1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DG834GUv5
    5. /
  5. 23
Page 111 / 157 Scroll up to view Page 106 - 110
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
Virtual Private Networking
6-33
v1.0, March 2010
Configuring VPN Network Connection Parameters
All VPN tunnels on the modem router requires that you configure several network parameters.
This section describes those parameters and how to access them.
The most common configuration scenarios will use IKE to manage the authentication and
encryption keys. The IKE protocol performs negotiations between the two VPN endpoints to
automatically generate and update the required encryption parameters.
Select VPN Policies on the main menu, and then click the
Add Auto Policy
button to display the
VPN - Auto Policy screen:
The DG834G v5 VPN tunnel network connection fields are defined in the following table.
Figure 6-40
Page 112 / 157
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
6-34
Virtual Private Networking
v1.0, March 2010
Table 6-5.
VPN-Auto Policy Screen Settings
Fields and Settings
Description
General
Policy Name
Enter a unique name to identify this policy. This name is not supplied to
the remote VPN endpoint. It is used only to help you manage the
policies.
Remote VPN
Endpoint
The remote VPN endpoint must have this VPN gateway's address
entered as its remote VPN endpoint.
If the remote endpoint has a dynamic IP address, select
Dynamic IP
address
. No address data input is required. You can set up multiple
remote dynamic IP policies, but only one such policy can be enabled
at a time. Otherwise, select an option (IP address or domain name)
and enter the address of the remote VPN endpoint to which you want
to connect.
IKE Keep-alive.
If you want to ensure that a connection is kept open, or, if that is not
possible, that it is quickly re-established when disconnected, select
this check box.
The ping IP address must be associated with the remote endpoint.
The remote LAN address must be used. This IP address will be
pinged periodically to generate traffic for the VPN tunnel. The remote
keep-alive IP address must be covered by the remote LAN IP range
and must correspond to a device that can respond to ping. The range
should be made as narrow as possible to meet this objective.
Local LAN
The remote
VPN endpoint
must have these
IP addresses
entered as its
remote
addresses.
Subnet Mask
Enter the desired network mask.
Single/Start IP
Address
Enter the IP address for a single address, or the starting address for
an address range. A single address setting is used when you want to
make a single server on your LAN available to remote users. A range
must be an address range used on your LAN.
Any
. The remote VPN endpoint may be at any IP address.
Finish IP
Address
For an address range, enter the finish IP address. This must be an
address range used on your LAN.
Page 113 / 157
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
Virtual Private Networking
6-35
v1.0, March 2010
Remote LAN
The remote
VPN endpoint
must have these
IP addresses
entered as its
Local
addresses.
IP Address
Single PC - no Subnet
. Select this option if there is no LAN (only a
single PC) at the remote endpoint. If this option is selected, no
additional data is required. The typical application is a PC running the
VPN client at the remote end.
Single/Start IP
Address
Enter an IP address that is on the remote LAN. You can use this
setting when you want to access a server on the remote LAN.
For a range of addresses, enter the starting IP address. This must be
an address range used on the remote LAN.
Any
. Any outgoing traffic from the
Local IP
computers will trigger an
attempted VPN connection to the remote VPN endpoint. Please be
sure you want this option before selecting it.
Finish IP
Address
Enter the finish IP address for a range of addresses. This must be an
address range used on the remote LAN.
Subnet Mask
Enter the network mask.
IKE
Direction
This setting is used when determining if the IKE policy matches the
current traffic. Select an option.
Responder only
. Incoming connections are allowed, but outgoing
connections are blocked.
Initiator and Responder
. Both incoming and outgoing connections
are allowed.
Exchange Mode
Ensure that the remote VPN endpoint is set to use
Main Mode
.
Diffie-Hellman
(DH) Group
The Diffie-Hellman algorithm is used when exchanging keys. The DH
Group setting determines the number of bit size used in the exchange.
This value must match the value used on the remote VPN gateway.
Local Identity
Type
Select an option to match the Remote Identity Type setting on the
remote VPN endpoint.
