Page 111 / 167 Scroll up to view Page 106 - 110
Chapter 8.
Virtual Private Networking
|
111
N300 Wireless ADSL2+ Modem Router DGN2200
Note:
The VPN Status screen is only one of three ways to active a VPN
tunnel. See
Activate a VPN Tunnel
on page
112 for information
about the other ways.
a.
On the modem router menu, select
VPN Status
. The VPN Status/Log screen
displays:
b.
Click the
VPN Status
button to display the Current VPN Tunnels (SAs) screen:
c.
Click
Connect
for the VPN tunnel you want to activate. View the VPN Status/Log
screen to verify that the tunnel is connected.
Page 112 / 167
112
|
Chapter 8.
Virtual Private Networking
N300 Wireless ADSL2+ Modem Router DGN2200
VPN Tunnel Control
Activate a VPN Tunnel
There are three ways to activate a VPN tunnel:
Use the VPN Status screen.
Ping the remote endpoint.
Start using the VPN tunnel.
Note:
See
Use Auto Policy to Configure VPN Tunnels
on page
118 for
information about how to enable the IKE keep-alive capability on an
existing VPN tunnel.
Use the VPN Status Screen to Activate a VPN Tunnel
1.
Select
Advanced - VPN > VPN Status
. The VPN Status/Log screen displays:
Page 113 / 167
Chapter 8.
Virtual Private Networking
|
113
N300 Wireless ADSL2+ Modem Router DGN2200
2.
Click
VPN Status
to display the Current VPN Tunnels (SAs) screen:
3.
Click
Connect
for the VPN tunnel that you want to activate.
Activate the VPN Tunnel by Pinging the Remote Endpoint
Note:
This section uses 192.168.3.1 for sample remote endpoint LAN IP
address.
To activate the VPN tunnel by pinging the remote endpoint (for example, 192.168.3.1),
perform the following steps depending on whether your configuration is client-to-gateway or
gateway-to-gateway:
Client-to-gateway configuration
. To check the VPN connection, you can initiate a
request from the remote PC to the DGN2200’s network by using the Connect option in
the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client reports the results of
the attempt to connect. Since the remote PC has a dynamically assigned WAN IP
address, it has to initiate the request.
To perform a ping test using our example, start from the remote PC:
a.
Establish an Internet connection from the PC.
b.
On the Windows taskbar, click the
Start
button, and then select
Run
.
c.
Type
ping -t 192.168.3.1
,
and then click
OK
.
Running a ping test
to the LAN from the PC
Page 114 / 167
114
|
Chapter 8.
Virtual Private Networking
N300 Wireless ADSL2+ Modem Router DGN2200
This causes a continuous ping to be sent to the first DGN2200. Within 2 minutes, the
ping response should change from timed out to reply.
Note:
You can use Ctrl-C to stop the pinging.
Once the connection is established, you can open a browser on the PC and enter the
LAN IP address of the remote DGN2200. After a short wait, you should see the login
screen of the modem router (unless another PC already has the DGN2200 management
interface open).
Gateway-to-gateway configuration
. Test the VPN tunnel by pinging the remote network
from a PC attached to Gateway A (the modem router).
a.
Open a command prompt (for example,
Start > Run > cmd
).
b.
Type
ping 192.168.3.1
.
Note:
The pings might fail the first time. If they do, then try the pings a
second time.
Start Using a VPN Tunnel to Activate It
To use a VPN tunnel, use a Web browser to go to a URL whose IP address or range is
covered by the policy for that VPN tunnel.
Page 115 / 167
Chapter 8.
Virtual Private Networking
|
115
N300 Wireless ADSL2+ Modem Router DGN2200
Verify the Status of a VPN Tunnel
1.
Select
Advanced - VPN > VPN Status
to display the VPN Status/Log screen.
This log shows the details of recent VPN activity, including the building of the VPN tunnel.
If there is a problem with the VPN tunnel, refer to the log for information about what might
be the cause of the problem.
Click
Refresh
to see the most recent entries.
Click
Clear Log
to delete all log entries.
2.
Click
VPN Status
to display the Current VPN Tunnels (SAs) screen.
This table lists the following data for each active VPN tunnel.
SPI
. Each SA has a unique SPI (Security Parameter Index) for traffic in each
direction. For manual key exchange, the SPI is specified in the policy definition. For
automatic key exchange, the SPI is generated by the IKE protocol.
Policy Name
. The VPN policy associated with this SA.
Remote Endpoint
. The IP address on the remote VPN endpoint.
Action
. Either a Drop or a Connect button.
SLifeTime (Secs)
. The remaining soft lifetime for this SA in seconds. When the soft
lifetime becomes 0 (zero), the SA (security association) is re-negotiated.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top