1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DG834GUv5
    5. /
  5. 17
Page 81 / 157 Scroll up to view Page 76 - 80
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
Virtual Private Networking
6-3
v1.0, March 2010
Planning a VPN
When you set up a VPN, it is helpful to plan the network configuration and record the
configuration parameters on a worksheet:
To set up a VPN connection, you must configure each endpoint with specific identification and
connection information describing the other endpoint. You must configure the outbound VPN
settings on one end to match the inbound VPN settings on other end, and vice versa.
This set of configuration information defines a security association (SA) between the two VPN
endpoints. When planning your VPN, you must make a few choices first:
Will the local end be any device on the LAN, a portion of the local network (as defined by a
subnet or by a range of IP addresses), or a single PC?
Will the remote end be any device on the remote LAN, a portion of the remote network (as
defined by a subnet or by a range of IP addresses), or a single PC?
Table 6-1.
VPN Tunnel Configuration Worksheet
Connection Name:
Pre-Shared Key:
Secure Association -- Main Mode or Manual Keys:
Perfect Forward Secrecy -- Enabled or Disabled:
Encryption Protocol -- DES or 3DES:
Authentication Protocol -- MD5 or SHA-1:
Diffie-Hellman (DH) Group -- Group 1 or Group 2:
Key Life in seconds:
IKE Life Time in seconds:
VPN Endpoint
Local IPSec ID
LAN IP Address
Subnet Mask
FQDN or Gateway IP
(WAN IP Address)
Page 82 / 157
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
6-4
Virtual Private Networking
v1.0, March 2010
Will either endpoint use fully qualified domain names (FQDNs)? FQDNs supplied by
Dynamic DNS providers (see
“Using a Fully Qualified Domain Name (FQDN)” on page B-7
)
can allow a VPN endpoint with a dynamic IP address to initiate or respond to a tunnel request.
Otherwise, the side using a dynamic IP address must always be the initiator.
Which method will you use to configure your VPN tunnels?
The VPN Wizard using VPNC defaults (see
Table 6-2
)
The typical automated Internet Key Exchange (IKE) setup (see
“Using Auto Policy to
Configure VPN Tunnels” on page 6-32
)
A manual keying setup in which you must specify each phase of the connection (see
“Using Manual Policy to Configure VPN Tunnels” on page 6-42
)?
What level of IPSec VPN encryption will you use?
DES
. The Data Encryption Standard (DES) processes input data that is 64 bits wide,
encrypting these values using a 56-bit key. Faster but less secure than 3DES.
3DES
. Triple DES achieves a higher level of security by encrypting the data three times
using DES with three different, unrelated keys.
What level of authentication will you use?
MDS
. 128 bits, faster but less secure.
SHA-1
. 160 bits, slower but more secure.
VPN Tunnel Configuration
There are two tunnel configurations and three ways to configure them:
Table 6-2. Parameters Recommended by the VPNC and Used in the VPN Wizard
Parameter
Factory Default
Secure Association
Main Mode
Authentication Method
Pre-shared Key
Encryption Method
3DES
Authentication Protocol
SHA-1
Diffie-Hellman (DH) Group
Group 2 (1024 bit)
Key Life
8 hours
IKE Life Time
1 hour
Page 83 / 157
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
Virtual Private Networking
6-5
v1.0, March 2010
Use the VPN Wizard to configure a VPN tunnel (recommended for most situations):
See
“Setting Up a Client-to-Gateway VPN Configuration” on page 6-5
.
See
“Setting Up a Gateway-to-Gateway VPN Configuration” on page 6-18
.
See
“Using Auto Policy to Configure VPN Tunnels” on page 6-32
when the VPN Wizard and
its VPNC defaults (see
Table 6-2
) are not appropriate for your special circumstances, but you
want to automate the Internet Key Exchange (IKE) setup.
See
“Using Manual Policy to Configure VPN Tunnels” on page 6-42
when the VPN Wizard
and its VPNC defaults (see
Table 6-2
) are not appropriate for your special circumstances and
you must specify each phase of the connection. You manually enter all the authentication and
key parameters. You have more control over the process; however, the process is more
complex, and there are more opportunities for errors or configuration mismatches between
your DG834G v5 and the corresponding VPN endpoint gateway or client workstation.
Setting Up a Client-to-Gateway VPN Configuration
Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a
network gateway involves these two steps:
“Step 1: Configuring the Client-to-Gateway VPN Tunnel on the DG834G v5” on page 6-6
describes how to use the VPN Wizard to configure the VPN tunnel between the remote PC and
network gateway.
“Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC” on page 6-10
shows how to configure the NETGEAR ProSafe VPN Client endpoint.
Note:
NETGEAR publishes additional interoperability scenarios with various
gateway and client software products. Look on the NETGEAR website at
www.netgear.com
for these interoperability scenarios.
Page 84 / 157
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
6-6
Virtual Private Networking
v1.0, March 2010
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the
DG834G v5
The worksheet in
Table 6-3
identifies the parameters used in the following procedure. A blank
worksheet is at
“Planning a VPN”
.
Figure 6-3
Note:
This section uses the VPN Wizard to set up the VPN tunnel using the VPNC
default parameters listed in
Table 6-2 on page 6-4
. If you have special requirements
not covered by these VPNC-recommended parameters, refer to
“Setting Up VPN
Tunnels in Special Circumstances” on page 6-32
to set up the VPN tunnel.
Table 6-3.
VPN Tunnel Configuration Worksheet
Connection Name:
RoadWarrior
Pre-Shared Key:
12345678
Secure Association -- Main Mode or Manual Keys:
Main
Perfect Forward Secrecy -- Enabled or Disabled:
Disabled
Encryption Protocol -- DES or 3DES:
3DES
Authentication Protocol -- MD5 or SHA-1:
SHA-1
Diffie-Hellman (DH) Group -- Group 1 or Group 2:
Group 2
Key Life in seconds:
28800
(8 hours)
IKE Life Time in seconds:
3600
(1 hour)
Page 85 / 157
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
Virtual Private Networking
6-7
v1.0, March 2010
To configure a client-to-gateway VPN tunnel using the VPN Wizard, follow this procedure:
1.
Log in to the modem router at its LAN address of
with its default user name
of
admin
and password of
password
. On the main menu, select VPN Wizard. The VPN
Wizard screen displays:
2.
Click
Next
to proceed. Fill in the
Connection Name
and the
pre-shared key
fields. Select the
radio button for the type of target end point, and then click
Next
to proceed.
VPN Endpoint
Local IPSec ID
LAN IP Address
Subnet Mask
FQDN or Gateway IP
(WAN IP Address)
Client
toDG834
Dynamic
DG834G v5
toClient
192.168.3.1
255.255.255.0
22.23.24.25
Figure 6-4
Figure 6-5
Table 6-3.
VPN Tunnel Configuration Worksheet (continued)
Enter the new connection name,
for example, 12345678.
Enter the pre-shared key.
Select the radio button:
A remote VPN client (single PC).

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top