1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. D6200
    5. /
  5. 28
Page 136 / 162 Scroll up to view Page 131 - 135
Advanced Settings
136
D6200 WiFi DSL Modem Router
Two types of VPN policies are possible:
Manual
. All settings (including the keys) for the VPN tunnel are input manually at each
end (both VPN endpoints). No third-party server or organization is involved.
Auto
. Some parameters for the VPN tunnel are generated automatically. This process
requires using the IKE (Internet Key Exchange) protocol to perform negotiations between
the two VPN endpoints.
To manage the VPN policies:
1.
Click
ADVANCED > Advanced Setup > VPN Policies
.
The Policy Table contains the following data:
Enable
. Use this check box to enable or disable a policy as required. Click
Apply
when you are finished.
Name
. Each policy has a unique name to identify it.
Type
. The type is Auto or Manual.
Local
. IP address or address range on your local LAN. Traffic must be from (or to) the
addresses covered by this policy.
Remote
. IP address or address range of the remote network. Traffic must be to (or
from) the addresses covered by this policy.
ESP
. Encapsulating Security Payload. This setting specifies the encryption protocol
used for the VPN data.
2.
Click the appropriate button to manage a VPN policy:
Edit
. Edit (modify) the selected policy. (Select a policy by selecting the radio button.)
Delete
. Delete the selected policy.
Apply
. Save any changes to the Enable setting for each policy.
Page 137 / 162
Advanced Settings
137
D6200 WiFi DSL Modem Router
Cancel
. Discard any unsaved changes to the Enable setting for each policy.
Add Auto Policy
. Display the VPN - Auto Policy screen. When the new policy is
saved, it appears in the bottom row of the Policy Table. See
Add or Edit an Auto VPN
Policy
on page 137.
Add Manual Policy
. Display the VPN - Manual Policy screen. When the new policy is
saved, it appears in the bottom row of the Policy Table. See
Add or Edit a Manual
VPN Policy
on page 140.
Add or Edit an Auto VPN Policy
An Auto VPN policy uses the IKE (Internet Key Protocol) to exchange and negotiate
parameters for the IPSec SA (security association). Because of this negotiation, not all of the
settings on this VPN gateway have to match the settings on the remote VPN endpoint.
Where settings have match, this requirement is indicated.
To add or edit an Auto VPN Policy:
1.
Click
ADVANCED > Advanced Setup > VPN Policies
.
2.
Click the
Add Auto Policy
.
3.
Enter or select the following settings:
General
. These settings identify this policy and determine its major characteristics.
-
Policy Name
. Enter a unique name to identify this policy.
This name is not supplied to the remote VPN endpoint. It is used only to help you
manage the policies.
-
Remote VPN Endpoint
. If the remote endpoint has a dynamic IP address, select
Dynamic IP Address
.
Page 138 / 162
Advanced Settings
138
D6200 WiFi DSL Modem Router
No address data input is required.
Otherwise, select the desired option (IP address or domain name) and enter the
address of the remote VPN endpoint you wish to connect to.
The remote VPN endpoint must have this VPN gateway’s address entered as its
remote VPN endpoint.
-
IKE Keep Alive
. Check this check box if you wish to ensure that a connection is
kept open, or, if that is not possible, it is quickly reestablished when disconnected.
The ping IP address has to be associated with the remote endpoint. Either the
WAN or a LAN address can be used; a LAN address is preferable. This IP
address is pinged to generate some traffic for the VPN tunnel.
Local LAN
. These settings identify which computers on your LAN are covered by this
policy. For each selection, data must be provided as follows:
-
Single address
. Enter an IP address in the Single/Start IP address field.
Typically, this setting is used when you wish to make a single server on your LAN
available to remote users.
-
Range address
. Enter the starting IP address in the Single/Start IP address field,
and the finish IP address in the Finish IP address field.
A range must be an address range used on your LAN.
-
Subnet address
. Enter an IP address in the Single/Start IP address field, and the
desired network mask in the Subnet Mask field.
The remote VPN endpoint must have these IP addresses entered as its remote
addresses.
Remote LAN
. These settings identify which computers on the remote LAN are
covered by this policy. For each selection, data must be provided as follows:
-
Single PC - no Subnet
. Select this option if there is no LAN (only a single
computer) at the remote endpoint.
