NETGEAR DGFV338 Router Manual PDF (Setup & Configuration Guide)

Page 141 / 212 Scroll up to view Page 136 - 140

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Virtual Private Networking

5-33

v1.0, April 2007

Configuring the ProSafe DGFV338

Two menus must be configured—the Mode Config menu and the IKE Policies menu.

To configure the Mode Config menu:

1.

From the main menu, select

VPN

, and then select

Mode Config

from the submenu. The

Mode

Config

screen will display.

2.

Click

Add.

The

Add Mode Config Record

screen will display.

3.

Enter a descriptive

Record Name

such as “Sales”.

4.

Assign at least one range of IP Pool addresses in the First IP Pool field to give to remote VPN

clients.

5.

If you have a WINS Server on your local network, enter its IP address.

6.

Enter one or two DNS Server IP addresses to be used by remote VPN clients.

7.

If you enable Perfect Forward Secrecy (PFS), select DH Group 1 or 2. This setting must match

exactly the configuration of the remote VPN client,

8.

Specify the Local IP Subnet to which the remote client will have access. Typically, this is your

router’s LAN subnet, such as 192.168.2.1/255.255.255.0. (If not specified, it will default to the

LAN subnet of the router.)

9.

Specify the VPN policy settings. These settings must match the configuration of the remote

VPN client. Recommended settings are:

•

SA Lifetime: 3600 seconds

•

Authentication Algorithm: SHA-1

•

Encryption Algorithm: 3DES

10.

Click

Apply

. The new record should appear in the VPN Remote Host Mode Config Table (a

sample record is shown below).

Note:

The IP Pool should not be within your local network IP addresses. Use a

different range of private IP addresses such as 172.20.xx.xx.

Page 142 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

5-34

Virtual Private Networking

v1.0, April 2007

To configure an IKE Policy:

1.

From the main menu, select

VPN

. The

IKE Policies

screen will display showing the current

policies in the

List of IKE Policies

Table.

2.

Click

Add

to configure a new IKE Policy. The

Add IKE Policy

screen will display.

3.

Enable

Mode Config

by checking the

Yes

radio box and selecting the Mode Config record

you just created from the pull-down menu. (You can view the parameters of the selected record

by clicking the

View selected

radio box.)

Mode Config works only in Aggressive Mode, and Aggressive Mode requires that both ends

of the tunnel be defined by a FQDN.

Figure 5-23

Page 143 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Virtual Private Networking

5-35

v1.0, April 2007

4.

In the

General

section:

a.

Enter a description name in the Policy Name Field such as “salesperson”. This name will

be used as part of the remote identifier in the VPN client configuration.

b.

Set Direction/Type to Responder.

c.

The Exchange Mode will automatically be set to Aggressive.

5.

For Local information:

d.

Select Fully Qualified Domain Name for the Local Identity Type.

e.

Enter an identifier in the Remote Identity Data field that is not used by any other IKE

policies. This identifier will be used as part of the local identifier in the VPN client

configuration.

6.

Specify the IKE SA parameters. These settings must be matched in the configuration of the

remote VPN client. Recommended settings are:

•

Encryption Algorithm: 3DES

•

Authentication Algorithm: SHA-1

•

Diffie-Hellman: Group 2

•

SA Lifetime: 3600 seconds

7.

Enter a Pre-Shared Key that will also be configured in the VPN client.

8.

XAUTH is disabled by default. To enable XAUTH, select:

•

Edge Device

to use this router as a VPN concentrator where one or more gateway tunnels

terminate. (If selected, you must specify the

Authentication Type

to be used in verifying

credentials of the remote VPN gateways.)

•

IPsec Host

if you want this gateway to be authenticated by the remote gateway. Enter a

Username and Password to be associated with the IKE policy. When this option is chosen,

you will need to specify the user name and password to be used in authenticating this

gateway (by the remote gateway).

9.

If Edge Device was enabled, select the

Authentication Type

from the pull down menu which

will be used to verify account information: User Database, RADIUS-CHAP or RADIUS-PAP.

Users must be added through the User Database screen (see

“User Database Configuration” on

page 5-29

or

“RADIUS Client Configuration” on page 5-30

).

Note:

If RADIUS-PAP is selected, the router will first check the User Database to

see if the user credentials are available. If the user account is not present, the

router will then connect to the RADIUS server.

Page 144 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

5-36

Virtual Private Networking

v1.0, April 2007

10.

Click

Apply.

The new policy will appear in the IKE Policies Table (a sample policy is shown

below)

Configuring the ProSafe VPN Client for ModeConfig

From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN

client connection.

To configure the client PC:

1.

Right-click the VPN client icon in the Windows toolbar. In the upper left of the Policy Editor

window, click the New Policy editor icon.

a.

Give the connection a descriptive name such as “modecfg_test” (this name will only be

used internally).

Figure 5-24

Page 145 / 212

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

Virtual Private Networking

5-37

v1.0, April 2007

b.

From the ID Type pull-down menu, select IP Subnet.

c.

Enter the IP Subnet and Mask of the ProSafe DGFV338 (this is the LAN network IP

address of the gateway).

d.

Check the Connect using radio button and select Secure Gateway Tunnel from the pull-

down menu.

e.

From the ID Type pull-down menu, select Domain name and enter the FQDN of the

ProSafe DGFV338; in this example it is “local_id.com”.

f.

Select Gateway IP Address from the second pull-down menu and enter the WAN IP

address of the ProSafe DGFV338; in this example it is “172.21.4.1”.

2.

From the left side of the menu, click My Identity and enter the following information:

a.

Click

Pre-Shared Key

and enter the key you configured in the DGFV338 IKE menu.

b.

From the Select Certificate pull-down menu, select None.

c.

From the ID Type pull-down menu, select Domain Name and create an identifier based on

the name of the IKE policy you created; for example “remote_id.com”.

Figure 5-25

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share