Page 246 / 268
Scroll up to view Page 241 - 245
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
F-12
NETGEAR VPN Configuration
202-10006-05, June 2005
5.
Configure the DG834G as in the Gateway-to-Gateway procedures using the VPN Wizard (see
“How to Set Up a Gateway-to-Gateway VPN Configuration“ on page 8-20
), being certain to
use appropriate network addresses for the environment.
The LAN Addresses used in this example are as follows.
•
DG834G
LAN IP = 10.5.6.1
LAN Subnet Mask = 255.255.255.0
•
FVL328
LAN IP = 172.23.9.1
LAN Subnet Mask = 255.255.255.0
a.
In Step 1, enter
toFVL328
for the Connection Name.
b.
In Step 2, enter
fvl328.dyndns.org
for the remote WAN's IP address.
c.
In Step 3, enter the following:
•
IP Address =
172.23.9.1
•
Subnet Mask =
255.255.255.0
6.
Configure the FVL328 as in the Gateway-to-Gateway procedures for the VPN Wizard (see
“How to Set Up a Gateway-to-Gateway VPN Configuration“ on page 8-20
), being certain to
use appropriate network addresses for the environment.
a.
In Step 1, enter
toDG834
for the Connection Name.
b.
In Step 2, enter
dg834g.dyndns.org
for the remote WAN's IP address.
c.
In Step 3, enter the following:
•
IP Address =
10.5.6.1
•
Subnet Mask =
255.255.255.0
7.
Test the VPN tunnel by pinging the remote network from a PC attached to the DG834G.
a.
Open the command prompt (Start -> Run -> cmd)
b.
ping 172.23.9.1
Page 247 / 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
NETGEAR VPN Configuration
F-13
202-10006-05, June 2005
Figure F-11:
ping 172.23.9.1
Note:
The pings may fail the first time. If this happens, try the pings a second time.
Configuration Summary (Telecommuter Example)
The configuration in this document follows the addressing and configuration mechanics defined
by the VPN Consortium. Gather all the necessary information before you begin the configuration
process. Verify whether the firmware is up to date, all of the addresses that will be necessary, and
all of the parameters that need to be set on both sides. Assure that there are no firewall restrictions.
Table F-1.
Configuration summary (telecommuter example)
VPN Consortium Scenario:
Scenario 1
Type of VPN:
PC/client-to-gateway, with client behind NAT router
Security Scheme:
IKE with Preshared Secret/Key (not Certificate-based)
Date Tested:
May 2005
Model/Firmware Tested:
Gateway
DG834G firmware version v2.10.20
Client
NETGEAR ProSafe VPN Client v10.5.1 (build 8)
IP Addressing:
Gateway
Fully Qualified Domain Name (FQDN)
Client
Dynamic
Page 248 / 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
F-14
NETGEAR VPN Configuration
202-10006-05, June 2005
Figure F-12:
Addressing and subnet used for telecommuter example
Setting Up the Client-to-Gateway VPN Configuration
(Telecommuter Example)
Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a
network gateway involves the following two steps:
•
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the VPN Router at the Employer’s
Main Office
.
•
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the
Telecommuter’s Home Office
configures the NETGEAR ProSafe VPN Client endpoint.
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the
VPN Router at the Employer’s Main Office
Follow this procedure to configure a client-to-gateway VPN tunnel by filling out the VPN Auto
Policy screen.
1.
Log in to the VPN router at its LAN address of
with its default user name of
admin
and password of
password
. Click the VPN Policies link in the main menu to display
the VPN Policies screen. Click
Add Auto Policy
to proceed and enter the information.
Gateway A
ntgr.dyndns.org
192.168.0.1/24
192.168.0.1
WAN IP
WAN IP
LAN IP
Client B
FQDN
0.0.0.0
Router
(at employer's
main office)
Telecommuter Example
NAT Router B
Router
(at telecommuter's
home office)
PC
(running NETGEAR
ProSafe VPN Client)
192.168.2.3
"fromDG834G.com"
"toDG834G.com"
Page 249 / 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
NETGEAR VPN Configuration
F-15
202-10006-05, June 2005
Figure F-13:
VPN Auto Policy screen
Fully Qualified Domain Name
toDG834G.com
(in this example)
Fully Qualified Domain Name
fromDG834G.com
(in this example)
fromDG834G
(in the example)
Dynamic IP address
Subnet address
Single address
192.168.0.1
(in this example)
255.255.255.0
192.168.2.3
(in this example)
IKE Keep Alive
is optional;
must match
Remote LAN IP
Address
when enabled
Main Mode
(remote PC must respond to pings)
3DES
12345678
(in this example)
3600
(Remote NAT router must have
Address Reservation
set and
VPN Passthrough
enabled)
Page 250 / 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
F-16
NETGEAR VPN Configuration
202-10006-05, June 2005
2.
Click
Apply
when done to get the
VPN Policies
screen.
Figure F-14:
VPN Policies screen
To view or modify the tunnel settings, select the radio button next to the tunnel entry and click
Edit
.
Step 2: Configuring the NETGEAR ProSafe VPN Client on the
Remote PC at the Telecommuter’s Home Office
This procedure describes how to configure the DG834G Wireless ADSL Firewall Router. We will
assume the PC running the client has a dynamically assigned IP address.
The PC must have a VPN client program installed that supports IPSec (in this case study, the
NETGEAR VPN ProSafe Client is used). Go to the NETGEAR website (
)
and select VPN01L_VPN05L in the
Product Quick Find
drop-down menu for information on
how to purchase the NETGEAR ProSafe VPN Client.
1.
Install the NETGEA ProSafe VPN Client on the remote PC and reboot.
a.
You may need to insert your Windows CD to complete the installation.
Note:
Before installing the DG834G Wireless ADSL Firewall Router software, be sure
to turn off any virus protection or firewall software you may be running on your PC.