Netgear DG834GSP User's Manual
Contents
1. Figure B 14 To view or modify the tunnel settings select the radio button next to the tunnel entry and click Edit NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP Step 2 Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter s Home Office This procedure describes how to configure the 54 Mbps ADSL Modem Wireless Router Model DG834GSP We will assume the PC running the client has a dynamically assigned IP address The PC must have a VPN client program installed that supports IPSec in this case study the NETGEAR VPN ProSafe Client is used Go to the NETGEAR website http www netgear com and select VPN01L_VPNO5L in the Product Quick Find drop down menu for information on how to purchase the NETGEAR ProSafe VPN Client Note Before installing the 54 Mbps ADSL Modem Wireless Router Model DG834GSP software be sure to turn off any virus protection or firewall software you may be running on your PC 1 Install the NETGEA ProSafe VPN Client on the remote PC and reboot d e You may need to insert your Windows CD to complete the installation If you do not have a modem or dial up adapter installed in your PC you may see the warning message stating The NETGEAR ProSafe VPN Component requires at least one dial up adapter be installed You can disregard this message Install the IPSec Component You may have the opti2. NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP 3 Test the VPN tunnel by pinging the remote network from a PC attached to the DG834GSP a Open the command prompt Start gt Run gt cmd b ping 172 23 9 1 ESCA WINNT system32 ping exe Pinging 172 23 9 1 with 32 bytes of data from 9 1 bytes 32 time lt i ms TTL 128 from 9 1 bytes 32 time lt i ms TTL 128 from 9 1 bytes 32 time lt i ms TTL 128 from 7 9 1 bytes 32 time lt i ms TTL 128 from 9 1 bytes 32 time lt i ms TTL 128 from 9 1 bytes 32 time lt i ms TTL 128 from 9 1 bytes 32 time lt i ms TTL 128 Figure B 4 Note The pings may fail the first time If this happens try the pings a second eens time DG834GSP with FQDN to FVL328 This appendix is a case study on how to configure a VPN tunnel from a NETGEAR DG834GSP to a FVL328 using a Fully Qualified Domain Name FQDN to resolve the public address of one or both routers This case study follows the VPN Consortium interoperability profile guidelines found at http www vpnc org InteropProfiles Interop O1 html Configuration Profile The configuration in this document follows the addressing and configuration mechanics defined by the VPN Consortium Gather all the necessary information before you begin the configuration process Verify whether the firmware is up to date all of the addresses that will be necessary
3. Key Group Diffie Hellman Group 2 hl Figure B 20 In the Authentication Method menu select Pre Shared key In the Encrypt Alg menu select the type of encryption In this example use Triple DES e Inthe Hash Alg menu select SHA 1 f Inthe SA Life menu select Unspecified g Inthe Key Group menu select Diffie Hellman Group 2 6 Configure the VPN Client Key Exchange Proposal In this step you will provide the type of encryption DES or 3DES to be used for this connection This selection must match your selection in the VPN router configuration B 24 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP a Expand the Key Exchange subheading by double clicking its name or clicking on the symbol Then select Proposal 1 below Key Exchange IN Security Policy Editor NETGEAR ProSafe VPN Client File Edit Options Help Network Security Policy My Connections toDG834G 3 My Identity a Security Policy E Authentication Phase 1 A Proposal 1 NETGEAR N IPSec Protocols Seconds KBytes SA Life Unspecified x Compression None M Encapsulation Protocol ESP amp Key Exchange Phase 2 z Enerypt Ag Tipe DES v 23 Other Connections Hash Alg SHA 1 Encapsulation Tunnel X J Authentication Protocol AH Figure B 21 a In the SA Life menu select Unspecified In the Compression menu select None Ch
