NETGEAR DGN2200B Router Manual PDF (Setup & Configuration Guide)

Page 96 / 167 Scroll up to view Page 91 - 95

96

|

Chapter 8.

Virtual Private Networking

N300 Wireless ADSL2+ Modem Router DGN2200

A VPN between two or more NETGEAR VPN-enabled routers is a good way to connect

branch or home offices and business partners over the Internet. VPN tunnels also enable

access to network resources across the Internet. In this case, use gateways on each end of

the tunnel to form the VPN tunnel end points. See

Set Up a Gateway-to-Gateway VPN

Configuration

on page

108 for information about how to set up this configuration.

Plan a VPN

When you set up a VPN, it is helpful to plan the network configuration and record the

configuration parameters on a worksheet:

Table 3.

VPN Tunnel Configuration Worksheet

Parameter

Value to Be Entered

Field Selection

Connection Name

N/A

Pre-Shared Key

N/A

Secure Association

N/A

Main Mode

Manual Keys

Perfect Forward secrecy

N/A

Enabled

Disabled

Encryption Protocol

N/A

DES

3DES

Authentication Protocol

N/A

MD5

SHA-1

Diffie-Hellman (DH) Group

N/A

Group 1

Group 2

Key Life in seconds

N/A

IKE Life Time in seconds

N/A

VPN Endpoint

Local IPSecID

LAN IP Address

Subnet Mask

FQDN or Gateway

IP (WAN IP Address

To set up a VPN connection, you need to configure each endpoint with specific identification

and connection information describing the other endpoint. You configure the outbound VPN

settings on one end to match the inbound VPN settings on other end, and vice versa.

This set of configuration information defines a security association (SA) between the two

VPN endpoints. When planning your VPN, you have to make a few choices first:

•

Will the local end be any device on the LAN, a portion of the local network (as defined by

a subnet or by a range of IP addresses), or a single PC?

•

Will the remote end be any device on the remote LAN, a portion of the remote network (as

defined by a subnet or by a range of IP addresses), or a single PC?

•

Will either endpoint use fully qualified domain names (FQDNs)? FQDNs supplied by

Dynamic DNS providers (see

Using a Fully Qualified Domain Name (FQDN)

on

Page 97 / 167

Chapter 8.

Virtual Private Networking

|

97

N300 Wireless ADSL2+ Modem Router DGN2200

page

146) can allow a VPN endpoint with a dynamic IP address to initiate or respond to a

tunnel request. Otherwise, the side using a dynamic IP address has to always be the

initiator.

•

Which method will you use to configure your VPN tunnels?

-

The VPN Wizard using VPNC defaults (see

Table

4, Parameters Recommended by

the BPNC and Used in the VPN Wizard

on page

97).

-

The typical automated Internet Key Exchange (IKE) setup (see

Use Auto Policy to

Configure VPN Tunnels

on page

118).

-

A manual keying setup in which you need to specify each phase of the connection

(see

Use Manual Policy to Configure VPN Tunnels

on page

125)?

Table 4.

Parameters Recommended by the BPNC and Used in the VPN Wizard

Parameter

Factory Default Setting

Secure Association

Main Mode

Authentication Method

Pre-Shared Key

Encryption Method

3DES

Authentication Protocol

SHA-1

Diffie-Hellman (DH) Group

Group 2 (1024 bit)

Key Life

8 hours

IKE Life Time

1 hour

•

What level of IPSec VPN encryption will you use?

-

DES

. The Data Encryption Standard (DES) processes input data that is 64 bits wide,

encrypting these values using a 56-bit key. Faster but less secure than 3DES.

-

3DES

. Triple DES achieves a higher level of security by encrypting the data three

times using DES with three different, unrelated keys.

•

What level of authentication will you use?

-

MDS

. 128 bits, faster but less secure.

-

SHA-1

. 160 bits, slower but more secure.

VPN Tunnel Configuration

There are two tunnel configurations and three ways to configure them:

•

Use the VPN Wizard to configure a VPN tunnel (recommended for most situations):

-

See

Set Up a Client-to-Gateway VPN Configuration

on page

98.

