Page 131 / 268
Scroll up to view Page 126 - 130
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
Virtual Private Networking (Advanced Feature)
8-25
202-10006-05, June 2005
To view the VPNC recommended authentication and encryption settings used by the VPN
Wizard, click the “
here
” link (see
Figure 8-25
). Click
Back
to return to the Summary screen.
Figure 8-26:
VPN Recommended Settings
5.
Click
Done
on the Summary screen (see
Figure 8-25
) to complete the configuration
procedure. The VPN Settings menu below displays showing that the new tunnel is enabled.
Figure 8-27:
VPN Policies
Note
: Refer to
“Using Auto Policy to Configure VPN Tunnels” on page 8-36
to enable the IKE
keepalive capability on an existing VPN tunnel.
1 hour
Page 132 / 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
8-26
Virtual Private Networking (Advanced Feature)
202-10006-05, June 2005
6.
Repeat for the DG834G on LAN B and pay special attention to use the following network
settings as appropriate.
•
WAN IP of the remote VPN gateway (e.g.,
14.15.16.17
)
•
LAN IP settings of the remote VPN gateway:
—
IP Address (e.g,
192.168.0.1
)
—
Subnet Mask (e.g.,
255.255.255.0
)
—
Preshared Key (e.g.,
12345678
)
7.
Use the VPN Status screen to activate the VPN tunnel by performing the following steps:
a.
Open the DG834G management interface and click on VPN Status to get the VPN Status/
Log screen (
Figure 8-28
).
Figure 8-28:
VPN Status/Log Screen
b.
Click on VPN Status (
Figure 8-30
) to get the Current VPN Tunnels (SAs) screen
(
Figure 8-29
). Click on Connect for the VPN tunnel you want to activate.
Note:
The VPN Status screen is only one of three ways to active a VPN tunnel. See
“Activating a VPN Tunnel” on page 8-27
for information on the other ways.
Page 133 / 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
Virtual Private Networking (Advanced Feature)
8-27
202-10006-05, June 2005
Figure 8-29:
Current VPN Tunnels (SAs) Screen
c.
Look at the VPN Status/Log screen (
Figure 8-28
) to verify that the tunnel is connected.
VPN Tunnel Control
Activating a VPN Tunnel
There are three ways to activate a VPN tunnel:
•
Use the VPN Status page.
•
Activate the VPN tunnel by pinging the remote endpoint.
•
Start using the VPN tunnel.
Note
: Refer to
“Using Auto Policy to Configure VPN Tunnels” on page 8-36
to enable the IKE
keepalive capability on an existing VPN tunnel.
Using the VPN Status Page to Activate a VPN Tunnel
To use the VPN Status screen to activate a VPN tunnel, perform the following steps:
1.
Log in to the Router.
2.
Open the DG834G management interface and click on VPN Status to get the VPN Status/Log
screen (
Figure 8-30
).
Page 134 / 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
8-28
Virtual Private Networking (Advanced Feature)
202-10006-05, June 2005
Figure 8-30:
VPN Status/Log Screen
3.
Click on VPN Status (
Figure 8-30
) to get the Current VPN Tunnels (SAs) screen
(
Figure 8-31
). Click on Connect for the VPN tunnel you want to activate.
Figure 8-31:
Current VPN Tunnels (SAs) Screen
Activate the VPN Tunnel by Pinging the Remote Endpoint
Note:
This section uses 192.168.3.1 for an example remote endpoint LAN IP address.
Page 135 / 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
Virtual Private Networking (Advanced Feature)
8-29
202-10006-05, June 2005
To activate the VPN tunnel by pinging the remote endpoint (e.g., 192.168.3.1), do the following
steps depending on whether your configuration is client-to-gateway or gateway-to-gateway:
•
Client-to-Gateway Configuration
—to check the VPN Connection, you can initiate a request
from the remote PC to the DG834G’s network by using the “Connect” option in the
NETGEAR ProSafe menu bar. The NETGEAR ProSafe client will report the results of the
attempt to connect. Since the remote PC has a dynamically assigned WAN IP address, it must
initiate the request.
To perform a ping test using our example, start from the remote PC:
a.
Establish an Internet connection from the PC.
b.
On the Windows taskbar, click the Start button, and then click Run.
c.
Type
ping -t 192.168.3.1
and then click OK.
Figure 8-32:
Running a Ping test to the LAN from the PC
This will cause a continuous ping to be sent to the first DG834G. After between several
seconds and two minutes, the ping response should change from “timed out” to “reply.”
Note:
Use
Cntl-C
to stop the pinging.
Figure 8-33:
Ping test results