Netgear DG834G User's Manual
Contents
1. Figure 3 6 Configuring Your Internet Connection 3 7 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G c Connect the power adapter to the firewall and plug it in to a power outlet Verify the following gt The power light is lit after turning on the firewall V The test light comes on briefly then goes off 79 The wireless light is lit after turning on the firewall The ADSL light is green indicating you are connected to the ADSL network d Now turn on your computer If software usually logs you in to your Internet connection do not run that software Cancel it if it starts automatically Verify the following 4 The local lights are lit for any connected computers 3 Log in to the modem router Note Your computer needs to be configured for DHCP For instructions on configuring for DHCP please see the documentation that came with your computer or Preparing a Computer for Network Access in Appendix C a Type http Default IP Address Variable in the address field of a browser such as Internet Explorer or Netscape Navigator http 192 168 0 1 Figure 3 7 This login window opens gt Please type your user name and password Site 192 168 0 1 Realm UserName fadmin Password rm o O I Save this password in your password2. How to Set Up VPN Tunnels in Special Circumstances on page 8 38 provides the steps needed to configure VPN tunnels when there are special circumstances and the VPNC recommended defaults of the VPN Wizard are inappropriate The two alternatives for configuring VPN tunnels are Auto Policy and Manual Policy Virtual Private Networking 8 1 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Overview of VPN Configuration Two common scenarios for configuring VPN tunnels are between a remote personal computer and a network gateway and between two or more network gateways The DG834G v3 supports both of these types of VPN configurations The ADSL Modem Wireless Router supports up to five concurrent tunnels Client to Gateway VPN Tunnels Client to Gateway VPN Tunnels provide secure access from a remote PC such as a telecommuter connecting to an office network VPN Tunnel DG834G A INTERNET ee f S PC CJ Running NETGEAR PCs ProSafe VPN Client Figure 8 1 A VPN client access allows a remote PC to connect to your network from any location on the Internet In this case the remote PC is one tunnel endpoint running the VPN client software The ADSL Modem Wireless Router on your network is the other tunnel endpoint See How to Set Up a Client to Gateway VPN Configuration on page 8 7 to set up this configuration 8 2 Virtual Private Networking v1 2 O
3. c Type ping t 192 168 3 1 and then click OK 8 30 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Type the name of a program Folder document or Internet resource and Windows will open it For you Open ping 192 168 0 1 Figure 8 31 Running a Ping test to the LAN from the PC This will cause a continuous ping to be sent to the first DG834G v3 After between several seconds and two minutes the ping response should change from timed out to reply Note Use Ctrl C to stop the pinging GC gt ping 192 168 60 1 Pinging 192 168 0 1 with 32 bytes of data Reply from 192 168 0 1 bytes 32 time lt ims Reply from 192 168 0 1 bytes 32 time lt ims Reply from 192 168 0 1 bytes 32 time ims Figure 8 32 Once the connection is established you can open the browser of the PC and enter the LAN IP address of the remote DG834G v3 After a short wait you should see the login screen of the Modem Router unless another PC already has the DG834G v3 management interface open e Gateway to Gateway Configuration test the VPN tunnel by pinging the remote network from a PC attached to the DG834G v3 a Open command prompt i e Start gt Run gt cmd Virtual Private Networking 8 31 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G ping 192 168 3 1 Pinging 192 168 3 1 with 32 bytes of d
4. DES x Auto v i2345 678 3600 Seconds Back Cancel Figure 8 43 Virtual Private Networking 8 45 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 5 Click Apply The Get VPN Policies web page is displayed VPN Policies Policy Table Te Enable Name Type Local Remote ESP 192 168 017 192 168 317 j1 GtoG Auto 255 255 255 0 255 255 255 0 SDES Figure 8 44 6 Repeat for the DG834G v3 on LAN B and pay special attention to use the following network settings as appropriate e General Remote Address Data e g 14 15 16 17 e Remote LAN Start IP Address IP Address e g 192 168 0 1 Subnet Mask e g 255 255 255 0 Preshared Key e g 12345678 7 Use the VPN Status screen to activate the VPN tunnel by performing the following steps Note The VPN Status screen is only one of three ways to active a VPN tunnel See Activating a VPN Tunnel on page 8 29 for information on the other ways 8 46 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G a Open the DG834G v3 management interface and click on VPN Status to display the VPN Status Log screen Figure 8 45 2004 06 22 22 58 26 2004 06 22 22 58 26 2004 06 22 22 58 26 2004 06 22 22 58 27 GtoG initiating Main Mode GtoG ISAKMP SA established GtoG sent QIZ IPsec SA established GtoG se
5. Reference Manual for the ADSL Modem Wireless Router DG834G 3 20 Configuring Your Internet Connection v1 2 October 2006 Chapter 4 Wireless Configuration This chapter describes how to configure the wireless features of your 54 Mbps ADSL Modem Wireless Router Model DG834G Considerations for a Wireless Network In planning your wireless network you should consider the level of security required You should also select the physical placement of your modem router in order to maximize the network speed To ensure proper compliance and compatibility between similar products in your area the operating channel and region must be set correctly Observe Performance Placement and Range Guidelines The operating distance or range of your wireless connection can vary significantly based on the physical placement of the wireless firewall The latency data throughput performance and notebook power consumption also vary depending on your configuration choices Note Failure to follow these guidelines can result in significant performance degradation or inability to wirelessly connect to the router For complete range performance specifications please see Appendix A Technical Specifications For best results place your firewall e Near the center of the area in which your computers will operate e In an elevated location such as a high shelf where the wirelessly connected computers have line of sight access even if
6. Use an ADSL microfilter with built in splitter when there is a single wall outlet which must provide connectivity for both the modem router and telephone equipment Computers Set to DHCP For the initial connection to your firewall your computer has to be set to automatically get its TCP IP configuration from the firewall via DHCP This is usually the case The NETGEAR Smart Wizard CD automatically takes care of this requirement For manual setup refer to the documentation that came with your computer Configuring Your Internet Connection 3 3 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Manually Setting Up Your Modem Router There are four steps to setting up your modem router 1 Install ADSL filters on the phone lines 2 Connect the firewall to the ADSL line 3 Log in to the firewall 4 Connect to the Internet Follow the steps below to connect your firewall to your network Before you begin locate the ADSL configuration information from your Internet Service Provider ISP 1 Connect the ADSL filter Note If you purchased the DG834G v3 in a country where an ADSL filter is not included you must acquire one a You need to install an ADSL filter for every telephone that uses the same phone line as your modem router Select the filter that came with your modem router 1 2 1 One Line Filter Use with a phone or fax machine 2 Spl
7. Reference Manual for the ADSL Modem Wireless Router DG834G NETGEAR NETGEAR Inc 4500 Great America Parkway Santa Clara CA 95054 USA 202 10155 03 October 2006 2006 by NETGEAR Inc All rights reserved Trademarks NETGEAR is a trademark of Netgear Inc Microsoft Windows and Windows NT are registered trademarks of Microsoft Corporation Other brand and product names are registered trademarks or trademarks of their respective holders Statement of Conditions In the interest of improving internal design operational function and or reliability NETGEAR reserves the right to make changes to the products described in this document without notice NETGEAR does not assume any liability that may occur due to the use or application of the product s or circuit layout s described herein Federal Communications Commission FCC Compliance Notice Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cau
8. ping from the Internet select the Respond to Ping on Internet WAN Port check box This should only be used as a diagnostic tool since it allows your modem router to be discovered Do not select this box unless you have a specific reason to do so MTU Size The normal MTU Maximum Transmit Unit value for most Ethernet networks is 1500 Bytes or 1492 Bytes for PPPoE connections For some ISPs you may need to reduce the MTU But this is rarely required and should not be done unless you are sure it is necessary for your ISP connection Configuring LAN IP Settings The LAN IP Setup menu allows configuration of LAN IP services such as DHCP and RIP These features can be found under the Advanced heading in the Main Menu of the browser interface The modem router is shipped preconfigured to use private IP addresses on the LAN side and to act as a DHCP server The modem router s default LAN IP configuration is e LAN IP addresses 192 168 0 1 e Subnet mask 255 255 255 0 7 4 Advanced Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G These addresses are part of the Internet Engineering Task Force IETF designated private address range for use in private networks and should be suitable in most applications If your network has a requirement to use a different IP addressing scheme you can make those changes in this menu LAN IP Setup LAN TCPAP Setup IP Address 192 168 o fa
9. Auto negotiates with the remote VPN endpoint and is not available in responder only mode e MD5 128 bits faster but less secure e SHA 1 default 160 bits slower but more secure Pre shared Key the key must be entered both here and on the remote VPN Gateway SA Life Time this determines the time interval before the SA Security Association expires It will automatically be re established as required While using a short time period or data amount increases security it also degrades performance It is common to use periods over an hour 3600 seconds for the SA Life Time This setting applies to both IKE and IPSec SAs IPSec PFS Perfect Forward Secrecy if enabled security is enhanced by ensuring that the key is changed at regular intervals Also even if one key is broken subsequent keys are no easier to break Each key has no relationship to the previous key This setting applies to both IKE and IPSec SAs When configuring the remote endpoint to match this setting you may have to specify the Key Group used For this device the Key Group is the same as the DH Group setting in the IKE section 8 42 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Example of Using Auto Policy A 14 15 16 17 DG834G VPN Firewall VPN Tunnel 22 23 24 25 DP 192 168 0 1 M Ja PCs Figure 8 41 B DG834G VPN Firewall 1 Set the
10. C 32 to 104 F 90 maximum relative humidity noncondensing FCC Part 15 Class B VCCI Class B EN 55 022 CISPR 22 Class B 10BASE T or 100BASE Tx RJ 45 ADSL ADSL2 Dual RJ 11 pins 2 and 3 T1 413 G DMT G Lite ITU Annex A for the DG834G or ITU Annex B for the DG834GB Technical Specifications v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G A 2 v1 2 October 2006 Technical Specifications Appendix B NETGEAR VPN Configuration DG834G v3 to FVL328 This appendix is a case study on how to configure a secure IPSec VPN tunnel from a NETGEAR DG834G v3 to a FVL328 This case study follows the VPN Consortium interoperability profile guidelines found at http www vpnc org InteropProfiles Interop 01 html Configuration Profile The configuration in this document follows the addressing and configuration mechanics defined by the VPN Consortium Gather all the necessary information before you begin the configuration process Verify whether the firmware is up to date all of the addresses that will be necessary and all of the parameters that need to be set on both sides Check that there are no firewall restrictions Table B 1 Profile Summary VPN Consortium Scenario Scenario 1 Type of VPN LAN to LAN or Gateway to Gateway not PC Client to Gateway Security Scheme IKE with Preshared Secret Key not Certificate based IP Addressing NETGEAR Gateway A Static IP
11. IP Subnet Mask 255 255 255 0 RIP Direction None RIP Version Disable Use Router as DHCP Server Starting IP Address 192 168 Jo j2 Ending IP Address 192 168 O 254 Address Reservation IP Address Device Name MAC Address Add Edit Delete Figure 7 2 The LAN TCP IP Setup parameters are e IP Address This is the LAN IP address of the modem router Warning If you change the LAN IP address of the modem router while connected A through the browser you or anyone else using the router will be disconnected You must then open a new connection to the new IP address and log in again Others using the router will have to restart their computer and connect to the router again e JP Subnet Mask This is the LAN Subnet Mask of the modem router Combined with the IP address the IP Subnet Mask allows a device to know which other addresses are local to it and which must be reached through a gateway or modem router Advanced Configuration 7 5 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e RIP Direction RIP Router Information Protocol allows a modem router to exchange routing information with other routers The RIP Direction selection controls how the Modem Router sends and receives RIP packets Both is the default When set to Both or Out Only the modem router will broadcast its routing table periodically When set to Both or In On
12. MD5 or SHA 1 Diffie Hellman DH Group Group 1 or Group 2 Key Life in seconds IKE Life Time in seconds VPN Endpoint Local IPSec ID LANIP Address Subnet Mask GtoG 12345678 Main Disabled 3DES SHA 1 Group 2 28800 8 hours 3600 1 hour FQDN or Gateway IP WAN IP Address DG834G v3_A GW_A 192 168 0 1 255 255 255 0 14 15 16 17 DG834G v3_B GW_B 192 168 3 1 255 255 255 0 22 23 24 25 Note The LAN IP address ranges of each VPN endpoint must be different The connection will fail if both are using the NETGEAR default address range of 192 168 0 x Follow this procedure to configure a gateway to gateway VPN tunnel using the VPN Wizard 1 Log in to the DG834G v3 on LAN A at its default LAN address of http 192 168 0 1 with its default user name of admin and password of password Click the VPN Wizard link in the main menu to display this screen Click Next to proceed 8 22 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G VPN Wizard The Wizard sets most parameters to defaults as proposed hy the VPN Consortium VPNC and assumes a pre shared key greatly simplifies setup After creating the policies through VPN Wizard you can always update the parameters through YPN Settings link on the left menu Figure 8 20 2 Fill in the Connection Name and the pre shared key
13. See How to Set Up a Gateway to Gateway VPN Configuration on page 8 21 e See Using Auto Policy to Configure VPN Tunnels on page 8 38 when the VPN Wizard and its VPNC defaults see Table 8 2 are not appropriate for your special circumstances but you want to automate the Internet Key Exchange IKE setup e See Using Manual Policy to Configure VPN Tunnels on page 8 49 when the VPN Wizard and its VPNC defaults see Table 8 2 are not appropriate for your special circumstances and you must specify each phase of the connection You manually enter all the authentication and key parameters You have more control over the process however the process is more complex and there are more opportunities for errors or configuration mismatches between your DG834G v3 and the corresponding VPN endpoint gateway or client workstation ____ Note NETGEAR publishes additional interoperability scenarios with various gateway and client software products Look on the NETGEAR web site at www netgear com for these interoperability scenarios 8 6 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G How to Set Up a Client to Gateway VPN Configuration VPN Tunnel 22 23 24 25 0 0 0 0 DG834G 192 168 3 1 tt CJ CJ ranig NETGEAR PCs ProSafe VPN Client Figure 8 3 Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a networ
14. ping 172 23 9 1 B 12 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G A WINNT system32 ping exe Pinging 172 23 9 1 with 32 bytes of data from 172 23 9 1 time lt i ms TTL 128 from 172 23 9 1 time lt i ms TTL 128 from 172 9 1 time lt 1 ms TTL 128 from 172 23 9 1 time lt 1 TTL 128 from 172 9 1 time lt 16 TTL 128 from 172 9 15 time lt i ms TTL 128 from 172 9 1 time lt i ms TTL 128 Figure B 11 Note The pings may fail the first time If this happens try the pings a second aa time NETGEAR VPN Configuration B 13 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Configuration Summary Telecommuter Example The configuration in this document follows the addressing and configuration mechanics defined by the VPN Consortium Gather all the necessary information before you begin the configuration process Verify whether the firmware is up to date all of the addresses that will be necessary and all of the parameters that need to be set on both sides Assure that there are no firewall restrictions Table B 3 Configuration summary telecommuter example VPN Consortium Scenario Scenario 1 Type of VPN PC client to gateway with client behind NAT router Security Scheme IKE with Preshared Secret Key not Certificate based IP Addressing Gateway Fully Qualified Domain Name FQDN Cl
15. which receives a lower priority than voice and video What s in the Box The product package should contain the following items e 54 Mbps ADSL Modem Wireless Router Model DG834G e AC power adapter varies by region e Category 5 Cat 5 Ethernet cable e Telephone cable with RJ 11 connector e Microfilters quantity and type vary by region e DG8 amp 34G ADSL Modem Wireless Router Resource CD including this guide e Two plastic feet that can be used to stand the ADSL Modem Wireless Router on end e Warranty and Support Information cards If any of the parts are incorrect missing or damaged contact your NETGEAR dealer Keep the carton including the original packing materials in case you need to return the product for repair 2 6 Introduction v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G The Router s Front Panel The front panel shown below contains status LEDs NETGEAR Figure 2 1 You can use the LEDs to verify various conditions Table 2 1 describes each LED Table 2 1 LED Descriptions Label Activity Description On Power is supplied to the router 1 Power Off Power is not supplied to the router On The system is initializing 2 Test Off The system is ready and running Blink Amber Indicates ADSL training 3 Internet On Green The Internet port has detected a link with an attached devic
16. 30 minutes Shorter durations will ensure that control points have current device status at the expense of additional network traffic Longer durations may compromise the freshness of the device status but can significantly reduce network traffic Advertisement Time To Live The time to live for the advertisement is measured in hops steps for each UPnP packet sent A hop is the number of steps allowed to propagate for each UPnP advertisement before it disappears The number of hops can range from 1 to 255 The default value for the advertisement time to live is 4 hops which should be fine for most home networks If you notice that some devices are not being updated or reached correctly then it may be necessary to increase this value a little UPnP Portmap Table The UPnP Portmap Table displays the IP address of each UPnP device that is currently accessing the Router and which ports Internal and External that device has opened The UPnP Portmap Table also displays what type of port is opened and if that port is still active for each IP address 3 To save cancel or refresh the table Click Apply to save the new settings to the Router Click Cancel to disregard any unsaved changes Click Refresh to update the portmap table and to show the active ports that are currently opened by UPnP devices 7 14 Advanced Configuration v1 2 October 2006 Chapter 8 Virtual Private Networking This chapter describes how to use the virtual pri
17. 5 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Table 6 1 Menu 3 2 Modem Router Status Fields continued Field Description Downstream Speed The speed at which the modem is receiving data from the ADSL line Upstream Speed The speed at which the modem is transmitting data to the ADSL line VPI The Virtual Path Identifier setting VCI The Virtual Channel Identifier setting Wireless Port These are the settings as set in the Wireless Settings page see Understanding Wireless Settings in Chapter 4 for details Name SSID The Service Set ID also known as the wireless network name Region The country where the unit is set up for use Channel The current channel which determines the operating frequency Wireless AP Indicates if the Access Point feature is disabled or not If not enabled the Wireless LED on the front panel will be off Broadcast Name Indicates if the DG834G v3 is configured to broadcast its SSID Click the Show Statistics button to display modem router usage statistics as shown below System Up Time 00 08 51 Port Status TxPkts RxPkts Collisions Tx B s Rx Bis Up Time WAN PPPoE 0 0 0 0 0 00 00 00 LAN 10M100M 542 751 0 294 155 00 08 47 WLAN 54M 288 0 0 70 0 00 08 36 ADSL Link Downstream Upstream Connection Speed 0 kbps Okbps Line Attenuation 0 db Odb Noise Margin Odb 0 db Poll Interval 5 secs Set Interval Figure 6
18. A Default DMZ Seve sandman niin 7 2 Connect Automatically ag Reguired sssini nnn A EANN 7 3 Enable PP PI csc capa ate neeaud vended ai apinadesldcandadus OSAA EEA EEEE EEES 7 4 Disable Port Scan and DOS Protection ccsssssssiivsssscssnssasssaersvandssviriaaasanirvensadudives 7 4 Respond to Ping on Internet WAN Fort scisissealenssi das cvigenatnsicendnienusennaeisens 7 4 KTU Tee acct csatscensnias aot siaualiemien amnesia 7 4 Connguririg LAN IP SGHNGS siiccccsssnsssqunescssaseunevenasagivessubdatesivancageseseas gutsadvenssectiacenaanuiees 7 4 Ee cao RE E I A E AE AOE O N T A N A E N 7 6 How to Configure LAN TOPAF Seung serikoneinnnarkiina Ennn S 7 8 TCU Dynamis DNG serseri 7 9 How to Configure Dynamic DNS coccssccss ci iecesstcdtseseideiiesadeiidls nanana kanaati aaan 7 9 Usno Stali ROUES suirssciscausssieiauerpckeasaadccaiieesncdschvedesacascssenseaaideneraaeas A 7 11 v1 2 October 2006 State Route EXAmMpPIE cases execs die ecncenatues scndconicsteatadinctscwashuidboudaddiueiastbabussionteadnestsaccadus 7 11 How to Configure Static Routes a ecciscscscdhsscs seeds essadondd lonsnw tnd vanaadoti isessnbelivenadedis 7 12 Universal Plug and Play OPI ssc ieiccwsotctinnunaatamboteiniamacetiieimeehtiaseelatamiteeunies 7 13 Chapter 8 Virtual Private Networking Overview of VPN CONMNQUIANON cisicicsscscsesssccctuaiaascitesn inaina nr S 8 2 Cliiontto Gateway VPN TUBER cccsiisssasssenscnrseeninnnacssennsacstanivedsdemnuaraainnsasseanns 8 2 Gateway t
19. ADSL Modem Wireless Router DG834G The Summary screen below displays Please verify your inputs Connection Name GtoG Remote VPN Endpoint 22 23 24 25 Remote Client Access By Subnet Remote IP 192 168 3 1 255 255 255 0 Remote ID Local Client Access By subnet Local IP 192 168 0 1 255 255 255 0 Local ID You can click here to view the VPNC recommended parameters Please click Done to apply the changes Figure 8 24 Virtual Private Networking 8 25 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G To view the VPNC recommended authentication and encryption settings used by the VPN Wizard click the here link see Figure 8 24 Click Back to return to the Summary screen VPN Consortium VPNC Recommendation The following parameters are recommended by the VPNC and used in the YPN Wizard Secure Association Main Mode Authentication Method Pre shared Key Encryption Protocol 3DES Authentication Protocol SHA 1 Key Life 1 hour IKE Life Time 24 hours NETBIOS Enabled Figure 8 25 5 Click Done on the Summary screen see Figure 8 24 to complete the configuration procedure The VPN Settings menu below displays showing that the new tunnel is enabled VPN Policies Policy Table Te Enable Name Type Local Remote ESP 192 168 0 1 192 168 317 I GtoG Auto 955 255 255 0 255 255 255 0 SDES Figure 8 26 8 26 Virtual Private Networking v1 2 Oct
20. Address Device Name MAC Address 1 192 168 0 2 PSERVER 00 0 02 34 45 16 2 192 168 0 3 GEARGUY XP2 00 d0 59 e1 f8 5d 3 192 168 0 4 BLACKDELL 00 09 5b 0f db 13 4 192 168 0 5 OLD 00 c0 4f 29 bf c8 5 192 168 0 6 GEARGUY XP2 00 d0 59 d8 10 20 Figure 6 6 For each device the table shows the IP address Device Name if available and the Ethernet MAC address Note that if the modem router is rebooted the table data is lost until the modem router rediscovers the devices To force the modem router to look for attached devices click the Refresh button Viewing Selecting and Saving Logged Information The modem router will log security related events such as denied incoming service requests hacker probes and administrator logins If you enabled content filtering in the Block Sites menu the Logs page can show you when someone on your network tries to access a blocked site If you enabled e mail notification you will receive these logs in an e mail message If you do not have e mail notification enabled you can view the logs here Managing Your Network 6 9 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G An example of the logs file is shown below Logs Current time 2003 08 26 07 42 Include in Log 2003 08 26 2003 08 26 2003 08 26 2003 08 26 2003 08 26 2003 08 26 2003 08 26 2003 08 26 2003 08 26 2003 08 26 2003 08 26 2003 08 26 2003 08 26 06 04 14 06 04 14 OMe a 07 26 1
21. Configuration Interface check the following e When entering configuration settings be sure to click the Apply button before moving to another menu or tab or your changes are lost e Click the Refresh or Reload button in the Web browser The changes may have occurred but the Web browser may be caching the old configuration Troubleshooting the ISP Connection If your router is unable to access the Internet you should check the ADSL connection then the WAN TCP IP connection ADSL link If your router is unable to access the Internet you should first determine whether you have an ADSL link with the service provider The state of this connection is indicated with the Internet LED Internet LED Green or Blinking Green If your Internet LED is green or blinking green then you have a good ADSL connection You can be confident that the service provider has connected your line correctly and that your wiring is correct Internet LED Blinking Amber If your Internet LED is blinking amber then your modem router is attempting to make an ADSL connection with the service provider The LED should turn green within several minutes If the Internet LED does not turn green disconnect all telephones on the line If this solves the problem reconnect the telephones one at a time being careful to use a microfilter on each telephone If the microfilters are connected correctly you should be able to connect all your telephones If disconne
22. Dynamic DNS Update OK good TZO service is not enabled ngDDNS service is not enabled Figure B 10 NETGEAR VPN Configuration B 11 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 5 Configure the DG834G v3 as in the Gateway to Gateway procedures using the VPN Wizard see How to Set Up a Gateway to Gateway VPN Configuration on page 8 21 being certain to use appropriate network addresses for the environment The LAN Addresses used in this example are as follows Device LAN IP Address LAN Subnet Mask DG834G v3 10 5 6 1 255 255 255 0 FVL328 172 23 6 1 255 255 255 0 In Step 1 enter toFVL328 for the Connection Name In Step 2 enter fvl328 dyndns org for the remote WAN s IP address c In Step 3 enter the following e IP Address 172 23 9 1 e Subnet Mask 255 255 255 0 6 Configure the FVL328 as in the Gateway to Gateway procedures for the VPN Wizard see How to Set Up a Gateway to Gateway VPN Configuration on page 8 21 being certain to use appropriate network addresses for the environment In Step 1 enter toDG834 for the Connection Name In Step 2 enter dg834g dyndns org for the remote WAN s IP address c In Step 3 enter the following e IP Address 10 5 6 1 e Subnet Mask 255 255 255 0 7 Test the VPN tunnel by pinging the remote network from a PC attached to the DG834G v3 a Open the command prompt Start gt Run gt cmd b
23. LAN IPs on each DG834G v3 to different subnets and configure each properly for the Internet The following settings are assumed for this example Table 8 5 VPN Tunnel Configuration Worksheet Connection Name Pre Shared Key Secure Association Main Mode or Manual Keys Perfect Forward Secrecy Enabled or Disabled Encryption Protocol DES or 3DES Authentication Protocol MD5 or SHA 1 Diffie Hellman DH Group Group 1 or Group 2 Key Life in seconds IKE Life Time in seconds GtoG 12345678 Main Disabled 3DES SHA 1 Group 2 28800 8 hours 3600 1 hour FQDN or Gateway IP VPN Endpoint Local IPSec ID LAN IP Address Subnet Mask WAN IP Address DG834G v3 A LAN_A 192 168 0 1 255 255 255 0 14 15 16 17 DG834G v3 B LAN_B 192 168 3 1 255 255 255 0 22 23 24 25 Virtual Private Networking 8 43 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 2 Open the DG834G v3 on LAN A management interface and click on VPN Policies VPN Policies Policy Table gt Enable Name Type Local Remote ESP Edit Delete Apply Cancel Add Auto Policy Add Manual Policy Figure 8 42 Click Add Auto Policy Enter policy settings see Figure 8 43 e General Policy Name GtoG Remote VPN Endpoint Address Type Fixed IP Address Remote VPN Endpoint Address Data 22 23 24 25 e Local LAN use default sett
24. Remote 10 5 6 1 i 172239 1 1 1 B OFVI328 Auto 966 255 265 0 256 256 266 0 SDES Add Auto Policy Figure B 2 Delete Appl Cancel VPN Auto Add Manual Policy Policy General Policy Name Remote VPN Endpoint M NetBIOS Enable T IKE Keep All Local LAN IP Address Remote LAN IP Address IKE Direction Exchange Mode ive Diffie Hellman DH Group Local Identity Type Data Remote Identity Data Parameters Type Encryption Algorithm Authentication Al Pre shared Key SA Life Time gorithm jens ARAORS J ORVL328 Address Type Fixed IP Address 7 Address Data 66 120 1AA 1F9 22 23 24 25 Ping IP Address J Ki jo Subnet address Single Start address 192 ree Jo J 10 5 6 Finish address 4 al l Subnet Mask 255 ess 255 Jo Subnet address z Single Start IP address 192 fies e ft Finish IP address 172 723 9 a Subnet Mask 255 Jess j255 jo WANIPAddress z na IP Address n a 3DES SHA 1 12345678 28800 Seconds I Enable PFS Perfect Forward Security Back Cancel NETGEAR VPN Configuration v1 2 October 2006 B 3 Reference Manual for the ADSL Modem Wireless Router DG834G 2 Configure the FVL328 as in the Gateway to Gateway procedures for the VPN Wizard see How to Set Up a Gateway to Gateway VPN Configuration on page 8 21 being certain to use appropriate network address
