Page 136 / 157 Scroll up to view Page 131 - 135
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
B-4
NETGEAR VPN Configuration
v1.0, March 2010
2.
Configure the FVL328 as in the gateway-to-gateway procedures for the VPN Wizard (see
“Setting Up a Gateway-to-Gateway VPN Configuration” on page 6-18
), being certain to use
appropriate network addresses for the environment.
a.
Enter
toDG834
for the connection name
b.
Enter
14.15.16.17
for the remote WAN’s IP address
c.
Enter the following:
IP Address:
10.5.6.1
Subnet Mask:
255.255.255.0
Figure B-3
toDG834
toDG834
22.23.24.25
14.15.16.17
14.15.16.17
22.23.24.25
Select IKE Policies under the VPN heading
to display the IKE Policy Configuration screen.
Page 137 / 157
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
NETGEAR VPN Configuration
B-5
v1.0, March 2010
3.
Test the VPN tunnel by pinging the remote network from a PC attached to the DG834G v5.
a.
Open the command prompt (Start > Run > cmd)
b.
Type
ping 172.23.9
.1
Figure B-4
Figure B-5
Note:
The pings might fail the first time. If this happens, try the pings a second
time.
toDG834
toDG834
toDG834
14.15.16.17
172.23.9.1
10.5.6.1
172
23
9
10
5
6
1
Click VPN Policies under the
VPN heading to display this screen.
Page 138 / 157
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
B-6
NETGEAR VPN Configuration
v1.0, March 2010
DG834G v5 with FQDN to FVL328
This section is a case study on how to configure a VPN tunnel from a NETGEAR DG834G v5 to a
FVL328 using a fully qualified domain name (FQDN) to resolve the public address of one or both
routers. This case study follows the VPN Consortium interoperability profile guidelines (found at
).
Configuration Profile
The configuration in this section follows the addressing and configuration mechanics defined by
the VPN Consortium. Gather all the necessary information before you begin the configuration
process. Verify that the firmware is up to date, and that you have all the addresses that will be
necessary, and all of the parameters that need to be set on both sides. Check that there are no
firewall restrictions.
Table B-2. Profile Summary
VPN Consortium Scenario:
Scenario 1
Type of VPN
LAN-to-LAN or Gateway-to-Gateway (not PC/Client-to-Gateway)
Security Scheme:
IKE with Preshared Secret/Key (not Certificate-based)
IP Addressing:
NETGEAR-Gateway A
Fully Qualified Domain Name (FQDN)
NETGEAR-Gateway B
FDQN
Figure B-6
Page 139 / 157
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
NETGEAR VPN Configuration
B-7
v1.0, March 2010
Using a Fully Qualified Domain Name (FQDN)
Many ISPs (Internet Service Providers) provide connectivity to their customers using dynamic
instead of static IP addressing. This means that a user’s IP address does not remain constant over
time, which presents a challenge for gateways attempting to establish VPN connectivity.
A Dynamic DNS (DDNS) service allows a user whose public IP address is dynamically assigned
to be located by a host or domain name. It provides a central public database where information
(such as e-mail addresses, host names, and IP addresses) can be stored and retrieved. Now, a
gateway can be configured to use a third-party service in lieu of a permanent and unchanging IP
address to establish bi-directional VPN connectivity.
To use DDNS, you must register with a DDNS service provider. Some DDNS service providers
include:
DynDNS: www.dyndns.org
TZO.com: netgear.tzo.com
ngDDNS: ngddns.iego.net
In this example, Gateway A is configured using an example FQDN provided by a DDNS Service
provider. In this case we established the hostname
dg834g.dyndns.org
for Gateway A using the
DynDNS service. Gateway B uses the DDNS service provider when establishing a VPN tunnel.
To establish VPN connectivity, Gateway A must be configured to use Dynamic DNS, and
Gateway B must be configured to use a DNS host name provided by a DDNS service provider to
find Gateway A. Again, the following step-by-step procedures assume that you have already
registered with a DDNS service provider and have the configuration information necessary to set
up the gateways.
Step-By-Step Configuration
1.
Log in to the DG834G v5 labeled Gateway A as in the illustration.
Out of the box, the DG834G v5 is set for its default LAN address of http://192.168.0.1 with its
default user name of
admin
, and default password of
password
. This example assumes that
you have set the local LAN address as 10.5.6.1 for Gateway A and have set your own
password.
2.
On the DG834G v5, configure the Dynamic DNS settings.
Note:
Product updates are available on the NETGEAR website at
.
Page 140 / 157
Wireless ADSL2+ Modem Router DG834Gv5 User Manual
B-8
NETGEAR VPN Configuration
v1.0, March 2010
a.
Under the Advanced Heading, select Dyanmic DNS to display the Dynamic DNS Setup
screen:
b.
Configure this screen with appropriate account and hostname settings and then click
Apply
.
Select the
Use a Dynamic DNS Service
check box.
In the
Host Name
field type d
g834g.dyndns.org
.
In the
User Name
field enter the account user name.
In the
Password
field enter the account password.
c.
Click
Show Status
. The resulting screen should show
Update OK: good
:
3.
On the FVL328, configure the Dynamic DNS settings. Assume a correctly configured
DynDNS account.
Figure B-7
Figure B-8

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top