1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DGN2200B
    5. /
  5. 30
Page 146 / 167 Scroll up to view Page 141 - 145
146
|
Appendix B.
NETGEAR VPN Configuration
N300 Wireless ADSL2+ Modem Router DGN2200
Modem Router with FQDN to Gateway B
This section is a case study on how to configure a VPN tunnel from a NETGEAR modem
router to a gateway using a fully qualified domain name (FQDN) to resolve the public address
of one or both routers. This case study follows the VPN Consortium interoperability profile
guidelines (found at
).
Configuration Profile
The configuration in this section follows the addressing and configuration mechanics defined
by the VPN Consortium. Gather the necessary information before you begin configuration.
Verify that the firmware is up to date, and that you have all the addresses and parameters to
be set on both sides. Check that there are no firewall restrictions.
Gateway A
WAN IP
Internet
10.506.0/24
(DGN2200)
LAN IP
10.5.6.1
example.org
WAN IP
example2.org
Gateway B
LAN IP
172.23.9.1
172.23.9.0/24
(FQDN)
(FQDN)
Figure 29. VPNC Example, Network Interface Addressing
Table 11.
VPN Consortium Scenario
Scenario 1
Type of VPN
LAN-to-LAN or gateway-to-gateway (not PC/client-to-gateway)
Security scheme:
IKE with preshared secret/Key (not certificate based)
IP addressing:
NETGEAR-Gateway A
Fully aualified domain name (FQDN)
NETGEAR-Gateway B
FDQN
Using a Fully Qualified Domain Name (FQDN)
Many ISPs provide connectivity to their customers using dynamic instead of static IP
addressing. This means that a user’s IP address does not remain constant over time, which
presents a challenge for gateways attempting to establish VPN connectivity.
A Dynamic DNS (DDNS) service allows a user whose public IP address is dynamically
assigned to be located by a host or domain name. It provides a central public database where
information (such as e-mail addresses, host names, and IP addresses) can be stored and
Page 147 / 167
Appendix B.
NETGEAR VPN Configuration
|
147
N300 Wireless ADSL2+ Modem Router DGN2200
retrieved. Now, a gateway can be configured to use a third-party service instead of a
permanent and unchanging IP address to establish bi-directional VPN connectivity.
To use DDNS, you need to register with a DDNS service provider. Some DDNS service
providers include:
DynDNS: www.dyndns.org
TZO.com: netgear.tzo.com
ngDDNS: ngddns.iego.net
In this example, Gateway A is configured using a sample FQDN provided by a DDNS service
provider. In this case we established the hostname
dg834g.dyndns.org
for Gateway A using
the DynDNS service. Gateway B uses the DDNS service provider when establishing a VPN
tunnel.
To establish VPN connectivity, Gateway A has to be configured to use Dynamic DNS, and
Gateway B has to be configured to use a DNS host name provided by a DDNS service
provider to find Gateway A. Again, the following step-by-step procedures assume that you
have already registered with a DDNS service provider and have the configuration information
necessary to set up the gateways.
Step-by-Step Configuration
1.
Log in to Gateway A (your modem router).
This example assumes that you have set the local LAN address as 10.5.6.1 for Gateway
A and have set your own password.
2.
On Gateway A, configure the Dynamic DNS settings.
a.
Under the Advanced heading, select Dynamic
DNS.
b.
Fill in the fields with account and host name
settings.
Select the
Use a Dynamic DNS Service
check box.
In the
Host Name
field, type
gw_a.dyndns.org
.
In the
User Name
field, enter the account
user name.
In the
Password
field, enter the account
password.
c.
Click
Apply
.
Page 148 / 167
148
|
Appendix B.
NETGEAR VPN Configuration
N300 Wireless ADSL2+ Modem Router DGN2200
d.
Click
Show Status
. The resulting screen should show Update OK: good:
3.
On NETGEAR Gateway B, configure the Dynamic DNS settings. Assume a correctly
configured DynDNS account.
a.
From the main menu, select Dynamic DNS.
b.
Select the
DynDNS.org
radio button.
The Dynamic DNS screen displays:
c.
Fill in the fields with the account and host name
settings.
In the
Host and Domain Name
field enter
fvl328.dyndns.org
.
In the
User Name
field, enter the account
user name.
In the
Password
field, enter the account
password.
d.
Click
Apply.
e.
Click
Show Status
.
The resulting screen should show Update OK:
good:
4.
Configure the DGN2200 as in the gateway-to-gateway procedures using the VPN Wizard
(see
Set Up a Gateway-to-Gateway VPN Configuration
on page
108), being certain to use
appropriate network addresses for the environment.
Page 149 / 167
Appendix B.
NETGEAR VPN Configuration
|
149
N300 Wireless ADSL2+ Modem Router DGN2200
The LAN addresses used in this example are as follows:
Table 12.
Device
LAN IP Address
LAN Subnet Mask
DGN2200
10.5.6.1
255.255.255.0
FVL328
172.23.6.1
255.255.255.0
a.
Enter
toFVL328
for the connection name.
b.
Enter
fvl328.dyndns.org
for the remote WAN's IP address.
c.
Enter the following:
IP Address:
172.23.9.1
Subnet Mask:
255.255.255.0
5.
Configure the FVL328 as in the gateway-to-gateway procedures for the VPN Wizard (see
Set Up a Gateway-to-Gateway VPN Configuration
on page
108), being certain to use
appropriate network addresses for the environment.
a.
Enter
toDG834
for the connection name.
b.
Enter
dg834g.dyndns.org
for the remote WAN's IP address.
c.
Enter the following:
IP Address:
10.5.6.1
Subnet Mask:
255.255.255.0
6.
Test the VPN tunnel by pinging the remote network from a PC attached to the DGN2200.
a.
Open the command prompt (Start -> Run -> cmd)
b.
Type
ping 172.23.9.1
If the pings fail the first time, try the pings a second time.
Configuration Summary (Telecommuter Example)
The configuration in this section follows the addressing and configuration mechanics defined
by the VPN Consortium. Gather the necessary information before you begin configuration.
Page 150 / 167
150
|
Appendix B.
NETGEAR VPN Configuration
N300 Wireless ADSL2+ Modem Router DGN2200
Verify that the firmware is up to date, and make sure you have all the addresses and
parameters to be set on both sides. Assure that there are no firewall restrictions
Table 13.
VPN Consortium Scenario
Scenario 1
Type of VPN:
PC/client-to-gateway, with client behind NAT router
Security scheme:
IKE with pre-shared secret/key (not certificate based)
IP addressing:
Gateway
Fully qualified domain name (FQDN)
Client
Dynamic
.
Gateway A
(main office)
Gateway B
LAN IP
192.168.0.1
192.168.0.1/24
FQDN
ntgr.dyndns.org
“from_GW_A”
WAN IP
Internet
WAN IP
0.0.0.0
“toGW_A”
IP: 192.168.2.3
(regional office)
Client PC
(running NETGEAR
ProSafe VPN client)
Figure 30. Telecommuter Example
Setting Up Client-to-Gateway VPN Configuration
(Telecommuter Example)
Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a
network gateway involves two steps:
Step 1: Configure Gateway A (the NETGEAR VPN Router at the Main Office)
on
page
151.
Step 2: Configure Gateway B (the Modem Router at the Regional Office)
on page
152
describes configuring the NETGEAR ProSafe VPN Client endpoint.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top