4. and all of the parameters that need to be set on both sides Check that there are no firewall restrictions B 6 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP Table B 2 Profile Summary VPN Consortium Scenario Scenario 1 Type of VPN LAN to LAN or Gateway to Gateway not PC Client to Gateway Security Scheme IKE with Preshared Secret Key not Certificate based IP Addressing NETGEAR Gateway A Fully Qualified Domain Name FQDN NETGEAR Gateway B FDQN 10 5 6 0 24 VPNC Example 172 23 9 0 24 Network Interface Addressing Gateway A Gateway B WAN IP yo IP INTI ee dg834g dyndns org fvl328 dyndns org i DG834G FQDN FQDN FVL328 Figure B 5 Note Product updates are available on the NETGEAR Inc web site at http kbserver netgear com DG834GSP asp NETGEAR VPN Configuration B 7 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP The Use of a Fully Qualified Domain Name FQDN Many ISPs Internet Service Providers provide connectivity to their customers using dynamic instead of static IP addressing This means that a user s IP address does not remain constant over time which presents a challenge for gateways attempting to establish VPN connectivity A Dynamic DNS DDNS service allows a user whose public IP address is dynamically assigned to be loc
5. Appendix B NETGEAR VPN Configuration DG834GSP to FVL328 This appendix is a case study on how to configure a secure IPSec VPN tunnel from a NETGEAR DG834GSP to a FVL328 This case study follows the VPN Consortium interoperability profile guidelines found at http Awww vpnc org InteropProfiles Interop O1 html Configuration Profile The configuration in this document follows the addressing and configuration mechanics defined by the VPN Consortium Gather all the necessary information before you begin the configuration process Verify whether the firmware is up to date all of the addresses that will be necessary and all of the parameters that need to be set on both sides Check that there are no firewall restrictions Table B 1 Profile Summary VPN Consortium Scenario Scenario 1 Type of VPN LAN to LAN or Gateway to Gateway not PC Client to Gateway Security Scheme IKE with Preshared Secret Key not Certificate based IP Addressing NETGEAR Gateway A Static IP address NETGEAR Gateway B Static IP address NETGEAR VPN Configuration B 1 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP 10 5 6 0 24 VPNC Example 172 23 9 0 24 Network Interface Addressing Gateway A y Gateway B DANIE 14 15 16 17 22 23 24 25 INTERNET 10 5 6 1 WANIE SI WAN IP biii 172 23 9 1 DG834G FVL328 Figure B 1 Note Product updates are available on the NETGEAR Inc web s
6. SA Life Time romDG834G Dynamic IP address Address Data Ping IP Address Finish address Subnet Mask Single address z q Single Start IP address 192 168 E P Finish IP address Subnet Mask Responder only Main Mode 7 lt Auto ut Fully Qualified Domain Name gt fromDG834G com Fully Qualified Domain Name gt ftoDG834G com 3DES z B E 600 I Enable PFS Perfect Forward Security Back Cancel Figure B 13 fromDG834GSP in the example Dynamic IP address IKE Keep Alive is optional must match Remote LAN IP Address when enabled remote PC must respond to pings Subnet address 192 168 0 1 in this example 255 255 255 0 Single address 192 168 2 3 in this example _ Remote NAT router must have Address Reservation set and VPN Passthrough enabled Main Mode Fully Qualified Domain Name fromDG834G com in this example Fully Qualified Domain Name toDG834G com in this example 3DES 12345678 in this example 3600 B 16 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP 2 Click Apply when done to get the VPN Policies screen VPN Policies Policy Table Enabie Name Type Local Remote ESP 192 168 0 1 1 m fromDG8346 Auto A zer zeg g 192168 2 3 3DES Edit Delete Apply Cancel Add Auto Policy Add Manual Policy
7. TL 128 Figure B 11 Note The pings may fail the first time If this happens try the pings a second aa time NETGEAR VPN Configuration B 13 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP Configuration Summary Telecommuter Example The configuration in this document follows the addressing and configuration mechanics defined by the VPN Consortium Gather all the necessary information before you begin the configuration process Verify whether the firmware is up to date all of the addresses that will be necessary and all of the parameters that need to be set on both sides Assure that there are no firewall restrictions Table B 3 Configuration summary telecommuter example VPN Consortium Scenario Scenario 1 Type of VPN PC client to gateway with client behind NAT router Security Scheme IKE with Preshared Secret Key not Certificate based IP Addressing Gateway Fully Qualified Domain Name FQDN Client Dynamic 192 168 0 1 24 Telecommuter Example _ Client B Gateway A NAT Router B mme e a a g e INTI FQDN 0 0 0 0 ritar dyadns ord 192 168 2 3 W fromDG834G com toDG834G com 192 168 0 1 Router Router PC at employer s at telecommuter s running NETGEAR main office home office ProSafe VPN Client Figure B 12 Setting Up the Client to Gateway VPN Configuration Telecommuter Example Setting up a VPN
