NETGEAR DGN2200B Router Manual PDF (Setup & Configuration Guide)

Page 151 / 167 Scroll up to view Page 146 - 150

Appendix B.

NETGEAR VPN Configuration

|

151

N300 Wireless ADSL2+ Modem Router DGN2200

Step 1: Configure Gateway A (the NETGEAR VPN Router at the

Main Office)

1.

Log in to the VPN router. Select

VPN Policies

to display the VPN Policies screen. Click

Add Auto Policy

to proceed and enter the information.

toGW_A.com

(in this example)

fromGW_A.com

(in this example)

fromGW_A

(in the example)

192.168.2.3

(in this example)

IKE Keep Alive

is optional; has to match

Remote LAN IP Address

when enabled

(remote PC has to respond to pings)

(Remote NAT router has to have

Address Reservation

set and

VPN Passthrough

enabled)

2.

Click

Apply

when you are finished to display the VPN Policies screen.

To view or modify the tunnel settings, select the radio button next to the tunnel entry, and then

click

Edit

.

Page 152 / 167

152

|

Appendix B.

NETGEAR VPN Configuration

N300 Wireless ADSL2+ Modem Router DGN2200

Step 2: Configure Gateway B (the Modem Router at the

Regional Office)

This procedure assumes that the PC running the client has a dynamically assigned IP

address.

The PC needs to have a VPN client program installed that supports IPSec (in this case study,

the NETGEAR VPN ProSafe Client is used). Go to the NETGEAR website

(

www.netgear.com

) for information about how to purchase the NETGEAR ProSafe VPN

Client.

Note:

Before installing the software, be sure to turn off any virus protection

or firewall software you might be running on your PC.

1.

Install the NETGEAR ProSafe VPN Client on the remote PC, and then reboot.

a.

You might need to insert your Windows CD to complete the installation.

b.

If you do not have a modem or dial-up adapter installed in your PC, you might see

the warning message stating “The NETGEAR ProSafe VPN Component requires at

least one dial-up adapter be installed.” You can disregard this message.

c.

Install the IPSec component. You might have the option to install either the VPN

adapter or the IPSec component or both. The VPN adapter is not necessary.

d.

The system should show the ProSafe icon (

) in the system tray after rebooting.

e.

Double-click the system tray icon to open the Security Policy Editor.

2.

Add a new connection.

a.

Run the NETGEAR ProSafe Security Policy Editor program, and create a VPN

Connection.

b.

From the Edit menu of the Security Policy Editor, select Add > Connection. A New

Connection listing appears in the list of policies.

c.

Rename the new connection to

match the connection name you

entered in the VPN settings of

Gateway A. Choose connection

names that make sense to the

people using and administrating the

VPN.

Note:

In this example, the connection

name on the client side of the VPN

tunnel is

toGW_A

. It does not have to

match the VPN_client connection

name used on the gateway side of the

VPN tunnel because connection

names do not affect how the VPN tunnel functions.

Page 153 / 167

Appendix B.

NETGEAR VPN Configuration

|

153

N300 Wireless ADSL2+ Modem Router DGN2200

d.

Select

Secure

in the Connection

Security section.

toGW_A

e.

Select

IP Subnet

in the

ID Type

drop-down list.

f.

In this example, type

192.168.0.1

in

the

Subnet

field as the network

address of the modem router.

g.

Enter

255.255.255.0

in the

Mask

field as the LAN subnet mask of the

modem router.

h.

Select

All

in the

Protocol

drop-down list to allow all traffic

through the VPN tunnel.

i.

Select the

Connect

using

Secure Gateway Tunnel

check box.

j.

Select

Domain Name

in the

ID Type

drop-down list, and enter

fromGW_A.com

(in

this example).

k.

Select

Gateway Hostname

and enter

ntgr.dyndns.org

(in this example).

3.

Configure the security policy in the modem router software.

a.

In the Network Security Policy list, expand the new connection by double-clicking its

name or clicking the + symbol. My Identity and Security Policy appear below the

connection name.

b.

Click

Security Policy

to show the Security Policy screen.

c.

Select the

Main Mode

radio button in the Select Phase 1 Negotiation Mode group.

4.

Configure the VPN client identity.

In this step, you provide information about the remote VPN client PC. You have to provide

the pre-shared key that you configured in the modem router and either a fixed IP address

or a fixed virtual IP address of the VPN client PC.

Page 154 / 167

154

|

Appendix B.

NETGEAR VPN Configuration

N300 Wireless ADSL2+ Modem Router DGN2200

a.

In the Network Security Policy list on the left side of the Security Policy Editor window,

click

My Identity

.

b.

Select

None

in the

Select Certificate

field.

c.

Select

Domain Name

in the

ID Type

field, and enter

toGW_A.com

(in this

example). Select

Disabled

in the

Virtual Adapter

field.

d.

In the Internet Interface section, select

Intel PRO/100VE Network Connection

(in

this example; your Ethernet adapter might be different) in the

Name

field, and then

enter

192.168.2.3

(in this example) in the

IP Addr

field.

e.

Click the

Pre-Shared Key

button.

f.

In the Pre-Shared Key screen, click

Enter

Key

. Enter the DGN2200’s pre-shared key

and click

OK

. In this example,

12345678

is

entered, though the screen shows asterisks.

This field is case-sensitive.

5.

Configure the

VPN Client Authentication

Proposal

.

In this step, you provide the type of encryption

(DES or 3DES) to be used for this connection. This selection has to match your selection

in the VPN router configuration.

a.

In the Network Security Policy list on the left side of the Security Policy Editor window,

expand the Security Policy heading by double-clicking its name or clicking the +

symbol.

Page 155 / 167

Appendix B.

NETGEAR VPN Configuration

|

155

N300 Wireless ADSL2+ Modem Router DGN2200

b.

Expand the Authentication

subheading by double-clicking its

name or clicking the + symbol.

Then select Proposal 1 below

Authentication.

c.

In the

Authentication Method

drop-down list, select

Pre-Shared

Key

.

d.

In the

Encrypt Alg

drop-down

list, select the type of encryption.

In this example, use

Triple DES

.

e.

In the

Hash Alg

drop-down list,

select

SHA-1

.

f.

In the

SA Life

drop-down list,

select

Unspecified

.

g.

In the

Key Group

drop-down list, select

Diffie-Hellman Group 2

.

6.

Configure the

VPN Client Key Exchange Proposal

.

In this step, you provide the type of encryption (

DES

or

3DES

) to be used for this

connection. This selection has to match your selection in the VPN router configuration.

a.

Expand the Key Exchange

subheading by double-clicking its

name or clicking the + symbol.

Then select Proposal 1 below Key

Exchange.

b.

In the

SA Life

drop-down list,

select

Unspecified

.

c.

In the

Compression

drop-down

list, select

None

.

d.

Select the

Encapsulation

Protocol (ESP)

check box.

e.

In the

Encrypt Alg

drop-down

list, select the type of encryption.

In this example, use

Triple DES

.

f.

In the

Hash Alg

drop-down list, select

SHA-1

.

g.

In the

Encapsulation

drop-down list, select

Tunnel

.

h.

Leave the

Authentication Protocol (AH)

check box cleared.

7.

Save the VPN Client settings.

From the File menu at the top of the Security Policy Editor window, select

Save

.

After you have configured and saved the VPN client information, your PC automatically

opens the VPN connection when you attempt to access any IP addresses in the range of

the remote VPN router’s LAN.

8.

Check the VPN connection.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share