25. Server F My Mail Server requires authentication User Name Password Send E Mail alerts immediately ifa DoS attack is detected ifa Port Scan is detected If someone attempts to access a blocked site Send Logs According to this Schedule Hourly ball Day Time a m p m Figure 6 8 Managing Your Network 6 13 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e Turn e mail notification on Select this check box if you want to receive e mail logs and alerts from the modem router Send alerts and logs via email Send To This E mail Address Enter the e mail address where you want to send the alerts and logs Use a full e mail address such as ChrisX Y myISP com Outgoing Mail Server Enter the name or IP address of the outgoing SMTP mail server of your ISP such as mail myISP com Check My Mail Server requires authentication if you need to login to your SMTP server to send E mail If you check this box you must enter the user name and password for the mail server Tip If you cannot remember the above information from when you set up your e mail account check the settings in your e mail program e Send alert immediately Select the corresponding check box if you would like immediate notification of a significant security event such as a known attack port scan or attempted access to a blocked site e Send logs according to this schedule Specifie
26. Stop to freeze the display Managing Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Click the Connection Status button to display modem router connection status shown below Connection Status Connection Time 00 00 00 Connected Connecting to Server Negotiation ON Authentication lon Getting IP Addresses 192 168 10 13 Getting Network Mask Connect Disconnect Close Window 255 255 255 255 Figure 6 5 This screen shows the following statistics Table 6 3 Connection Status Fields for PPPoA Field Description Connection Time The time elapsed since the last connection to the Internet via the ADSL port Connecting to The connection status Sender Negotiation ON or OFF Authentication ON or OFF IP Address The IP Address assigned to the WAN port by the ADSL Internet Service Provider Network Mask The Network Mask assigned to the WAN port by the ADSL Internet Service Provider Managing Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Viewing Attached Devices The Attached Devices menu contains a table of all IP devices that the modem router has discovered on the local network From the Main Menu of the browser interface under the Maintenance heading select Attached Devices to view the table shown Attached Devices DHCP Addresses IP
27. address NETGEAR Gateway B Static IP address NETGEAR VPN Configuration B 1 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 10 5 6 0 24 VPNC Example 172 23 9 0 24 Network Interface Addressing Gateway A y Gateway B DANIE 14 15 16 17 22 23 24 25 INTERNET 10 5 6 1 WANIE SI WAN IP iii 172 23 9 1 DG834G FVL328 Figure B 1 Note Product updates are available on the NETGEAR Inc web site at http kbserver netgear com DG834G v3 asp Step By Step Configuration 1 Configure the DG834G v3 as in the Gateway to Gateway procedures using the VPN Wizard see How to Set Up a Gateway to Gateway VPN Configuration on page 8 21 being certain to use appropriate network addresses for the environment The LAN Addresses used in this example are as follows Unit WAN IP LAN IP LAN Subnet Mask DG834G 14 15 16 17 10 5 6 1 255 255 255 0 FVL328 22 13 24 25 172 23 9 1 255 255 255 0 In Step 1 enter toFVL328 for the Connection Name In Step 2 enter 22 23 24 25 for the remote WAN s IP address c In Step 3 enter the following e IP Address 172 23 9 1 e Subnet Mask 255 255 255 0 B 2 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Click VPN Policies under Advanced VPN to invoke this screen VPN Policies Policy Table Enable Name Type Local
28. be provided as follows Single address enter an IP address in the Single Start IP address field Typically this setting is used when you wish to make a single Server on your LAN available to remote users Range address enter the starting IP address in the Single Start IP address field and the finish IP address in the Finish IP address field This must be an address range used on your LAN Subnet address enter an IP address in the Single Start IP address field and the desired network mask in the Subnet Mask field Any the remote VPN endpoint may be at any IP address The remote VPN endpoint must have these IP addresses entered as its Remote addresses Remote LAN This identifies which PCs on the remote LAN are covered by this policy For each selection data must be provided as follows Single PC no Subnet select this option if there is no LAN only a single PC at the remote endpoint If this option is selected no additional data is required Single address enter an IP address in the Single Start IP address field This must be an address on the remote LAN Typically this setting is used when you wish to access a server on the remote LAN Range address enter the starting IP address in the Single Start IP address field and the finish IP address in the Finish IP address field This must be an address range used on the remote LAN Subnet address enter an IP address in the Single Start IP address
29. details Internet Connection Requires Login and Uses PPPoE 1 If your Internet connection does require login select Yes and fill in the settings according to the instructions below ____ Note You will no longer need to launch the ISP s login program on your computer in order to access the Internet When you start an Internet application your modem router automatically logs you in 2 Choose PPPoE for the encapsulation method Enter the login name frequently the email address your ISP provided password and service name if required 4 If you want to change the login timeout enter a new value in minutes This determines how long the modem router keeps the Internet connection active after there is no Internet activity from the LAN Entering an Idle Timeout value of zero means never log out 5 When a connection uses PPPoE the IP address is normally assigned automatically However the DG834G v3 allows this address to be set manually Configuring Your Internet Connection 3 15 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e Select Get Dynamically from ISP if your ISP assigns your IP address e Select Use Static IP Address if your ISP gave you a statically assigned address The DNS server is used to look up site addresses based on their names e Select Get Automatically from ISP if your ISP uses DHCP to assign your DNS servers Your ISP will automatically assign th
30. directed to the PPPoA page shown PPPoA Login tt sis Password DO Figure 3 11 3 10 Configuring Your Internet Connection v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Enter your login user name and password These fields are case sensitive Wizard Detected Dynamic IP Account Setup If the Setup Wizard determines that your Internet service account uses Dynamic IP assignment you will be directed to the page shown Dynamic IP Address No input data is required Click Apply to accept this connection method Cancel Test Figure 3 12 Click Apply to set Dynamic IP as the connection method Wizard Detected IP Over ATM Account Setup If the Setup Wizard determines that your Internet service account uses IP over ATM Classical IP assignment RFC1577 you will be directed to the page shown IP Over ATM Internet IP Address IP Address o mit o io IP Subnet Mask o mit o mi Domain Name Server DNS Address Primary DNS a a Secondary DNS i Apply Cancel Test Figure 3 13 1 Enter your assigned IP Address and Subnet Mask This information should have been provided to you by your ISP You need the configuration parameters from your ISP 2 Enter the IP address of your ISP s Primary DNS Server If a Secondary DNS Server address is available enter it also Configuring Your Internet Connection 3 11 v1 2 October 2006 Reference Manual for the ADSL Modem W
31. field and the desired network mask in the Subnet Mask field Virtual Private Networking 8 49 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e Any any outgoing traffic from the Local IP computers will trigger an attempted VPN connection to the remote VPN endpoint Please be sure you want this option before selecting it The remote VPN endpoint must have these IP addresses entered as its Local addresses ESP Configuration ESP Encapsulating Security Payload provides security for the payload data sent through the VPN tunnel SPI enter the required security policy indexes SPIs Each policy must have unique SPIs These settings must match the remote VPN endpoint The in setting here must match the out setting on the remote VPN endpoint and the out setting here must match the in setting on the remote VPN endpoint Encryption select the desired Encryption Algorithm and enter the key in the field provided For 3DES the keys should be 24 ASCII characters and for DES the keys should be 8 ASCII characters e DES the Data Encryption Standard DES processes input data that is 64 bits wide encrypting these values using a 56 bit key Faster but less secure than 3DES e 3DES Triple DES achieves a higher level of security by encrypting the data three times using DES with three different unrelated keys Authentication select the desired SHA 1 or MD5 Authentication Al
32. for the VPN tunnel you want to activate E Current YPN Tunnels SAs Microsoft Internet Explorer Current VPN Tunnels SAs SPI In SPI Out Policy Name Remote Endpoint SLifeTime HLifeTime GtoG _ Figure 8 28 c Look at the VPN Status Log screen Figure 8 27 to verify that the tunnel is connected 8 28 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G VPN Tunnel Control Activating a VPN Tunnel There are three ways to activate a VPN tunnel e Use the VPN Status page e Activate the VPN tunnel by pinging the remote endpoint e Start using the VPN tunnel Note Refer to Using Auto Policy to Configure VPN Tunnels on page 8 38 to enable a the IKE keepalive capability on an existing VPN tunnel Using the VPN Status Page to Activate a VPN Tunnel To use the VPN Status screen to activate a VPN tunnel perform the following steps 1 Log in to the Modem Router 2 Open the DG834G v3 management interface and click on VPN Status to get the VPN Status Log screen Figure 8 29 VPN Status Log Tue 2004 06 22 22 58 26 2004 06 22 22 58 26 2004 06 22 22 58 26 2004 06 22 22 58 27 GtoG initiating Main Mode GtoG ISAKMP SA established GtoG sent QI2 IPsec SA established GtoG sent Q12 IPsec S54 established Retesh _CieorLog VPNStetus_ Figure 8 29 Vir
33. h Type a number between 1 and 15 as the Metric value This represents the number of routers between your network and the destination Usually a setting of 2 or 3 works but if this is a direct connection set it to 1 4 Click Apply to have the static route entered into the table Universal Plug and Play UPnP Universal Plug and Play UPnP helps devices such as Internet appliances and computers access the network and connect to other devices as needed UPnP devices can automatically discover the services from other registered UPnP devices on the network 1 Click UPnP on the main menu to invoke the UPnP menu UPnP M Turn UPnP On Advertisement Period in minutes fs oO a Advertisement Time To Live in hops UPnP Portmap Table Active Protocol Int Port Ext Port IPAddress Apply Cancel Refresh Figure 7 7 2 Fill out the UPnP screen e Turn UPnP On UPnP can be enabled or disabled for automatic device configuration The default setting for UPnP is enabled If disabled the Router will not allow any device to automatically control the resources such as port forwarding mapping of the Router Advanced Configuration 7 13 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Advertisement Period The Advertisement Period is how often the Router will advertise broadcast its UPnP information This value can range from 1 to 1440 minutes The default period is for
34. if the router recovers and the LED blinks for the correct amount of time If all LEDs including the Test LED are still on one minute after power up e Cycle the power to see if the router recovers e Clear the router s configuration to factory defaults This will set the router s IP address to 192 168 0 1 This procedure is explained in Using the Reset button on page 9 9 If the error persists you might have a hardware problem and should contact technical support LAN or Internet Port LEDs Not On If either the LAN LEDs or Internet LED do not light when the Ethernet connection is made check the following 9 2 Troubleshooting v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Make sure that the Ethernet cable connections are secure at the router and at the hub or workstation Make sure that power is turned on to the connected hub or workstation Be sure you are using the correct cable When connecting the router s WAN ADSL port use the cable that was supplied with the DG834G v3 Troubleshooting the Web Configuration Interface If you are unable to access the router s Web Configuration interface from a computer on your local network check the following If you are using an Ethernet connected computer check the Ethernet connection between the computer and the router as described in the previous section Make sure your computer s IP address is on the same subnet as the
35. numeric IP address For a fixed IP address configuration you must obtain DNS server addresses from your ISP and enter them manually here 5 Click Apply to save the settings 6 Click the Test button to test your Internet connection If the NETGEAR Web site does not appear within one minute refer to Chapter 9 Troubleshooting 3 12 Configuring Your Internet Connection v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Testing Your Internet Connection After completing the Internet connection configuration your can test your Internet connection Log in to the modem router then from the Basic Settings link in the Setup menu click the Test button If the NETGEAR Web site does not appear within one minute refer to Chapter 9 Troubleshooting Your modem router is now configured to provide Internet access for your network Your modem router automatically connects to the Internet when one of your computers requires access It is not necessary to run a dialer or login application such as Dial Up Networking or Enternet to connect log in or disconnect These functions are performed by the modem router as needed To access the Internet from any computer connected to your modem router launch a browser such as Microsoft Internet Explorer or Netscape Navigator You should see the modem router s Internet LED blink indicating communication to the ISP The browser should begin to display a Web pa
36. or password your may use to log in to your Internet connection NETGEAR recommends that you change this password to a more secure password The ideal password should contain no dictionary words from any language and should be a mixture of both upper and lower case letters numbers and symbols Your password can be up to 30 characters How to Change the Built In Password 1 Log in to the modem router at its default LAN address of http 192 168 0 1 with its default User Name of admin default password of password or using whatever Password and LAN address you have chosen for the modem router http 192 168 0 1 Figure 5 1 Protecting Your Network 5 1 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 2 From the Main Menu of the browser interface under the Maintenance heading select Set Password to bring up the menu shown Set Password Old Password Set Password Repeat New Password Administrator login times out after idle for 95 minutes Figure 5 2 To change the password first enter the old password and then enter the new password twice Click Apply to save your changes ___ Note After changing the password you will be required to log in again to continue the configuration If you have backed up the modem router settings previously you should do a new backup so that the saved settings file includes the new password Changing the Administrator Login T
37. server or if you will manually configure the network settings of all of your computers clear the Use router as DHCP server check box Otherwise leave it selected 7 6 Advanced Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Specify the pool of IP addresses to be assigned by setting the Starting IP Address and Ending IP Address These addresses should be part of the same IP address subnet as the router s LAN IP address Using the default addressing scheme you should define a range between 192 168 0 2 and 192 168 0 254 although you may want to save part of the range for devices with fixed addresses The router will deliver the following parameters to any LAN device that requests DHCP An IP Address from the range you have defined Subnet Mask Gateway IP Address is the router s LAN IP address Primary DNS Server if you entered a Primary DNS address in the Basic Settings menu otherwise the router s LAN IP address Secondary DNS Server if you entered a Secondary DNS address in the Basic Settings menu WINS Server short for Windows Internet Naming Service Server determines the IP address associated with a particular Windows computer A WINS server records and reports a list of names and IP address of Windows PCs on its local network If you connect to a remote network that contains a WINS server enter the server s IP address here This allows your PCs to browse the network
38. settings described below will prevent a determined intruder from eavesdropping on your wireless data communications Also if you are using the Internet for such activities as purchases or banking those Internet sites use another level of highly secure encryption called SSL You can tell if a web site is using SSL because the web address begins with HTTPS rather than HTTP Authentication Type Selection The DG834G v3 lets you select the following wireless authentication schemes e Automatic e Open System e Shared key ____ Note The authentication scheme is separate from the data encryption You can choose an authentication scheme which requires a shared key but still leave the data transmissions unencrypted If you require strong security use both the Shared Key and WEP encryption settings Set your wireless adapter according to the authentication scheme you choose for the ADSL Modem Wireless Router Please refer to Wireless Communications in Appendix C for a full explanation of each of these options as defined by the IEEE 802 11g wireless communication standard Encryption Choices Please refer to Wireless Communications in Appendix C for a full explanation of each of the following choices as defined by the IEEE 802 11g wireless communication standard Choose the encryption strength from the drop down list Disable No encryption will be applied This setting is useful for troubleshooting your wireless connect
39. single user ISP account This feature can also be turned off completely while using the DG834G v3 if you want to manage the IP address scheme yourself e Automatic Configuration of Attached PCs by DHCP The DG834G v3 dynamically assigns network configuration information including IP modem router and domain name server DNS addresses to attached PCs on the LAN using the Dynamic Host Configuration Protocol DHCP This feature greatly simplifies configuration of PCs on your local network e DNS Proxy When DHCP is enabled and no DNS addresses are specified the modem router provides its own address as a DNS server to the attached PCs The modem router obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN e Classical IP RFC 1577 Some Internet service providers in Europe for example use Classical IP in their ADSL services In such cases the modem router is able to use the Classical IP address from the ISP e PPP over Ethernet PPPoE PPP over Ethernet is a protocol for connecting remote hosts to the Internet over an ADSL connection by simulating a dial up connection This feature eliminates the need to run a login program such as EnterNet or WinPOET on your computer e PPP over ATM PPPoA PPP over ATM is a protocol for connecting remote hosts to the Internet over an ADSL connection by simulating an ATM connection 2 4 Introduction v1 2 October 2006 Reference Manual for the ADS
40. statherin teaniuuues B 1 Slep By Slop ConguUralioli cascn ia ia awl ne men B 2 Disee4ts 22 Wilh FODN To FYLJ2O sruni oman B 6 Conkguration PROTUG sssrinin a B 6 Step By Step Configuratio sacicceacaasals sass acidic casedeass te ataandansesundgursonaaaandl sanetduiarteaataahiie B 8 Configuration Summary Telecommuter Example c ceeeseccceeeeeccneeeeseenenaeereeaee B 14 Setting Up the Client to Gateway VPN Configuration Telecommuter Example B 14 Step 1 Configuring the Client to Gateway VPN Tunnel on the VPN Router at the Employers Man OMGE ccsourccsecventcccswveowedsevnmesimruanccane EN E A B 15 Step 2 Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter s Home OMGE ssrsirircsissririsoisssaridrs sonirosa B 18 Monitoring the VPN Tunnel Telecommuter Example ccccceseccccceesseeeeeeeeseeeeees B 28 Viewing the PC Client s Connection Monitor and Log Viewer essees B 28 Viewing the VPN Router s VPN Status and Log Information eee B 29 Appendix C Related Documents v1 2 October 2006 v1 2 October 2006 Chapter 1 About This Manual This chapter describes the intended audience scope conventions and formats of this manual Audience Scope Conventions and Formats This reference manual assumes that the reader has basic to intermediate computer and Internet skills However basic computer network Internet firewall and VPN technologies tutorial i
41. the modem router to enable new network configurations to take effect or to clear problems with the modem router s network connection From the Main Menu of the browser interface under the Maintenance heading select the Modem Router Diagnostics heading to display the menu shown Diagnostics Ping an IP address C Ping VPN IP Address Perform a DNS Lookup Internet Name IP address DNS Server Display the Routing Table Reboot the Router Figure 6 9 Managing Your Network 6 15 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Enabling Remote Management Using the Remote Management page you can allow a user or users on the Internet to configure upgrade and check the status of your 54 Mbps ADSL Modem Wireless Router Model DG834G Tip Be sure to change the modem router s default password to a very secure password gt The ideal password should contain no dictionary words from any language and should be a mixture of letters both upper and lower case numbers and symbols Your password can be up to 30 characters Configuring Remote Management 1 Log in to the modem router at its default LAN address of http 192 168 0 1 with its default User Name of admin default password of password or using whatever User Name Password and LAN address you have chosen for the modem router 2 From the Advanced section of the main menu sele
42. the top and proceeding to the default rules at the bottom In some cases the order of precedence of two or more rules may be important in determining the disposition of a packet The Move button allows you to relocate a defined rule to a new position in the table Services Services are functions performed by server computers at the request of client computers For example Web servers serve Web pages time servers serve time and date information and game hosts serve data about other players moves When a computer on the Internet sends a request for service to a server computer the requested service is identified by a service or port number This number appears as the destination port number in the transmitted IP packets For example a packet that is sent with destination port number 80 is an HTTP Web server request The service numbers for many common protocols are defined by the Internet Engineering Task Force IETF and published in RFC1700 Assigned Numbers Service numbers for other applications are typically chosen from the range 1024 to 65535 by the authors of the application Although the DG834G v3 already holds a list of many service port numbers you are not limited to these choices Use the procedure below to create your own service definitions How to Define Services 1 Log in to the modem router at its default LAN address of http 192 168 0 1 with its default User Name of admin default password of password or usi
43. through walls e Away from sources of interference such as computers microwaves and cordless phones e With the Antenna tight and in the upright position e Away from large metal surfaces Wireless Configuration 4 1 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G The time it takes to establish a wireless connection can vary depending on both your security settings and placement WEP connections can take slightly longer to establish Also WEP encryption can consume more battery power on a notebook computer Implement Appropriate Wireless Security ___ Note Indoors computers can connect over 802 11g wireless networks at a maximum range of up to 300 feet Such distances can allow for others outside of your immediate area to access your network Unlike wired network data your wireless data transmissions can extend beyond your walls and can be received by anyone with a compatible adapter For this reason use the security features of your wireless equipment The ADSL Modem Wireless Router provides highly effective security features which are covered in detail in this chapter Deploy the security features appropriate to your needs Wireless Data Security Options Range Up to 300 Feet ioe Pd ova 2 gt iiia 1 Open System Easy but no security 2 MAC Access List No data security 3 WEP Security but some performance impact 4 WPA
44. version of the manual is dedicated to a major topic Use the Print button on the browser toolbar to print the page contents e Printing a Chapter Use the PDF of This Chapter link at the top left of any page Click the PDF of This Chapter link at the top right of any page in the chapter you want to print The PDF version of the chapter you were viewing opens in a browser window Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files The Acrobat reader is available on the Adobe Web site at http www adobe com 1 2 About This Manual v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Click the print icon in the upper left of the window Tip If your printer supports printing two pages on a single sheet of paper you can save paper and printer ink by selecting this feature e Printing the Full Manual Use the Complete PDF Manual link at the top left of any page Click the Complete PDF Manual link at the top left of any page in the manual The PDF version of the complete manual opens in a browser window Click the print icon in the upper left of the window Tip If your printer supports printing two pages on a single sheet of paper you can save paper and printer ink by selecting this feature _ gt About This Manual 1 3 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834
45. virus protection or firewall software you may be running on your PC 1 Install the NETGEA ProSafe VPN Client on the remote PC and reboot d e You may need to insert your Windows CD to complete the installation If you do not have a modem or dial up adapter installed in your PC you may see the warning message stating The NETGEAR ProSafe VPN Component requires at least one dial up adapter be installed You can disregard this message Install the IPSec Component You may have the option to install either the VPN Adapter or the IPSec Component or both The VPN Adapter is not necessary The system should show the ProSafe icon ASI in the system tray after rebooting Double click the system tray icon to open the Security Policy Editor 2 Add a new connection a Run the NETGEAR ProSafe Security Policy Editor program and create a VPN Connection B 18 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G b From the Edit menu of the Security Policy Editor click Add then Connection A New Connection listing appears in the list of policies Rename the New Connection so that it matches the Connection Name you entered in the VPN Settings of the DG834G v3 on Gateway A ____ Note In this example the Connection Name used on the client side of the VPN tunnel is toDG834G and it does not have to match the VPN_ client Connection Name used on the gateway sid
46. 00 e Your company s network is 134 177 0 0 When you first configured your router two implicit static routes were created A default route was created with your ISP as the modem router and a second static route was created to your local network for all 192 168 0 x addresses With this configuration if you attempt to access a device on the 134 177 0 0 network your router will forward your request to the ISP The ISP forwards your request to the company where you are employed and the request will likely be denied by the company s firewall In this case you must define a static route telling your router that 134 177 0 0 should be accessed through the ISDN router at 192 168 0 100 The static route would look like Figure 7 6 In this example e The Destination IP Address and IP Subnet Mask fields specify that this static route applies to all 134 177 x x addresses e The Modem Router IP Address fields specifies that all traffic for these addresses should be forwarded to the ISDN router at 192 168 0 100 e A Metric value of 1 will work since the ISDN router is on the LAN This represents the number of routers between your network and the destination This is a direct connection so it is set to 1 e Private is selected only as a precautionary security measure in case RIP is activated Advanced Configuration 7 11 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G How to Configure Static Routes 1
47. 1999 5 EC Portugu s NETGEAR Inc declara que este 54 Mbps ADSL Modem Wireless Router Model Portuguese DG834G esta conforme com os requisitos essenciais e outras disposi es da Directiva 1999 5 CE Slovensko NETGEAR Inc izjavlja da je ta 54 Mbps ADSL Modem Wireless Router Model Slovenian DG834G v skladu z bistvenimi zahtevami in ostalimi relevantnimi dolo ili direktive 1999 5 ES Slovensky NETGEAR Inc t mto vyhlasuje e 54 Mbps ADSL Modem Wireless Router Model Slovak DG834G sp a z kladn po iadavky a v etky pr slu n ustanovenia Smernice 1999 5 ES Suomi NETGEAR Inc vakuuttaa t ten ett 54 Mbps ADSL Modem Wireless Router Model Finnish DG834G tyyppinen laite on direktiivin 1999 5 EY oleellisten vaatimusten ja sit koskevien direktiivin muiden ehtojen mukainen Svenska H rmed intygar NETGEAR Inc att denna utrustningstyp star verensst mmelse med Swedish de v sentliga egenskapskrav och vriga relevanta best mmelser som framg r av direktiv 1999 5 EG A printed copy of the EU Declaration of Conformity certificate for this product is provided in the DG834G v3 product package Best tigung des Herstellers Importeurs Es wird hiermit best tigt da das 54 Mbps ADSL Modem Wireless Router Model DG834G gem der im BMPT AmtsblVfg 243 1991 und Vfg 46 1992 aufgef hrten Bestimmungen entst rt ist Das vorschriftsm ige Betreiben einiger Ger te z B Testsender kann jedoch gewissen Besc
48. 2006 8 39 Reference Manual for the ADSL Modem Wireless Router DG834G The DG834G v3 VPN tunnel network connection fields are defined as follows General These settings identify this policy and determine its major characteristics Policy Name Enter a unique name to identify this policy This name is not supplied to the remote VPN endpoint It is used only to help you manage the policies Remote VPN Endpoint If the remote endpoint has a dynamic IP address select Dynamic IP address No Address Data input is required You can set up multiple remote dynamic IP policies but only one such policy can be enabled at a time Otherwise select the desired option IP address or Domain Name and enter the address of the remote VPN endpoint to which you wish to connect Note The remote VPN endpoint must have this VPN Gateway s address entered as its Remote VPN Endpoint IKE Keep alive Enable this if you wish to ensure that a connection is kept open or if that is not possible that it is quickly re established when disconnected The Ping IP Address must be associated with the remote endpoint The remote LAN address must be used This IP address will be pinged periodically to generate traffic for the VPN tunnel The remote keep alive IP address must be covered by the remote LAN IP range and must correspond to a device that can respond to ping The range should be made as narrow as possible to meet this objective Loca