8. ated by a host or domain name It provides a central public database where information such as email addresses host names and IP addresses can be stored and retrieved Now a gateway can be configured to use a 3 party service in lieu of a permanent and unchanging IP address to establish bi directional VPN connectivity To use DDNS you must register with a DDNS service provider Example DDNS Service Providers include e DynDNS www dyndns org e TZO com netgear tzo com e ngDDNS ngddns iego net In this example Gateway A is configured using an example FQDN provided by a DDNS Service provider In this case we established the hostname dg834g dyndns org for gateway A using the DynDNS service Gateway B will use the DDNS Service Provider when establishing a VPN tunnel In order to establish VPN connectivity Gateway A must be configured to use Dynamic DNS and Gateway B must be configured to use a DNS hostname to find Gateway A provided by a DDNS Service Provider Again the following step by step procedures assume that you have already registered with a DDNS Service Provider and have the configuration information necessary to set up the gateways Step By Step Configuration 1 Log in to the DG834GSP labeled Gateway A as in the illustration Out of the box the DG834GSP is set for its default LAN address of http 10 1 1 1 with its default user name of admin and default password of password For this example we will assume you have set the
9. between a remote PC running the NETGEAR ProSafe VPN Client and a network gateway involves the following two steps e Step 1 Configuring the Client to Gateway VPN Tunnel on the VPN Router at the Employer s Main Office B 14 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP e Step 2 Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter s Home Office configures the NETGEAR ProSafe VPN Client endpoint Step 1 Configuring the Client to Gateway VPN Tunnel on the VPN Router at the Employer s Main Office Follow this procedure to configure a client to gateway VPN tunnel by filling out the VPN Auto Policy screen 1 Log in to the VPN router at its LAN address of http 10 1 1 1 with its default user name of admin and password of password Click the VPN Policies link in the main menu to display the VPN Policies screen Click Add Auto Policy to proceed and enter the information NETGEAR VPN Configuration B 15 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP VPN Auto Policy General Policy Name Remote YPN Endpoint Address Type F NetBIOS Enable M IKE Keep Alive Local LAN IP Address Remote LAN IP Address IKE Direction Exchange Mode Diffie Hellman DH Group Local Identity Type Data Remote Identity Type Data Parameters Encryption Algorithm Authentication Algorithm Pre shared Key
10. check box and enter fromDG834G com in this example o j Select Gateway Hostname and enter ntgr dyndns org in this example k The resulting Connection Settings are shown in Figure B 16 3 Configure the Security Policy in the 54 Mbps ADSL Modem Wireless Router Model DG834GSP software a In the Network Security Policy list expand the new connection by double clicking its name or clicking on the symbol My Identity and Security Policy subheadings appear below the connection name B 20 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP b Click on the Security Policy subheading to show the Security Policy menu IN Security Policy Editor NETGEAR ProSafe VPN Client File Edit Options Help a NETGEAR S Network Security Policy My Connections Security Policy amp ea a i Select Phase 1 Negotiation Mode G B onti Main Mode Security Policy E Authentication Phase 1 Aggressive Mode E Proposal 1 C Use M 3s Key Exchange Phase 2 action A Proposal 1 Ds Other Connections J Enable Perfect Forward Secrecy PFS Ditie Hetman Group 2 I Enable Replay Detection Figure B 17 c Select the Main Mode in the Select Phase 1 Negotiation Mode check box 4 Configure the VPN Client Identity In this step you will provide information about the remote VPN client PC You will need to provide the Pre Shared Key that you conf
