Page 101 / 167 Scroll up to view Page 96 - 100
Chapter 8.
Virtual Private Networking
|
101
N300 Wireless ADSL2+ Modem Router DGN2200
To view or modify the tunnel settings, select its radio button and click
Edit
.
Note:
See
Use Auto Policy to Configure VPN Tunnels
on page
118 for
information about how to enable the IKE keep-alive capability on an existing
VPN tunnel.
Step 2: Configure the NETGEAR ProSafe VPN Client
This section describes how to configure the NETGEAR ProSafe VPN Client on a remote PC.
These instructions assume that the PC running the client has a dynamically assigned IP
address.
The PC has to have the NETGEAR ProSafe VPN Client program installed that supports
IPSec. Go to the NETGEAR website (
) for information about how to
purchase the NETGEAR ProSafe VPN Client.
Note:
Before installing the NETGEAR ProSafe VPN Client software, be
sure to turn off any virus protection or firewall software you might be
running on your PC. You might need to insert your Windows CD to
complete the installation.
1.
Install the NETGEAR ProSafe VPN Client on the remote PC, and then reboot.
a.
Install the IPSec component. You might have the option to install either the VPN
adapter or the IPSec component or both. The VPN adapter is not necessary.
If you do not have a modem or dial-up adapter installed in your PC, you might see the
warning message stating “The NETGEAR ProSafe VPN Component requires at least
one dial-up adapter be installed.” You can disregard this message.
b.
Reboot the remote PC.
The ProSafe icon (
) is in the system tray.
c.
Double-click the ProSafe icon to open the Security Policy Editor.
2.
Add a new connection.
a.
Run the NETGEAR ProSafe Security Policy Editor program, and, using the
Table
5
on page
99, create a VPN connection.
Page 102 / 167
102
|
Chapter 8.
Virtual Private Networking
N300 Wireless ADSL2+ Modem Router DGN2200
b.
From the Edit menu of the Security Policy Editor, select
Add
, and then click
Connection
.
A New Connection listing appears in the list of policies.
c.
Rename the new connection so that it matches the Connection Name field in the
VPN Settings screen of the modem router on LAN A. Choose connection names that
make sense to the people using and administering the VPN.
Note:
In this example, the connection name used on the client side of the
VPN tunnel is toGW_A, and it does not have to match the
RoadWarrior connection name used on the gateway side of the VPN
tunnel because connection names are irrelevant to how the VPN
tunnel functions.
d.
Enter the following settings:
Connection Security:
Secure
.
ID Type:
IP Subnet
.
Subnet.: In this example, type
192.168.3.1
as the network address of the modem
router.
Mask: Enter
255.255.255.0
as the LAN subnet mask of the modem router.
Protocol: Select
All
to allow all traffic through the VPN tunnel.
e.
Select
Connect using
and then select the
Secure Gateway Tunnel
check box.
f.
In the ID Type drop-down list, select
IP Address
.
g.
I the field directly below the ID Type drop-down list, enter the public WAN IP address
of the modem router. In this example, 22.23.24.25 is used.
The resulting connection settings are shown in
Figure
20
on page
103.
Page 103 / 167
Chapter 8.
Virtual Private Networking
|
103
N300 Wireless ADSL2+ Modem Router DGN2200
3.
Configure the security policy in the NETGEAR ProSafe VPN Client software:
a.
In the Network Security Policy list, expand the new connection by double-clicking its
name or clicking the + symbol. My Identity and Security Policy subheadings appear
below the connection name.
b.
Click the
Security Policy
subheading to view the Security Policy settings.
Figure 20.
Security Policy settings, Client-to-Gateway A
c.
In the Select Phase 1 Negotiation Mode section of the screen, select the
Main Mode
radio button.
4.
Configure the VPN client identity.
In this step, you provide information about the remote VPN client PC. You need to provide
the pre-shared key that you configured in the modem router and either a fixed IP address
or a fixed virtual IP address of the VPN client PC.
a.
In the Network Security Policy list on the left side of the Security Policy Editor window,
click
My Identity
.
b.
In the Select Certificate drop-down list, select
None
.
Page 104 / 167
104
|
Chapter 8.
Virtual Private Networking
N300 Wireless ADSL2+ Modem Router DGN2200
c.
In the ID Type drop-down list, select
IP Address
. If you are using a virtual fixed IP
address, enter this address in the Internal Network IP Address field. Otherwise,
leave this field empty.
d.
In the Internet Interface section of the screen, select the adapter that you use to
access the Internet. If you have a dial-up Internet account, select
PPP Adapter
in
the Name field. If you have a dedicated cable or DSL line, select your Ethernet
adapter. If you will be switching between adapters or if you have only one adapter,
select
Any
.
e.
In the My Identity section of the screen, click the
Pre-Shared Key
button. The
Pre-Shared Key screen displays:
f.
Click
Enter Key
. Enter the modem router pre-shared key, and then click
OK
. In this
example, 12345678 is entered, though asterisks are displayed in the field. This field
is case-sensitive.
5.
Configure the VPN client authentication proposal.
In this step, you provide the type of encryption (DES or 3DES) to be used for this
connection. This selection has to match your selection in the modem router configuration.
a.
In the Network Security Policy list on the left side of the Security Policy Editor window,
expand the Security Policy heading by double-clicking its name or clicking the +
symbol.
b.
Expand the Authentication subheading by double-clicking its name or clicking the +
symbol. Then click
Proposal 1
below Authentication.
c.
In the Authentication Method drop-down list, select
Pre-Shared key
.
Page 105 / 167
Chapter 8.
Virtual Private Networking
|
105
N300 Wireless ADSL2+ Modem Router DGN2200
d.
In the Encrypt Alg drop-down list, select the type of encryption that is configured for
the Encryption Protocol in the modem router in
Table
3
on page
96. This example
uses Triple DES.
e.
In the Hash Alg drop-down list, select
SHA-1
.
f.
In the SA Life drop-down list, select
Unspecified
.
g.
In the Key Group drop-down list, select
Diffie-Hellman Group 2
.
6.
Configure the VPN client key exchange proposal.
In this step, you provide the type of encryption (DES or 3DES) to be used for this
connection. This selection has to match your selection in the modem router configuration.
a.
Expand the Key Exchange subheading by double-clicking its name or clicking the +
symbol. Then click
Proposal 1
below Key Exchange.
b.
In the SA Life drop-down list, select
Unspecified
.
c.
In the Compression drop-down list, select
None
.
d.
Select the
Encapsulation Protocol (ESP)
check box.
e.
In the Encrypt Alg drop-down list, select the type of encryption that is configured for
the encryption protocol in the modem router in
Table
3
on page
96. This example
uses Triple DES.
f.
In the Hash Alg drop-down list, select
SHA-1
.
g.
In the Encapsulation drop-down list, select
Tunnel
.
h.
Leave the
Authentication Protocol (AH)
check box cleared.
7.
Save the VPN client settings.
In the Security Policy Editor window, select
File > Save
.
After you have configured and saved the VPN client information, your PC automatically
opens the VPN connection when you attempt to access any IP addresses in the range of
the remote VPN router’s LAN.
8.
Check the VPN connection.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top