If this option is selected, no additional data is required.
-
Single address
. Enter an IP address in the Single/Start IP address field.
This value must be an address on the remote LAN. Typically, this setting is used
when you wish to access a server on the remote LAN.
-
Range address
. Enter the starting IP address in the Single/Start IP address field,
and the finish IP address in the Finish IP address field.
This range must be an address range used on the remote LAN.
-
Subnet address
. Enter an IP address in the Single/Start IP address field, and the
desired network mask in the Subnet Mask field.
The remote VPN endpoint must have these IP addresses entered as its local
addresses.
Page 139 / 162
Advanced Settings
139
D6200 WiFi DSL Modem Router
IKE
.
-
Direction/Type
. This setting is used to determine if the IKE policy matches the
current traffic. Select the desired option.
-
Responder only
. Incoming connections are allowed, but outgoing connections
are blocked.
-
Initiator and Responder
. Both incoming and outgoing connections are allowed.
-
Exchange Mode
. Currently, only Main Mode is supported. Ensure that the remote
VPN endpoint is set to use Main Mode.
-
Diffie-Hellman (DH) Group
. When the VPN connection keys are exchanged, the
Diffie-Hellman algorithm is used. The DH Group setting determines the bit size
used in the exchange. This value must match the value used on the remote VPN
gateway.
-
Local Identity Type
. Select the desired option to match the Remote Identity Type
setting on the remote VPN endpoint.
-
WAN IP Address
. Your Internet IP address.
-
Fully Qualified Domain Name
. Your domain name.
-
Fully Qualified User Name
. Your name, email address, or other ID.
-
Local Identity Data
. Enter the data for the selection. When WAN IP Address is
selected, no input is required.
-
Remote Identity Type
. Select the desired option to match the Local Identity Type
setting on the remote VPN endpoint.
-
IP Address
. The Internet IP address of the remote VPN endpoint.
-
Fully Qualified Domain Name
. The domain name of the remote VPN endpoint.
-
Fully Qualified User Name
. The name, email address, or other ID of the remote
VPN endpoint.
-
Remote Identity Data
. Enter the data for the selection. When IP Address is
selected, no input is required.
Parameters
.
-
Encryption Algorithm
. The encryption algorithm used for both IKE and IPSec.
This setting must match the setting used on the remote VPN gateway.
-
Authentication Algorithm
. The authentication algorithm used for both IKE and
IPSec. This setting must match the setting used on the remote VPN gateway.
-
Pre-shared Key
. The key has to be entered both here and on the remote VPN
gateway.
-
SA Life Time
. This setting determines the time interval before the SA (security
association) expires. (It is automatically reestablished as required.) While using a
short time period (or data amount) increases security, it also degrades
performance. It is common to use periods over an hour (3600 seconds) for the SA
lifetime. This setting applies to both IKE and IPSec SAs.
-
Enable PFS (Perfect Forward Secrecy)
. If enabled, security is enhanced by
ensuring that the key is changed at regular intervals. Also, even if one key is
Page 140 / 162
Advanced Settings
140
D6200 WiFi DSL Modem Router
broken, subsequent keys are no easier to break. (Each key has no relationship to
the previous key.)
This setting applies to both IKE and IPSec SAs. When configuring the remote
endpoint to match this setting, you might need to specify the key group used. For
this device, the key group is the same as the DH Group setting in the IKE section.
4.
Click
Apply
.
Add or Edit a Manual VPN Policy
A Manual VPN policy requires all settings (including the keys) for the VPN tunnel to be
manually input at each end (both VPN endpoints). No third-party server or organization is
involved.
To add or edit a Manual VPN policy:
1.
Select
ADVANCED > Advanced Setup > VPN Policies
.
2.
Click the
Add Manual Policy
.
3.
Enter or select the following parameters:
General
. These settings identify this policy and determine its major characteristics.
-
Policy Name
. Enter a unique name to identify this policy. This name is not
supplied to the remote VPN endpoint. It is used only to help you manage the
policies.
-
Remote VPN Endpoint
. Select the desired option (IP address or domain name)
and enter the address or domain name of the remote VPN endpoint you wish to
connect to.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top