11. eck the Encapsulation Protocol ESP checkbox a p e Inthe Encrypt Alg menu select the type of encryption In this example use Triple DES f Inthe Hash Alg menu select SHA 1 g Inthe Encapsulation menu select Tunnel h Leave the Authentication Protocol AH checkbox unchecked Save the VPN Client settings From the File menu at the top of the Security Policy Editor window select Save After you have configured and saved the VPN client information your PC will automatically open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router s LAN 8 Check the VPN Connection NETGEAR VPN Configuration B 25 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP To check the VPN Connection you can initiate a request from the remote PC to the VPN router s network by using the Connect option in the ADSL Modem Wireless Router menu bar see Figure B 22 Since the remote PC has a dynamically assigned WAN IP address it must initiate the request a Right click the system tray icon to open the popup menu b Select Connect to open the My Connections list c Choose toDG834G The 54 Mbps ADSL Modem Wireless Router Model DG834GSP will report the results of the attempt to connect Once the connection is established you can access resources of the network connected to the VPN router Security Policy Editor Certificate Manager Deactivate Secur
12. ection When the connection is successful the SA will change to the yellow key symbol Note While your PC is connected to a remote LAN through a VPN you might not have normal Internet access If this is the case you will need to close the VPN y connection in order to have normal Internet access Viewing the VPN Router s VPN Status and Log Information To view information on the status of the VPN client connection open the VPN router s VPN Status screen by following the steps below 1 To view this screen click the Router Status link of the VPN router s main menu then click the VPN Status button The VPN Status Log screen for a connection is shown below VPN Status Log 2002 09 08 12 01 35 added connection description fromDGs34 5 2002 09 08 12 01 35 adding interface ipsecO pppO 67 116 6 4 2005 05 24 20 46 33 fromDG834G responding to Main Mode fr 2005 05 24 20 46 35 fromDG834G sent MR3 ISAKMP SA establ 2005 05 24 20 46 35 fromDG834G responding to Quick Mode 2005 05 24 20 46 36 fromDG834G IPsec SA established 2005 05 24 20 50 41 deleting connection fromPG834G instan 2005 05 24 20 50 41 deleting connection fromPG834G 2005 05 24 20 50 41 shutting down interface ipsecO pppO 67 2005 05 24 20 50 42 added connection description fromDG834 2005 05 24 20 50 42 adding interface ipsecO pppO 67 116 6 4 af Refresh Clear Log VPN Status Figure B 26 NETGEAR VPN Configuratio
13. entication Phase if the Authentication Method Proposal is Pre Shared key Figure B 19 f Inthe Pre Shared Key dialog box click the Enter Key button Enter the DG834GSP s Pre Shared Key and click OK In this example 12345678 is entered This field is case sensitive 5 Configure the VPN Client Authentication Proposal In this step you will provide the type of encryption DES or 3DES to be used for this connection This selection must match your selection in the VPN router configuration a Inthe Network Security Policy list on the left side of the Security Policy Editor window expand the Security Policy heading by double clicking its name or clicking on the symbol b Expand the Authentication subheading by double clicking its name or clicking on the symbol Then select Proposal 1 below Authentication NETGEAR VPN Configuration B 23 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP IN Security Policy Editor NETGEAR ProSafe VPN Client File Edit Options Help ia NETGEAR S Network Security Policy My Connections Qp toDGEIG G My Identity Authentication Method EI Security Policy Pesky ff E Authentication Phase 1 jones BD Key Exchange Phase 2 Encryption and Data Integrity Algorithms A Proposal 1 Ds Other Connections Encrypt Alg Triple DES 7 Hash Alg SHA 1 SZ Authentication Method and Algorithms Seconds SA Life Unspecified v
14. igured in the DG834GSP and either a fixed IP address or a fixed virtual IP address of the VPN client PC NETGEAR VPN Configuration B 21 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP a In the Network Security Policy list on the left side of the Security Policy Editor window click My Identity IN Security Policy Editor NETGEAR ProSafe VPN Client File Edit Options Help a NETGEAR Network Security Policy SI J My Connections My Identity oDG834G Share aa Select Cetficate _Pre Shared Key a Security Policy None x 26 raan Phase 1 ID Type Pot 4 Proposal 1 Key NA Phase 2 Domain Nane E zi Qs Other a a Virtual Adapter Disabled v Intemet Interface Name 1 Intel R PRO 100 VE Network Connection IP Addr 19216823 Figure B 18 b Choose None in the Select Certificate menu c Select Domain Name in the ID Type menu and enter toDG834G com in this example in the box below it Choose Disabled in the Virtual Adapter menu d In the Internet Interface box select Intel PRO 100VE Network Connection in this example your Ethernet adapter may be different in the Name menu and enter 10 1 2 3 in this example in the IP Addr box B 22 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP e Click the Pre Shared Key button r Enter Pre Shared Key at least 8 characters This key is used during Auth
