Configuration Guide How to connect to an IPSec VPN using an iphone in ios Overview Currently, users can conveniently use the built-in IPSec client on an iphone to connect to a VPN server. IPSec VPN can leverage higher security using Extended Authentication (XAUTH) on the DSR router so that the ios device can authenticate the user against the server while establishing the tunnel connection. This extra level of authentication helps prevent unauthorized users from connecting through the tunnel to gain access to sensitive data stored in an enterprise network. This document describes how to configure both the DSR router and a client s iphone to establish an encrypted IPSec VPN tunnel between the two devices. All screenshots in this document are captured from firmware v3.11 of DSR-1000AC. If you are not using this version of firmware, the screenshots may not be identical to what you see in your D-Link DSR device UI.
2 Situation note IPSec VPN allows employees to establish an encrypted connection to the office network to access internal resources or share business documents while working remotely. Most operating systems such as Windows and Apple ios have incorporated built-in VPN client software with IPSec support, so users can connect to such networks without installing third-party apps or software.
3 Configuration Step 1. Set up Internet connection: Go to Network > Internet > WAN1 settings ISP Connection Type: Select your ISP connections. In this example, Static IP is selected.
4 2. Create an IPSec extended authentication account in the local database. 2.1 Go to Security > Authentication > Internal User Database > add a new user group and account for XAUTH. Click the Group tab, then click Add New Group. Enter the parameters below on the Group Configuration page: Group Name: XAUTH Description: IPsec for iphone User Type: Network XAUTH User: Enable
5 2.2 Click the Users tab, and then click Add New User. Enter the parameters below on the Group Configuration page: User Name: XAUTH01 First Name: TEST Last Name: IPsec Select Group: XAUTH Password: 1234 Confirm Password: 1234
6 3. Create a policy for the iphone IPSec client: Go to VPN > IPSec VPN > Policies
7 3.1 General Settings: Policy Name: Enter a name for identifying this policy. Policy type: Set to Auto Policy (default setting). IP Protocol Version: Set to IPv4 (default setting). IKE Version: Set to IKEv1 (default setting). IPSec Mode: Set to the Tunnel Mode (default setting). Select Local Gateway: Set to Dedicated WAN. Remote Endpoint: Select FQDN and set the IP Address to 0.0.0.0. Enable Mode Config: Click so that the switch is set to On.
8 Protocol: Set to ESP for IPSec protocol (default setting). Local IP: Define the local network scope for IPSec connectivity. Select Subnet as in this example. Local Start IP Address: Set to 192.168.10.0 as in this example for the network address of DSR LAN network. Local Subnet Mask: Set to 255.255.255.0 as in this example for the subnet mask of DSR LAN networks. Remote IP: Set to Any in this option. The Remote IP is the iphone s IP address which is usually assigned by ISPs in this type of scenario.
9 3.2 Phase 1 (IKE SA Parameters) settings: Exchange Mode: Main Direction/Type: Responder NAT Traversal: ON Local Identifier Type: FQDN Local Identifier: 192.168.10.0 Remote Identifier Type: FQDN Remote Identifier: 0.0.0.0 Encryption Algorithm: AES-128
10 Authentication Algorithm: SHA-1 Authentication Method: Pre-shared Key Pre-shared Key: Enter a pre-shared key string for use by the client (iphone). Diffie-Hellman (DH) Group: Group 2 (1024 bit) SA-Lifetime (sec): 28800 Extended Authentication: Edge Device Authentication Type: User Database
11 3.3 Phase 2 (Auto Policy Parameters) settings: SA Lifetime (sec): 3600 seconds Encryption Algorithm: AES-128 Integrity Algorithm: SHA-1
12 4. Configure IPSec Mode: Go to VPN > IPSec VPN > Tunnel Mode Tunnel Mode: Full Tunnel Start IP Address: 192.168.12.100 End IP Address: 192.168.12.254 Primary DNS (Optional): 8.8.8.8 (this setting will assign the DNS Server information to the iphone) Secondary DNS (Optional): 168.95.192.1 (assign a secondary DNS server to ensure name resolution will work properly if the Primary DNS Server goes down)
13 iphone Setup 1. To set up the iphone IPSec client profile: Go to Settings > VPN > Add VPN Configuration Type: Select IPSec Description: Enter a profile name for this IPSec connection. Server: Enter the IP address of your L2TP server. In this example, it should be 218.210.16.28. Account: Enter your user account. In this example, it should be XAUTH01 that was created in step 2.2. Password: Enter your user password. It should be 1234 from step 2.2. Secret key: Enter your IPSec Secret Key 12345678 that was created in step 3. Save: Save this IPSec profile for future use.
14 2. Establish the IPSec VPN tunnel to DSR: Go to Settings > VPN > Status Choose a Configuration: Select IPSec profile. In this case, select DSR IPsec that was created in step 1. VPN: Switch to ON to establish an IPSec VPN tunnel to DSR.
Visit our website for more information www.dlink.com D-Link, D-Link logo, D-Link sub brand logos and D-Link product trademarks are trademarks or registered trademarks of D-Link Corporation and its subsidiaries. All other third party marks mentioned herein are trademarks of the respective owners. Copyright 2017 D-Link Corporation. All Rights Reserved.