49. 3 For example if your notebook computer is used to wirelessly connect to your router and you take a business trip you can turn off the wireless portion of the router while you are traveling Other members of your household who use computers connected to the router via Ethernet cables will still be able to use the router Restricting Wireless Access Based on the Wireless Network Name SSID The DG834G v3 can restrict wireless access to your network by not broadcasting the wireless network name SSID However by default this feature is turned off If you turn this feature on wireless devices will not see your DG834G v3 You must configure your wireless devices to match the wireless network name SSID you configure in the ADSL Modem Wireless Router Note The SSID of any wireless access adapters must match the SSID you configure in the 54 Mbps ADSL Modem Wireless Router Model DG834G If they do not match you will not get a wireless connection to the DG834G v3 Restricting Wireless Access Based on the Wireless Station Access List This list determines which wireless hardware devices will be allowed to connect to the firewall To restrict access based on MAC addresses follow these steps 1 Log in to the DG834G v3 firewall at its default LAN address of http 192 168 0 1 with its default user name of admin and default password of password or using whatever LAN address and password you have set up Wireless Configuration 4
50. 36 Tue 2005 05 24 20 50 41 Tue 2005 05 24 20 50 41 Tue 2005 05 24 20 50 41 Tue 2005 05 24 20 50 42 Tue 2005 05 24 20 50 42 Refresh Clear Log VPN Status Figure 8 17 Note Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel Virtual Private Networking 8 19 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 9 The Connection Monitor screen for this connection is shown below S Connection Monitor NETGEAR ProSafe PN Client Jof x Global Statistics Non Secured Packets 411798 Secured Packets 6 Beset we Reset Dropped Packets 10 Secured Data KBytes Deta Ep My Connections toDG834 192 168 2 2 255 255 255 255 192 168 3 1 255 255 255 0 22 23 24 25 ALL ALL ALL Figure 8 18 In this example you can see the following e The DG834G v3 has a public IP WAN address of 22 23 24 25 e The DG834G v3 has a LAN IP address of 192 168 3 1 e The VPN client PC has a dynamically assigned address of 192 168 2 2 While the connection is being established the Connection Name field in this menu will say SA before the name of the connection When the connection is successful the SA will change to the yellow key symbol shown in the illustration above Note While your PC is connected to a remote LAN through a VPN you might not have k normal I
51. 4 6 6 Managing Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G This screen shows the following statistics Table 6 2 Router Statistics Fields Field Description WAN or LAN Port The statistics for the WAN Internet and LAN ports or Upstream Connection Speed Status The link status of the port TxPkts The number of packets transmitted on this port since reset or manual clear RxPkts The number of packets received on this port since reset or manual clear Collisions The number of collisions on this port since reset or manual clear Tx B s The current line utilization percentage of current bandwidth used on this port Rx B s The average line utilization for this port Up Time The time elapsed since the last power cycle or reset ADSL Link Downstream The statistics for the upstream and downstream ADSL link These statistics will be of interest to your technical support representative if you are having problems obtaining or maintaining a connection Typically the downstream speed is faster than the upstream speed Line Attenuation The line attenuation will increase the further you are physically located from your ISP s facilities Noise Margin This is the signal to noise ratio and is a measure of the quality of the signal on the line Poll Interval Specifies the interval at which the statistics are updated in this window Click
52. 9 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 2 From the Wireless Settings menu Wireless Station Access List section click the Setup Access List button to display the list shown below Wireless Station Access List M Turn Access Control On Trusted Wireless Stations Device Name MAC Address Available Wireless Stations Device Name MAC Address UNKNOWN 00 09 5B 68 7F 84 Add New Station Manually Device Name MAC Address Figure 4 4 3 Select the Turn Access Control On check box to enable restricting wireless computers by their MAC addresses 4 If the wireless station is currently connected to the network you can select it from the Available Wireless Stations list Click Add to add the station to the Trusted Wireless Stations list 5 Ifthe wireless station is not currently connected you can enter its address manually Enter the MAC address of the authorized computer The MAC address is usually printed on the wireless card or it may appear in the modem router s DHCP table The MAC address will be 12 hexadecimal digits Click Add to add your entry You can add several stations to the list but the entries will be discarded if you do not click Apply 4 10 Wireless Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G You can copy and paste the MAC addresses from the modem router s Attached
53. 9 07 26 32 07 29 48 07 38 12 07 38 39 07 38 42 07 39 43 07 39 49 07 39 49 07 41 29 Send out NTP reque Receive NTP Replay Administrator logi Administrator logi Administrator logi Administrator logi TCP Packet Sourc ICMP Packet Sour TCP Packet Sourc TCP Packet Sourc ICMP Packet Sour TCP Packet Sourc TCP Packet Sourc Ps Refresh Clear Log Send Log Vv Attempted access to blocked sites Connections to the Web based interface of this Router M Router operation start up get time etc M Known DoS attacks and Port Scans Syslog Disable C Broadcast on LAN Send to this Syslog server IP address Figure 6 7 Apply Cancel 6 10 v1 2 October 2006 Managing Your Network Reference Manual for the ADSL Modem Wireless Router DG834G Log entries are described in Table 6 4 below Table 6 4 Security Log entry descriptions Field Description Date and Time The date and time the log entry was recorded Description or The type of event and what action was taken if any Action Source IP The IP address of the initiating device for this log entry Source port and The service port number of the initiating device and whether it interface originated from the LAN or WAN Destination The name or IP address of the destination device or Web site Destination port The service port number of the destination device and whether and interface it s on the LAN or WA
54. Auto Policy menu shown in Figure 8 40 8 38 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G VPN Policies Policy Table Enable Name Type Local m toClient Auto 192 168 0 0 255 255 255 0 ToFVL Auto 192 168 0 0 255 255 255 0 192 168 2 0 255 255 255 0 Add Auto Policy Figure 8 40 Edit Delete Apply Cancel Add Manual Policy VPN Auto Policy General Policy Name Remote VPN Endpoint Z NetBIOS Enable I IKE Keep Alive Local LAN IP Address Remote LAN IP Address IKE Direction Exchange Mode Diffie Hellman DH Group Local Identity Type Data Remote Identity Type Data Parameters Encryption Algorithm Authentication Algorithm Pre shared Key SA Life Time I Enable PFS Perfect Forward Security Back Cancel Address Type Dynamic IP address z Address Data n a 4 AUB ae a Ping IP Address Subnet address x Single Start address Finish address Subnet Mask o a a rs in a AOA jo Single PC no Subnet x Single Start IP address Finish IP address JUL UL HHU qd Subnet Mask Responder only Auto z WAN IP Address z n a IP Address n a 3DES x Auto n 3600 Seconds Virtual Private Networking v1 2 October
55. Devices menu into the MAC Address box of this menu To do this configure each wireless computer to obtain a wireless link to the modem router The computer should then appear in the Attached Devices menu Note If you are configuring the modem router from a wireless computer whose MAC address is not in the Trusted Wireless Stations list and you select Trusted Wireless Stations only you will lose your wireless connection when you click Apply You must then access the modem router from a wired computer to make any further changes 6 Make sure the Turn Access Control On check box is selected then click Apply Now only devices on this list will be allowed to wirelessly connect to the DG834G v3 This prevents unauthorized access to your network Choosing WEP Authentication and Security Encryption Methods Security Encryption WEP Authentication Type Open System z Encryption Strength Open System Shared Ke Security Encryption WEP Key Passphrase Generate Key 1 ET8600E9CE520F95AE00B22A Key 2 O ti SSS SSS E Key 3 O CoS E Key 4 CoO E Apply Cancel Figure 4 5 Wireless Configuration 4 11 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Restricting wireless access prevents intruders from connecting to your network However the wireless data transmissions are still vulnerable to snooping Using the WEP data encryption
56. EAR but NETGEAR strongly recommends that you change your network Name to a different value Note This value is case sensitive For example Wireless is not the same as z wireless Region Select your country region from the drop down list This field displays the region of operation for which the wireless interface is intended ____ Note In the USA the Region is preset according to regulatory requirements and cannot be changed In other areas you can and must set the Region It may not be legal to operate the wireless access point in a region other than one of those identified in this field Channel This field determines which operating frequency will be used It should not be necessary to change the wireless channel unless you notice interference problems with another nearby access point Mode The default is g amp b which allows both g and b wireless stations to access this device g only allows only 802 11g wireless stations to be used b only allows 802 11b wireless stations 802 11g wireless stations can still be used if they can operate in 802 11b mode e Wireless Access Point Enable Wireless Access Point This field lets you turn off or turn on the wireless access point built in to the modem router The wireless icon on the front of the modem router will also display the current status of the Wireless Access Point to let you know if it is disabled or enabled T
57. EE NOT oori EEEE 9 2 Test LED Never Turns On or Test LED Stays ON sccssiccsseresavieteiaasiuesseasaseieriauaader ives 9 2 LAN or mernet Porn LEDS Nol OM serssesiisssiiiereaia Ei 9 2 Troubleshooting the Web Configuration Interface ccessssnnecesennenneessennneneeesenanenee 9 3 Traubleshooting the ISP COMMCGHOM scnciccccccsiecssteectecssiniesetsed ecdeesisqeuatemdseccceeenaiewrts 9 4 Pea MU EEE tactical E E NEE O E AANE A lad ail AT EETA 9 4 Oblaimnivg a WAN IF Address srecne a 9 5 Troubleshooting PPPOE or PPPOA cas sienna aie aise nadia neuen naeaie 9 6 Troubleshooting Internet Browsing sseccciciscceeseeisserecseitseeeceeustesnaescilseuneaeeuhvaenaeseiiiese 9 7 Troubleshooting a TCP IP Network Using the Ping Utility eects eeeeeeeeeeeteee 9 7 v1 2 October 2006 Testing the LAN Path to Your ROUTET seccisccucseectivouessanehiice cadeesnasesuateduedievienenteeteaniids 9 7 Testing the Path from Your Computer to a Remote Device secese 9 8 Restoring the Default Configuration and Password sssessssssssesrressssrrrssrrrrrssrrernsssrernns 9 9 Ucing me Rosat DUOI cssscassesashvossssanduneraxanannnitacsneannessensaanesinacunvesanssininansiaciannesassanean 9 9 Problems wiih Dat and TIME eva cry Sisaduids sannnaciiannnanwsines sauraaniniaataiaatiins saaiiatotea Eana i 9 9 Appendix A Technical Specifications Appendix B NETGEAR VPN Configuration Beori eaea eia E o N A E E AA E E E AA AA A B 1 Coniguration Prole serisini romberuw
58. G 1 4 About This Manual v1 2 October 2006 Chapter 2 Introduction This chapter describes the features of the NETGEAR 54 Mbps ADSL Modem Wireless Router Model DG834G The ADSL Modem Wireless Router is a combination of a built in ADSL modem modem router 4 port switch and firewall which enables your entire network to safely share an Internet connection that otherwise would be used by a single computer Note If you are unfamiliar with networking and routing refer to Internet Networking and TCP IP Addressing in Appendix C to become more familiar with the terms and procedures used in this manual About the Modem Router The 54 Mbps ADSL Modem Wireless Router Model DG834G provides continuous high speed 10 100 Ethernet access between your Ethernet devices With minimum setup you can install and use the modem router within minutes The ADSL Modem Wireless Router provides multiple Web content filtering options reporting and instant alerts Parents and network administrators can establish restricted access policies based on time of day Web site addresses and address keywords They can also share high speed ADSL Internet access for up to 253 personal computers The included firewall and Network Address Translation NAT features protect you from hackers Introduction 2 1 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Key Features The ADSL Modem Wireless Router provides
59. Get Automatically Fram ISP Use These DNS Servers Primary DNS i Secondary DNS p i NAT Network Address Translation Enable Disable Disable firewall Enable Disable Disable firewall 3 14 Configuring Your Internet Connection v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G How to Perform Manual Configuration We recommend that you start the manual configuration from the Setup Wizard 1 wa PF Y NS Select your country and language Language choices are English French German and Italian After you change the language the remaining setup screens change to the language of your choice Select No to manually configure your modem router connection Click Next Manually configure the modem router in the Basic Settings menu shown above Follow the instructions below according to the encapsulation method and whether your Internet connection requires a login The following methods are available e Internet Connection Requires Login and Uses PPPoE e Internet Connection Requires Login and Uses PPPoA e Internet Connection Does Not Require a Login Usually the default ADSL Settings work fine for most ISPs and you can skip this step If you have any problems with your connection check the ADSL Settings See ADSL Settings on page 3 19 for more
60. If the IP address of the local server computer is assigned by DHCP it may change when the computer is rebooted To avoid this use the Reserved IP address feature in the LAN IP menu to keep the computer s IP address constant Local computers must access the local server using the computer s local LAN address 192 168 0 11 in the example above Attempts by local computers to access the server using the external WAN IP address will fail Outbound Rules Service Blocking The DG834G v3 allows you to block the use of certain Internet services by computers on your network This is called service blocking or port filtering You can define an outbound rule to block Internet access from a local computer based on e IP address of the local computer source address e IP address of the Internet site being contacted destination address e Time of day e Type of service being requested service port number Following is an application example of outbound rules Protecting Your Network 5 9 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Outbound Rule Example Blocking Instant Messenger If you want to block Instant Messenger usage by employees during working hours you can create an outbound rule to block that application from any internal IP address to any external address according to the schedule that you have created in the Schedule menu You can also have the modem router log any attempt to use Instan
61. L Modem Wireless Router DG834G IN Security Policy Editor NETGEAR ProSafe VPN Client File Edit Options Help ia NETGEAR S Network Security Policy My Connections Qp toDGEIG G My Identity Authentication Method EI Security Policy Pesky ff E Authentication Phase 1 jones BD Key Exchange Phase 2 Encryption and Data Integrity Algorithms A Proposal 1 Ds Other Connections Encrypt Alg Triple DES 7 Hash Alg SHA 1 SZ Authentication Method and Algorithms Seconds SA Life Unspecified v Key Group Diffie Hellman Group 2 hl Figure B 20 In the Authentication Method menu select Pre Shared key In the Encrypt Alg menu select the type of encryption In this example use Triple DES e Inthe Hash Alg menu select SHA 1 f Inthe SA Life menu select Unspecified g Inthe Key Group menu select Diffie Hellman Group 2 6 Configure the VPN Client Key Exchange Proposal In this step you will provide the type of encryption DES or 3DES to be used for this connection This selection must match your selection in the VPN router configuration B 24 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G a Expand the Key Exchange subheading by double clicking its name or clicking on the symbol Then select Proposal 1 below Key Exchange IN Security Policy Editor NETGEAR ProSafe VPN Client File Edit Options Help Network Se
62. L Modem Wireless Router DG834G e Dynamic DNS Dynamic DNS services allow remote users to find your network using a domain name when your IP address is not permanently assigned The modem router contains a client that can connect to many popular Dynamic DNS services to register your dynamic IP address e Universal Plug and Play UPnP UPnP is a networking architecture that provides compatibility between networking technologies UPnP compliant routers provide broadband users at home and small businesses with a seamless way to participate in online games videoconferencing and other peer to peer services Virtual Private Networking VPN The ADSL Modem Wireless Router provides a secure encrypted connection between your local area network LAN and remote networks or clients It includes the following VPN features e Supports 5 VPN connections e Supports industry standard VPN protocols The ADSL Modem Wireless Router supports standard Manual or IKE keying methods standard MD5 and SHA 1 authentication methods and standard DES and 3DES encryption methods It is compatible with many other VPN products e Supports 3DES encryption for maximum security e VPN Wizard based on VPNC recommended settings Auto Sensing and Auto Uplink LAN Ethernet Connections With its internal 4 port 10 100 switch the DG834G v3 can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network The local LAN ports are autosensing a
63. Log into the router at its default LAN address of http 192 168 0 1 with its default User Name of admin default password of password or using whatever User Name Password and LAN address you have chosen for the router 2 From the Main Menu of the browser interface under Advanced click Static Routes to view the Static Routes menu shown in Figure 7 5 Static Routes Ta activel Name _Destination Gateway li YEs isane 134 177 0 0 192 168 0100 Add Edit Delete Figure 7 5 3 To add or edit a Static Route a Click the Edit button to open the Edit Menu shown in Figure 7 6 Static Routes Route Name lisdn_rtr M Private M Active Destination IP Address 134 i77_ IP Subnet Mask 255 255 bo po Gateway IP Address haz jee Metric ho Figure 7 6 b Type a route name for this static route in the Route Name box under the table This is for identification purpose only c Select Private if you want to limit access to the LAN only The static route will not be reported in RIP 7 12 Advanced Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G d Select Active to make this route effective e Type the Destination IP Address of the final destination f Type the IP Subnet Mask for this destination If the destination is a single host type 255 255 255 255 g Type the Gateway IP Address which must be a router on the same LAN segment as the router
64. N Log action buttons are described in Table 6 5 below Table 6 5 Security Log action buttons Field Description Refresh Refresh the log screen Clear Log Clear the log entries Send Log Email the log immediately Apply Apply the current settings Cancel Clear the current settings Managing Your Network 6 11 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Selecting What Information to Log Besides the standard information listed above you can choose to log additional information Those optional selections are as follows e Attempted access to blocked site e Connections to the Web based interface of the modem router e Modem Router operation start up get time etc Known DoS attacks and Port Scans Saving Log Files on a Server You can choose to write the logs to a computer running a syslog program To activate this feature select to Broadcast on Lan or enter the IP address of the server where the Syslog file will be written Examples of Log Messages Following are examples of log messages In all cases the log entry shows the timestamp as Day Year Month Date Hour Minute Second Activation and Administration Tue 2002 05 21 18 48 39 NETGEAR activated This entry indicates a power up or reboot with initial time entry Tue 2002 05 21 18 55 00 Administrator login successful IP 192 168 0 2 Thu 2002 05 21 18 56 58 A
65. N address of http 192 168 0 1 with its default User Name of admin default password of password or using whatever Password and LAN address you have chosen for the modem router 2 Select the Schedule link of the Security menu to display menu shown above 3 To block Internet services based on a schedule select Every Day or select one or more days If you want to limit access completely for the selected days select All Day Otherwise to limit access during certain times for the selected days enter Start Blocking and End Blocking times 4 Enter the values in 24 hour time format For example 10 30 am would be 10 hours and 30 minutes and 10 30 pm would be 22 hours and 30 minutes If you set the start time after the end time the schedule will be effective through midnight the next day 5 Click Apply to save your changes Protecting Your Network 5 15 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 5 16 v1 2 October 2006 Protecting Your Network Chapter 6 Managing Your Network This chapter describes how to perform network management tasks with your 54 Mbps ADSL Modem Wireless Router Model DG834G Backing Up Restoring or Erasing Your Settings The configuration settings of the ADSL Modem Wireless Router are stored in a configuration file in the modem router This file can be backed up to your computer restored or reverted to factory default settings The procedures below explain how
66. Open Network Authentication is enabled you can choose 64 or 128 bit WEP data encryption Note With Open Network Authentication and 64 or 128 bit WEP Data Encryption the DG834G v3 does perform 64 or 128 bit data encryption but does not perform any authentication Security Encryption WEP Key These key values must be identical on all wireless devices in your network key 1 must be the same for all key 2 must be the same for all and so on The DG834G v3 provides two methods for creating WEP encryption keys e Passphrase These characters are case sensitive Enter a word or group of printable characters in the Passphrase box and click the Generate button Note Not all wireless adapters support passphrase key generation e Manual These values are not case sensitive 64 bit WEP enter 10 hexadecimal digits any combination of 0 9 a f or A F 128 bit WEP enter 26 hexadecimal digits any combination of 0 9 a f or A F Wireless Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Table 4 1 Wireless Security Options continued Field Description WPA PSK WPA Pre Shared Key Wi Fi Protected Access Pre Shared Key uses a pre shared key TKIP WPA2 to perform the authentication and generate the initial data encryption keys Then it PSK AES dynamically varies the encryption key WPA PSK TKIP implements most of the IEEE 802 11i standard and is designed to work with all w
67. Other Connections ID Type Port IP Address 7 C Any Virtual Adapter Disabled Intemal Network IP Address foon S r Internet Interface Name Ang z IP Addr Any Figure 8 11 b Choose None in the Select Certificate menu c Select IP Address in the ID Type menu If you are using a virtual fixed IP address enter this address in the Internal Network IP Address box Otherwise leave this box empty d In the Internet Interface box select the adapter you use to access the Internet Select PPP Adapter in the Name menu if you have a dial up Internet account Select your Ethernet adapter if you have a dedicated Cable or DSL line You may also choose Any if you will be switching between adapters or if you have only one adapter Virtual Private Networking 8 15 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e Click the Pre Shared Key button In the Pre Shared Key dialog box click the Enter Key button Enter the DG834G v3 s Pre Shared Key and click OK In this example 12345678 is entered This field is case sensitive Pre Shared Key Enter Pre Shared Key at least 8 characters This key is used during Authentication Phase if the Authentication Method Proposal is Pre Shared key Figure 8 12 5 Configure the VPN Client Authentication Proposal In this step you will provide the type of encryption DES or 3DES to be used for this connection This selection must mat
68. PN Status Figure 8 37 to get the Current VPN Tunnels SAs screen Figure 8 38 Click Drop for the VPN tunnel you want to deactivate E Current YPN Tunnels SAs Microsoft Internet Explorer Current VPN Tunnels SAs g SPI In SPI Out Policy Name Remote Endpoint Action SLifeTime HLifeTime 1 saee064080 3779227165 RoadvYarrior 192 168 2 2 _Drop 28716 28715 a Figure 8 38 8 36 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Deleting a VPN Tunnel To delete a VPN tunnel 1 Log in to the Modem Router 2 Open the DG834G v3 management interface and click VPN Policies to display the VPN Policies screen Figure 8 39 Select the radio button for the VPN tunnel to be deleted and click the Delete button VPN Policies Policy Table Enable Name Type Local Remote ESP 1 RoadyVarrior Auto 192 168 3 1 255 255 255 0 3DES Figure 8 39 Virtual Private Networking 8 37 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G How to Set Up VPN Tunnels in Special Circumstances When the VPN Wizard and its VPNC defaults see Table 8 2 are not appropriate for your special circumstances use one of the following alternatives e Auto Policy for a typical automated Internet Key Exchange IKE setup see Using Auto Policy to Configure VPN Tunnels on page 8 38 Auto Policy uses the IKE pro
69. Policy E Authentication Phase 1 Aggressive Mode E Proposal 1 C Use M 3s Key Exchange Phase 2 action A Proposal 1 Ds Other Connections J Enable Perfect Forward Secrecy PFS Ditie Hetman Group 2 I Enable Replay Detection Figure B 17 c Select the Main Mode in the Select Phase 1 Negotiation Mode check box 4 Configure the VPN Client Identity In this step you will provide information about the remote VPN client PC You will need to provide the Pre Shared Key that you configured in the DG834G v3 and either a fixed IP address or a fixed virtual IP address of the VPN client PC NETGEAR VPN Configuration B 21 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G a In the Network Security Policy list on the left side of the Security Policy Editor window click My Identity IN Security Policy Editor NETGEAR ProSafe VPN Client File Edit Options Help a NETGEAR N Network Security Policy J My Connections My Identity oDG834G Shares Dy Select Cetficate _Pre Shared Key a Security Policy None x 26 raan Phase 1 ID Type Pot 4 Proposal 1 Key NA Phase 2 Domain Nane E zi Qs Other a a Virtual Adapter Disabled v Intemet Interface Name 1 Intel R PRO 100 VE Network Connection IP Addr 19216823 Figure B 18 b Choose None in the Select Certificate menu c Select Domain Name in the ID Type menu and enter toDG834G com in th
70. Policy to Configure VPN Tunnels on page 8 38 A Manual Keying setup in which you must specify each phase of the connection see Using Manual Policy to Configure VPN Tunnels on page 8 49 Table 8 2 Parameters Recommended by the VPNC and Used in the VPN Wizard Parameter Secure Association Factory Default Main Mode Authentication Method Pre shared Key Encryption Method 3DES Authentication Protocol SHA 1 Diffie Hellman DH Group Group 2 1024 bit Key Life IKE Life Time 8 hours 1 hour e What level of IPSec VPN encryption will you use DES The Data Encryption Standard DES processes input data that is 64 bits wide encrypting these values using a 56 bit key Faster but less secure than 3DES 3DES Triple DES achieves a higher level of security by encrypting the data three times using DES with three different unrelated keys e What level of authentication will you use MDS 128 bits faster but less secure SHA 1 160 bits slower but more secure Virtual Private Networking 8 5 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G VPN Tunnel Configuration There are two tunnel configurations and three ways to configure them e Use the VPN Wizard to configure a VPN tunnel recommended for most situations See How to Set Up a Client to Gateway VPN Configuration on page 8 7
71. R VPN Configuration B 15 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G VPN Auto Policy General Policy Name Remote YPN Endpoint Address Type F NetBIOS Enable M IKE Keep Alive Local LAN IP Address Remote LAN IP Address IKE Direction Exchange Mode Diffie Hellman DH Group Local Identity Type Data Remote Identity Type Data Parameters Encryption Algorithm Authentication Algorithm Pre shared Key SA Life Time romDG834G Dynamic IP address Address Data Ping IP Address Subnet address z Single Start address Finish address Subnet Mask Single address x q Single Start IP address 192 168 E P Finish IP address Subnet Mask Responder only Main Mode 7 lt Auto Y Fully Qualified Domain Name x fromDG834G com Fully Qualified Domain Name gt ftoDG834G com 3DES z B E 600 I Enable PFS Perfect Forward Security Back Cancel Figure B 13 fromDG834G in the example Dynamic IP address IKE Keep Alive is optional must match Remote LAN IP Address when enabled remote PC must respond to pings Subnet address 192 168 0 1 in this example 255 255 255 0 Single address 192 168 2 3 in this example _ Remote NAT router must have Address Reservation set and VPN Passthrough enabled Main Mode Fully Qualified Domain Name fromDG834G com in this example Fully Qualified Doma
72. Router Setup Manual on the DG834G ADSL Modem Wireless Router Resource CD or online as shown in the following table Table 3 1 Language URL Dutch http documentation netgear com dg834g nld 208 10039 01 English http documentation netgear com dg834g enu 208 10033 01 French http documentation netgear com dg8349 fra 208 10034 01 German http documentation netgear com dg8342 deu 208 10035 01 Italian http documentation netgear com dg834g ita 208 10036 01 Spanish http documentation netgear com dg8348 esp 208 10037 01 Swedish http documentation netgear com dg8349 sve 208 10038 01 Manual Setup Use the topics and procedures below to manually set up your modem router What You Need Before You Begin You need to prepare the following before you can set up your firewall e Active Internet service provided by an ADSL account Configuring Your Internet Connection 3 1 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e The Internet Service Provider ISP configuration information for your ADSL account ISP Login Name and Password ISP Domain Name Server DNS Addresses Fixed or Static IP Address e ASDL microfilters as explained below e Your computers set to DHCP Your ISP should have provided you with all the information needed to connect to the Internet If you cannot locate this information you can ask your ISP to provide it Intern