15. information TzZO com Click here for free trial C ngDDNS Click here to register Apply Cancel Show Status Figure B 8 b Select the DynDNS org radio button see Figure B 8 configure with appropriate account and hostname settings see Figure B 9 and then click Apply e Host and Domain Name fv1328 dyndns org e User Name lt user s account username gt e Password lt user s account password gt B 10 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP Dynamic DNS Use a dynamic DNS service None DynDNS org Click here for information TZO com Click here for free trial C ngDDNS Click here to reqister DynDNS Hast and Domain Name a aaeeeo example yourname dyndns org I Use wildcards Apply Cancel Show Status Figure B 9 c Click Show Status The resulting screen should show Update OK good see Figure B 10 E Dynamic DNS Details Microsoft Internet Explorer Dynamic DNS Update OK good TZO service is not enabled ngDDNS service is not enabled Figure B 10 NETGEAR VPN Configuration B 11 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP 5 Configure the DG834GSP as in the Gateway to Gateway procedures using the VPN Wizard see How to Set Up a Gateway to Gateway VPN Configuration on page 8 21 being certain to use appropriate network addresses for the environ
16. ite at http kbserver netgear com DG834GSP asp Step By Step Configuration 1 Configure the DG834GSP as in the Gateway to Gateway procedures using the VPN Wizard see How to Set Up a Gateway to Gateway VPN Configuration on page 8 21 being certain to use appropriate network addresses for the environment The LAN Addresses used in this example are as follows Unit WAN IP LAN IP LAN Subnet Mask DG834G 14 15 16 17 10 5 6 1 255 255 255 0 FVL328 22 13 24 25 172 23 9 1 255 255 255 0 In Step 1 enter toFVL328 for the Connection Name In Step 2 enter 22 23 24 25 for the remote WAN s IP address c In Step 3 enter the following e IP Address 172 23 9 1 e Subnet Mask 255 255 255 0 B 2 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP VPN Policies Click VPN Policies under TCC Advanced VPN to invoke policy Tait this screen Enable Name Type Local Remote ESP S Ra FVEI28 Auto JR en SES Delete Appl Cancel Add Auto Policy Add Manual Policy VPN Auto Policy General Policy Name jogp s Remote VPN Endpoint Address Type Fined iP Address Address Data 66 120 1AA 1F9 22 23 24 25 M NetBIOS Enable I IKE Keep Alive Ping IP Address J a 2 Local LAN IP Address Subnet address 7 Single Start address 192 ree jo p 10 5 6 Finish address 4 al l Sub
17. ity Policy Reload Security Policy g Remove Icon Right mouse click on the Log Viewer system tray icon to open the Connection Monitor popup menu Disconnect Connect Help About NETGEAR ProSafe VPN Cleg Figure B 22 To perform a ping test using our example start from the remote PC a Establish an Internet connection from the PC b On the Windows taskbar click the Start button and then click Run B 26 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP c Type ping t 10 1 1 1 and then click OK Type the name of a program folder document or Internet resource and Windows will open it for you Open ping 192 168 0 1 Cancel Browse Figure B 23 This will cause a continuous ping to be sent to the VPN router After between several seconds and two minutes the ping response should change from timed out to reply C gt ping 192 168 0 1 Pinging 192 168 0 1 with 32 bytes of data Reply from 192 168 0 1 bytes 32 time lt ims TTL 64 Reply from 192 168 0 1 bytes 32 time lt ims TTL 64 Reply from 192 168 0 1 bytes 32 time ims TTL 64 Figure B 24 Once the connection is established you can open the browser of the PC and enter the LAN IP address of the VPN router After a short wait you should see the login screen of the VPN router unless another PC already has the VPN router management interface open N
