1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. DGN2200v2
    5. /
  5. 22
Page 106 / 167 Scroll up to view Page 101 - 105
106
|
Chapter 8.
Virtual Private Networking
N300 Wireless ADSL2+ Modem Router DGN2200
To check the VPN connection, you can initiate a request from the remote PC to the
modem router’s network by using the Connect option in the NETGEAR ProSafe menu
bar. The NETGEAR ProSafe client reports the results of the attempt to connect. Since the
remote PC has a dynamically assigned WAN IP address, it has to initiate the request.
To perform a ping test using our example, start from the remote PC:
a.
Establish an Internet connection from the PC.
b.
On the Windows taskbar, click the
Start
button, and then select
Run
.
c.
Type
ping -t 192.168.3.1
, and then click
OK
.
This causes a continuous ping to be sent to the first modem router. After between
several seconds and 2 minutes, the ping response should change from timed out to
reply.
Once the connection is established, you can open a browser on the PC and enter the
LAN IP address of the remote gateway. After a short wait, you should see the login
screen of the modem router (unless another PC is already logged in to the modem
router).
You can view information about the progress and status of the VPN client connection by
opening the NETGEAR ProSafe Log Viewer.
Page 107 / 167
Chapter 8.
Virtual Private Networking
|
107
N300 Wireless ADSL2+ Modem Router DGN2200
To launch this function, click the Windows
Start
button, then select
Programs >
NETGEAR ProSafe VPN Client > Log Viewer.
The Log Viewer screen for a successful
connection is shown in this figure:
Note:
Use the active VPN tunnel information and pings to determine whether
a failed connection is due to the VPN tunnel or some reason outside the VPN
tunnel.
9.
The Connection Monitor screen for this connection is shown in the following figure:
In this example you can see these settings:
The modem router has a GW address (public IP WAN address) of 22.23.24.25.
The modem router has a remote address (LAN IP address) of 192.168.3.1.
The VPN client PC has a local address (dynamically assigned address) of
192.168.2.2.
While the connection is being established, the Connection Name field in this screen displays
SA before the name of the connection. When the connection is successful, the SA changes
to the yellow key symbol shown in the previous figure.
Note:
While your PC is connected to a remote LAN through a VPN, you
might not have normal Internet access. If this is the case, you have
to close the VPN connection to have normal Internet access.
Page 108 / 167
108
|
Chapter 8.
Virtual Private Networking
N300 Wireless ADSL2+ Modem Router DGN2200
Set Up a Gateway-to-Gateway VPN Configuration
This section describes how to use the VPN Wizard to set up the VPN tunnel using the VPNC
default parameters listed in
Table
4
on page
97. If you have special requirements not covered
by these VPNC-recommended parameters, see
Set Up VPN Tunnels in Special
Circumstances
on page
118 for information about how to set up the VPN tunnel.
Follow this procedure to configure a gateway-to-gateway VPN tunnel using the VPN Wizard.
Gateway A
Gateway B
VPN tunnel
Internet
22.23.24.25
14.15.16.17
IP:192.168.3.1
Figure 21. Gateway-to-gateway VPN tunnel
Set the LAN IPs on each modem router to a different subnet and configure each correctly for
the Internet. The subsequent examples assume the settings shown in the following table.
Table 6.
Gateway-to-Gateway VPN Tunnel Configuration Worksheet
Parameter
Value to Be Entered
Field Selection
Connection Name
GtoGr
N/A
Pre-Shared Key
12345678
N/A
Secure Association
N/A
Main Mode
Manual Keys
Perfect Forward secrecy
N/A
Enabled
Disabled
Encryption Protocol
N/A
DES
3DES
Authentication Protocol
N/A
MD5
SHA-1
Diffie-Hellman (DH) Group
N/A
Group 1
Group 2
Key Life in seconds
28800 (8 hours)
N/A
IKE Life Time in seconds
3600 (1 hour)
N/A
VPN Endpoint
Local IPSecID
LAN IP Address
Subnet Mask
FQDN or Gateway
IP (WAN IP
Address)
Gateway_A
GW_A
192.168.0.1
255.255.255.0
14.15.16.17
Gateway_B
GW_B
192.168.3.1
255.255.255.0
22.23.24.25
Page 109 / 167
Chapter 8.
Virtual Private Networking
|
109
N300 Wireless ADSL2+ Modem Router DGN2200
The LAN IP address ranges of each VPN endpoint has to be different. The connection will fail
if both are using the NETGEAR default address range of 192.168.0.x.
To configure a gateway-to-gateway VPN tunnel using the VPN Wizard:
1.
Log in to Gateway A on LAN A. Select
VPN Wizard
.
Click
Next
, and the Step 1 of 3
screen displays.
2.
Fill in the Connection Name field and pre-shared key fields. Select the radio button for the
type of target end point, and click
Next
, and the Step 2 of 3 screen displays.
3.
Fill in the IP address or FQDN for the target VPN endpoint WAN connection, and click
Next
..
The Step 3 of 3 screen displays.
4.
Fill in the IP Address and Subnet Mask fields for the target endpoint that can use this tunnel,
and click
Next
.
Page 110 / 167
110
|
Chapter 8.
Virtual Private Networking
N300 Wireless ADSL2+ Modem Router DGN2200
The VPN Wizard Summary screen displays:
To view the VPNC-recommended authentication and encryption settings used by the
VPN Wizard, click the
here
link.
5.
Click
Done
on the Summary screen.
6.
The VPN Policies screen displays, showing that the new tunnel is enabled.
Note:
See
Use Auto Policy to Configure VPN Tunnels
on page
118 for
information about how to enable the IKE keepalive capability on an
existing VPN tunnel.
7.
Repeat these steps for the gateway on LAN B, and pay special attention to the following
network settings:
WAN IP of the remote VPN gateway (for example,
14.15.16.17
)
LAN IP settings of the remote VPN gateway:
-
IP address (for example,
192.168.0.1
)
-
Subnet mask (for example,
255.255.255.0
)
-
Preshared key (for example,
12345678
)
8.
Use the VPN Status screen to activate the VPN tunnel by performing the following steps:

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top