73. Strong security Figure 4 1 There are several ways you can enhance the security of your wireless network e Restrict Access Based on MAC Address You can allow only trusted PCs to connect so that unknown PCs cannot wirelessly connect to the DG834G v3 Restricting access by MAC address adds an obstacle against unwanted access to your network but the data broadcast over the wireless link is fully exposed e Turn Off the Broadcast of the Wireless Network Name SSID If you disable broadcast of the SSID only devices that have the correct SSID can connect This nullifies wireless network discovery feature of some products such as Windows XP but the data is still exposed 4 2 Wireless Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e WEP Wired Equivalent Privacy WEP data encryption provides data security WEP Shared Key authentication and WEP data encryption will block all but the most determined eavesdropper This data encryption mode has been superseded by WPA PSK and WPA2 PSK e WPA 802 1x WPA2 802 1x Wi Fi Protected Access WPA with user authentication implemented using IEE 802 1x and RADIUS servers e WPA PSK TKIP WPA2 PSK AES Wi Fi Protected Access WPA using a pre shared key to perform authentication and generate the initial data encryption keys The very strong authentication along with dynamic per frame re keying of WPA make it virtually impossible to compromi
74. al routing should be selected only by experienced users Note Disabling NAT will reboot the router and reset all the DG834G v3 configuration settings to the factory default Disable NAT only if you plan to install the DG834G v3 in a setting where you will be manually administering the IP address space on the LAN side of the router The Disable Firewall option disables the firewall in addition to disabling NAT The Disable option leaves the firewall active With the firewall disabled the protections normally provided to your network will be disabled Internet Connection Does Not Require A Login 1 If your Internet connection does not require a login select No and fill in the settings according to the instructions below 2 Enter your Account Name may also be called Host Name and Domain Name These parameters may be necessary to access your ISP s mail or news servers 3 Internet IP Address e Select Get Dynamically from ISP if your ISP uses DHCP to assign your IP address Your ISP will automatically assign these addresses e Select Use Static IP Address if your ISP has assigned you a permanent fixed static IP address Enter the IP address that your ISP assigned Also enter the IP Subnet Mask and the Gateway IP Address The gateway is the ISP s modem router to which your modem router will connect Configuring Your Internet Connection 3 17 v1 2 October 2006 Reference Manual for the ADSL M
75. apsulation method Enter the login name frequently the email address your ISP provided and password 4 If you want to change the login timeout enter a new value in minutes This determines how long the modem router keeps the Internet connection active after there is no Internet activity from the LAN Entering an Idle Timeout value of zero means never log out 3 16 Configuring Your Internet Connection v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G When a connection uses PPPoA the IP address is normally assigned automatically However the DG834G v3 allows this address to be set manually e Select Get Dynamically from ISP if your ISP assigns your IP address e Select Use Static IP Address if your ISP gave you a statically assigned address The DNS server is used to look up site addresses based on their names e Select Get Automatically from ISP if your ISP uses DHCP to assign your DNS servers Your ISP will automatically assign this address e Select Use These DNS Servers if your ISP gave you one or two DNS addresses Type the primary and secondary addresses You should only disable NAT if you are sure you do not require it NAT automatically assigns private IP addresses 192 168 0 x to LAN connected devices When NAT is disabled only standard routing is performed by this router Classical routing lets you directly manage the IP addresses the DG834G v3 uses Classic
76. ata Reply from 192 168 3 1 bytes 32 time 2 ms TTL 254 Reply from 192 168 3 1 bytes 32 time 18ms TTL 254 Reply from 192 168 3 1 bytes 32 time 2 ms TTL 254 Figure 8 33 Note The pings may fail the first time If so then try the pings a second time Start Using a VPN Tunnel to Activate It To use a VPN tunnel use a Web browser to go to a URL whose IP address or range is covered by the policy for that VPN tunnel 8 32 v1 2 October 2006 Virtual Private Networking Reference Manual for the ADSL Modem Wireless Router DG834G Verifying the Status of a VPN Tunnel To use the VPN Status page to determine the status of a VPN tunnel perform the following steps 1 Log in to the Modem Router 2 Open the DG834G v3 management interface and click on VPN Status to get the VPN Status Log screen Figure 8 34 VPN Status Log Tue 2004 06 22 22 58 26 GtoG initiating Main Mode 2004 06 22 22 58 26 GtoG ISAKMP S4 established 2004 06 22 22 58 26 GtoG sent QIZ IPsec SA established 2004 06 22 22 58 27 GtoG sent Q12 IPsec 54 established Retesh ClearLog _VPNStatus_ Figure 8 34 Log this log shows the details of recent VPN activity including the building of the VPN tunnel If there is a problem with the VPN tunnel refer to the log for information about what might be the cause of the problem e Click Refresh to see the most recent entries e Click Clear Log to d
77. atches the Connection Name you entered in the VPN Settings of the DG834G v3 on LAN A ____ Note In this example the Connection Name used on the client side of the VPN tunnel is toDG834 and it does not have to match the Road Warrior Connection Name used on the gateway side of the VPN tunnel because Connection Names are arbitrary to how the VPN tunnel functions mr Tip Choose Connection Names that make sense to the people using and r S EE administering the VPN c Select Secure in the Connection Security check box group d Select IP Subnet in the ID Type menu e In this example type 192 168 3 1 in the Subnet field as the network address of the DG834G v3 f Enter 255 255 255 0 in the Mask field as the LAN Subnet Mask of the DG834G v3 g Select All in the Protocol menu to allow all traffic through the VPN tunnel Virtual Private Networking 8 13 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G h Select the Connect using Secure Gateway Tunnel check box i Select IP Address in the ID Type menu below the check box j Enter the public WAN IP Address of the DG834G v3 in the field directly below the ID Type menu In this example 22 23 24 25 would be used k The resulting Connection Settings are shown in Figure 8 10 3 Configure the Security Policy in the NETGEAR ProSafe VPN Client software a Inthe Network Security Policy list expand the new connection by double cl
78. c ID LAN IP Address Subnet Mask WAN IP Address To set up a VPN connection you must configure each endpoint with specific identification and connection information describing the other endpoint You must configure the outbound VPN settings on one end to match the inbound VPN settings on other end and vice versa This set of configuration information defines a security association SA between the two VPN endpoints When planning your VPN you must make a few choices first e Will the local end be any device on the LAN a portion of the local network as defined by a subnet or by a range of IP addresses or a single PC e Will the remote end be any device on the remote LAN a portion of the remote network as defined by a subnet or by a range of IP addresses or a single PC 8 4 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e Will either endpoint use Fully Qualified Domain Names FQDNs FQDNs supplied by Dynamic DNS providers see The Use of a Fully Qualified Domain Name FQDN on page B 8 can allow a VPN endpoint with a dynamic IP address to initiate or respond to a tunnel request Otherwise the side using a dynamic IP address must always be the initiator e What method will you use to configure your VPN tunnels The VPN Wizard using VPNC defaults see Table 8 2 The typical automated Internet Key Exchange IKE setup see Using Auto
79. cedures assume that you have already registered with a DDNS Service Provider and have the configuration information necessary to set up the gateways Step By Step Configuration 1 Log in to the DG834G v3 labeled Gateway A as in the illustration Out of the box the DG834G v3 is set for its default LAN address of http 192 168 0 1 with its default user name of admin and default password of password For this example we will assume you have set the local LAN address as 10 5 6 1 for Gateway A and have set your own password 2 Click on the Dynamic DNS link on the left side of the Settings management GUI This will take you to the Dynamic DNS Menu B 8 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 3 On the DG834G v3 configure the Dynamic DNS settings a Browse to the Dynamic DNS Setup Screen see Figure B 6 in the Advanced menu Dynamic DNS I Use a Dynamic DNS Service Service Provider www DynDNS org Host Name ao User Name FO Password tT I Use Wildcards Apply Cancel Show Status Figure B 6 b Configure this screen with appropriate account and hostname settings and then click Apply e Check the box Use a Dynamic DNS Service e Host Name dg834g dyndns org e User Name lt user s account username gt e Password lt user s account password gt c Click Show Status The resulting screen should show Update OK good see Figure B 7
80. ch your selection in the DG834G v3 configuration a Inthe Network Security Policy list on the left side of the Security Policy Editor window expand the Security Policy heading by double clicking its name or clicking on the symbol b Expand the Authentication subheading by double clicking its name or clicking on the symbol Then select Proposal 1 below Authentication IN Security Policy Editor NETGEAR ProSafe VPN Client File Edit Options Help exa NETGEAR N Network Security Policy My Connections Authentication Method and Algorithms d toDG834G G My Identity Authentication Method 8 Security Policy S Authentication Phase 1 Proposal 1 S Key Exchange Phase 2 Encryption and Data Integrity Algorithms B Proposal 1 a Other Connections Encrypt Alg Triple DES Ne Hash Alg SHA 1 ZI Seconds SA Life Unspecified v Pre Shared Key Key Group _ Diffie Hellman Group 2 Me Figure 8 13 8 16 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e f g In the Authentication Method menu select Pre Shared key In the Encrypt Alg menu select the type of encryption to correspond with what was configured for the Encryption Protocol in the DG834G v3 in Table 8 3 on page 8 8 In this example use Triple DES In the Hash Alg menu select SHA 1 In the SA Life menu select Unspecified In the Key Group
81. chiara che questo 54 Mbps ADSL Modem Wireless Italian Router Model DG834G conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999 5 CE Latviski Ar o NETGEAR Inc deklarg ka 54 Mbps ADSL Modem Wireless Router Model Latvian DG834G atbilst Direktivas 1999 5 EK b tiskaj m prasibam un citiem ar to saistitajiem noteikumiem Lietuvio Siuo NETGEAR Inc deklaruoja kad Sis 54 Mbps ADSL Modem Wireless Router Lithuanian Model DG834G atitinka esminius reikalavimus ir kitas 1999 5 EB Direktyvos nuostatas v1 2 October 2006 Nederlands Hierbij verklaart NETGEAR Inc dat het toestel 54 Mbps ADSL Modem Wireless Router Dutch Model DG834G in overeenstemming is met de essenti le eisen en de andere relevante bepalingen van richtlijn 1999 5 EG Malti Hawnhekk NETGEAR Inc jiddikjara li dan 54 Mbps ADSL Modem Wireless Router Maltese Model DG834G jikkonforma mal tiijiet essenzjali u ma provvedimenti orajn relevanti li hemm fid Dirrettiva 1999 5 EC Magyar Alulirott NETGEAR Inc nyilatkozom hogy a 54 Mbps ADSL Modem Wireless Router Hungarian Model DG834G megfelel a vonatkoz alapvet k vetelm nyeknek s az 1999 5 EC iranyelv egy b eldirasainak Polski Niniejszym NETGEAR Inc ooewiadcza e 54 Mbps ADSL Modem Wireless Router Polish Model DG834G jest zgodny z zasadniczymi wymogami oraz pozosta ymi stosownymi postanowieniami Dyrektywy
82. com xxx html gt is blocked e Ifthe keyword com is specified only Web sites with other domain suffixes such as edu or gov can be viewed e Enter the keyword to block all Internet browsing access Up to 32 entries are supported in the Keyword list To delete a keyword or domain select it from the list click Delete Keyword then click Apply To specify a trusted user enter that computer s IP address in the Trusted IP Address box and click Apply Protecting Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G You can specify one trusted user which is a computer that will be exempt from blocking and logging Since the trusted user will be identified by an IP address you should configure that computer with a fixed IP address 7 Click Apply to save your settings Firewall Rules Firewall rules are used to block or allow specific traffic passing through from one side of the router to the other Inbound rules WAN to LAN restrict access by outsiders to private resources selectively allowing only specific outside users to access specific resources Outbound rules LAN to WAN determine what outside resources local users can have access to A firewall has two default rules one for inbound traffic and one for outbound The default rules of the DG834G v3 are e Inbound Block all access from outside except responses to requests from the LAN side e Outbound Allo
83. ct When accessing your modem router from the Internet you will type your modem router s WAN IP address in your browser s Address in IE or Location in Netscape box followed by a colon and the custom port number For example if your external address is 134 177 0 123 and you use port number 8080 enter in your browser http 134 177 0 123 8080 Note In this case the http must be included in the address Managing Your Network 6 17 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 6 18 v1 2 October 2006 Managing Your Network Chapter 7 Advanced Configuration This chapter describes how to configure the advanced features of your 54 Mbps ADSL Modem Wireless Router Model DG834G Configuring Advanced Security The 54 Mbps ADSL Modem Wireless Router Model DG834G provides a variety of advanced features such as Setting up a Demilitarized Zone DMZ Server Connecting Automatically as Required Disabling Port Scan and DOS Protection Responding to a Ping on the Internet WAN Port MTU Size Flexibility on configuring your LAN TCP IP settings Using the Router as a DHCP Server Configuring Dynamic DNS Configuring Static Routes These features are discussed below Advanced Configuration 7 1 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Setting Up A Default DMZ Server The Default DMZ Server feature is helpful when usi
84. ct the Remote Management link Remote Management Turn Remote Management On Remote Management Address Allow Remote Access By Only This Computer IP Address Range From To Everyone Port Number 8080 Figure 6 10 3 Select the Turn Remote Management On check box 6 16 Managing Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 4 Specify what external addresses will be allowed to access the modem router s remote management For security restrict access to as few external IP addresses as practical e To allow access from any IP address on the Internet select Everyone e To allow access from a range of IP addresses on the Internet select IP address range Enter a beginning and ending IP address to define the allowed range e To allow access from a single IP address on the Internet select Only this Computer Enter the IP address that will be allowed access 5 Specify the Port Number that will be used for accessing the management interface Web browser access normally uses the standard HTTP service port 80 For greater security you can change the remote management Web interface to a custom port by entering that number in the box provided Choose a number between 1024 and 65535 but do not use the number of any common service port The default is 8080 which is a common alternate for HTTP 6 Click Apply to have your changes take effe
85. cting telephones does not result in a green Internet LED there may be a problem with your wiring If the telephone company has tested the ADSL signal at your Network Interface Device NID then you may have poor quality wiring in your house 9 4 Troubleshooting v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Internet LED Off If the Internet LED is off disconnect all telephones on the line If this solves the problem reconnect the telephones one at a time being careful to use a microfilter on each telephone If the microfilters are connected correctly you should be able to connect all your telephones If disconnecting telephones does not result in a green Internet LED the problem may be one of the following e Check that the telephone company has made the connection to your line and tested it e Verify that you are connected to the correct telephone line If you have more than one phone line be sure that you are connected to the line with the ADSL service It may be necessary to use a swapper if you ADSL signal is on pins 1 and 4 or the RJ 11 jack The ADSL Modem Wireless Router uses pins 2 and 3 Obtaining a WAN IP Address If your modem router is unable to access the internet and your Internet LED is green or blinking green you should determine whether the modem router is able to obtain a WAN IP address from the ISP Unless you have been assigned a static IP address your modem router must requ
86. ctions for correct handling Customer Support Refer to the Support Information Card that shipped with your 54 Mbps ADSL Modem Wireless Router Model DG834G World Wide Web NETGEAR maintains a World Wide Web home page that you can access at the universal resource locator URL http www netgear com A direct connection to the Internet and a Web browser such as Internet Explorer or Netscape are required Product and Publication Details Model Number DG834G v3 Publication Date October 2006 Product Family Modem Router Product Name 54 Mbps ADSL Modem Wireless Router Model DG834G Home or Business Product Home Language English Publication Part Number 202 10155 03 Publication Version Number 1 2 v1 2 October 2006 vi v1 2 October 2006 Contents Reference Manual for the ADSL Modem Wireless Router DG834G Chapter 1 About This Manual Audience Scope Conventions and Formats cccccccccccccsesceceseseseeeeeeeeeeeseceeeeeseseeeees 1 1 FU Prin mie Man he esi nichd Ba suchen eisautens wash mien pa ae need amigas aaa eee samedi 1 2 Chapter 2 Introduction About the Modem Router archaic ie erate nnie einander naa NEE a EEANN E Kaaa aE 2 1 Key FeotIrOS cciscsssusacsvesonsbanaeysacbagie R E a E 2 2 A Fowl Tue Firewall sicrie A 2 2 802 11 Standards based Wireless Networking ccsscccccesseenecerennneneeeetennenees 2 3 Easy Installation and Management siisccciseccssnsasiey tein aos canadsooacainaaid ani
87. ctober 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Gateway to Gateway VPN Tunnels e Gateway to Gateway VPN Tunnels provide secure access between networks such as a branch or home office and a main office DG834G VPN Firewall VPN Tunnel DG834G VPN Firewall a INTERNET PCs gg PCs Figure 8 2 A VPN between two or more NETGEAR VPN enabled routers is a good way to connect branch or home offices and business partners over the Internet VPN tunnels also enable access to network resources across the Internet In this case use DG834G v3s on each end of the tunnel to form the VPN tunnel end points See How to Set Up a Gateway to Gateway VPN Configuration on page 8 21 to set up this configuration Virtual Private Networking 8 3 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Planning a VPN When you set up a VPN it is helpful to plan the network configuration and record the configuration parameters on a worksheet Table 8 1 VPN Tunnel Configuration Worksheet Connection Name Pre Shared Key Secure Association Main Mode or Manual Keys Perfect Forward Secrecy Enabled or Disabled Encryption Protocol DES or 3DES Authentication Protocol MD5 or SHA 1 Diffie Hellman DH Group Group 1 or Group 2 Key Life in seconds IKE Life Time in seconds FQDN or Gateway IP VPN Endpoint Local IPSe
88. cument Link Internet Networking and TCP IP http documentation netgear com reference enu tcpip index htm Addressing Wireless Communications http documentation netgear com reference enu wireless index htm Preparing a Computer for http documentation netgear com reference enu wsdhcp index htm Network Access Virtual Private Networking VPN http documentation netgear com reference enu vpn index htm Glossary http documentation netgear com reference enu glossary index htm Related Documents C 1 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G v1 2 October 2006 Related Documents
89. curity Policy My Connections toDG834G 3 My Identity a Security Policy E Authentication Phase 1 A Proposal 1 amp Key Exchange Phase 2 B NETGEAR N IPSec Protocols Seconds KBytes SA Lfe Unspecified x Compression None M Encapsulation Protocol ESP Encrypt Alg Triple DES x 23 Other Connections Hash Alg SHA 1 Encapsulation Tunnel X J Authentication Protocol AH Figure B 21 a In the SA Life menu select Unspecified In the Compression menu select None Check the Encapsulation Protocol ESP checkbox a p e Inthe Encrypt Alg menu select the type of encryption In this example use Triple DES f Inthe Hash Alg menu select SHA 1 g Inthe Encapsulation menu select Tunnel h Leave the Authentication Protocol AH checkbox unchecked Save the VPN Client settings From the File menu at the top of the Security Policy Editor window select Save After you have configured and saved the VPN client information your PC will automatically open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router s LAN 8 Check the VPN Connection NETGEAR VPN Configuration B 25 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G To check the VPN Connection you can initiate a request from the remote PC to the VPN router s network by using the Connect option in the ADSL Modem Wireless Router
90. der de v sentlige krav og vrige relevante krav i direktiv 1999 5 EF Deutsch Hiermit erklart NETGEAR Inc dass sich das Gerat 54 Mbps ADSL Modem Wireless German Router Model DG834G in Ubereinstimmung mit den grundlegenden Anforderungen und den Ubrigen einschlagigen Bestimmungen der Richtlinie 1999 5 EG befindet Eesti K esolevaga kinnitab NETGEAR Inc seadme 54 Mbps ADSL Modem Wireless Router Estonian Model DG834G vastavust direktiivi 1999 5 EU p hin uetele ja nimetatud direktiivist tulenevatele teistele asjakohastele s tetele English Hereby NETGEAR Inc declares that this 54 Mbps ADSL Modem Wireless Router Model DG834G is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC Espa ol Por medio de la presente NETGEAR Inc declara que el 54 Mbps ADSL Modem Spanish Wireless Router Model DG834G cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999 5 CE EAAnvikh ME THN MNAPOYZA NETGEAR Inc AHAQNE OTI 54 Mbps ADSL Modem Wireless Greek Router Model DG834G ZYMMOP ONETAI MPO TIZ OYZIOAEIZ ANAITHZEIZ KAI TIZ AOINES 2XETIKEZ AIATA EIZ TH OAHIMAZ 1999 5 EK Frangais Par la pr sente NETGEAR Inc d clare que l appareil 54 Mbps ADSL Modem Wireless French Router Model DG834G est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 CE Italiano Con la presente NETGEAR Inc di
91. dministrator logout IP 192 168 0 2 This entry shows an administrator logging in and out from IP address 192 168 0 2 Tue 2002 05 21 19 00 06 Login screen timed out IP3192 268 0 2 This entry shows a time out of the administrator login Wed 2002 05 22 22 00 19 Log emailed This entry shows when the log was emailed 6 12 Managing Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Dropped Packets Wed 2002 05 22 07 15 15 TCP packet dropped Source 64 12 47 28 4787 WAN Destination 134 177 0 11 21 LAN Inbound Default rule match Sun 2002 05 22 12 50 33 UDP packet dropped Source 64 12 47 28 10714 WAN Destination 134 177 0 11 6970 LAN Inbound Default rule match Sun 2002 05 22 21 02 53 ICMP packet dropped Source 64 12 47 28 0 WAN Destination 134 177 0 11 0 LAN Inbound Default rule match These entries show an inbound FTP port 21 packet User Datagram Protocol UDP packet port 6970 and Internet Control Message Protocol ICMP packet port 0 being dropped as a result of the default inbound rule which states that all inbound packets are denied Enabling Security Event E mail Notification In order to receive logs and alerts by e mail you must provide your e mail information in the E mail subheading E mail J Turn E mail Notification On Send Alerts and Logs Via E mail Send To This E mail Address Outgoing Mail
92. e Blink Green Data is being transmitted or received by the Internet port p On Indicates that the Wireless port is initialized 4 Wireless Off The Wireless Access Point is turned off On Green The Local port has detected a link with a 100 Mbps device Blink Green Data is being transmitted or received at 100 Mbps 5 LAN On Amber The Local port has detected a link with a 10 Mbps device Blink Amber Data is being transmitted or received at 10 Mbps Off No link is detected on this port Introduction 2 7 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G The Router s Rear Panel The rear panel of the 54 Mbps ADSL Modem Wireless Router Model DG834G Figure 2 2 contains port connections Figure 2 2 Viewed from left to right the rear panel contains the following elements 1 RJ 11 ADSL port for connecting the firewall to an ADSL line 2 Four Local Ethernet RJ 45 LAN ports for connecting the firewall to the local computers 3 Factory Default Reset push button 4 AC power adapter outlet 5 Wireless antenna 2 8 Introduction v1 2 October 2006 Chapter 3 Configuring Your Internet Connection This chapter describes how to configure the wired internet connection of your 54 Mbps ADSL Modem Wireless Router Model DG834G Connecting the Router to the Internet To connect your ADSL Modem Wireless Router to the Internet refer to the ADSL Modem Wirelesss
93. e ADSL Modem Wireless Router DG834G 802 11 Standards based Wireless Networking The ADSL Modem Wireless Router includes an 802 11g compliant wireless access point providing continuous high speed 10 100 Mbps access between your wireless and Ethernet devices The access point provides 802 11g Standards based wireless networking at up to 54 Mbps Works with both 802 11g and 802 11b wireless devices 64 bit and 128 bit WEP encryption security WEP keys can be entered manually or generated by passphrase Support for Wi Fi Protected Access Pre Shared Key WPA PSK and WPA2 PSK encryption and 802 1x authentication Wireless access can be restricted by MAC address Easy Installation and Management You can install configure and operate the DG834G v3 within minutes after connecting it to the network The following features simplify installation and management tasks Browser based management Browser based configuration allows you to easily configure your modem router from almost any type of personal computer such as Windows Macintosh or Linux A user friendly Setup Wizard is provided and online help documentation is built into the browser based Web Management Interface Smart Wizard The firmware in the modem router automatically senses the type of Internet connection asking you only for the information required for your type of ISP account Remote management The modem router allows you to log in to the Web management interface from a
94. e authorized PC Refer to your ADSL Modem Wirelesss Router Setup Manual see Table 3 1 on page 3 1 Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings changing the router s administration password to password and the IP address to 192 168 0 1 You can erase the current configuration and restore factory defaults in two ways e Use the Erase function of the Web Configuration Manager see Backing Up Restoring or Erasing Your Settings on page 6 1 e Use the Default Reset button on the rear panel of the router Use this method for cases when the administration password or IP address is not known Using the Reset button To restore the factory default configuration settings without knowing the administration password or IP address you must use the Default Reset button on the rear panel of the router 1 Press and hold the Default Reset button until the Test LED turns on about 10 seconds 2 Release the Default Reset button and wait for the router to reboot Problems with Date and Time The E mail menu in the Content Filtering section displays the current date and time of day The ADSL Modem Wireless Router uses the Network Time Protocol NTP to obtain the current time from one of several Network Time Servers on the Internet Each entry in the log is stamped with the date and time of day Problems with the date and time function can include T
95. e of the VPN tunnel see Figure B 16 because Connection Names are arbitrary to how the VPN tunnel functions ES Tip Choose Connection Names that make sense to the people using and administrating the VPN S Security Policy Editor NETGEAR ProSafe YPN Client _ Eile Edit Options Help elexa tlt NETGEAR N Network Security Policy J My Connections amp New Connection Ap Other Connections r Connection Security Secure T Only Connect Manually Non secure S C Block Remote Party Identity and Addressing ID Type Any v IP Address Protocol all x et A OTC I Connect using Secure Gateway Tunnel E Figure B 15 NETGEAR VPN Configuration B 19 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G INI Security Policy Editor NETGEAR ProSafe VPN Client File Edit Options Help ia ma Pol ta NETGEAR N Network Security Policy My Connections Connection Security 2 EGER G Secure r Only Connect Manually G My Identity rai ea Y n El Security Policy Block E Authentication Phase 1 oe A Proposal 1 2 S Key Exchange Phase 2 Remote Party Identity and Addressing Proposal 1 Fp Other Connections ID Tipe IP Subnet z Subnet 19216801 Mask 255 255 255 0 Protocol JA v Pot IV Connect using Secure Gateway Tunnel v v 1D Type Domain Name x Gateway Hostname fro
96. eb browser used to upload new firmware into the modem router must support HTTP uploads NETGEAR recommends using Microsoft Internet Explorer 5 0 or above or Netscape Navigator 4 7 or above 2 Log in to the modem router at its default LAN address of http 192 168 0 1 with its default User Name of admin default password of password or using whatever User Name Password and LAN address you have chosen for the modem router 3 From the Main Menu of the browser interface under the Maintenance heading select the Modem Router Upgrade heading to display the menu shown Firmware Upgrade Locate and Select the Upgrade File from your Hard Disk Figure 6 2 4 Inthe Modem Router Upgrade menu click the Browse to locate the binary BIN or IMG upgrade file 5 Click Upload interrupt the Web browser by closing the window clicking a link or loading a new page If the browser is interrupted it may corrupt the software When the upload is complete your modem router will automatically restart The upgrade process will typically take about one minute In some cases you may need to clear the configuration and reconfigure the modem router after upgrading i Warning When uploading software to the modem router it is important not to Managing Your Network 6 3 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Network Management Information The DG834G v3 provides a variety of sta
97. ection Monitor screen is shown below S connection Monitor NETGEAR ProSafe PN Client Global Statistics Non Secured Packets g 4 Secured Packets jo Dropped Packets p Secured Data KBytes jo Local Address Local Subnet Remote Address Remote Modifier GW Address Figure B 25 B 28 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G While the connection is being established the Connection Name field in this menu will show SA before the name of the connection When the connection is successful the SA will change to the yellow key symbol Note While your PC is connected to a remote LAN through a VPN you might not have normal Internet access If this is the case you will need to close the VPN y connection in order to have normal Internet access Viewing the VPN Router s VPN Status and Log Information To view information on the status of the VPN client connection open the VPN router s VPN Status screen by following the steps below 1 To view this screen click the Router Status link of the VPN router s main menu then click the VPN Status button The VPN Status Log screen for a connection is shown below VPN Status Log 2002 09 08 12 01 35 added connection description fromDGs34 5 2002 09 08 12 01 35 adding interface ipsecO pppO 67 116 6 4 2005 05 24 20 46 33 fromDG834G responding to Main Mode fr 2005 05 24 20 46 35 fromDG834G
