NETGEAR DGFV338 Router Manual PDF (Setup & Configuration Guide)

Page 121 / 212 Scroll up to view Page 116 - 120

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Virtual Private Networking

5-13

v1.0, April 2007

2.

Select “to_FVX” and click

Edit

. It should not be necessary to make any changes)

Figure 5-7

Note:

When XAUTH is enabled as an Edge Device, incoming VPN connections are

authenticated against the DGFV338 User Database first; then, if configured, a

RADIUS server is checked. If IPSec Host is enabled, users are authenticated

by the remote host.

Page 122 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

5-14

Virtual Private Networking

v1.0, April 2007

Configuring the FVX538

To configure the FVX538 VPN Wizard:

1.

Select

VPN

from the main menu and

VPN Wizard

from the submenu. The VPN

Wizard

screen will display.

2.

Check the

Gateway

radio box for the type of VPN tunnel connection.

3.

Give the new connection a name, such as

to_dgfv

..

4.

Enter a value for the pre-shared key.

5.

Enter the WAN IP address of the remote DGFV338.

6.

Enter the WAN IP address of the FVX538.

7.

Enter the LAN IP address and subnet mask of the remote DGFV338.

8.

Click

Apply

to create the “to_dgfv” IKE and VPN policies. The

VPN Policies

screen will

display.

Figure 5-8

10.1.1.150

Page 123 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Virtual Private Networking

5-15

v1.0, April 2007

Testing the Connection

To test the VPN gateway tunnel:

1.

From a PC on either LAN firewall, try to ping a PC on the LAN of the other firewall.

Establishing the VPN connection may take several seconds.

2.

For additional status and troubleshooting information, view VPN Logs and VPN Connections

Status screens in the FVX538 or DGFV338.

Creating a VPN Client Connection: VPN Client to DGFV338

This section describes how to configure a VPN connection between a Windows PC and the

ProSafe DGFV338.

Using the DGFV338’s VPN Wizard, we will create a single set of VPN Client policies (IKE and

VPN) that will allow up to 50 remote PCs to connect from locations in which their IP addresses are

unknown in advance. The PCs may be directly connected to the Internet or may be behind NAT

routers. If more PCs are to be connected, an additional policy or policies must be created.

Each PC will use Netgear's ProSafe VPN Client software. Since the PC's IP address is assumed to

be unknown, the PC must always be the Initiator of the connection.

This procedure was developed and tested using:

•

Netgear ProSafe Wireless ADSL Modem VPN Firewall Router

•

Netgear ProSafe VPN Client

•

NAT router: Netgear FR114P

Configuring the DGFV338

1.

Select the VPN Wizard.

2.

Select the

VPN Client

radio button for type of VPN connection.

3.

Give the client connection a name, such as “home”.

4.

Enter a value for the pre-shared key.

5.

Check either the ADSL or WAN Ethernet radio box to select the WAN interface tunnel.

Page 124 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

5-16

Virtual Private Networking

v1.0, April 2007

.

6.

Enter he remote WAN’s IP Address or Internet Name and then enter the local WAN’s IP

Address or Internet Name. In this example, we are using their FQDNs. (Both the local and

remote addresses must be of the same type—either both must be FQDN or both must be an IP

address.)

7.

Click

Apply

to create the “home” VPN Client. The

VPN Policies

screen will display showing

the VPN Client policy as enabled.

8.

Click the

IKE Policies

tab to display the

IKE Policies

table and click

Edit

adjacent to the

“home” policy to view the “home” policy details.

You can also augment user authentication security by enabling the XAUTH server by selecting

the

Edge Device

radio box and then adding users to the User Database (see

“Extended

Authentication (XAUTH) Configuration” on page 5-26

and

“User Database Configuration” on

page 5-29

, respectively). Alternatively, you can also choose to selection either a RADIUS-

CHAP or RADIUS-PAP server.

Figure 5-9

Page 125 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Virtual Private Networking

5-17

v1.0, April 2007

Configuring the VPN Client

From a PC with the Netgear Prosafe VPN Client installed, you can configure a VPN client policy

to connect to the DGFV338.

To configure your VPN client:

1.

Right-click on the VPN client icon

in your Windows toolbar and select

Security Policy

Editor

.

2.

In the upper left of the Policy Editor window, click the New Document icon to open a New

Connection.Give the New Connection a name, such as

to_dgfv

.

3.

From the

ID Type

pull-down menu, select

IP Subnet

.

4.

Enter the LAN IP

Subnet Address

and

Subnet Mask

of the DGFV338 LAN.Check the

Connect using

radio box and select

Secure Gateway Tunnel

from the pull-down menu.

5.

From the

first

ID Type

pull-down menus, select

Domain Name

and enter the FQDN address

of the DGFV338.

6.

From the second

ID Type

pull-down menu, select

Gateway IP Address

and enter the WAN

IP Gateway address of the DGFV338.

Figure 5-10

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share