Contents x
    D-Link DSR series
    • 29 Apr 2024
    • 2 Minutes to read
    • Contributors
      Contents

      D-Link DSR series

      • Updated on 29 Apr 2024
      • 2 Minutes to read
      • Contributors
        Article summary

        Introduction

        This guide will walk you through the process of establishing a Site-to-Site VPN tunnel between your Harmony SASE network and your D-Link environment.

        Breakdown of topics

        1. Pre-requisites
        2. Configuration Steps
        3. Verifying the Setup
        4. Troubleshooting
        5. Support Contacts

        Pre-requisites

        To successfully follow this guide, ensure that:

        1. An active Harmony SASE account and an established network.
        2. The Harmony SASE application is installed on the necessary devices.
        3. An operational D-Link setup with the required administrative access.

        Configuration Steps

        Configuring the tunnel in the Management Platform

        1. Select the network tab from the menu on the left side of the screen. Choose the network that contains the gateway in your network to which you'd like to create the tunnel. Select the three-dotted icon besides the gateway's name and select Add Tunnel.
          360010932540ScreenShot2019-08-27at140615.png

        2. Select IPSec Site-2-Site Tunnel and select Continue.

        3. In the General Settings section fill in the following information:

        • Name: Choose whatever name you find suitable for the tunnel.
        • Shared Secret: Enter a character string of your own or use Generate.
        • Public IP/Remote ID: Enter the public IP from which the D-Link device is connected to the internet.
        • Harmony SASE Gateway Proposal Subnets: Choose the specified subnet. By default, this should be set to 10.2XX.0.0/16.
        • Remote Gateway Proposal Subnets: Select Specified Subnets and specify according to your local LAN Subnets.

        1. In the Advanced Settings section fill in the following:
        • IKE Version: V1
        • Encryption (Phase 1): AES256
        • Encryption (Phase 2): AES256
        • Integrity (Phase 1): SHA512
        • Integrity (Phase 2): SHA512
        • Diffie-Hellman Groups (Phase 1): 5
        • Diffie-Hellman Groups (Phase 2): 5
        • DPD detection: 30s
        • DPD timeout: 10s

        Leave the rest of the fields with the default values (as shown in the attached image) and click on add a tunnel.

        1. Open the D-link management interface and select the VPN tab.
        2. In the left panel, under 'IPSec VPN', select 'Policies.
        3. Click 'Add New IPSec Policy'
        4. Fill in the following information:

          Policy Name: Enter a name of your choice (ex: P81).
          Policy Type: Auto Policy
          IP Protocol Version: IPv4
          IKE Version: IKEv1
          L2TP Mode: None
          IPSec Mode: Tunnel Mode
          Select Local Gateway: Dedicated WAN
          Remote Endpoint: IP Address
          IP Address / FQDN: Enter your Harmony SASE gateway IP
          Enable Config Mode: Off

          Enable NetBIOS: Off
          Enable RollOver: Off
          Protocol: ESP
          Enable DHCP: Off
          Local IP: Subnet
          Local Start IP Address: Your Local Subnet as defined by D-Link
          Local Subnet Mask: Matching Subnet Mask from your D-Link
          Remote IP: Subnet
          Remote Start IP Address: 10.255.0.0
          Remote Subnet Mask: 255.255.0.0
          Enable Keepalive: Off
          For 'Phase1 (IKE SA Parameters)' enter the following:
          Exchange Mode: Main
          Direction / Type: Responder
          NAT Traversal: Off
          Local Identifier Type: Local WAN IP
          Remote Identifier Type: Remote WAN IP
          For 'Encryption Algorithm' select the following:
          AES-256: On
          For 'Authentication Algorithm' select the following:
          SHA2-512: On
          Authentication Method: Pre-Shared Key
          Pre-Shared Key: Enter the same key you entered in the Harmony SASE portal.
          Diffie-Hellman (DH) Group: Group 5
          SA-Lifetime: 28800
          Enable Dead Peer Detection: On
          Detection Period: 10
          Reconnect after failure: 3
          For 'Phase2-(Auto Policy Parameters)' enter the following:SA Lifetime: 3600 seconds
          And for 'Encryption Algorithm' select the following:
          AES-256: On
          For 'Integrity Algorithm' enter the following:
          SHA2-512: On
          PFS Key Group: On
          DH Group: Group 5
          Lastly, click 'Save'

        Verifying the Setup

        After following the above steps, your tunnel should be active.
        To verify, go to your Harmony SASE dashboard, locate the tunnel you just created, and check the tunnel status.
        It should indicate that the tunnel is "Up", signifying a successful connection.
        Next, connect to your network using the Harmony SASE agent and attempt to access one of the resources in your environment.

        Troubleshooting

        If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

        Support Contacts

        If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success.

        Was this article helpful?
        What's Next