98. elect SHA 1 g Inthe Encapsulation menu select Tunnel h Leave the Authentication Protocol AH checkbox unchecked 7 Save the VPN Client Settings From the File menu at the top of the Security Policy Editor window select Save After you have configured and saved the VPN client information your PC will automatically open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router s LAN 8 Check the VPN Connection To check the VPN Connection you can initiate a request from the remote PC to the DG834G v3 s network by using the Connect option in the NETGEAR ProSafe menu bar The NETGEAR ProSafe client will report the results of the attempt to connect Since the remote PC has a dynamically assigned WAN IP address it must initiate the request To perform a ping test using our example start from the remote PC Establish an Internet connection from the PC On the Windows taskbar click the Start button and then click Run c Type ping t 192 168 3 1 and then click OK Type the name of a program folder document or Internet resource and Windows will open it For you Open ping 192 168 0 1 v Figure 8 15 8 18 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G This will cause a continuous ping to be sent to the first DG834G v3 After between several seconds and two minutes the ping response should chan
99. elete all log entries Virtual Private Networking 8 33 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 3 Click on VPN Status Figure 8 29 to get the Current VPN Tunnels SAs screen E Current PN Tunnels SAs Microsoft Internet Explorer Current VPN Tunnels SAs 2 sprain spr outy Policy Name Remote Endpoint Action SLifeTime HLifeTime 1 saseos4oa0 37752271685 RoadWarrior 192 168 2 2 Drop 28716 28715 Figure 8 35 This table lists the following data for each active VPN Tunnel SPI each SA has a unique SPI Security Parameter Index for traffic in each direction For Manual key exchange the SPI is specified in the Policy definition For Automatic key exchange the SPI is generated by the IKE protocol Policy Name the name of the VPN policy associated with this SA Remote Endpoint the IP address on the remote VPN Endpoint Action the action will be either a Drop or a Connect button SLifeTime Secs the remaining Soft Lifetime for this SA in seconds When the Soft Lifetime becomes zero the SA Security Association will re negotiated HLifeTime Secs the remaining Hard Lifetime for this SA in seconds When the Hard Lifetime becomes zero the SA Security Association will be terminated It will be re established if required 8 34 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless R
100. es for the environment In Step 1 enter toDG834 for the Connection Name In Step 2 enter 14 15 16 17 for the remote WAN s IP address c In Step 3 enter the following e IP Address 10 5 6 1 e Subnet Mask 255 255 255 0 B 4 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G r Poticy Name mais topGs34 mao tocam Reanatem Ener Aut DH DiractoriType Both recons 3 jEachange Mode Main Mode med M gi toDG834 Main 22 23 24 25 14 15 16 17 30ES SHA1 Group 2 1024 Bip p WAN Ados m oo teased 19 22 23 24 25 Click IKE Policies under VPN to invoke this screen po mani menne a 4 IKE SA Parameters Encryption agora JES T JAutientication Algonthen SH z wenbcabon Menos Pre shared Key ee C RSA Signature requires Certiticate Difle Heliman OH Group Group 2 1024 Bi SA Life Time 26000 vers _Back Apply _Cencel Name Type Local Remote at ESP jimajarnes Auto 192 168 2 0 255 255 255 0 192 160 0 1 255 255 2550 Disabled ESP west a lt 172 2391 a Click VPN Policies under ens Aaa ene VPN to invoke this screen po s toDG834 IKE pokey peicjomes zy toDG834_ m I IKE Keep Ave Ping mnaaress a A Remote VPN Engpoint Address Type IP Address x Address Data 67 125 51 64 Bad Boconde 4 5 16 17 3 kybtes F iPas PFs PFS Key Group Group 106880 F No8105 Enable ISA Life Ti
101. ess of that computer This feature allows your modem router to masquerade as that computer by cloning its MAC address To change the MAC address select Use this Computer s MAC address The modem router will then capture and use the MAC address of the computer that you are now using You must be using the one computer that is allowed by the ISP Alternatively select Use this MAC address and enter it 8 Click Apply to save your settings 9 Click Test to test your Internet connection If the NETGEAR Web site does not appear within one minute refer to Chapter 9 Troubleshooting ADSL Settings The default settings of your 54 Mbps ADSL Modem Wireless Router Model DG834G will work fine for most ISPs However some ISPs use a specific Multiplexing Method and Virtual Circuit Number for the Virtual Path Identifier VPI and Virtual Channel Identifier VCT Note The correct country must be selected from the Setup Wizard s first page for the default ADSL Settings to work If your ISP provided you with a specific Multiplexing Method or VPI VCI number then fill in the following 1 Select the ADSL Settings link from the main menu 2 For the Multiplexing Method select LLC based or VC based 3 Type a number between 0 and 255 for the VPI The default is 8 4 Type a number between 1 and 65535 for the VCI The default is 35 5 Click Apply Configuring Your Internet Connection 3 19 v1 2 October 2006
102. est an IP address from the ISP You can determine whether the request was successful using the browser interface To check the WAN IP address from the browser interface 1 Launch your browser and select an external site such as www netgear com 2 Access the Main Menu of the modem router s configuration at http 192 168 0 1 3 Under the Maintenance heading check that an IP address is shown for the WAN Port If 0 0 0 0 is shown your modem router has not obtained an IP address from your ISP If your router is unable to obtain an IP address from the ISP the problem may be one of the following e Your ISP may require a Multiplexing Method or Virtual Path Identifier Virtual Channel Identifier parameter Verify with your ISP the Multiplexing Method and parameter value and update the router s ADSL Settings accordingly e Your ISP may require a login program Ask your ISP whether they require PPP over Ethernet PPPoE or PPP over ATM PPPOA login Troubleshooting 9 5 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G If you have selected a login program you may have incorrectly set the Service Name User Name and Password See Troubleshooting PPPoE or PPPoA below Your ISP may check for your computer s host name Assign the computer Host Name of your ISP account to the modem router in the browser based Setup Wizard Your ISP only allows one Ethernet MAC address to connect to Internet a
103. et Configuration Requirements Depending on how your ISP set up your Internet account you need one or more of these configuration parameters to connect your firewall to the Internet e Virtual Path Identifier VPD Virtual Channel Indentifier VCI parameters e Multiplexing Method e Host and Domain Names Understanding ADSL Microfilters ADSL technology uses the same wires as your telephone service However ADSL adds signals to the telephone lines which create noise in the telephone service You must use ADSL microfilters to filter out these signals before they reach your telephone Note If you purchased the modem router in a country where a microfilter is not included you must acquire one 3 2 Configuring Your Internet Connection v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G ADSL Microfilter Phone d Figure 3 1 Each device such as a telephone fax machine answering machine or caller ID display will require an ADSL microfilter unless the microfilter is a combination microfilter splitter specifically designed for this purpose Doing so will prevent block your connection to the Internet If you have any doubts about this connect the modem router directly to the ADSL line i Warning Do not connect the modem router to the ADSL line through a microfilter ADSL Microfilter with Built In Splitter DSL E 5 o p Phone Figure 3 2
104. ge The following chapters describe how to configure the Advanced features of your modem router and how to troubleshoot problems that may occur Configuring Your Internet Connection 3 13 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Manually Configuring Your Internet Connection You can manually configure your modem router using the menu below or you can allow the Setup Wizard to determine your configuration as described in the previous section ISP Does Not Require Login Account Name If Required Domain Name If Required Internet IP Address Get Dynamically From ISP O Use Static IP Address IP Address IP Subnet Mask Gateway IP Address Ouse IP Over ATM IP0A IP Address IP Subnet Mask Gateway IP Address Domain Name Server DNS Address Get Automatically From ISP Use These DNS Servers Primary DNS Secondary DNS NAT Network Address Translation Router MAC Address Use Default Address O Use Computer MAC Address O Use This MAC Address Figure 3 14 ISP Does Require Login Encapsulation PPPoA PPP over ATM he Login Guest Password Idle Timeout In Minutes 0 Internet IP Address Get Dynamically From ISP O Use Static IP Address IP Address Domain Name Server DNS Address
105. ge from timed out to reply C gt ping 192 168 60 1 Pinging 192 168 0 1 with 32 bytes of data Reply from 192 168 0 1 bytes 32 time lt ims Reply from 192 168 0 1 bytes 32 time lt ims Reply from 192 168 0 1 bytes 32 time ims Figure 8 16 Once the connection is established you can open the browser of the PC and enter the LAN IP address of the remote DG834G v3 After a short wait you should see the login screen of the Modem Router unless another PC already has the DG834G v3 management interface open Information on the progress and status of the VPN client connection can be viewed by opening the NETGEAR ProSafe Log Viewer To launch this function click on the Windows Start button then select Programs then NETGEAR ProSafe VPN Client then Log Viewer The Log Viewer screen for a successful connection is shown below VPN Status Log added connection description fromDGS34 adding interface ipsecO pppO 67 116 6 4 fromDG834G responding to Main Mode fr fromDG834G sent MR3 ISAKMP SA establ fromDG334G responding to Quick Mode fromDG834G IPsec SA established deleting connection fromDG834G instan deleting connection fromDG834G shutting down interface ipsecO pppO 67 added connection description fromDG834 adding interface ipsecO pppO 67 116 6 4 wld Sun 2002 09 08 12 01 35 Sun 2002 09 06 12 01 35 Tue 2005 05 24 20 46 33 Tue 2005 05 24 20 46 35 Tue 2005 05 24 20 46 35 Tue 2005 05 24 20 46
106. gorithm and enter the key in the field provided For MD5 the keys should be 16 ASCII characters For SHA 1 the keys should be 20 ASCII characters e MD5 128 bits faster but less secure e SHA 1 default 160 bits slower but more secure 8 50 Virtual Private Networking v1 2 October 2006 Chapter 9 Troubleshooting This chapter gives information about troubleshooting your 54 Mbps ADSL Modem Wireless Router Model DG834G After each problem description instructions are provided to help you diagnose and solve the problem For the common problems listed go to the section indicated Is the router on Have I connected the router correctly Go to Basic Functioning on page 9 1 I can t access the router s configuration with my browser Go to Troubleshooting the Web Configuration Interface on page 9 3 I ve configured the router but I can t access the Internet Go to Troubleshooting the ISP Connection on page 9 4 I can t remember the router s configuration password Go to Restoring the Default Configuration and Password on page 9 9 I want to clear the configuration and start over again Go to Restoring the Default Configuration and Password on page 9 9 Basic Functioning After you turn on power to the router the following sequence of events should occur 1 When power is first applied verify that the Power LED is on see The Router s Front Panel on page 2 7 for an ill
107. he wireless access point must be enabled to allow wireless stations to access the Internet Allow Broadcast of Name SSID If enabled the SSID is broadcast to all Wireless Stations Stations which have no SSID or a null value can then adopt the correct SSID for connections to this Access Point Wireless Configuration 4 5 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Wireless Isolation If enabled Wireless Stations will not be able to communicate with each other or with Stations on the wired network This feature should normally be disabled e Wireless Station Access List By default any wireless computer that is configured with the correct wireless network name or SSID will be allowed access to your wireless network For increased security you can restrict access to the wireless network to only specific computers based on their MAC addresses Click Setup Access List to display the Wireless Station Access List menu e Security Options Table 4 1 Wireless Security Options Field Description Disable WEP Wired Equivalent Privacy Wireless security is not used You can select the following WEP options Authentication Type e Open the DG834G v3 does not perform any authentication Shared WEP shared key authentication For a full explanation of WEP shared key see Wireless Communications in Appendix C Encryption Strength If Shared or
108. hr nkungen unterliegen Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung Das Bundesamt f r Zulassungen in der Telekommunikation wurde davon unterrichtet da dieses Ger t auf den Markt gebracht wurde und es ist berechtigt die Serie auf die Erf llung der Vorschriften hin zu berpr fen v1 2 October 2006 Certificate of the Manufacturer Importer It is hereby certified that the 54 Mbps ADSL Modem Wireless Router Model DG834G has been suppressed in accordance with the conditions set out in the BMPT AmtsblVfg 243 1991 and Vfg 46 1992 The operation of some equipment for example test transmitters in accordance with the regulations may however be subject to certain restrictions Please refer to the notes in the operating instructions Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations Voluntary Control Council for Interference VCCI Statement This equipment is in the second category information equipment to be used in a residential area or an adjacent area thereto and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas When used near a radio or TV receiver it may become the cause of radio interference Read instru
109. icking its name or clicking on the symbol My Identity and Security Policy subheadings appear below the connection name b Click on the Security Policy subheading to show the Security Policy menu Security PONCY EICO A Eile Edit Options Help F alexm tl NETGEAR S Network Security Policy E My Connections p Security Policy a toDG834 T G My Identity Select Phase 1 Negotiation Mode S solic Main Mode Security Policy Qy Other Connections Aggressive Mode Use Manual Key I Enable Perfect Forward Secrecy PFS Enable Replay Detection Figure 8 10 c Select the Main Mode in the Select Phase 1 Negotiation Mode check box group 4 Configure the VPN Client Identity In this step you will provide information about the remote VPN client PC You will need to provide the Pre Shared Key that you configured in the DG834G v3 and either a fixed IP address or a fixed virtual IP address of the VPN client PC 8 14 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G a In the Network Security Policy list on the left side of the Security Policy Editor window click on My Identity Security Policy Editor NETGEAR ProSafe PN Client k o x Eile Edit Options Help Bexa tl NETGEAR N Network Security Policy My Connections My Identity e a ifi Pre Shared Key G My Identity Select Certificate GA Security Policy Qs
110. ient Dynamic 192 168 0 1 24 Telecommuter Example _ Client B Gateway A NAT Router B mme e a a g e INTI FQDN 0 0 0 0 ritar dyadns ord 192 168 2 3 W fromDG834G com toDG834G com 192 168 0 1 Router Router PC at employer s at telecommuter s running NETGEAR main office home office ProSafe VPN Client Figure B 12 Setting Up the Client to Gateway VPN Configuration Telecommuter Example Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a network gateway involves the following two steps e Step 1 Configuring the Client to Gateway VPN Tunnel on the VPN Router at the Employer s Main Office B 14 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e Step 2 Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter s Home Office configures the NETGEAR ProSafe VPN Client endpoint Step 1 Configuring the Client to Gateway VPN Tunnel on the VPN Router at the Employer s Main Office Follow this procedure to configure a client to gateway VPN tunnel by filling out the VPN Auto Policy screen 1 Log in to the VPN router at its LAN address of http 192 168 0 1 with its default user name of admin and password of password Click the VPN Policies link in the main menu to display the VPN Policies screen Click Add Auto Policy to proceed and enter the information NETGEA
111. imeout For security the administrator s login to the modem router configuration will timeout after a period of inactivity To change the login timeout period 1 Inthe Set Password menu type a number in Administrator login times out field The suggested default value is 5 minutes 2 Click Apply to save your changes or click Cancel to keep the current period 5 2 Protecting Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Configuring Basic Firewall Services Basic firewall services you can configure include access blocking and scheduling of firewall security These topics are presented below Blocking Keywords Sites and Services The modem router provides a variety of options for blocking Internet based content and communications services With its content filtering feature the ADSL Modem Wireless Router prevents objectionable content from reaching your PCs The modem router allows you to control access to Internet content by screening for keywords within Web addresses Key content filtering options include e Keyword blocking of HTTP traffic e Outbound Service Blocking limits access from your LAN to Internet locations or services that you specify as off limits e Denial of Service DoS protection Automatically detects and thwarts Denial of Service DoS attacks such as Ping of Death SYN Flood LAND Attack and IP Spoofing e Blocking unwanted traffic from the Interne
112. in Name toDG834G com in this example 3DES 12345678 in this example 3600 B 16 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 2 Click Apply when done to get the VPN Policies screen VPN Policies Policy Table Enabie Name Type Local Remote ESP 192 168 0 1 1 m fromDG8346 Auto A zer zeg g 192168 2 3 3DES Edit Delete Apply Cancel Add Auto Policy Add Manual Policy Figure B 14 To view or modify the tunnel settings select the radio button next to the tunnel entry and click Edit NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Step 2 Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter s Home Office This procedure describes how to configure the 54 Mbps ADSL Modem Wireless Router Model DG834G We will assume the PC running the client has a dynamically assigned IP address The PC must have a VPN client program installed that supports IPSec in this case study the NETGEAR VPN ProSafe Client is used Go to the NETGEAR website Attp www netgear com and select VPN01L_VPNO5L in the Product Quick Find drop down menu for information on how to purchase the NETGEAR ProSafe VPN Client Note Before installing the 54 Mbps ADSL Modem Wireless Router Model DG834G software be sure to turn off any
113. ing e Remote LAN IP Address select Subnet address from the pulldown menu Start IP address 192 168 3 1 Subnet Mask 255 255 255 0 e IKE Direction Initiator and Responder Exchange Mode Main Mode Diffie Hellman DH Group Group 2 1024 Bit Local Identity Type use default setting Remote Identity Type use default setting e Parameters Encryption Algorithm 3DES 8 44 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Authentication Algorithm MD5 Pre shared Key 12345678 VPN Auto Policy General Policy Name Remote VPN Endpoint M NetBIOS Enable 7 IKE Keep Alive Local LAN IP Address Remote LAN IP Address IKE Direction Exchange Made Diffie Hellman DH Group Local Identity Type Data Remote Identity Type Data Parameters Encryption Algorithm Authentication Algorithm Pre shared Key SA Life Time I Enable PFS Perfect Forward Security GtoG Address Type Fixed IP Address z 22 23 24 25 Address Data Ping IP Address i Subnet address x Single Start address 10 N FILE 3 13 Finish address AU ma i Subnet Mask N in on Subnet address x Single Start IP address N Finish IP address FILE Fla IT AA Subnet Mask N in in Initiator and Responder z Main Mode Group 2 1024 Bit WANIPAddress x n a fiPAddess x
114. ion but leaves your wireless data fully exposed 64 or 128 bit WEP When 64 Bit WEP or 128 Bit WEP is selected WEP encryption will be applied If WEP is enabled you can manually or automatically program the four data encryption keys These values must be identical on all computers and access points in your network 4 12 Wireless Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G There are two methods for creating WEP encryption keys e Passphrase Enter a word or group of printable characters in the Passphrase box and click the Generate button e Manual 64 bit WEP Enter 10 hexadecimal digits any combination of 0 9 a f or A F 128 bit WEP Enter 26 hexadecimal digits any combination of 0 9 a f or A F Select the radio button for the key you want to make active How to Configure WEP To configure WEP data encryption follow these steps 1 Log in to the DG834G v3 firewall at its default LAN address of http 192 168 0 1 with its default user name of admin and default password of password or using whatever LAN address and password you have set up 2 Click the Wireless Settings link in the Setup section of the main menu for the DG834G v3 modem router In the Security Options section select the WEP Wired Equivalent Privacy radio button Go to the WEP Security Encryption portion of the page WEP Security Encryption Authentication Type Automatic v Enc
115. ireless Router DG834G DNS servers are required to perform the function of translating an Internet name such as www netgear com to a numeric IP address For a fixed IP address configuration you must obtain DNS server addresses from your ISP and enter them manually here Click Apply to save the settings 4 Click the Test button to test your Internet connection If the NETGEAR Web site does not appear within one minute refer to Chapter 9 Troubleshooting Wizard Detected Fixed IP Static Account Setup If the router determines that your Internet service account uses Fixed IP assignment you will be directed to the page where you can enter the IP addresses 1 If required enter the Account Name and Domain Name from your ISP 2 Choose Use Static IP Address or Use IP Over ATM IPoA RFC1483 Routed according to the information from your ISP If you choose IPoA the router will be able to detect the gateway IP address but you still need to provide the router IP address 3 Enter your assigned IP Address Subnet Mask and the IP Address of your ISP s gateway modem router This information should have been provided to you by your ISP You need the configuration parameters from your ISP 4 Enter the IP address of your ISP s Primary DNS Server If a Secondary DNS Server address is available enter it also DNS servers are required to perform the function of translating an Internet name such as www netgear com to a
116. ireless network interface cards but not all wireless access points WPA2 PSK AES implements the full standard but will not work with some older network cards For a full explanation of WPA see Wireless Communications in Appendix C WPA 802 1x User authentication is implemented using 802 1x and RADIUS servers For a full WPA2 802 1x explanation of WPA see Wireless Communications in Appendix C Fill in the following e Radius Server Name IP Address This field is required Enter the name or IP address of the Radius Server on your LAN e Radius Port Enter the port number used for connections to the Radius Server e Radius Shared Key Enter the desired value for the Radius shared key This key enables the DG834G v3 to log in to the Radius server and must match the value used on the Radius server How to Set Up and Test Basic Wireless Connectivity Follow the instructions below to set up and test basic wireless connectivity Once you have established basic wireless connectivity you can enable security settings appropriate to your needs 1 Log in to the DG834G v3 firewall at its default LAN address of http 192 168 0 1 with its default user name of admin and default password of password or using whatever LAN address and password you have set up 2 Click the Wireless Settings link in the main menu of the DG834G v3 firewall 3 Choose a suitable descriptive name for the wireless network name SSID In the SSID bo
117. is address e Select Use These DNS Servers if your ISP gave you one or two DNS addresses Type the primary and secondary addresses You should only disable NAT if you are sure you do not require it NAT automatically assigns private IP addresses 192 168 0 x to LAN connected devices When NAT is disabled only standard routing is performed by this router Classical routing lets you directly manage the IP addresses the DG834G v3 uses Classical routing should be selected only by experienced users ____ Note Disabling NAT will reboot the router and reset all the DG834G v3 configuration settings to the factory default Disable NAT only if you plan to install the DG834G v3 in a setting where you will be manually administering the IP address space on the LAN side of the router The Disable Firewall option disables the firewall in addition to disabling NAT The Disable option leaves the firewall active With the firewall disabled the protections normally provided to your network will be disabled Internet Connection Requires Login and Uses PPPoA 1 If your Internet connection does require login select Yes and fill in the settings according to the instructions below ____ Note You will no longer need to launch the ISP s login program on your computer in order to access the Internet When you start an Internet application your modem router automatically logs you in Choose PPPoA for the enc
118. is example in the box below it Choose Disabled in the Virtual Adapter menu d In the Internet Interface box select Intel PRO 100VE Network Connection in this example your Ethernet adapter may be different in the Name menu and enter 192 168 2 3 in this example in the IP Addr box B 22 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e Click the Pre Shared Key button r Enter Pre Shared Key at least 8 characters This key is used during Authentication Phase if the Authentication Method Proposal is Pre Shared key Figure B 19 f Inthe Pre Shared Key dialog box click the Enter Key button Enter the DG834G v3 s Pre Shared Key and click OK In this example 12345678 is entered This field is case sensitive 5 Configure the VPN Client Authentication Proposal In this step you will provide the type of encryption DES or 3DES to be used for this connection This selection must match your selection in the VPN router configuration a Inthe Network Security Policy list on the left side of the Security Policy Editor window expand the Security Policy heading by double clicking its name or clicking on the symbol b Expand the Authentication subheading by double clicking its name or clicking on the symbol Then select Proposal 1 below Authentication NETGEAR VPN Configuration B 23 v1 2 October 2006 Reference Manual for the ADS
119. isabled 3DES SHA 1 Group 2 28800 8 hours 3600 1 hour FQDN or Gateway IP Subnet Mask WAN IP Address Client toDG834 Dynamic DG834G v3 toClient 192 168 3 1 255 255 255 0 22 23 24 25 Follow this procedure to configure a client to gateway VPN tunnel using the VPN Wizard v1 2 October 2006 Virtual Private Networking Reference Manual for the ADSL Modem Wireless Router DG834G 1 Log in to the DG834G v3 at its LAN address of http 192 168 0 1 with its default user name of admin and password of password Click the VPN Wizard link in the main menu to display this screen Click Next to proceed VPN Wizard The Wizard sets most parameters to defaults as proposed by the YPN Consortium VPNC and assumes a pre shared key greatly simplifies setup After creating the policies through VPN Wizard you can always update the parameters through VPN Settings link on the left menu Figure 8 4 2 Fill in the Connection Name and the pre shared key select the type of target end point and click Next to proceed Enter the new Connection Name e g Road Warrior VPN Wizard Step 1 of 3 Connection Name and Remote IP Type connec nana a ae Enter the pre shared key shared key e g 12345678 aa VPN bela C Aremote VPN Gateway SCENDE A remote VPN client single PC Select the radio button A remote VPN client single PC Back Ne
120. itter Use with a one line filter to share an outlet with a phone and the modem router 3 Two Line Filter with Splitter Use to share an outlet with a phone and the modem router Figure 3 3 3 4 Configuring Your Internet Connection v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G b Two Line Filter Example Insert the two line filter into the phone outlet and connect the phone to the phone line connector A Figure 3 4 Note To use a one line filter with a separate splitter insert the splitter into the phone outlet connect the one line filter to the splitter and connect the phone to the filter Configuring Your Internet Connection 3 5 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 2 Connect the modem router to the ADSL filter a Using the included phone cable with RJ 11 jacks connect the ADSL port B of the modem router to the ADSL port C of the two line filter Figure 3 5 A Warning Improperly connecting a filter to your modem router will block your ADSL connection 3 6 v1 2 October 2006 Configuring Your Internet Connection Reference Manual for the ADSL Modem Wireless Router DG834G b Connect the Ethernet cable D from a modem router LAN port to the Ethernet adapter in your computer
121. k Protecting Access to Your 54 Mbps ADSL Modem Wireless Router Model DG834G v3 5 1 How to Change the Built In Passwird cisscsssscsssssscscsssstssaacsutensiavsseemssacesien tsaestians 5 1 Changing the Administrator Login Timeout 20 0 0 eeeeeeeeeeeeeeeteee eee eteeeeeeenteeeeereea 5 2 Configuring Basic Firewall Services sisiirisicscadecvancstadieiasinadousiatanciiersatassoleminianivimddinnerts 5 3 Blocking Keywords Sites and ServiCes cccceceeeeeneeeeceeeeeeceeeeeeeeeseeeeeneesaneaees 5 3 How to Block Keywords and Shes cictahiiicumeanniaidaneniiiaabiamtannamiernmaines 5 3 Firewall RUGS oiicissssasireverecaniersussdpntisyaasvessmnsascasaiesgecsducns E 5 5 inbound Rules Port Forwarding sovccissscenidssicbecauissesarceiussennenisstokecun tawaenonlediaaneulies 5 6 Ouibound Rules Service Blocking rssnnensensmeneninnsr in Ne 5 9 Order of Precedence for Rules nossssnisiisinsrriisiii irii 5 11 L TEN EEE E A TETE A atelier an EE TEE P A E E T 5 12 How to Delne SemiCOS scsi scasecctvnrancasectt iins nn a E 5 12 v1 2 October 2006 Setting Times and Scheduling Firewall Services ccccccceeeeeseeeeeeeeceeeeeeeeeeeeeeeeees 5 13 How to Set Your Time ZONG sucrar ereeetn mere ren yer kerr rr ERNEA NN eepr nny aiaa 5 13 How to Schedule Firewall Services ssccahpssicacacateussaceanopvvalendenicces n nN 5 15 Chapter 6 Managing Your Network Backing Up Restoring or Erasing Your SettingS 0 0cccccsseeeseeesseeesesssa
