NETGEAR DGFV338 Router Manual PDF (Setup & Configuration Guide)

Page 116 / 212 Scroll up to view Page 111 - 115

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

5-8

Virtual Private Networking

v1.0, April 2007

4.

The remote VPN Endpoint must have a matching SA, or it will refuse the connection.

VPN Policy Table

Only one Client Policy may configured at a time (noted by an “*” next to the policy name). The

Policy Table contains the following fields:

•

! (Status)

. Indicates whether the policy is enabled (green circle) or disabled (grey circle). To

Enable or Disable a Policy, check the radio box adjacent to the circle and click

Enable

or

Disable

, as required.

•

Name

. Each policy is given a unique name (the Connection Name when using the VPN

Wizard).

•

Type

. The Type is “Auto” or “Manual” as described previously (Auto is used during VPN

Wizard configuration).

•

Local

. IP address (either a single address, range of address or subnet address) on your local

LAN. Traffic must be from (or to) these addresses to be covered by this policy. (The Subnet

address is supplied as the default IP address when using the VPN Wizard).

•

Remote

. IP address or address range of the remote network. Traffic must be to (or from) these

addresses to be covered by this policy. (The VPN Wizard default requires the remote LAN IP

address and subnet mask).

•

AH

. Authentication Header. This specifies the authentication protocol for the VPN header

(VPN Wizard default is disabled).

•

ESP

. Encapsulating Security Payload. This specifies the encryption protocol used for the VPN

data (VPN Wizard default is enabled).

•

Action.

Allows you to access individual policies to make any changes or modifications.

VPN Tunnel Connection Status

Recent VPN tunnel activity is shown on the

IPSec Connection Status

screen (accessed by

selecting

VPN

from the main menu and

Connection Status

from the submenu).You can set a Poll

Interval (in seconds) to check the connection status of all active IKE Policies to obtain the latest

VPN tunnel activity. The Active IPSec (SA) table also lists current data for each active IPSec SA

(Security Association):

•

Policy Name.

The name of the VPN policy associated with this SA.

•

Endpoint

. The IP address on the remote VPN Endpoint.

•

Tx (KBytes)

. The amount of data transmitted over this SA.

Page 117 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Virtual Private Networking

5-9

v1.0, April 2007

•

Tx (Packets).

The number of packets transmitted over this SA.

•

State

. The current state of the SA. Phase 1 is “Authentication phase” and Phase 2 is “Key

Exchange phase”.

•

Action

. Allows you to terminate or build the SA (connection), if required.

Creating a VPN Connection: Between FVX538 and DGFV338

This section describes how to configure a VPN connection between a NETGEAR FVX538 VPN

Firewall and the ProSafe Wireless ADSL Modem VPN Firewall Router.

Using each firewall's VPN Wizard, we will create a set of policies (IKE and VPN) that will allow

the two firewalls to connect from locations with fixed IP addresses. Either firewall can initiate the

connection.

To graphically illustrate this process, we will assume the following:

•

NETGEAR FVX538 VPN Firewall with:

–

WAN IP address is 10.1.32.40

–

LAN IP address subnet is 192.168.1.1/255.255.255.0

•

NETGEAR ProSafe DGFV338 with:

–

WAN IP address is 10.1.1.150

–

LAN IP address subnet is 192.168.2.1/255.255.255.0

Configuring the ProSafe DGFV338

To configure the ProSafe DGFV338:

1.

Select

VPN

from the main menu. The

Policies

submenu will display showing the

IKE

Policies

screen

2.

Select

VPN Wizard

. The

VPN Wizard

screen will display.

3.

Select the

VPN Tunnel

connection type; in this case, the Gateway radio box is selected.

4.

Give the gateway connection a name, such as

to_fvx

.

5.

Enter a value for the pre-shared key.

6.

Select ADSL as the local WAN interface for your VPN tunnel connection.

Page 118 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

5-10

Virtual Private Networking

v1.0, April 2007

7.

Enter the WAN IP address of the remote FVX538 and then enter the WAN IP address of the

local DGFV338. (Both local and remote ends must define the address as either an IP address

or a FQDN. A combination of IP address and FQDN is not permissible.)

.

8.

Enter the LAN IP address and subnet mask of the remote FVX538.

9.

Click

Apply

to create the “to_fvx” IKE and VPN policies. The VPN Policies screen will

display showing the “to_fvx” policy as enabled in the

List of VPN Policies

table.

Figure 5-4

Page 119 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Virtual Private Networking

5-11

v1.0, April 2007

To view the VPN Policy parameters:

1.

Click

Edit

in the

Action

column adjacent to the “to_fvx” policy. The

Edit VPN Policy

screen

will display. (It should not be necessary to make any changes.

2.

View the IKE Policy statistics associated with this policy by clicking

View Selected.

Figure 5-5

Page 120 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

5-12

Virtual Private Networking

v1.0, April 2007

.

To view the IKE Policy Configuration parameters:

1.

Select the

IKE Policies

tab. The

IKE Policies

table will display.

Figure 5-6

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share