WAN IP Address
.
Your Internet IP address.
Fully Qualified Domain Name
. Your domain name.
Fully Qualified User Name
. Your name, e-mail address, or other ID.
Local Identity
Data
Enter the data for the local identity type that you selected. (If
WAN IP
Address
is selected, no input is required.)
Remote Identity
Type
Select the desired option to match the
Local Identity Type
setting on
the remote VPN endpoint.
IP Address
. The Internet IP address of the remote VPN endpoint.
Fully Qualified Domain Nam
e. The domain name of the remote
VPN endpoint.
Fully Qualified User Name
. The name, E-mail address, or other ID
of the remote VPN endpoint.
Remote Identity
Data
Enter the data for the remote identity type that you selected. If
IP
Address
is selected, no input is required.
Table 6-5.
VPN-Auto Policy Screen Settings
(continued)
Fields and Settings
Description
Page 114 / 157
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
6-36
Virtual Private Networking
v1.0, March 2010
Parameters
Encryption
Algorithm
The encryption algorithm used for both IKE and IPSec. This setting
must match the setting used on the remote VPN Gateway. DES and
3DES are supported.
DES
. The Data Encryption Standard (DES) processes input data that
is 64 bits wide, encrypting these values using a 56-bit key. Faster but
less secure than 3DES.
3DES
. (Triple DES) achieves a higher level of security by encrypting
the data three times using DES with three different, unrelated keys.
Authentication
Algorithm
The authentication algorithm used for both IKE and IPSec. This setting
must match the setting used on the remote VPN Gateway. Auto, MD5,
and SHA-1 are supported. Auto negotiates with the remote VPN
endpoint and is not available in responder-only mode.
MD5
. 128 bits, faster but less secure.
SHA-1
. (default)160 bits, slower but more secure. This is the default.
Pre-shared key
The key must be entered both here and on the remote VPN Gateway.
SA Life Time
This determines the time interval before the SA (Security Association)
expires. (It will automatically be re-established as required.) While
using a short time period (or data amount) increases security, it also
degrades performance. It is common to use periods over an hour (3600
seconds) for the SA Life Time. This setting applies to both IKE and
IPSec SAs.
Enable IPSec
PFS (Perfect
Forward
Secrecy)
If this check box is selected, security is enhanced by ensuring that the
key is changed at regular intervals. Also, even if one key is broken,
subsequent keys are no easier to break. (Each key has no
relationship to the previous key.)
This setting applies to both IKE and IPSec SAs. When configuring the
remote endpoint to match this setting, you might have to specify the
key group used. For this device, the key group is the same as the DH
Group setting in the IKE section.
Table 6-5.
VPN-Auto Policy Screen Settings
(continued)
Fields and Settings
Description
Page 115 / 157
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
Virtual Private Networking
6-37
v1.0, March 2010
Example of Using Auto Policy
To use Auto Policy:
1.
Set the LAN IPs on each DG834G v5 modem router to different subnets and configure each
properly for the Internet. The following settings are assumed for this example:
Figure 6-41
Table 6-6.
VPN Tunnel Configuration Worksheet
Connection Name:
GtoG
Pre-Shared Key:
12345678
Secure Association -- Main Mode or Manual Keys:
Main
Perfect Forward Secrecy -- Enabled or Disabled:
Disabled
Encryption Protocol -- DES or 3DES:
3DES
Authentication Protocol -- MD5 or SHA-1:
SHA-1
Diffie-Hellman (DH) Group -- Group 1 or Group 2:
Group 2
Key Life in seconds:
28800
(8 hours)
IKE Life Time in seconds:
3600
(1 hour)
VPN Endpoint
Local IPSec ID
LAN IP Address
Subnet Mask
FQDN or Gateway IP
(WAN IP Address)
DG834G v5 A
LAN_A
192.168.0.1
255.255.255.0
14.15.16.17
DG834G v5 B
LAN_B
192.168.3.1
255.255.255.0
22.23.24.25

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top