122. k gateway involves the following two steps e Step 1 Configuring the Client to Gateway VPN Tunnel on the DG834G v3 on page 8 7 uses the VPN Wizard to configure the VPN tunnel between the remote PC and network gateway e Step 2 Configuring the NETGEAR ProSafe VPN Client on the Remote PC on page 8 12 configures the NETGEAR ProSafe VPN Client endpoint Step 1 Configuring the Client to Gateway VPN Tunnel on the DG834G v3 ____ Note This section uses the VPN Wizard to set up the VPN tunnel using the VPNC default parameters listed in Table 8 2 on page 8 5 If you have special requirements not covered by these VPNC recommended parameters refer to How to Set Up VPN Tunnels in Special Circumstances on page 8 38 to set up the VPN tunnel The worksheet below identifies the parameters used in the following procedure A blank worksheet is at Planning a VPN on page 8 4 Virtual Private Networking 8 7 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Table 8 3 VPN Tunnel Configuration Worksheet Connection Name Pre Shared Key Secure Association Main Mode or Manual Keys Perfect Forward Secrecy Enabled or Disabled Encryption Protocol DES or 3DES Authentication Protocol MD5 or SHA 1 Diffie Hellman DH Group Group 1 or Group 2 Key Life in seconds IKE Life Time in seconds VPN Endpoint Local IPSec ID LAN IP Address RoadWarrior 12345678 Main D
123. l LAN This identifies which PCs on your LAN are covered by this policy For each selection data must be provided as follows Single address enter an IP address in the Single Start IP address field Typically this setting is used when you wish to make a single Server on your LAN available to remote users Range address enter the starting IP address in the Single Start IP address field and the finish IP address in the Finish IP address field This must be an address range used on your LAN Subnet address enter an IP address in the Single Start IP address field and the desired network mask in the Subnet Mask field The remote VPN endpoint must have these IP addresses entered as its Remote addresses Any the remote VPN endpoint may be at any IP address Remote LAN This identifies which PCs on the remote LAN are covered by this policy For each selection data must be provided as follows 8 40 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e Single PC no Subnet select this option if there is no LAN only a single PC at the remote endpoint If this option is selected no additional data is required The typical application is a PC running the VPN client at the remote end e Single address Enter an IP address in the Single Start IP address field This must be an address on the remote LAN Typically this setting is used when you wish to access a
124. l lose your wireless connection when you click Apply You must then change the wireless settings of your computer to match the firewall s new settings 8 Configure and test your computers for wireless connectivity Program the wireless adapter of your computers to have the same SSID and channel that you configured in the router Check that they have a wireless link and are able to obtain an IP address by DHCP from the firewall Once your computers have basic wireless connectivity to the firewall you can configure the advanced wireless security functions of the firewall How to Restrict Wireless Access to Your Network By default any wireless PC that is configured with the correct SSID will be allowed access to your wireless network For increased security the 54 Mbps ADSL Modem Wireless Router Model DG834G provides several ways to restrict wireless access to your network e Turn off wireless connectivity completely e Restrict access based on the Wireless Network Name SSID e Restrict access based on the Wireless Card Access List 4 8 Wireless Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G These options are discussed below Wireless Access Point M Enable Wireless Access Point C Allow Broadcast of Name SSID Figure 4 3 Restricting Access to Your Network by Turning Off Wireless Connectivity You can completely turn off the wireless portion of the DG834G v
125. list Cancel Figure 3 8 3 8 Configuring Your Internet Connection v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Enter admin for the user name and password for the password both in lower case letters b After logging in you will see the menu below Setup Wizard Country US he Language English uto Detect Connection Type his Setup Wizard can Detect the type of Internet Connection you have Do You Want The Smart Setup Wizard To Try And Detect The Connection Type Now Yes C No WantTo Configure The Gateway Myself Next Figure 3 9 4 Connect to the Internet You are now ready to configure your modem router to connect to the Internet There are two ways you can configure your modem router to connect to the Internet a Let the modem router Setup Wizard auto detect the type of Internet connection you have and configure it b Manually choose which type of Internet connection you have and configure it In either case use to the configuration parameters your ISP provided to assure that the configuration settings for your Internet connection are correct 5 Test your Internet connection From the bottom of the Setup menu click Test If the NETGEAR Web site does not appear within one minute refer to Chapter 9 Troubleshooting Your modem router is now configured to provide Internet access for your network Your modem router automatically connects to the Inte
126. lt password of password or using whatever User Name Password and LAN address you have chosen for the router From the Main Menu under Advanced click the LAN IP Setup link to view the menu shown LAN IP Setup LAN TCPAP Setup IP Address 192 168 0 M IP Subnet Mask 255 255 255 0 RIP Direction None RIP Version Disable Use Router as DHCP Server Starting IP Address 192 168 0 2 Ending IP Address 192 168 0 254 Address Reservation 2 IP Address Device Name MAC Address Figure 7 3 3 Enter the TCP IP DHCP or Reserved IP parameters 4 Click Apply to save your changes 7 8 Advanced Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Configuring Dynamic DNS If your network has a permanently assigned IP address you can register a domain name and have that name linked with your IP address by public Domain Name Servers DNS However if your Internet account uses a dynamically assigned IP address you will not know in advance what your IP address will be and the address can change frequently In this case you can use a commercial dynamic DNS service that will allow you to register your domain to their IP address and will forward traffic directed at your domain to your frequently changing IP address The router contains a client that can connect to a dynamic DNS service provider To use this feature you must selec
127. ly it will incorporate the RIP information that it receives When set to None it will not send any RIP packets and will ignore any RIP packets received e RIP Version This controls the format and the broadcasting method of the RIP packets that the modem router sends It recognizes both formats when receiving By default this is set for RIP 1 RIP 1 is universally supported RIP 1 is probably adequate for most networks unless you have an unusual network setup RIP 2 carries more information Both RIP 2B and RIP 2M send the routing data in RIP 2 format RIP 2B uses subnet broadcasting RIP 2M uses multicasting DHCP By default the modem router will function as a DHCP Dynamic Host Configuration Protocol server allowing it to assign IP DNS server and default gateway addresses to all computers connected to the modem router s LAN The assigned default gateway address is the LAN address of the router IP addresses will be assigned to the attached PCs from a pool of addresses specified in this menu Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN For most applications the default DHCP and TCP IP settings of the router are satisfactory See Internet Networking and TCP IP Addressing in Appendix C for an explanation of DHCP and information about how to assign IP addresses for your network Use Router as DHCP server If another device on your network will be the DHCP
128. mDG834G com dyndns org Figure B 16 c Select Secure in the Connection Security check box group d Select IP Subnet in the ID Type menu e In this example type 192 168 0 1 in the Subnet field as the network address of the DG834G v3 Enter 255 255 255 0 in the Mask field as the LAN Subnet Mask of the DG834G v3 Select All in the Protocol menu to allow all traffic through the VPN tunnel poo om Select the Connect using Secure Gateway Tunnel check box Select Domain Name in the ID Type menu below the check box and enter fromDG834G com in this example pi o j Select Gateway Hostname and enter ntgr dyndns org in this example k The resulting Connection Settings are shown in Figure B 16 3 Configure the Security Policy in the 54 Mbps ADSL Modem Wireless Router Model DG834G software a In the Network Security Policy list expand the new connection by double clicking its name or clicking on the symbol My Identity and Security Policy subheadings appear below the connection name B 20 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G b Click on the Security Policy subheading to show the Security Policy menu IN Security Policy Editor NETGEAR ProSafe VPN Client File Edit Options Help a NETGEAR S Network Security Policy My Connections Security Policy amp ea a i Select Phase 1 Negotiation Mode G B onti Main Mode Security
129. me Tretfic Selector lLocat IP Subnet address staniPaddess fisz fo k po Finish ads p 5 5 5 1 sutemask fess fess iss e biii Eosin sunt scones fiaz fice fb fr Fines IP address j E FF Subnet Mask iss pss ss fo J AH Configuration I Enable Autneracabon Authondcston gorm MOS S ESP Configuration F Enable Enceyption Encryption Aigoritim poes z Enable Autnerscation Authentication Aigoetm SHA 1 Back Feny Carca Figure B 3 NETGEAR VPN Configuration B 5 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 3 Test the VPN tunnel by pinging the remote network from a PC attached to the DG834G v3 a Open the command prompt Start gt Run gt cmd b ping 172 23 9 1 ESCA WINNT system32 ping exe Pinging 172 23 9 1 with 32 bytes of data from 9 1 bytes 32 time lt i ms TTL 128 from 9 1 bytes 32 time lt i ms TTL 128 from 9 1 bytes 32 time lt i ms TTL 128 from 7 9 1 bytes 32 time lt i ms TTL 128 from 9 1 bytes 32 time lt i ms TTL 128 from 9 1 bytes 32 time lt i ms TTL 128 from 9 1 bytes 32 time lt i ms TTL 128 Figure B 4 Note The pings may fail the first time If this happens try the pings a second ears time DG834G v3 with FQDN to FVL328 This appendix is a case study on how to configure a VPN tunnel from a NETGEAR DG834G v3 to a FVL328 using a Fully Qualified Domain Name FQDN to resolve the public address of one or bo
130. menu select Diffie Hellman Group 2 6 Configure the VPN Client Key Exchange Proposal In this step you will provide the type of encryption DES or 3DES to be used for this connection This selection must match your selection in the DG834G v3 configuration a Expand the Key Exchange subheading by double clicking its name or clicking on the symbol Then select Proposal 1 below Key Exchange IN Security Policy Editor NETGEAR ProSafe VPN Client File Edit Options Help il NETGEAR Network Security Policy My Connections IPSec Protocols d toDG834G Seconds KBytes G My Identity SA Lfe Unspecified v 5 a Security Policy E Authentication Phase 1 Compression None Z J Proposal 1 i S Key Exchange Phase 2 IV Encapsulation Protocol ESP Proposal 1 Encrypt Alg Triple DES Jp Other Connections Hash Alg SHAT Encapsulation Tunnel T Authentication Protocol AH zi Ei Figure 8 14 In the SA Life menu select Unspecified In the Compression menu select None Check the Encapsulation Protocol ESP checkbox In the Encrypt Alg menu select the type of encryption to correspond with what was configured for the Encryption Protocol in the DG834G v3 in Table 8 3 on page 8 8 In this example use Triple DES Virtual Private Networking 8 17 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G f Inthe Hash Alg menu s
131. menu bar see Figure B 22 Since the remote PC has a dynamically assigned WAN IP address it must initiate the request a Right click the system tray icon to open the popup menu b Select Connect to open the My Connections list c Choose toDG834G The 54 Mbps ADSL Modem Wireless Router Model DG834G will report the results of the attempt to connect Once the connection is established you can access resources of the network connected to the VPN router Security Policy Editor Certificate Manager Deactivate Security Policy Reload Security Policy g Remove Icon Right mouse click on the Log Viewer system tray icon to open the Connection Monitor popup menu Disconnect Connect Help About NETGEAR ProSafe VPN Cleg Figure B 22 To perform a ping test using our example start from the remote PC a Establish an Internet connection from the PC b On the Windows taskbar click the Start button and then click Run B 26 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G c Type ping t 192 168 0 1 and then click OK Type the name of a program folder document or Internet resource and Windows will open it for you Open ping 192 168 0 1 Cancel Browse Figure B 23 This will cause a continuous ping to be sent to the VPN router After between several seconds and two minutes the ping response should cha
132. n name e Fully Qualified User Name your name E mail address or other ID Local Identity Data enter the data for the selection above If WAN IP Address is selected no input is required Virtual Private Networking 8 41 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Remote Identity Type select the desired option to match the Local Identity Type setting on the remote VPN endpoint e IP Address the Internet IP address of the remote VPN endpoint e Fully Qualified Domain Name the Domain name of the remote VPN endpoint e Fully Qualified User Name the name E mail address or other ID of the remote VPN endpoint Remote Identity Data enter the data for the selection above If IP Address is selected no input is required Parameters Encryption Algorithm encryption Algorithm used for both IKE and IPSec This setting must match the setting used on the remote VPN Gateway DES and 3DES are supported e DES the Data Encryption Standard DES processes input data that is 64 bits wide encrypting these values using a 56 bit key Faster but less secure than 3DES e 3DES Triple DES achieves a higher level of security by encrypting the data three times using DES with three different unrelated keys Authentication Algorithm authentication Algorithm used for both IKE and IPSec This setting must match the setting used on the remote VPN Gateway Auto MDS and SHA 1 are supported
133. nd capable of full duplex or half duplex operation The modem router incorporates Auto Uplink technology Each local Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal connection such as to a computer or an uplink connection such as to a switch or hub That port will then configure itself to the correct configuration This feature also eliminates the need to worry about crossover cables as Auto Uplink will accommodate either type of cable to make the right connection Introduction 2 5 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Content Filtering With its content filtering feature the DG834G v3 prevents objectionable content from reaching your PCs The modem router allows you to control access to Internet content by screening for keywords within Web addresses You can configure the modem router to log and report attempts to access objectionable Internet sites Wi Fi Multimedia WMM Quality of Service QoS WMM is a QoS feature that provides prioritization of wireless data packets from different applications based on four access categories voice video best effort and background For an application to receive the benefits of WMM QoS both it and the client running that application must be WMM enabled Legacy applications that do not support WMM and applications that do not require QoS are assigned to the best effort category
134. nd may check for your computer s MAC address In this case Inform your ISP that you have bought a new network device and ask them to use the router s MAC address OR Configure your router to spoof your computer s MAC address This can be done in the Basic Settings menu Refer to the ADSL Modem Wirelesss Router Setup Manual see Table 3 1 on page 3 1 Troubleshooting PPPoE or PPPoA The PPPoA or PPPoA connection can be debugged as follows 1 2 3 4 5 Access the Main Menu of the router at http 192 168 0 1 Under the Maintenance heading select the Router Status link Click the Connection Status button If all of the steps indicate OK then your PPPoE or PPPoA connection is up and working If any of the steps indicates Failed you can attempt to reconnect by clicking Connect The modem router will continue to attempt to connect indefinitely If you cannot connect after several minutes you may be using an incorrect Service Name User Name or Password There also may be a provisioning problem with your ISP Note Unless you connect manually the modem router will not authenticate using gt PPPoE or PPPoA until data is transmitted to the network 9 6 Troubleshooting v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Troubleshooting Internet Browsing If your modem router can obtain an IP address but your computer is unable to load any Web page
135. nda anders 2 3 Pitoni SUPPO vs toa etna caetacecth nossa a aa a ebeuaunts 2 4 Mittal Private Networking VPN cccsstscosmsamsacosinccsacncsneusateceteeasiacriesamaceeiinanaseneieonds 2 5 Auto Sensing and Auto Uplink LAN Ethernet Connections s es 2 5 Daaa L a hn tins da essai toast ca TAE A E A A A NS E E O N 2 6 Whats in the BOK as seis cacrerdve resarsauii renciedusetacanhiods tontcecdiecatiannadtenngnod ttaenaviwrteslanwn teins 2 6 The Rouior s FION Pie catdi 2 7 The Fodor s Roar Panel rennaise aan NNN 2 8 Chapter 3 Configuring Your Internet Connection Connecting he Router to the Memet sssrssrsisisnssissn ki snieni nr rna 3 1 Manual SONP innana aa ARA 3 2 What You Need Before You Begin aaeussseessrseeerssrrnrererrresrrnnnssererneaernnnnaaeeenreareennnans 3 2 Understanding ADSL Microfiters sacsccsrssccteciasaasiedvenccavn psnaanieteanacavernnnaniwetpanacacciids 3 2 Commis Sette DACP 3 cccctcoveniauteui aie ane eas 3 3 Manually S tting Up Your Modem ROUter siccssiemasincscninsieniaidnn amare 3 4 Auto Detecting Your Internet Connection Type 2 cc ceccceeceeteeeeseeescneescenenseneeceeneoene 3 10 v1 2 October 2006 Wizard Detected PPPoE Login Account Setup 1 0 ccccccesccseeceeeeeeeereeeeeeeeneeeeeiene 3 10 Wizard Detected PPPoA Login Account Setup 0 cccceeeeeeseteeeeeeettteeeeeeenteeeere 3 10 Wizard Detected Dynamic IP Account Setup ccccscceceeseescneeneneneneeersanaanecerenee 3 11 Wizard Detected IP O
136. neeeseeesannnee 6 1 How to Back Up the Configuration toa FIG sivsscesccscnnnssestssncarsntesvnsssaniesansasnanavessssaeess 6 1 How to Restore the Configuration from a File cccscccsceesinccecceessecceeeeesaneeteeresaneees 6 2 How to Erase the Configuration sssissriinserserirssssnisdsoi saninin bian ni o anian i 6 2 Upgrading the Modem Router s Firmware 0 0 ccccecec cesses reesei eeeeenceeneneeeciees 6 2 How to Upgrade the Modem Router Firmware ccccscsssceceeessecneceseneeeseeeeenenenee 6 3 Network Management WOMEN sicceces ssisastecisnasasntervasaasenaivadaaatees saad dentinacaadscenincaneariys 6 4 Viewing Modem Router Status and Usage Statistics 20 0 ceeeeeeeetetteeeeeeeeee 6 4 Viewing Allached DOviCeS ciciicsscnciediiriissscavue seaiaudiuedeiveedued nii E i a 6 9 Viewing Selecting and Saving Logged Information eseeeeeeeeeeeeeeeersseerrrseeeeees 6 9 Examples OF Log INGSSa0 88 ernaria 6 12 Enabling Security Event E mail Notification 2 icic cccccssecciieesesesineseensinassenssiinasennsaees 6 13 Running Diagnostic Utilities and Rebooting the Modem Router 2 0 0eeeee 6 15 Enabling Remote Management scsi coscecsicmsaeicaasadataneuieedeieeiinnsennaiarencc 6 16 Configuring Remote Management ccsiciiaesticeimnsin wdsieipeeee nae 6 16 Chapter 7 Advanced Configuration Configuring Advanced Security aa iesssasesisnadseci s tap teadudintnaaieudadanaariialstnaddehe lepadanlindeaadeiutle 7 1 Setting Up
137. nformation is provided in the Appendices and on the Netgear website Note Product updates are available on the NETGEAR Inc Web site at http kbserver netgear com products DG834G v3 asp This guide uses the following typographical conventions Table 1 1 italics Emphasis books CDs URL names bold User input fixed Screen text file and server names extensions commands IP addresses This guide uses the following formats to highlight special messages Note This format is used to highlight information of importance or special interest Tip This format is used to highlight a procedure that will save time or resources About This Manual 1 1 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G A Warning Ignoring this type of note may result in a malfunction or damage to the equipment A Danger This is a safety warning Failure to take heed of this notice may result in personal injury or death This manual is written for the ADSL Modem Wireless Router according to these specifications Table 1 2 Manual Scope Product Version 54 Mbps ADSL Modem Wireless Router Model DG834G Manual Publication Date October 2006 How to Print this Manual To print this manual you can choose one of the following several options according to your needs e Printing a Page in the HTML View Each page in the HTML
138. ng some online games and videoconferencing applications that are incompatible with NAT The modem router is programmed to recognize some of these applications and to work properly with them but there are other applications that may not function well In some cases one local computer can run the application properly if that computer s IP address is entered as the Default DMZ Server Warning For security reasons you should avoid using the Default DMZ Server feature A When a computer is designated as the Default DMZ Server it loses much of the protection of the firewall and is exposed to many exploits from the Internet If compromised the computer can be used to attack your network Incoming traffic from the Internet is normally discarded by the modem router unless the traffic is a response to one of your local computers or a service that you have configured in the Ports menu Instead of discarding this traffic you can have it forwarded to one computer on your network This computer is called the Default DMZ Server How to Configure a Default DMZ Server To assign a computer or server to be a Default DMZ server follow these steps 1 Log in to the modem router at its default LAN address of http 192 168 0 1 with its default User Name of admin default password of password or using whatever Password and LAN address you have chosen for the modem router 7 2 Advanced Configuration v1 2 October 2006 Reference Manual f
139. ng whatever Password and LAN address you have chosen for the modem router 2 Select the Services link of the Security menu to display the Services menu shown Services Service Table Service Type Ports Add Custom Service il Edit Service Delete Service Figure 5 9 e To create a new Service click the Add Custom Service button 5 12 Protecting Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e To edit an existing Service select its button on the left side of the table and click Edit Service e To delete an existing Service select its button on the left side of the table and click Delete Service 3 Use the page shown below to define or edit a service Services Service Definition Name Type TCP v Start Port Finish Port Back Apply Cancel Figure 5 10 4 Click Apply to save your changes Setting Times and Scheduling Firewall Services The ADSL Modem Wireless Router uses the Network Time Protocol NTP to obtain the current time and date from one of several Network Time Servers on the Internet How to Set Your Time Zone In order to localize the time for your log entries you must specify your Time Zone 1 Log in to the modem router at its default LAN address of http 192 168 0 1 with its default User Name of admin default password of password or using whatever Password and LAN address you have chosen for the modem
140. nge from timed out to reply C gt ping 192 168 0 1 Pinging 192 168 0 1 with 32 bytes of data Reply from 192 168 0 1 bytes 32 time lt ims TTL 64 Reply from 192 168 0 1 bytes 32 time lt ims TTL 64 Reply from 192 168 0 1 bytes 32 time ims TTL 64 Figure B 24 Once the connection is established you can open the browser of the PC and enter the LAN IP address of the VPN router After a short wait you should see the login screen of the VPN router unless another PC already has the VPN router management interface open Note You can use the VPN router diagnostic utilities to test the VPN connection from the VPN router to the client PC Run ping tests from the Diagnostics link of the VPN router main menu NETGEAR VPN Configuration B 27 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Monitoring the VPN Tunnel Telecommuter Example Viewing the PC Client s Connection Monitor and Log Viewer To view information on the progress and status of the VPN client connection open the 54 Mbps ADSL Modem Wireless Router Model DG834G Log Viewer 1 To launch this function click on the Windows Start button then select Programs then 54 Mbps ADSL Modem Wireless Router Model DG834G then Log Viewer mq Note Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel 2 The Conn
141. nt O12 IPsec Si established Retesh GearLog VPNStatus Figure 8 45 b Click VPN Status Figure 8 45 to display the Current VPN Tunnels SAs screen Figure 8 46 Click on Connect for the VPN tunnel you want to activate E Current YPN Tunnels SAs Microsoft Internet Explorer Current VPN Tunnels SAs SPI in SPI Out PolicyName Remote Endpoint Action SLifeTime HLifeTime 2 GtoG _ Connect E Done internet Figure 8 46 c Review the VPN Status Log screen Figure 8 45 to verify that the tunnel is connected Virtual Private Networking 8 47 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Using Manual Policy to Configure VPN Tunnels As an alternative to IKE you may use Manual Keying in which you must specify each phase of the connection A Manual VPN policy requires all settings for the VPN tunnel to be manually input at each end both VPN endpoints Click the VPN Policies link of the main menu and then click the Add Manual Policy radio button to display the Manual Keys menu shown in Figure 8 47 VERON VPN Manual Policy Policy Table Enable Name Type Local Remote ESP General 1 m htocientfAuto 192 168 0 07 3DES Policy Name 255 255 255 0 192 168 0 0 7 192 168 2 0 Remote VPN Endpoint Fi C 2 TOV Auto ooo 255 255 0 255255 255 0 3DES Address Type Fi
142. nternet access If this is the case you will need to close the lI If this is th y ill need to cl he VPN connection in order to have normal Internet access 8 20 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G How to Set Up a Gateway to Gateway VPN Configuration Note This section uses the VPN Wizard to set up the VPN tunnel using the VPNC default parameters listed in Table 8 2 on page 8 5 If you have special requirements not covered by these VPNC recommended parameters refer to How to Set Up VPN Tunnels in Special Circumstances on page 8 38 to set up the VPN tunnel Follow this procedure to configure a gateway to gateway VPN tunnel using the VPN Wizard A 14 15 16 17 DG834G VPN Firewall Figure 8 19 VPN Tunnel 22 23 24 25 da 4 192 168 3 1 B DG834G VPN Firewall CICS E aa PCs Set the LAN IPs on each DG834G v3 to different subnets and configure each properly for the Internet The examples below assume the following settings Virtual Private Networking v1 2 October 2006 8 21 Reference Manual for the ADSL Modem Wireless Router DG834G Table 8 4 VPN Tunnel Configuration Worksheet Connection Name Pre Shared Key Secure Association Main Mode or Manual Keys Perfect Forward Secrecy Enabled or Disabled Encryption Protocol DES or 3DES Authentication Protocol
143. o Gateway VPN Tunnels sasinisiecisseosacessindarseisaire i nadanmisenarnensaeainanie 8 3 Planning a VPN ssacsssiussoncstaessesd edu vesnsabdoevancsdgdievaubiadervvondnedues vabnegueevanieguuedanduiedervaensaduery 8 4 VPN Tunnel OREN SIND isis hice orade rinnen nda Senmadiabnsemantamsstanadebin lahaawendvennatebila 8 6 How to Set Up a Client to Gateway VPN Configuration 0 ccccceeeeeeeeeeeeeenteeeeteenaeees 8 7 Step 1 Configuring the Client to Gateway VPN Tunnel on the DG834G v3 8 7 Step 2 Configuring the NETGEAR ProSafe VPN Client on the Remote PC 8 12 How to Set Up a Gateway to Gateway VPN Configuration ccceeseeeeeenneeeeeeenaes 8 21 EO Teel SOON a eas ienti ait mateaten cto eat aeniatl ae 8 29 Paves irc i a VEN TIME eeneerec ren terer ere teeter rrtrr eer trent eenrr err site tr trrcaitrery treet trrrer etre Tn 8 29 Verifying the Status of a VPN Tinie ccc sscccecouisseeresusesckecdu teserteashrenasusanecauey 8 33 D activating a VPN TUNNEL a tetcarsatstoniin i ois ten dtn siateald rnia NSn EEA ENNEA EENEN EE 8 35 Velenga VFN IMME sikanendcnscinii ni ANN 8 37 How to Set Up VPN Tunnels in Special Circumstances c ccccesssccceceeessceeeeeesseees 8 38 Using Auto Policy to Configure VPN Tunnels ssseeeeseessessseeerrenerrrnssseserreerrrnneeeees 8 38 Using Manual Policy to Configure VPN Tunnels 0 c cccceeeessceeeseeesseeeeeeeeeenees 8 49 Chapter 9 Troubleshooting SSIS FOC ORI si 9 1 Ponor L
144. ober 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Note Refer to Using Auto Policy to Configure VPN Tunnels on page 8 38 to enable the IKE keepalive capability on an existing VPN tunnel 6 Repeat for the DG834G v3 on LAN B and pay special attention to use the following network settings as appropriate e WAN IP of the remote VPN gateway e g 14 15 16 17 e LAN IP settings of the remote VPN gateway IP Address e g 192 168 0 1 Subnet Mask e g 255 255 255 0 Preshared Key e g 12345678 7 Use the VPN Status screen to activate the VPN tunnel by performing the following steps m Note The VPN Status screen is only one of three ways to active a VPN tunnel See y y Activating a VPN Tunnel on page 8 29 for information on the other ways Virtual Private Networking 8 27 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G a Open the DG834G v3 management interface and click on VPN Status to get the VPN Status Log screen Figure 8 27 2004 06 22 22 58 26 2004 06 22 22 58 26 2004 06 22 22 58 26 2004 06 22 22 58 27 GtoG initiating Main Mode GtoG ISAKMP SA established GtoG sent QIZ IPsec SA established GtoG sent Q12 IPsec SA established Retesh GearLog veNsiene Figure 8 27 b Click on VPN Status Figure 8 29 to get the Current VPN Tunnels SAs screen Figure 8 28 Click on Connect
145. odem Wireless Router DG834G e Select IP Over ATM IPoA if your ISP uses Classical IP Addresses RFC1577 Enter the IP address IP Subnet Mask and Gateway IP Addresses that your ISP assigned 4 Domain Name Server DNS Address e Select Get Dynamically from ISP if your ISP uses DHCP to assign your IP address Your ISP will automatically assign this address e Ifyou know that your ISP does not automatically transmit DNS addresses to the modem router during login select Use these DNS servers and enter the IP address of your ISP s Primary DNS Server If a Secondary DNS Server address is available enter it also A DNS server is a host on the Internet that translates Internet names such as www netgear com to numeric IP addresses Typically your ISP transfers the IP address of one or two DNS servers to your modem router during login If the ISP does not transfer an address you must obtain it from the ISP and enter it manually here 5 You should only disable NAT if you are sure you do not require it NAT automatically assigns private IP addresses 192 168 0 x to LAN connected devices When NAT is disabled only standard routing is performed by this router Classical routing lets you directly manage the IP addresses the DG834G v3 uses Classical routing should be selected only by experienced users ___ Note Disabling NAT will reboot the router and reset all the DG834G v3 configuration settings to the factory defa
