NETGEAR DGN2200B Router Manual PDF (Setup & Configuration Guide)

Page 101 / 167 Scroll up to view Page 96 - 100

Chapter 8.

Virtual Private Networking

|

101

N300 Wireless ADSL2+ Modem Router DGN2200

To view or modify the tunnel settings, select its radio button and click

Edit

.

Note:

See

Use Auto Policy to Configure VPN Tunnels

on page

118 for

information about how to enable the IKE keep-alive capability on an existing

VPN tunnel.

Step 2: Configure the NETGEAR ProSafe VPN Client

This section describes how to configure the NETGEAR ProSafe VPN Client on a remote PC.

These instructions assume that the PC running the client has a dynamically assigned IP

address.

The PC has to have the NETGEAR ProSafe VPN Client program installed that supports

IPSec. Go to the NETGEAR website (

http://www.netgear.com

) for information about how to

purchase the NETGEAR ProSafe VPN Client.

Note:

Before installing the NETGEAR ProSafe VPN Client software, be

sure to turn off any virus protection or firewall software you might be

running on your PC. You might need to insert your Windows CD to

complete the installation.

1.

Install the NETGEAR ProSafe VPN Client on the remote PC, and then reboot.

a.

Install the IPSec component. You might have the option to install either the VPN

adapter or the IPSec component or both. The VPN adapter is not necessary.

If you do not have a modem or dial-up adapter installed in your PC, you might see the

warning message stating “The NETGEAR ProSafe VPN Component requires at least

one dial-up adapter be installed.” You can disregard this message.

b.

Reboot the remote PC.

The ProSafe icon (

) is in the system tray.

c.

Double-click the ProSafe icon to open the Security Policy Editor.

2.

Add a new connection.

a.

Run the NETGEAR ProSafe Security Policy Editor program, and, using the

Table

5

on page

99, create a VPN connection.

Page 102 / 167

102

|

Chapter 8.

Virtual Private Networking

N300 Wireless ADSL2+ Modem Router DGN2200

b.

From the Edit menu of the Security Policy Editor, select

Add

, and then click

Connection

.

A New Connection listing appears in the list of policies.

c.

Rename the new connection so that it matches the Connection Name field in the

VPN Settings screen of the modem router on LAN A. Choose connection names that

make sense to the people using and administering the VPN.

Note:

In this example, the connection name used on the client side of the

VPN tunnel is toGW_A, and it does not have to match the

RoadWarrior connection name used on the gateway side of the VPN

tunnel because connection names are irrelevant to how the VPN

tunnel functions.

d.

Enter the following settings:

•

Connection Security:

Secure

.

•

ID Type:

IP Subnet

.

•

Subnet.: In this example, type

192.168.3.1

as the network address of the modem

router.

•

Mask: Enter

255.255.255.0

as the LAN subnet mask of the modem router.

•

Protocol: Select

All

to allow all traffic through the VPN tunnel.

e.

Select

Connect using

and then select the

Secure Gateway Tunnel

check box.

f.

In the ID Type drop-down list, select

IP Address

.

g.

I the field directly below the ID Type drop-down list, enter the public WAN IP address

of the modem router. In this example, 22.23.24.25 is used.

The resulting connection settings are shown in

Figure

20

on page

103.

Page 103 / 167

Chapter 8.

Virtual Private Networking

|

103

N300 Wireless ADSL2+ Modem Router DGN2200

3.

Configure the security policy in the NETGEAR ProSafe VPN Client software:

a.

In the Network Security Policy list, expand the new connection by double-clicking its

name or clicking the + symbol. My Identity and Security Policy subheadings appear

below the connection name.

b.

Click the

Security Policy

subheading to view the Security Policy settings.

Figure 20.

Security Policy settings, Client-to-Gateway A

c.

In the Select Phase 1 Negotiation Mode section of the screen, select the

Main Mode

radio button.

4.

Configure the VPN client identity.

In this step, you provide information about the remote VPN client PC. You need to provide

the pre-shared key that you configured in the modem router and either a fixed IP address

or a fixed virtual IP address of the VPN client PC.

a.

In the Network Security Policy list on the left side of the Security Policy Editor window,

click

My Identity

.

b.

In the Select Certificate drop-down list, select

None

.

Page 104 / 167

104

|

Chapter 8.

Virtual Private Networking

N300 Wireless ADSL2+ Modem Router DGN2200

c.

In the ID Type drop-down list, select

IP Address

. If you are using a virtual fixed IP

address, enter this address in the Internal Network IP Address field. Otherwise,

leave this field empty.

d.

In the Internet Interface section of the screen, select the adapter that you use to

access the Internet. If you have a dial-up Internet account, select

PPP Adapter

in

the Name field. If you have a dedicated cable or DSL line, select your Ethernet

adapter. If you will be switching between adapters or if you have only one adapter,

select

Any

.

e.

In the My Identity section of the screen, click the

Pre-Shared Key

button. The

Pre-Shared Key screen displays:

f.

Click

Enter Key

. Enter the modem router pre-shared key, and then click

OK

. In this

example, 12345678 is entered, though asterisks are displayed in the field. This field

is case-sensitive.

5.

Configure the VPN client authentication proposal.

In this step, you provide the type of encryption (DES or 3DES) to be used for this

connection. This selection has to match your selection in the modem router configuration.

a.

In the Network Security Policy list on the left side of the Security Policy Editor window,

expand the Security Policy heading by double-clicking its name or clicking the +

symbol.

b.

Expand the Authentication subheading by double-clicking its name or clicking the +

symbol. Then click

Proposal 1

below Authentication.

c.

In the Authentication Method drop-down list, select

Pre-Shared key

.

Page 105 / 167

Chapter 8.

Virtual Private Networking

|

105

N300 Wireless ADSL2+ Modem Router DGN2200

d.

In the Encrypt Alg drop-down list, select the type of encryption that is configured for

the Encryption Protocol in the modem router in

Table

3

on page

96. This example

uses Triple DES.

e.

In the Hash Alg drop-down list, select

SHA-1

.

f.

In the SA Life drop-down list, select

Unspecified

.

g.

In the Key Group drop-down list, select

Diffie-Hellman Group 2

.

6.

Configure the VPN client key exchange proposal.

In this step, you provide the type of encryption (DES or 3DES) to be used for this

connection. This selection has to match your selection in the modem router configuration.

a.

Expand the Key Exchange subheading by double-clicking its name or clicking the +

symbol. Then click

Proposal 1

below Key Exchange.

b.

In the SA Life drop-down list, select

Unspecified

.

c.

In the Compression drop-down list, select

None

.

d.

Select the

Encapsulation Protocol (ESP)

check box.

e.

In the Encrypt Alg drop-down list, select the type of encryption that is configured for

the encryption protocol in the modem router in

Table

3

on page

96. This example

uses Triple DES.

f.

In the Hash Alg drop-down list, select

SHA-1

.

g.

In the Encapsulation drop-down list, select

Tunnel

.

h.

Leave the

Authentication Protocol (AH)

check box cleared.

7.

Save the VPN client settings.

In the Security Policy Editor window, select

File > Save

.

After you have configured and saved the VPN client information, your PC automatically

opens the VPN connection when you attempt to access any IP addresses in the range of

the remote VPN router’s LAN.

8.

Check the VPN connection.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share