-

See

Set Up a Gateway-to-Gateway VPN Configuration

on page

108.

•

See

Use Auto Policy to Configure VPN Tunnels

on page

118 when the VPN Wizard and

its VPNC defaults are not appropriate for your special circumstances, but you want to

automate the Internet Key Exchange (IKE) setup.

Page 98 / 167

98

|

Chapter 8.

Virtual Private Networking

N300 Wireless ADSL2+ Modem Router DGN2200

•

See

Use Manual Policy to Configure VPN Tunnels

on page

125 when the VPN Wizard

and its VPNC defaults are not appropriate for your special circumstances and you have to

specify each phase of the connection. You manually enter all the authentication and key

parameters. You have more control over the process; however, the process is more

complex, and there are more opportunities for errors or configuration mismatches

between your DGN2200 and the corresponding VPN endpoint gateway or client

workstation.

Note:

NETGEAR publishes additional interoperability scenarios with

various gateway and client software products. Look on the

NETGEAR website at

www.netgear.com

for these interoperability

scenarios.

Set Up a Client-to-Gateway VPN Configuration

Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a

network gateway involves these two steps:

•

Step 1: Configure the Client-to-Gateway VPN Tunnel

on page

98 describes how to use

the VPN Wizard to configure the VPN tunnel between the remote PC and network

gateway.

•

Step 2: Configure the NETGEAR ProSafe VPN Client

on page

101 shows how to

configure the NETGEAR ProSafe VPN Client endpoint.

VPN tunnel

Internet

PC running NETGEAR

ProSafe VPN Client

22.23.24.25

0.0.0.0

IP: 192.168.3.1

Figure 19. Client-to-gateway VPN tunnel

Step 1: Configure the Client-to-Gateway VPN Tunnel

This section describes using the VPN Wizard to set up the VPN tunnel using the VPNC

default parameters listed in

Table

4

on page

97. If you have special requirements not covered

by these VPNC-recommended parameters, see

Set Up VPN Tunnels in Special

Circumstances

on page

118 for information about how to set up the VPN tunnel.

Page 99 / 167

Chapter 8.

Virtual Private Networking

|

99

N300 Wireless ADSL2+ Modem Router DGN2200

The following worksheet identifies the parameters used in this procedure, which are

highlighted in blue. For a blank worksheet, see

Plan a VPN

on page

96.

Table 5.

VPN Tunnel Configuration Worksheet

Parameter

Value to Be Entered

Field Selection

Connection Name

RoadWarrior

N/A

Pre-Shared Key

12345678

N/A

Secure Association

N/A

Main Mode

Manual Keys

Perfect Forward secrecy

N/A

Enabled

Disabled

Encryption Protocol

N/A

DES

3DES

Authentication Protocol

N/A

MD5

SHA-1

Diffie-Hellman (DH) Group

N/A

Group 1

Group 2

Key Life in seconds

28800 (8 hours)

N/A

IKE Life Time in seconds

3600 (1 hour)

N/A

VPN Endpoint

Local IPSecID

LAN IP Address

Subnet Mask

FQDN or Gateway

IP (WAN IP

Address)

Client

toGateway

N/A

Dynamic

Gateway

toClient

192.168.3.1

255.255.255.0

22.23.24.25

To configure a client-to-gateway VPN tunnel using the VPN Wizard:

1.

Select

Advanced - VPN > VPN Wizard

. The following screen displays. Click

2.

Fill in the Connection Name and pre-shared key

fields.

The connection name is for convenience and does not affect how the VPN tunnel

functions.

Page 100 / 167

100

|

Chapter 8.

Virtual Private Networking

N300 Wireless ADSL2+ Modem Router DGN2200

3.

Select the radio button for the type of target end point, and click

4.

Enter the remote IP address and subnet mask, and click

The Summary screen displays:

Note:

To view the VPNC-recommended authentication and encryption

settings used by the VPN Wizard, click the

here

link.

5.

Click

Done

. The VPN Policies screen displays, showing that the new tunnel is enabled:

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share