On
   For 'Integrity Algorithm' enter the following:
   SHA2-512: On
   PFS Key Group: On
   DH Group: Group 5
   Lastly, click 'Save'
   

Verifying the Setup

After following the above steps, your tunnel should be active.
To verify, go to your Harmony SASE dashboard, locate the tunnel you just created, and check the tunnel status.
It should indicate that the tunnel is "Up", signifying a successful connection.
Next, connect to your network using the Harmony SASE agent and attempt to access one of the resources in your environment.

Troubleshooting

If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

Support Contacts

If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success.