146. or the ADSL Modem Wireless Router DG834G 2 From the Main Menu under Advanced click the WAN Setup link to view the page shown WAN Setup Connect Automatically as Required C Enable PPPOE RELAY C Disable Port Scan and DOS Protection Cl Default DMZ Server E Fj Respond to Ping on Internet WAN Port MTU Size in bytes 1458 Figure 7 1 Select the Default DMZ Server check box 4 Type the IP address for that server 5 Click Apply to save your changes Connect Automatically as Required Normally this option should be enabled so that an Internet connection will be made automatically whenever Internet bound traffic is detected If this causes high connection costs you can disable this setting If disabled you must connect manually using the sub screen accessed from the Connection Status button on the Status screen If you have an Always on connection this setting has no effect Advanced Configuration 7 3 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Enable PPPoE Relay When enabled this feature allows a PPPoE client on a local PC to a remote PPPoE server with the gateway acting as a relay agent Disable Port Scan and DOS Protection The Firewall protects your LAN against Port Scans and Denial of Service DOS attacks This should be disabled only in special circumstances Respond to Ping on Internet WAN Port If you want the modem router to respond to a
147. outer DG834G Deactivating a VPN Tunnel Sometimes a VPN tunnel must be deactivated for testing purposes There are two ways to deactivate a VPN tunnel e Policy table on VPN Policies page e VPN Status page Using the Policy Table on the VPN Policies Page to Deactivate a VPN Tunnel To use the VPN Policies page to deactivate a VPN tunnel perform the following steps 1 Log in to the Modem Router 2 Open the DG834G v3 management interface and click on VPN Policies to get the VPN Policies screen Figure 8 36 VPN Policies Policy Table Enable Name Type Local Remote ESP 1 M RoadWarrior Auto 192 168 3 1 255 255 255 0 3DES Figure 8 36 3 Clear the Enable check box for the VPN tunnel you want to deactivate and click Apply To reactivate the tunnel check the Enable box and click Apply Using the VPN Status Page to Deactivate a VPN Tunnel To use the VPN Status page to deactivate a VPN tunnel perform the following steps 1 Log in to the Modem Router Virtual Private Networking 8 35 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 2 Open the DG834G v3 management interface and click on VPN Status to get the VPN Status Log screen Figure 8 37 2004 06 22 22 GtoG initiating Main Mode 2004 06 22 22 GtoG ISAKMP SA established 2004 06 22 22 GtoG sent Q12 IPsec 5A established 2004 06 22 22 GtoG sent Q12 IPsec Si established Figure 8 37 3 Click V
148. remote location via the Internet For security you can limit remote management access to a specified remote IP address or range of addresses or you can choose a nonstandard port number Diagnostic functions The modem router incorporates built in diagnostic functions such as Ping DNS lookup and remote reboot These functions allow you to test Internet connectivity and reboot the modem router You can use these diagnostic functions directly from the DG834G v3 when you are connected on the LAN or when you are connected over the Internet via the remote management function Introduction 2 3 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e Visual monitoring The modem router s front panel LEDs provide an easy way to monitor its status and activity e Flash erasable programmable read only memory EPROM for firmware upgrades Protocol Support The DG834G v3 supports Transmission Control Protocol Internet Protocol TCP IP and Routing Information Protocol RIP Internet Networking and TCP IP Addressing in Appendix C provides further information on TCP IP e The Ability to Enable or Disable IP Address Sharing by NAT The DG834G v3 allows several networked PCs to share an Internet account using only a single IP address which may be statically or dynamically assigned by your Internet service provider ISP This technique known as Network Address Translation NAT allows the use of an inexpensive
149. rnet when one of your computers requires access It is not necessary to run a dialer or login application such as Dial Up Networking or Enternet to connect log in or disconnect These functions are performed automatically by the modem router as needed To access the Internet from any computer connected to your modem router launch a browser such as Microsoft Internet Explorer or Netscape Navigator You should see the modem router s Internet LED blink indicating communication to the ISP The browser should begin to display a Web page Configuring Your Internet Connection 3 9 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Auto Detecting Your Internet Connection Type The Web Configuration Manager built in to the modem router contains a Setup Wizard that can automatically determine your network connection type The procedures for filling in the configuration page for each type of connection follow below Wizard Detected PPPoE Login Account Setup If the Setup Wizard determines that your Internet service account uses a login protocol such as PPP over Ethernet PPPoE you will be directed to the PPPoE page shown Login Password Apply Cancel Test Figure 3 10 Enter the PPPoE login user name and password Wizard Detected PPPoA Login Account Setup If the Setup Wizard determines that your Internet service account uses a login protocol such as PPP over ATM PPPoA you will be
150. roubleshooting 9 9 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e Date shown is January 1 2000 Cause The router has not yet successfully reached a Network Time Server Check that your Internet access settings are configured correctly If you have just completed configuring the router wait at least five minutes and check the date and time again e Time is off by one hour Cause The router does not automatically sense Daylight Savings Time In the E mail menu check or uncheck the box marked Adjust for Daylight Savings Time 9 10 Troubleshooting v1 2 October 2006 Appendix A Technical Specifications This appendix provides technical specifications for the 54 Mbps ADSL Modem Wireless Router Model DG834G Network Protocol and Standards Compatibility Data and Routing Protocols Power Adapter North America United Kingdom Australia Europe Japan All regions output Physical Specifications Dimensions Weight Environmental Specifications Operating temperature Operating humidity Electromagnetic Emissions Meets requirements of Interface Specifications LAN WAN TCP IP RIP 1 RIP 2 DHCP PPPoE or PPPoA RFC 1483 Bridged or Routed Ethernet and RFC 1577 Classical IP over ATM 120V 60 Hz input 240V 50 Hz input 230V 50 Hz input 100V 50 60 Hz input 12 V AC 1 0A output 6 9 x 4 7 x 1 1 175 mm x 119 mm x 28 mm 0 7 Ibs 0 3 kg 0 to 40
151. router Protecting Your Network 5 13 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 2 Select the Schedule link of the Security menu to display menu shown below Schedule Days E Every Day Cusvent Time 2002 09 10 02 42 17 Apply Cancel Figure 5 11 3 Select your time zone This setting will be used for the blocking schedule according to your local time zone and for time stamping log entries Select the Adjust for daylight savings time check box if your time zone is currently in daylight savings time Note If your region uses Daylight Savings Time you must manually select Adjust for Daylight Savings Time on the first day of Daylight Savings Time and clear it at the end Enabling Daylight Savings Time will cause one hour to be added to the standard time 4 The modem router has a list of NETGEAR NTP servers If you would prefer to use a particular NTP server as the primary server enter its IP address under Use this NTP Server 5 Click Apply to save your settings 5 14 Protecting Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G How to Schedule Firewall Services If you enabled services blocking in the Block Services menu or Port forwarding in the Ports menu you can set up a schedule for when blocking occurs or when access is not restricted 1 Log in to the modem router at its default LA
152. router If you are using the recommended addressing scheme your computer s address should be in the range of 192 168 0 2 to 192 168 0 254 Refer to Preparing a Computer for Network Access in Appendix C to find your computer s IP address ____ Note If your computer s IP address is shown as 169 254 x x Recent versions of Windows and MacOS will generate and assign an IP address if the computer cannot reach a DHCP server These auto generated addresses are in the range of 169 254 x x If your IP address is in this range check the connection from the computer to the router and reboot your computer If your router s IP address was changed and you do not know the current IP address clear the router s configuration to factory defaults This will set the router s IP address to 192 168 0 1 This procedure is explained in Using the Reset button on page 9 9 Make sure your browser has Java JavaScript or ActiveX enabled If you are using Internet Explorer click Refresh to be sure the Java applet is loaded Try quitting the browser and launching it again Make sure you are using the correct login information The factory default login name is admin and the password is password Make sure that CAPS LOCK is off when entering this information Troubleshooting 9 3 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G If the router does not save changes you have made in the Web
153. rule to allow inbound Web HTTP requests from any outside IP address to the IP address of your Web server at any time of day This rule is shown Inbound Services Service HTTP TCP 80 Action a a Send to LAN Server 192 168 WAN Users mw o A start E finish fo T ii Never Back Cancel Figure 5 5 The parameters are e Service From this list select the application or service to be allowed or blocked The list already displays many common services but you are not limited to these choices Use the Services menu to add any additional services or applications that do not already appear e Action Choose how you want this type of traffic to be handled You can block or allow always or you can choose to block or allow according to the schedule you have defined in the Schedule menu e Send to LAN Server Enter the IP address of the computer or server on your LAN which will receive the inbound traffic covered by this rule Protecting Your Network 5 7 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G e WAN Users These settings determine which packets are covered by the rule based on their source WAN IP address Select the desired option Any all IP addresses are covered by this rule Address range if this option is selected you must enter the Start and Finish fields Single address enter the required address in the Start field e Log You can select whe
154. ryption Strength Automatic Open System oe f Shared Ke Passphrase Ky Key 2 O Key3O si Key 4 O Figure 4 6 5 Select the Authentication Type 6 Select the Encryption Strength setting Wireless Configuration 4 13 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Enter the encryption keys You can manually or automatically program the four data encryption keys These values must be identical on all computers and Access Points in your network e Automatic enter a word or group of printable characters in the Passphrase box and click the Generate button The four key boxes will be automatically populated with key values e Manual enter hexadecimal digits any combination of 0 9 a f or A F Select which of the four keys will be active Select the radio button for the key you want to make active Be sure you clearly understand how the WEP key settings are configured in your wireless adapter Wireless adapter configuration utilities such as the one included in Windows XP only allow entry of one key which must match the default key you set in the DG834G v3 Click Apply to save your settings Note When configuring the modem router from a wireless computer if you configure WEP settings you will lose your wireless connection when you click Apply You must then either configure your wireless adapter to match the modem router WEP settings or access the modem rou
155. s from the Internet e Your computer may not recognize any DNS server addresses A DNS server is a host on the Internet that translates Internet names such as www addresses to numeric IP addresses Typically your ISP will provide the addresses of one or two DNS servers for your use If you entered a DNS address during the modem router s configuration reboot your computer and verify the DNS address as described in Preparing a Computer for Network Access in Appendix C Alternatively you can configure your computer manually with DNS addresses as explained in your operating system documentation e Your computer may not have the modem router configured as its TCP IP modem router If your computer obtains its information from the modem router by DHCP reboot the computer and verify the modem router address as described in Preparing a Computer for Network Access in Appendix C Troubleshooting a TCP IP Network Using the Ping Utility Most TCP IP terminal devices and routers contain a ping utility that sends an echo request packet to the designated device The device then responds with an echo reply Troubleshooting a TCP IP network is made very easy by using the ping utility in your computer Testing the LAN Path to Your Router You can ping the router from your computer to verify that the LAN path to your router is set up correctly To ping the router from a PC running Windows 95 or later 1 From the Windows toolbar click
156. s Router DG834G The Use of a Fully Qualified Domain Name FQDN Many ISPs Internet Service Providers provide connectivity to their customers using dynamic instead of static IP addressing This means that a user s IP address does not remain constant over time which presents a challenge for gateways attempting to establish VPN connectivity A Dynamic DNS DDNS service allows a user whose public IP address is dynamically assigned to be located by a host or domain name It provides a central public database where information such as email addresses host names and IP addresses can be stored and retrieved Now a gateway can be configured to use a 3 party service in lieu of a permanent and unchanging IP address to establish bi directional VPN connectivity To use DDNS you must register with a DDNS service provider Example DDNS Service Providers include e DynDNS www dyndns org e TZO com netgear tzo com e ngDDNS ngddns iego net In this example Gateway A is configured using an example FQDN provided by a DDNS Service provider In this case we established the hostname dg834g dyndns org for gateway A using the DynDNS service Gateway B will use the DDNS Service Provider when establishing a VPN tunnel In order to establish VPN connectivity Gateway A must be configured to use Dynamic DNS and Gateway B must be configured to use a DNS hostname to find Gateway A provided by a DDNS Service Provider Again the following step by step pro
157. s button on the left side of the table and click Move At the script prompt enter the number of the desired new position and click OK Inbound Rules Port Forwarding Because the DG834G v3 uses Network Address Translation NAT your network presents only one IP address to the Internet and outside users cannot directly address any of your local computers However by defining an inbound rule you can make a local server for example a Web server or game server visible and available to the Internet The rule tells the modem router to direct inbound traffic for a particular service to one local server based on the destination port number This is also known as port forwarding ____ Note Some residential broadband ISP accounts do not allow you to run any server processes such as a Web or FTP server from your location Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to the Acceptable Use Policy of your ISP 5 6 Protecting Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Remember that allowing inbound services opens holes in your firewall Only enable those ports that are necessary for your network Following are two application examples of inbound rules Inbound Rule Example A Local Public Web Server If you host a public Web server on your local network you can define a
158. s field displays the Ethernet MAC address being used by the Internet ADSL port of the modem router This field displays the IP address being used by the Internet ADSL port of the modem router If no address is shown the modem router cannot connect to the Internet The network type depends is determined by your ISP Common network types are PPPoE and PPPOA This field displays the IP Subnet Mask being used by the Internet ADSL port of the modem router This field displays the DNS Server IP addresses being used by the modem router These addresses are usually obtained dynamically from the ISP LAN Port MAC Address IP Address DHCP IP Subnet Mask These parameters apply to the Local ADSL port of the modem router This field displays the Ethernet MAC address being used by the Local LAN port of the modem router This field displays the IP address being used by the Local LAN port of the modem router The default is 192 168 0 1 If OFF the modem router will not assign IP addresses to PCs on the LAN If ON the modem router will assign IP addresses to PCs on the LAN This field displays the IP Subnet Mask being used by the Local LAN port of the modem router The default is 255 255 255 0 Modem ADSL Firmware Version Modem Status These parameters apply to the Local WAN port of the modem router The version of the firmware The connection status of the modem Managing Your Network 6
159. s how often to send the logs Hourly Daily Weekly or When Full Day for sending log Specifies which day of the week to send the log Relevant when the log is sent weekly or daily Time for sending log Specifies the time of day to send the log Relevant when the log is sent daily or weekly If the Weekly Daily or Hourly option is selected and the log fills up before the specified period the log is automatically e mailed to the specified e mail address After the log is sent it is cleared from the modem router s memory If the modem router cannot e mail the log file the log buffer may fill up In this case the modem router overwrites the log and discards its contents 6 14 Managing Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Running Diagnostic Utilities and Rebooting the Modem Router The ADSL Modem Wireless Router has a diagnostics feature You can use the diagnostics menu to perform the following functions from the modem router e Ping an IP Address to test connectivity to see if you can reach a remote host If Ping VPN is enabled the ping packet always goes through the VPN if the VPN tunnel is enabled and working e Perform a DNS Lookup to test if an Internet name resolves to an IP address to verify that the DNS server configuration is working e Display the Routing Table to identify what other modem routers the modem router is communicating with e Reboot
160. se Because this is a relatively new standard wireless device driver and software availability may be limited Wireless Configuration 4 3 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Understanding Wireless Settings To configure the Wireless interface of your modem router click the Wireless Settings link in the Setup section of the main menu The Wireless Settings menu will appear similar to that shown below Wireless Settings Wireless Network Name SSID NETGEAR Region Select Region M Channel 11 Mode gab v Wireless Access Point v Enable Wireless Access Point v Allow Broadcast of Name SSID C Wireless Isolation Wireless Station Access List Setup Access List Security Options Disable O WEP Wired Equivalent Privacy O WPA PSK Wi Fi Protected Access Pre Shared Key OWPA2 PSK Ni Fi Protected Access 2 with Pre Shared Key OWPA PSK WPA2 PSK O WPA 802 1x O WPA2 802 1x OWPA 802 1x WPA2 802 1x Figure 4 2 4 4 Wireless Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G The following parameters are in the Wireless Settings menu e Wireless Network Name SSID The Service Set ID also known as the wireless network name Enter a value of up to 32 alphanumeric characters The same Name SSID must be assigned to all wireless devices in your network The default SSID is NETG
161. se harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures e Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help Federal Communications Commission FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment In order to avoid the possibility of exceeding the FCC radio frequency exposure limits human proximity to the antenna shall not be less than 20 cm 8 inches during normal operation v1 2 October 2006 European Union Statement of Compliance Hereby NETGEAR Inc declares that this modem router is in compliance with the essential requirements and other relevant provisions of Directive 1999 S EC Eesky NETGEAR Inc timto prohlaSuje Ze tento 54 Mbps ADSL Modem Wireless Router Czech Model DG834G je ve shodi se z kladn mi po adavky a dal mi p slu n mi ustanovenimi smirnice 1999 5 ES Dansk Undertegnede NETGEAR Inc erkl rer herved at f lgende udstyr 54 Mbps ADSL Danish Modem Wireless Router Model DG834G overhol
162. select the type of target end point and click Next to proceed Enter the new Connection Name e g GtoG VPN Wizard Step 1 of 3 Connection Name and Remote IP Type What le Hie nes Enter the pre shared key onnection Name What is the pre shared me 1 C O e g 12345678 key This VPN tunnel will Aremote VPN Gateway connect to C Aremote VPN client nie oe Select the radio button A remote VPN Gateway Back Next Cancel Figure 8 21 Virtual Private Networking 8 23 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 3 Fill in the IP Address or FQDN for the target VPN endpoint WAN connection and click Next Enter the WAN IP address of the Step 2 of 3 Remote IP address or the Internet name remote VPN gateway e g 3 22 23 24 25 VPN Wizard What is the remote WAN s IP address or Internet name Back Next Cancel Figure 8 22 4 Identify the IP addresses at the target endpoint which can use this tunnel and click Next Enter the LAN IP settings of the remote VPN gateway e IP Address e g 192 168 3 1 e Subnet Mask e g 255 255 255 0 VPN Wizard Step 3 of 3 Secure Connection Remote Accessibility Whatis the remote LAN IP address and Subnet Mask IP Address Subnet Mask Back Next Cancel Figure 8 23 8 24 Virtual Private Networking v1 2 October 2006 Reference Manual for the
163. sent MR3 ISAKMP SA establ 2005 05 24 20 46 35 fromDG834G responding to Quick Mode 2005 05 24 20 46 36 fromDG834G IPsec SA established 2005 05 24 20 50 41 deleting connection fromPG834G instan 2005 05 24 20 50 41 deleting connection fromPG834G 2005 05 24 20 50 41 shutting down interface ipsecO pppO 67 2005 05 24 20 50 42 added connection description fromDG834 2005 05 24 20 50 42 adding interface ipsecO pppO 67 116 6 4 af Refresh Clear Log VPN Status Figure B 26 NETGEAR VPN Configuration B 29 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 2 To view the VPN tunnels status click the VPN Status link on the right side of the main menu Current YPN Tunnels SAs SPI In SPI Out Policy Name Remote Endpoint Action SLifeTime HLifeTime aa185e44 afabffch fromDG834G 66 120 188 152 Drop 3289 3287 Figure B 27 B 30 v1 2 October 2006 NETGEAR VPN Configuration Reference Manual for the ADSL Modem Wireless Router DG834G NETGEAR VPN Configuration B 31 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G B 32 NETGEAR VPN Configuration v1 2 October 2006 Appendix C Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product Do
164. server on the remote LAN e Range address enter the starting IP address in the Single Start IP address field and the finish IP address in the Finish IP address field This must be an address range used on the remote LAN e Subnet address enter an IP address in the Single Start IP address field and the desired network mask in the Subnet Mask field e Any any outgoing traffic from the Local IP computers will trigger an attempted VPN connection to the remote VPN endpoint Please be sure you want this option before selecting it The remote VPN endpoint must have these IP addresses entered as its Local addresses IKE Direction Type this setting is used when determining if the IKE policy matches the current traffic Select the desired option e Responder only incoming connections are allowed but outgoing connections will be blocked e Initiator and Responder both incoming and outgoing connections are allowed Exchange Mode ensure the remote VPN endpoint is set to use Main Mode Diffie Hellman DH Group the Diffie Hellman algorithm is used when exchanging keys The DH Group setting determines the number of bit size used in the exchange This value must match the value used on the remote VPN Gateway Local Identity Type select the desired option to match the Remote Identity Type setting on the remote VPN endpoint e WAN IP Address your Internet IP address e Fully Qualified Domain Name your domai
165. sirable to restore the modem router to the factory default settings This can be done by using the Erase function 1 To erase the configuration from the Maintenance menu Settings Backup link click the Erase button on the screen 2 The modem router will then reboot automatically After an erase the modem router s password will be password the LAN IP address will be 192 168 0 1 and the modem router s DHCP client will be enabled Note To restore the factory default configuration settings without knowing the login password or IP address you must use the Default Reset button on the rear panel of the modem router See The Router s Rear Panel on page 2 8 Upgrading the Modem Router s Firmware The software of the ADSL Modem Wireless Router is stored in FLASH memory and can be upgraded as new software is released by NETGEAR Upgrade files can be downloaded from NETGEAR s Web site If the upgrade file is compressed ZIP file you must first extract the binary BIN or IMG file before uploading it to the modem router 6 2 Managing Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G How to Upgrade the Modem Router Firmware NETGEAR recommends that you back up your configuration before doing a firmware upgrade After the upgrade is complete you may need to restore your configuration settings 1 Download and unzip the new software file from NETGEAR The W
166. ss gt where lt P address gt is the IP address of a remote device such as your ISP s DNS server If the path is functioning correctly replies as in the previous section are displayed If you do not receive replies Check that your PC has the IP address of your router listed as the default modem router If the IP configuration of your PC is assigned by DHCP this information will not be visible in your PC s Network Control Panel Verify that the IP address of the router is listed as the default modem router as described in Preparing a Computer for Network Access in Appendix C Check to see that the network address of your PC the portion of the IP address specified by the netmask is different from the network address of the remote device Check that your cable or DSL modem is connected and functioning 9 8 Troubleshooting v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G If your ISP assigned a host name to your PC enter that host name as the Account Name in the Basic Settings menu Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs Many broadband ISPs restrict access by only allowing traffic from the MAC address of your broadband modem but some ISPs additionally restrict access to the MAC address of a single PC connected to that modem If this is the case you must configure your router to clone or spoof the MAC address from th
167. stating The NETGEAR ProSafe VPN Component requires at least one dial up adapter be installed You can disregard this message e Install the IPSec Component You may have the option to install either the VPN Adapter or the IPSec Component or both The VPN Adapter is not necessary e The system should show the ProSafe icon RS in the system tray after rebooting e Double click the system tray icon to open the Security Policy Editor 2 Add anew connection a Run the NETGEAR ProSafe Security Policy Editor program and using the VPN Tunnel Configuration Worksheet on page 8 8 create a VPN Connection 8 12 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G b From the Edit menu of the Security Policy Editor click Add then Connection I security Policy Editor NETGEAR ProSafe YPN Client ol Eile Edit Options Help ialmlo x tal 14 NETGEAR N Network Security Policy E L My Connections Gb toDG834 By Other Connections Secure I Only Connect Manually Remote Party Identity and Addressing ID Type iP Subnet gt Subnet 192 168 3 1 Mask 255 255 255 0 Protocol All v Port All z IM Connect using Secure Gateway Tunnel ID Type IP Address v 22 23 24 25 C Norsecure C Block Connection Security Figure 8 9 A New Connection listing appears in the list of policies Rename the New Connection so that it m
168. t Messenger during that blocked period Outbound Services Service AIM TCP 5130 z Action BLOCK by schedule otherwise allow z LAN users ay start fo fo fo finish fo fo b WAN Users Any 7 Back Cancel Figure 5 7 The parameters are e Service From this list select the application or service to be allowed or blocked The list already displays many common services but you are not limited to these choices Use the Add Custom Service feature to add any additional services or applications that do not already appear e Action Choose how you want this type of traffic to be handled You can block or allow always or you can choose to block or allow according to the schedule you have defined in the Schedule menu e LAN Users These settings determine which packets are covered by the rule based on their source LAN IP address Select the desired option Any all IP addresses are covered by this rule Address range if this option is selected you must enter the Start and Finish fields Single address enter the required address in the Start field 5 10 Protecting Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G destination WAN IP address Select the desired Any all IP addresses are covered by this Single address enter the required addres Log You can select whether the traffic will be logged Order of Precedence for R
169. t a service provider and obtain an account with them After you have configured your account information in the router whenever your ISP assigned IP address changes your router will automatically contact your dynamic DNS service provider log in to your account and register your new IP address How to Configure Dynamic DNS Warning If your ISP assigns a private WAN IP address such as 192 168 x x or 10 x x x A the dynamic DNS service will not work because private addresses will not be routed on the Internet 1 Log in to the router at its default LAN address of http 192 168 0 1 with its default User Name of admin default password of password or using whatever User Name Password and LAN address you have chosen for the router Advanced Configuration 7 9 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 2 From the Main Menu of the browser interface under Advanced select Dynamic DNS to display the page below Dynamic DNS C Use a Dynamic DNS Service Service Provider www DynDNS org Y Host Name User Name Password Cluse Wildcards Figure 7 4 3 Access the Web site of one of the dynamic DNS service providers whose names appear in the Service Provider box and register for an account For example for dyndns org go to www dyndns org 4 Select the Use a dynamic DNS service check box Select the name of your dynamic DNS Service Provider 6 Type