18. local LAN address as 10 5 6 1 for Gateway A and have set your own password 2 Click on the Dynamic DNS link on the left side of the Settings management GUI This will take you to the Dynamic DNS Menu B 8 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP 3 On the DG834GSP configure the Dynamic DNS settings a Browse to the Dynamic DNS Setup Screen see Figure B 6 in the Advanced menu Dynamic DNS I Use a Dynamic DNS Service Service Provider www DynDNS org Host Name ao User Name FO Password tT I Use Wildcards Apply Cancel Show Status Figure B 6 b Configure this screen with appropriate account and hostname settings and then click Apply e Check the box Use a Dynamic DNS Service e Host Name dg834g dyndns org e User Name lt user s account username gt e Password lt user s account password gt c Click Show Status The resulting screen should show Update OK good see Figure B 7 Z Ty Status Microsoft Internet Explorer FEE Update OK good Figure B 7 NETGEAR VPN Configuration B 9 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP 4 On the FVL328 configure the Dynamic DNS settings Assume a properly configured DynDNS account a Browse to the Dynamic DNS Setup Screen see Figure B 8 in the Advanced menu Dynamic DNS Use a dynamic DNS service None C DynDNS org Click here for
19. lock Remote Party Identity and Addressing ID Type Any v IP Address Protocol all x et A OTC I Connect using Secure Gateway Tunnel E Figure B 15 NETGEAR VPN Configuration B 19 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP INI Security Policy Editor NETGEAR ProSafe VPN Client File Edit Options Help ia ma Pol ta NETGEAR N Network Security Policy My Connections Connection Security 2 EGER G Secure r Only Connect Manually G My Identity rai ea Y n El Security Policy Block E Authentication Phase 1 oe A Proposal 1 2 S Key Exchange Phase 2 Remote Party Identity and Addressing Proposal 1 Fp Other Connections ID Tipe IP Subnet z Subnet 19216801 Mask 255 255 255 0 Protocol JA v Pot IV Connect using Secure Gateway Tunnel v v 1D Type Domain Name x Gateway Hostname fromDG834G com dyndns org Figure B 16 c Select Secure in the Connection Security check box group d Select IP Subnet in the ID Type menu e In this example type 10 1 1 1 in the Subnet field as the network address of the DG834GSP Enter 255 255 255 0 in the Mask field as the LAN Subnet Mask of the DG834GSP Select All in the Protocol menu to allow all traffic through the VPN tunnel po Select the Connect using Secure Gateway Tunnel check box Select Domain Name in the ID Type menu below the
20. ment The LAN Addresses used in this example are as follows Device LAN IP Address LAN Subnet Mask DG834GSP 10 5 6 1 255 255 255 0 FVL328 172 23 6 1 255 255 255 0 In Step 1 enter toFVL328 for the Connection Name In Step 2 enter fvl328 dyndns org for the remote WAN s IP address c In Step 3 enter the following e IP Address 172 23 9 1 e Subnet Mask 255 255 255 0 6 Configure the FVL328 as in the Gateway to Gateway procedures for the VPN Wizard see How to Set Up a Gateway to Gateway VPN Configuration on page 8 21 being certain to use appropriate network addresses for the environment In Step 1 enter toDG834 for the Connection Name In Step 2 enter dg834g dyndns org for the remote WAN s IP address c In Step 3 enter the following e IP Address 10 5 6 1 e Subnet Mask 255 255 255 0 7 Test the VPN tunnel by pinging the remote network from a PC attached to the DG834GSP a Open the command prompt Start gt Run gt cmd b ping 172 23 9 1 B 12 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP A WINNT system32 ping exe Pinging 172 23 9 1 with 32 bytes of data from 172 23 9 1 time lt i ms TTL 128 from 172 23 9 1 time lt i ms TTL 128 from 172 9 1 time lt 1 ms TTL 128 from 172 23 9 1 time lt 1 TTL 128 from 172 9 1 time lt 16 TTL 128 from 172 9 15 time lt i ms TTL 128 from 172 9 1 time lt i ms T
21. n B 29 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP 2 To view the VPN tunnels status click the VPN Status link on the right side of the main menu 2 Current PN Tunnels SAs Microsoft Internet Explorer Current YPN Tunnels SAs SPI In SPI Out Policy Name Remote Endpoint Action SLifeTime HLifeTime aa185e44 afabffch fromDG834G 66 120 188 152 Drop 3289 3287 Figure B 27 B 30 v1 0 June 2007 NETGEAR VPN Configuration Reference Manual for the ADSL Modem Wireless Router DG834GSP NETGEAR VPN Configuration B 31 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP B 32 NETGEAR VPN Configuration v1 0 June 2007
