1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DGFV338
    5. /
  5. 28
Page 136 / 212 Scroll up to view Page 131 - 135
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
5-28
Virtual Private Networking
v1.0, April 2007
RADIUS–CHAP
or
RADIUS–PAP
(depending on the authentication mode accepted
by the RADIUS server) to add a RADIUS server. If RADIUS–PAP is selected, the
router will first check in the User Database to see if the user credentials are available.
If the user account is not present, the router will then connect to the RADIUS server
(see
“RADIUS Client Configuration” on page 5-30
).
IPSec Host
if you want to be authenticated by the remote gateway. In the adjacent
Username
and
Password
fields, type in the information user name and password
associated with the IKE policy for authenticating this gateway (by the remote gateway).
5.
Click
Apply
to save your settings.
Figure 5-20
Page 137 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Virtual Private Networking
5-29
v1.0, April 2007
User Database Configuration
The
User Database
screen is used to configure and administer users when Extended
Authentication is enabled as an Edge Device. Whether or not you use an external RADIUS server,
you may want some users to be authenticated locally. These users must be added to the
User
Database Configured Users
table.
To add a new user:
1.
Select
VPN
from the main menu and
VPN Client
from the submenu. The
User Database
screen will display.
2.
Enter a
User Name
. This is the unique ID of a user which will be added to the User Name
database.
3.
Enter a
Password
for the user, and reenter the password in the
Confirm Password
field.
4.
Click
Add.
The User Name will be added to the Configured Users table.
Figure 5-21
Page 138 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
5-30
Virtual Private Networking
v1.0, April 2007
To edit the user name or password:
1.
Click
Edit
opposite the user’s name. The
Edit User
screen will display.
2.
Make the required changes to the User Name or Password and click
Apply
to save your
settings or
Reset
to cancel your changes and return to the previous settings
.
The modified user
name and password will display in the Configured Users table.
RADIUS Client Configuration
RADIUS (Remote Authentication Dial In User Service, RFC 2865) is a protocol for managing
Authentication, Authorization and Accounting (AAA) of multiple users in a network. A RADIUS
server will store a database of user information, and can validate a user at the request of a gateway
or server in the network when a user requests access to network resources. During the
establishment of a VPN connection, the VPN gateway can interrupt the process with an XAUTH
(eXtended AUTHentication) request. At that point, the remote user must provide authentication
information such as a username/password or some encrypted response using his username/
password information. The gateway will try and verify this information first against a local User
Database (if RADIUS-PAP is enabled) and then by relaying the information to a central
authentication server such as a RADIUS server.
To configure the Primary RADIUS Server:
1.
Select
VPN
from the main menu,
VPN Client
from the submenu and then select the
RADIUS
Client
tab. The
RADIUS Client
screen will display.
2.
Enable the Primary RADIUS server by checking the
Yes
radio box
Page 139 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
Virtual Private Networking
5-31
v1.0, April 2007
.
3.
Enter the Primary
RADIUS Server IP address
.
4.
Enter a
Secret Phrase
. Transactions between the client and the RADIUS server are
authenticated using a shared secret phrase, so the same Secret Phrase must be configured on
both client and server.
5.
Enter the
Primary Server NAS Identifier
(Network Access Server). This Identifier MUST be
present in a RADIUS request. Ensure that NAS Identifier is configured as the same on both
client and server.
The DGFV338 is acting as a NAS (Network Access Server), allowing network access to
external users after verifying their authentication information. In a RADIUS transaction, the
NAS must provide some NAS Identifier information to the RADIUS Server. Depending on the
configuration of the RADIUS Server, the router's IP address may be sufficient as an identifier,
or the Server may require a name, which you would enter here. This name would also be
configured on the RADIUS Server, although in some cases it should be left blank on the
RADIUS Server.
6.
Enable a Backup RADIUS Server (if required) by following steps 2 through 5.
7.
Set the
Time Out Period
, in seconds, that the router should wait for a response from the
RADIUS server.
8.
Set the
Maximum Retry Count.
This is the number of tries the router will make to the
RADIUS server before giving up.
Figure 5-22
Page 140 / 212
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
5-32
Virtual Private Networking
v1.0, April 2007
9.
Click
Reset
to cancel any changes and revert to the previous settings.
10.
Click
Apply
to save the settings.
Manually Assigning IP Addresses to Remote Users
(ModeConfig)
To simply the process of connecting remote VPN clients to the DGFV338, the ModeConfig
module can be used to assign IP addresses to remote users, including a network access IP address,
subnet mask, and name server addresses from the router. Remote users are given IP addresses
available in secured network space so that remote users appear as seamless extensions of the
network.
In the following example, we configured the ProSafe DGFV338 using ModeConfig, and then
configured a PC running ProSafe VPN Client software using these IP addresses.
NETGEAR ProSafe Wireless ADSL Modem VPN Firewall Router
WAN IP address: 172.21.4.1
LAN IP address/subnet: 192.168.2.1/255.255.255.0
NETGEAR ProSafe VPN Client software IP address: 192.168.1.2
Mode Config Operation
After IKE Phase 1 is complete, the VPN connection initiator (remote user/client) asks for IP
configuration parameters such as IP address, subnet mask and name server addresses. The Mode
Config module will allocate an IP address from the configured IP address pool and will activate a
temporary IPSec policy using the template security proposal information configured in the Mode
Config record.
Note:
Selection of the Authentication Protocol, usually PAP or CHAP, is configured
on the individual IKE policy screens.
Note:
After configuring a Mode Config record, you must go to the IKE Policies menu
and configure an IKE policy using the newly-created Mode Config record as the
Remote Host Configuration Record. The VPN Policies menu does not need to be
edited.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top