170. t to your LAN The section below explains how to configure your modem router to perform these functions How to Block Keywords and Sites The ADSL Modem Wireless Router allows you to restrict access to Internet content based on functions such as Web addresses and Web address keywords 1 Log in to the modem router at its default LAN address of http 192 168 0 1 with its default User Name of admin default password of password or using whatever Password and LAN address you have chosen for the modem router Protecting Your Network 5 3 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 2 Select the Block Sites link of the Security menu 3 4 Block Sites Keyword Blocking O Never O Per Schedule Always Type Keyword or Domain Name Here Add Keyword Block Sites Containing these Keywords or Domain Names Delete Keyword Clear List Allow Trusted IP Address to Visit Blocked Sites Trusted IP Address Figure 5 3 To enable keyword blocking select one of the following e Per Schedule to turn on keyword blocking according to the settings on the Schedule page e Always to turn on keyword blocking all of the time independent of the Schedule page Enter a keyword or domain in the Keyword box click Add Keyword then click Apply Some examples of Keyword application follow e Ifthe keyword XXX is specified the URL lt http www badstuff
171. ter from a wired computer to make any further changes How to Configure WPA PSK WPA2 PSK Security Note Not all wireless adapters support WPA Consult the product document for your wireless adapter for instructions on configuring WPA settings To configure WPA PSK or WPA2 PSK follow these steps 1 Log in at the default LAN address of http 192 168 0 1 with the default user name of admin and default password of password or using whatever LAN address and password you have set up Click Wireless Settings in the Setup section of the main menu of the DG834G v3 Choose the WPA PSK WPA2 PSK or WPA PSK WPA2 PSK radio button The WPA PSK WPA2 PSK option is the most flexible as it allows wireless clients to use either WPA PSK or WPA2 PSK protocol The Security Encryption section will be displayed Enter the pre shared key in the Passphrase field 4 14 Wireless Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 5 Click Apply to save your settings How to Configure WPA 802 1x WPA2 802 1x Security Note Not all wireless adapters support WPA Consult the product document for your wireless adapter for instructions on configuring WPA settings To configure WPA 802 1x WPA2 802 1x follow these steps 1 Log in at the default LAN address of http 192 168 0 1 with the default user name of admin and default password of password or using wha
172. tever LAN address and password you have set up 2 Click Wireless Settings in the Setup section of the main menu of the DG834G v3 Choose the WPA 802 1x WA2 802 1x or WPA 802 1x WPA2 802 1x radio button The WPA 802 1x WPA2 802 1x option is the most flexible as it allows wireless clients to use either WPA 802 1x or WPA2 802 1x protocol The page will display the WPA 802 1x WPA2 802 1x section Enter the Radius server name IP address Enter the Radius port number Enter the Shared Key a A we Click Apply to save your settings Wireless Configuration 4 15 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 4 16 v1 2 October 2006 Wireless Configuration Chapter 5 Protecting Your Network This chapter describes how to use the basic firewall features of the 54 Mbps ADSL Modem Wireless Router Model DG834G to protect your network Protecting Access to Your 54 Mbps ADSL Modem Wireless Router Model DG834G For security reasons the modem router has its own user name and password Also after a period of inactivity for a set length of time the administrator login will automatically disconnect When prompted enter admin for the modem router User Name and password for the modem router Password You can use procedures below to change the modem router s password and the amount of time for the administrator s login timeout Note The user name and password are not the same as any user name
173. th routers This case study follows the VPN Consortium interoperability profile guidelines found at http www vpnce org InteropProfiles Interop 01 html Configuration Profile The configuration in this document follows the addressing and configuration mechanics defined by the VPN Consortium Gather all the necessary information before you begin the configuration process Verify whether the firmware is up to date all of the addresses that will be necessary and all of the parameters that need to be set on both sides Check that there are no firewall restrictions B 6 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Table B 2 Profile Summary VPN Consortium Scenario Scenario 1 Type of VPN LAN to LAN or Gateway to Gateway not PC Client to Gateway Security Scheme IKE with Preshared Secret Key not Certificate based IP Addressing NETGEAR Gateway A Fully Qualified Domain Name FQDN NETGEAR Gateway B FDQN 10 5 6 0 24 VPNC Example 172 23 9 0 24 Network Interface Addressing Gateway B WAN IP yo IP INTI m fvl328 dyndns org dg834g dyndns org DG834G FQDN FQDN FVL328 Gateway A Figure B 5 Note Product updates are available on the NETGEAR Inc web site at http kbserver netgear com DG834G v3 asp NETGEAR VPN Configuration B 7 v1 2 October 2006 Reference Manual for the ADSL Modem Wireles
174. the Host Name that your dynamic DNS service provider gave you The dynamic DNS service provider may call this the domain name If your URL is myName dyndns org then your Host Name is myName 7 Type the User Name for your dynamic DNS account Type the Password or key for your dynamic DNS account If your dynamic DNS provider allows the use of wildcards in resolving your URL you can select the Use wildcards check box to activate this feature For example the wildcard feature will cause yourhost dyndns org to be aliased to the same IP address as yourhost dyndns org 10 Click Apply to save your configuration 7 10 Advanced Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Using Static Routes Static Routes provide additional routing information to your router Under normal circumstances the router has adequate routing information after it has been configured for Internet access and you do not need to configure additional static routes You must configure static routes only for unusual cases such as multiple routers or multiple IP subnets located on your network Static Route Example As an example of when a static route is needed consider the following case e Your primary Internet access is through a cable modem to an ISP e You have an ISDN router on your home network for connecting to the company where you are employed This router s address on your LAN is 192 168 0 1
175. the Start button and select Run 2 In the field provided type Ping followed by the IP address of the router as in this example ping 192 168 0 1 3 Click OK You should see a message like this one Pinging lt IP address gt with 32 bytes of data Troubleshooting 9 7 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G If the path is working you see this message Reply from lt IP address gt bytes 32 time NN ms TTL xxx If the path is not working you see this message Request timed out If the path is not functioning correctly you could have one of the following problems e Wrong physical connections Make sure the LAN port LED is on If the LED is off follow the instructions in LAN or Internet Port LEDs Not On on page 9 2 Check that the corresponding Link LEDs are on for your network interface card and for the hub ports if any that are connected to your workstation and router e Wrong network configuration Verify that the Ethernet card driver software and TCP IP software are both installed and configured on your PC or workstation Verify that the IP address for your router and your workstation are correct and that the addresses are on the same subnet Testing the Path from Your Computer to a Remote Device After verifying that the LAN path works correctly test the path from your PC to a remote device From the Windows run menu type PING n 10 lt IP addre
176. the following features A built in ADSL modem A powerful true firewall 802 11g standards based wireless networking Easy Web based setup for installation and management Extensive Internet protocol support Trustworthy VPN Communications over the Internet VPN Wizard for easy VPN configuration Auto Sensing and Auto Uplink LAN Ethernet connections Content filtering Wi Fi Multimedia WMM QoS Quality of Service to prioritize voice and video traffic These features are discussed below A Powerful True Firewall Unlike simple Internet sharing NAT routers the DG834G V3 is a true firewall using stateful packet inspection to defend against hacker attacks Its firewall features include Denial of Service DoS protection Automatically detects and thwarts Denial of Service DoS attacks such as Ping of Death SYN Flood LAND Attack and IP Spoofing Blocks unwanted traffic from the Internet to your LAN Blocks access from your LAN to Internet locations or services that you specify as off limits Logs security incidents The DG834G v3 will log security events such as blocked incoming traffic port scans attacks and administrator logins You can configure the modem router to email the log to you at specified intervals You can also configure the modem router to send immediate alert messages to your email address or email pager whenever a significant event occurs 2 2 Introduction v1 2 October 2006 Reference Manual for th
177. ther the traffic will be logged The choices are Never no log entries will be made for this service Always any traffic for this service type will be logged Match traffic of this type which matches the parameters and action will be logged Not match traffic of this type which does not match the parameters and action will be logged Inbound Rule Example Allowing Videoconferencing If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses such as from a branch office you can create an inbound rule In the example shown here CU SeeMe connections are allowed only from a specified range of external IP addresses In this case we have also specified logging of any incoming CU SeeMe requests that do not match the allowed parameters Inbound Services Service CU SEEME TCP UDP 7648 Action aLowaways H Send to LAN Server t32 ss J0 fit WAN Users Address Range v start 134 Ji 88 finish 134 iv J88 254 isi Not Match Back Cancel Figure 5 6 5 8 Protecting Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Considerations for Inbound Rules If your external IP address is assigned dynamically by your ISP the IP address may change periodically as the DHCP lease expires Consider using the Dynamic DNS feature in the Advanced menu so that external users can always find your network
178. to do these tasks How to Back Up the Configuration to a File 1 Log in to the modem router at its default LAN address of http 192 168 0 1 with its default User Name of admin default password of password or using whatever User Name Password and LAN address you have chosen for the modem router 2 From the Maintenance heading of the Main Menu select the Backup Settings menu shown Backup Settings Save a Copy of Current Settings Restore Saved Settings from a File Revert to Factory Default Settings E Figure 6 1 3 Click Backup to save a copy of the current settings 4 Store the cfg file on a computer on your network Managing Your Network 6 1 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G How to Restore the Configuration from a File 1 Log in to the modem router at its default LAN address of http 192 168 0 1 with its default User Name of admin default password of password or using whatever User Name Password and LAN address you have chosen for the modem router 2 From the Maintenance heading of the Main Menu select the Settings Backup menu Enter the full path to the file on your network or click the Browse button to locate the file 4 When you have located the cfg file click the Restore button to upload the file to the modem router 5 The modem router will then reboot automatically How to Erase the Configuration It is sometimes de
179. tocol to define the authentication scheme and automatically generate the encryption keys e Manual Policy for a Manual Keying setup in which you must specify each phase of the connection see Using Manual Policy to Configure VPN Tunnels on page 8 49 Manual Policy does not use IKE Rather you manually enter all the authentication and key parameters You have more control over the process however the process is more complex and there are more opportunities for errors or configuration mismatches between your DG834G v3 and the corresponding VPN endpoint gateway or client workstation Using Auto Policy to Configure VPN Tunnels You need to configure matching VPN settings on both VPN endpoints The outbound VPN settings on one end must match to the inbound VPN settings on other end and vice versa See Example of Using Auto Policy on page 8 43 for an example of using Auto Policy Configuring VPN Network Connection Parameters All VPN tunnels on the ADSL Modem Wireless Router require configuring several network parameters This section describes those parameters and how to access them The most common configuration scenarios will use IKE to manage the authentication and encryption keys The IKE protocol performs negotiations between the two VPN endpoints to automatically generate and update the required encryption parameters Click the VPN Policies link of the main menu and then click the Add Auto Policy button to display the VPN
180. tual Private Networking 8 29 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 3 Click on VPN Status Figure 8 29 to get the Current VPN Tunnels SAs screen Figure 8 30 Click on Connect for the VPN tunnel you want to activate Curren t YPN Tunnels SAs Microsoft Internet Explorer Current VPN Tunnels SAs SPI In SPI Out PolicyName Remote Endpoint Action SLifeTime HLifeTime 28185844 afdbffcb fromDG834G 686 120 188 152 Drop 3289 3287 Internet Figure 8 30 Activate the VPN Tunnel by Pinging the Remote Endpoint Note This section uses 192 168 3 1 for an example remote endpoint LAN IP address To activate the VPN tunnel by pinging the remote endpoint e g 192 168 3 1 do the following steps depending on whether your configuration is client to gateway or gateway to gateway e Client to Gateway Configuration to check the VPN Connection you can initiate a request from the remote PC to the DG834G v3 s network by using the Connect option in the NETGEAR ProSafe menu bar The NETGEAR ProSafe client will report the results of the attempt to connect Since the remote PC has a dynamically assigned WAN IP address it must initiate the request To perform a ping test using our example start from the remote PC a Establish an Internet connection from the PC b On the Windows taskbar click the Start button and then click Run
181. tunnel is enabled VPN Policies Policy Table Te Enable Name Type Local Remote ESP 1 RoadWarrior Auto 192 168 3 1 255 255 255 0 3DES Figure 8 8 Virtual Private Networking 8 11 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G To view or modify the tunnel settings select the radio button next to the tunnel entry and click Edit Note Refer to Using Auto Policy to Configure VPN Tunnels on page 8 38 to enable the IKE keepalive capability on an existing VPN tunnel Step 2 Configuring the NETGEAR ProSafe VPN Client on the Remote PC This procedure describes how to configure the NETGEAR ProSafe VPN Client We will assume the PC running the client has a dynamically assigned IP address The PC must have the NETGEAR ProSafe VPN Client program installed that supports IPSec Go to the NETGEAR website http www netgear com and select VPN01L_VPNOSL in the Product Quick Find drop down menu for information on how to purchase the NETGEAR ProSafe VPN Client Note Before installing the NETGEAR ProSafe VPN Client software be sure to turn off any virus protection or firewall software you may be running on your PC 1 Install the NETGEAR ProSafe VPN Client on the remote PC and reboot e You may need to insert your Windows CD to complete the installation e Ifyou do not have a modem or dial up adapter installed in your PC you may see the warning message
182. tus and usage information which is discussed below Viewing Modem Router Status and Usage Statistics From the Main Menu under Maintenance click Modem Router Status to view this screen Router Status Account Name Firmware Version V3 01 25 ADSL Port MAC Address 00 0f b5 c6 0e 91 IP Address ooo Network Type PPPoE IP Subnet Mask Gateway IP Address Domain Name Server LAN Port MAC Address 00 0f b5 c6 0e 90 IP Address 192 168 0 1 DHCP On IP Subnet Mask 255 255 255 0 Modem ADSL Firmware Version 4 01 02 00 Modem Status Connecting DownStream Connection Speed 0 kbps UpStream Connection Speed 0 kbps VPI 0 vcl 35 Wireless Port Name SSID ztopgun Region USA Channel 11 Wireless AP Enabled Broadcast Name Enabled Show Statistics Connection Status Figure 6 3 The Modem Router Status menu provides status and usage information 6 4 Managing Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G This screen shows the following parameters Table 6 1 Menu 3 2 Modem Router Status Fields Field Description Account Name The Host Name assigned to the modem router in the Basic Settings menu Firmware Version ADSL Port MAC Address IP Address Network Type IP Subnet Mask Domain Name Server DNS This field displays the modem router firmware version These parameters apply to the Internet ADSL port of the modem router Thi
183. ules As you define new rules they are added to the table WAN Users These settings determine which packets are covered by the rule based on their option rule Address range if this option is selected you must enter the Start and Finish fields s in the Start field logged The choices are Never no log entries will be made for this service Always any traffic for this service type will be logged Match traffic of this type that matches the parameters and action will be logged Not match traffic of this type that does not match the parameters and action will be s in the Rules menu as shown utbound Services T Enable Serice Name Action LAN Users WAN Servers Log 1 Vv AIM BLOCK by schedule Any Any Match Deraut Yes Any ALLOW always Any Any Never Add Edit Move Delete Inbound Services Enable Service Name Action LAN Server IP address WAN Users Log ce 1 Vv CU SEEME ALLOW always 192 168 0 11 134 177 88 1 134 177 88 254 Not Match 2 Vv HTTP ALLOW always 192 168 0 99 Any Never Default Yes Any BLOCK always Any Match Add Edit Move Delete Figure 5 8 Protecting Your Network v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G For any traffic attempting to pass through the firewall the packet information is subjected to the rules in the order shown in the Rules Table beginning at
184. ult Disable NAT only if you plan to install the DG834G v3 in a setting where you will be manually administering the IP address space on the LAN side of the router 6 NAT automatically assigns private IP addresses 192 168 0 x to LAN connected devices When NAT is disabled only standard routing is performed by this router Classical routing lets you directly manage the IP addresses the DG834G v3 uses Classical routing should be selected only by experienced users ____ Note Disabling NAT will reboot the router and reset all the DG834G v3 configuration settings to the factory default Disable NAT only if you plan to install the DG834G v3 in a setting where you will be manually administering the IP address space on the LAN side of the router The Disable Firewall option disables the firewall in addition to disabling NAT The Disable option leaves the firewall active With the firewall disabled the protections normally provided to your network will be disabled 3 18 Configuring Your Internet Connection v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 7 Modem Router MAC Address This section determines the Ethernet MAC address that will be used by the modem router on the Internet port Some ISPs will register the Ethernet MAC address of the network interface card in your computer when your account is first opened They will then only accept traffic from the MAC addr
185. using the Network Neighborhood feature of Windows Reserved IP addresses When you specify a reserved IP address for a computer on the LAN that computer will always receive the same IP address each time it access the router s DHCP server Reserved IP addresses should be assigned to servers that require permanent IP settings To reserve an IP address 1 2 Click the Add button In the IP Address box type the IP address to assign to the computer or server Choose an IP address from the router s LAN subnet such as 192 168 0 x Type the MAC Address of the computer or server gt Tip If the computer is already present on your network you can copy its MAC o address from the Attached Devices menu and paste it here Advanced Configuration 7 7 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 4 Click Apply to enter the reserved address into the table Note The reserved address will not be assigned until the next time the computer contacts the router s DHCP server Reboot the computer or access its IP configuration and force a DHCP release and renew To edit or delete a reserved address entry 1 2 Click the button next to the reserved address you want to edit or delete Click Edit or Delete How to Configure LAN TCP IP Settings 1 Log in to the router at its default LAN address of http 192 168 0 1 with its default User Name of admin defau
186. ustration and explanation of the LEDs 2 Verify that the Test LED lights within a few seconds indicating that the self test procedure is running 3 After approximately 10 seconds verify that a The Test LED is not lit b The LAN port LEDs are lit for any local ports that are connected Troubleshooting 9 1 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G c The WAN port LED is lit If a port s LED is lit a link has been established to the connected device If a LAN port is connected to a 100 Mbps device verify that the port s LED is green If the port is 10 Mbps the LED will be amber If any of these conditions does not occur refer to the appropriate following section Power LED Not On If the Power and other LEDs are off when your router is turned on e Make sure that the power cord is properly connected to your router and that the power supply adapter is properly connected to a functioning power outlet e Check that you are using the 12 V DC power adapter supplied by NETGEAR for this product If the error persists you have a hardware problem and should contact technical support Test LED Never Turns On or Test LED Stays On When the router is turned on the Test LED turns on for about 10 seconds and then turns off If the Test LED does not turn on or if it stays on there is a fault within the router If you experience problems with the Test LED e Cycle the power to see
187. vate networking VPN features of the ADSL Modem Wireless Router VPN communications paths are called tunnels VPN tunnels provide secure encrypted communications between your local network and a remote network or computer See Virtual Private Networking VPN in Appendix C to learn more about VPN This chapter is organized as follows Overview of VPN Configuration on page 8 2 provides an overview of the two most common VPN configurations Client to Gateway and Gateway to Gateway Planning a VPN on page 8 4 provides a worksheet for recording the configuration parameters of the VPN you want to set up along with the VPN Committee VPNC recommended default parameters set by the VPN Wizard VPN Tunnel Configuration on page 8 6 summarizes the three ways to configure a VPN tunnel VPN Wizard recommended for most situations Auto Policy and Manual Policy How to Set Up a Client to Gateway VPN Configuration on page 8 7 provides the steps needed to configure a VPN tunnel between a remote PC and a network gateway using the VPN Wizard and the NETGEAR ProSafe VPN Client How to Set Up a Gateway to Gateway VPN Configuration on page 8 21 provides the steps needed to configure a VPN tunnel between two network gateways using the VPN Wizard VPN Tunnel Control on page 8 29 provides the step by step procedures for activating verifying deactivating and deleting a VPN tunnel once the VPN tunnel has been configured
188. ver ATM Account Setup s eeseececeeeeeeeeeeeeeeeeeeeeees 3 11 Wizard Detected Fixed IP Static Account Setup 2 0 0 eeeeeeeeeeeetteeeeeeentneeeeee 3 12 Testing Your Internet CONMGEHON ssid csscasccecstsnsduedeantnsmcscensneattacscunntnns soxssiens teaentatsadatnnines 3 13 Manually Configuring Your Internet Comme ction cccccesecceceeeseeeceeeeeseeceeeeeeseeeeeees 3 14 How to Perform Manual Configuration icssssacesccesosasanebnviciaisbonedsianeinacscenonaiateioians 3 15 ADSL SONING sicaire a E teas teanchveneascheaiuy 3 19 Chapter 4 Wireless Configuration Considerations for a Wireless Network ciccssiscsdesesrnscisscasnnsrsesassnsasoneetansadsainsansissaansenaddacess 4 1 Observe Performance Placement and Range Guidelines cceeeeeeeeeeeeeees 4 1 Implement Appropriate Wireless Security ccceececcccceeeeeeeeeeeeeeeeeennaeeeeeeeeees 4 2 Understanding Wireless SotingS 6tidweniurnianiinl aaa ae aes 4 4 How to Set Up and Test Basic Wireless Connectivity cccceeesseeeeeeeeeteeeeeeeeaee 4 7 How to Restrict Wireless Access to Your Network cccceeeeeeeeeeeeeeeeeeeneeeeeeeeaas 4 8 Choosing WEP Authentication and Security Encryption Methods 4 11 Howie Congo WEP sc cassnckimsateala a 4 13 How to Configure WPA PSK WPA2 PSK Security cescccceecssccceeeesssceeeeeesseees 4 14 How to Configure WPA 802 1x WPA2 802 1X Security oeenn 4 15 Chapter 5 Protecting Your Networ
189. w all access from the LAN side to the outside You can define additional rules that will specify exceptions to the default rules By adding custom rules you can block or allow access based on the service or application source or destination IP addresses and time of day You can also choose to log traffic that matches or does not match the rule you have defined You can change the order of precedence of rules so that the rule that applies most often will take effect first See Order of Precedence for Rules on page 5 11 for more details Protecting Your Network 5 5 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G To access the rules configuration of the DG834G v3 click the Firewall Rules link on the main menu then click Add for either an Outbound or Inbound Service Firewall Rules Outbound Services 2 Enable Service Name Action LAN Users WAN Servers Log Default Yes Any ALLOW always Any Any Never Add Edit Move Delete Inbound Services 2 Enable Service Name Action LAN Server IP address WAN Users Log Default Yes Any BLOCK always Any Match Add Edit Move Delete Figure 5 4 e To edit an existing rule select its button on the left side of the table and click Edit e To delete an existing rule select its button on the left side of the table and click Delete e To move an existing rule to a different position in the table select it
190. x enter a value of up to 32 alphanumeric characters The default SSID is Wireless Note The SSID of any wireless access adapters must match the SSID you configure in the 54 Mbps ADSL Modem Wireless Router Model DG834G If they do not match you will not get a wireless connection to the DG834G v3 4 Set the Region Select the region in which the wireless interface will operate Wireless Configuration 4 7 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 5 Set the Channel The default channel is 11 This field determines which operating frequency will be used It should not be necessary to change the wireless channel unless you notice interference problems with another nearby wireless router or access point Select a channel that is not being used by any other wireless networks within several hundred feet of your firewall For more information on the wireless channel frequencies please refer to Wireless Communications in Appendix C 6 For initial configuration and test leave the Wireless Card Access List set to allow everyone access by making sure that Turn Access Control On is not selected in the Wireless Station Access List In addition leave the Encryption Strength set to Disabled 7 Click Apply to save your changes ___ Note If you are configuring the firewall from a wireless computer and you change the firewall s SSID channel or security settings you wil
191. xed IP Address z Aaaa Address Data Edit Delete ME oe 7 NETBIOS Enable Apply Cancel feow ma Local LAN IP Address Subnet address Add Auto Poli Add Manual Poli __AdanuePoicy _AaaNenaiPotcy SinglerStart address j192 fies fo ft Finish address J Subnet Mask 255 j255 R55 Jo Remote LAN IP Address Single PC no subnet gt Single Start IP address E L oe Finish IP address L L Subnet Mask L L L ESP Configuration SPI Incoming L Hex 3 Characters SPI Outgoing Hex 3 Characters Encryption 3DES gt Key DES 8 chars 3DES 24 chars Authentication SHA 1 7 Key MDS 16 chars SHA 1 20 chars Back Cancel Figure 8 47 8 48 Virtual Private Networking v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G General The DG834G v3 VPN tunnel network connection fields are defined as follows Policy Name enter a unique name to identify this policy This name is not supplied to the remote VPN endpoint It is used only to help you manage the policies Remote VPN Endpoint select the desired option IP address or Fully Qualified Domain Name and enter the address of the remote VPN endpoint to which you wish to connect Note The remote VPN endpoint must have this VPN Gateway s address entered as its Remote VPN Endpoint Local LAN This identifies which PCs on your LAN are covered by this policy For each selection data must
192. xt Cancel Figure 8 5 gt Tip The Connection Name is arbitrary and not relevant to how the configuration functions Virtual Private Networking 8 9 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G The Summary screen below displays VPN Wizard Summary Please verify your inputs Connection Name Remote VPN Endpoint Remote Client Access Remote IP Remote ID Local Client Access Local IP Local ID RoadWarrior Client PC Single PC no Subnet Dynamic By subnet 192 168 3 1 255 255 255 0 You can click here to view the YPNC recommended parameters Please click Done to apply the changes Figure 8 6 8 10 v1 2 October 2006 Virtual Private Networking Reference Manual for the ADSL Modem Wireless Router DG834G To view the VPNC recommended authentication and encryption settings used by the VPN Wizard click the here link Click Back to return to the Summary screen VPN Consortium VPNC Recommendation The following parameters are recommended by the YPNC and used in the YPN Wizard Secure Association Main Mode Authentication Method Pre shared Key Encryption Protocol 3DES Authentication Protocol SHA 1 Key Life 8 hours IKE Life Time 1 hour NETBIOS Enabled Back Figure 8 7 3 Click Done on the Summary screen to complete the configuration procedure The VPN Policies menu below displays showing that the new
193. yj DDNS Status Microsoft Internet Explorer FEE Update OK good Figure B 7 NETGEAR VPN Configuration B 9 v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G 4 On the FVL328 configure the Dynamic DNS settings Assume a properly configured DynDNS account a Browse to the Dynamic DNS Setup Screen see Figure B 8 in the Advanced menu Dynamic DNS Use a dynamic DNS service None C DynDNS org Click here for information TzZO com Click here for free trial C ngDDNS Click here to register Apply Cancel Show Status Figure B 8 b Select the DynDNS org radio button see Figure B 8 configure with appropriate account and hostname settings see Figure B 9 and then click Apply e Host and Domain Name fv1328 dyndns org e User Name lt user s account username gt e Password lt user s account password gt B 10 NETGEAR VPN Configuration v1 2 October 2006 Reference Manual for the ADSL Modem Wireless Router DG834G Dynamic DNS Use a dynamic DNS service None DynDNS org Click here for information TZO com Click here for free trial C ngDDNS Click here to reqister DynDNS Hast and Domain Name a aaeeeo example yourname dyndns org I Use wildcards Apply Cancel Show Status Figure B 9 c Click Show Status The resulting screen should show Update OK good see Figure B 10 E Dynamic DNS Details Microsoft Internet Explorer
Download Pdf Manuals
Related Search