22. net Mask 255 ess 255 Jo Remote LAN IP Address Subnet address z Single Start IP address 192 fies j ft Finish IP address 172 723 9 a Subnet Mask 255 Jess j255 jo IKE Direction Initiator and Responder z Exchange Mode Main Mode 7 Diffie Hellman DH Group Group 2 1024 Bi gt Local Identity Type WANIPAddress z Data n a Remote Identity Type IP Address X Data n a Parameters Encryption Algorithm oes Authentication Algorithm SHA 1 F Pre shared Key 12345678 SA Life Time 28800 Seconds I Enable PFS Perfect Forward Security Back Cancel Figure B 2 NETGEAR VPN Configuration B 3 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP 2 Configure the FVL328 as in the Gateway to Gateway procedures for the VPN Wizard see How to Set Up a Gateway to Gateway VPN Configuration on page 8 21 being certain to use appropriate network addresses for the environment In Step 1 enter toDG834 for the Connection Name In Step 2 enter 14 15 16 17 for the remote WAN s IP address c In Step 3 enter the following e IP Address 10 5 6 1 e Subnet Mask 255 255 255 0 B 4 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP modo tocum nonmen ner Auth DH med M gi toDG834 Main 22 23 24 25 14 15 16 17 30ES SHA1 Group 2 1024 Bip Click IKE Policies under VPN to invoke this sc
23. on to install either the VPN Adapter or the IPSec Component or both The VPN Adapter is not necessary The system should show the ProSafe icon ASI in the system tray after rebooting Double click the system tray icon to open the Security Policy Editor 2 Add a new connection a Run the NETGEAR ProSafe Security Policy Editor program and create a VPN Connection B 18 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP b From the Edit menu of the Security Policy Editor click Add then Connection A New Connection listing appears in the list of policies Rename the New Connection so that it matches the Connection Name you entered in the VPN Settings of the DG834GSP on Gateway A ____ Note In this example the Connection Name used on the client side of the VPN tunnel is to DG834GSP and it does not have to match the VPN_ client Connection Name used on the gateway side of the VPN tunnel see Figure B 16 because Connection Names are arbitrary to how the VPN tunnel functions ES Tip Choose Connection Names that make sense to the people using and administrating the VPN S Security Policy Editor NETGEAR ProSafe YPN Client _ Eile Edit Options Help elexa tlt NETGEAR N Network Security Policy My Connections amp New Connection Ap Other Connections r Connection Security Secure T Only Connect Manually Non secure S C B
24. ote You can use the VPN router diagnostic utilities to test the VPN connection from the VPN router to the client PC Run ping tests from the Diagnostics link of the VPN router main menu NETGEAR VPN Configuration B 27 v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP Monitoring the VPN Tunnel Telecommuter Example Viewing the PC Client s Connection Monitor and Log Viewer To view information on the progress and status of the VPN client connection open the 54 Mbps ADSL Modem Wireless Router Model DG834GSP Log Viewer 1 To launch this function click on the Windows Start button then select Programs then 54 Mbps ADSL Modem Wireless Router Model DG834GSP then Log Viewer mq Note Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel 2 The Connection Monitor screen is shown below S connection Monitor NETGEAR ProSafe PN Client Global Statistics Non Secured Packets g 4 Secured Packets jo Dropped Packets p Secured Data KBytes jo Local Address Local Subnet Remote Address Remote Modifier GW Address Figure B 25 B 28 NETGEAR VPN Configuration v1 0 June 2007 Reference Manual for the ADSL Modem Wireless Router DG834GSP While the connection is being established the Connection Name field in this menu will show SA before the name of the conn
25. reen Exchange Mode Lota identity Type Loest identity Osta Romao Romow igert Type Remote ideetty Data mija opGs34 Both Directions 3 Main Mode z WAN IP Address 122 23 24 25 Remote WAN IP z 14 15 16 17 JAutientication Algonthen wenbcabon Menos Difie Heliman OH Group SA Life Time Name Type Local jim2iamnes Auto 192 168 2 0 255 255 255 0 Remote at ESP 192 160 0 1 255 255 2550 Disubled ESP t0DG834 _ 172239 1 Click VPN Policies under VPN to invoke this screen Figure B 3 Policy Name IKE pokey I IKE Keep Altve Remote VPN Engpoint SA Life Time F iPas PFs F No8105 Enable Traffic Selectos tocsiiP Romes IP AH Contin atom I Enable Autheracaton ESP Configuration F Enable Enceyption Enable Autneracaton Pre shared Key C RGA Signature requires Certiicate Group 2 1024 Bi F 20800 vecs Deak MAy Cancel frames toDG834 penzjemes z3 DG834 m Pinge aoaross 3 E E Addiess Type IP Address Address Data 67 125 51 64 Bad Boconde 4 5 16 17 3 kybtes PFS Key Groug Group 768 BA z Subnet address staniPaddess fisz fo k po Finish ads p 5 5 5 1 sutemask fess fess iss e Stbnot address sunt scones fier fice fb fr Fines IP address j E FF 10 m5 6 Subnet Mask ss pss pss p Aonicason agom MOS S Enenpton Aigorttm IDES 2 Authentication Aigortmm SHA S Back Feny Carca
Download Pdf Manuals
Related Search