Page 151 / 177 Scroll up to view Page 146 - 150
Appendix C.
NETGEAR VPN Configuration
|
151
C
C.
NETGEAR VPN Configuration
Case study on how to set up a VPN
This appendix is a case study on how to configure a secure IPSec VPN tunnel from a NETGEAR
DGND3300v2 to a FVL328. This case study follows the VPN Consortium interoperability profile
guidelines (found at
).
Configuration Profile
The configuration in this appendix follows the addressing and configuration mechanics
defined by the VPN Consortium. Gather necessary information before you begin
configuration. Verify that the firmware is up to date, and that you have all the addresses and
parameters to be set on both sides. Check that there are no firewall restrictions.
Figure 71. VPNC Example, Network Interface Addressing
Table 8.
N300 Wireless Modem Router to Gateway B Profile Summary
VPN Consortium Scenario
Scenario 1 (Identity Using Preshared Secrets)
Type of VPN
LAN-to-LAN or gateway-to-gateway (not PC/client-to-gateway)
Security scheme:
IKE with pre-shared secret/key (not certificate based)
IP addressing:
NETGEAR-Gateway A
Static IP address
NETGEAR-Gateway B
Static IP address
Gateway A
WAN IP
Internet
10.506.0/24
(DGND3300v2)
LAN IP
10.5.6.1
14.15.16.17
WAN IP
22.23.24.25
Gateway B
LAN IP
172.23.9.1
172.23.9.0/24
Downloaded from
www.Manualslib.com
manuals search engine
Page 152 / 177
152
|
Appendix C.
NETGEAR VPN Configuration
N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual
Step-by-Step Configuration
1.
Use the VPN Wizard to configure Gateway A (DGND3300v2) for a gateway-to-gateway
tunnel (see
Setting Up a Gateway-to-Gateway VPN Configuration
on page
90), being
certain to use appropriate network addresses for the environment.
The LAN addresses used in this example are as follows:
a.
For the connection name, enter
toGW_B
.
b.
For the remote WAN’s IP address, enter
22.23.24.25
.
c.
Enter the following:
IP Address.
172.23.9.1
Subnet Mask.
255.255.255.0
d.
In the Summary screen, click
Done
.
2.
Use the VPN Wizard to configure the Gateway B for a gateway-to-gateway tunnel (see
Setting Up a Gateway-to-Gateway VPN Configuration
on page
90), being certain to use
appropriate network addresses for the environment.
a.
For the connection name, enter
toGW_A
.
b.
For the remote WAN’s IP address, enter
14.15.16.17
.
c.
Enter the following:
IP Address.
10.5.6.1
Subnet Mask.
255.255.255.0
d.
In the Summary screen, click
Done
.
3.
On the Gateway B router menu, under VPN, select
IKE Policies
, and click the
Edit
button
to display the IKE Policy Configuration screen:
Unit
WAN IP
LAN IP
LAN Subnet Mask
DGND3300v2
14.15.16.17
10.5.6.1
255.255.255.0
FVL328
22.13.24.25
172.23.9.1
255.255.255.0
toGW_A
14.15.16.17
22.23.24.25
Downloaded from
www.Manualslib.com
manuals search engine
Page 153 / 177
Appendix C.
NETGEAR VPN Configuration
|
153
N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual
4.
On Gateway B router menu, under VPN, select
VPN Policies
, and click the
Edit
button to
display the VPN - Auto Policy screen:
5.
Test the VPN tunnel by pinging the remote network from a PC attached to Gateway A (N300
wireless modem router).
a.
Open the command prompt (select
Start > Run > cmd
).
b.
Type
ping 172.23.9
.
If the pings fail the first time, try the pings a second time.
N300 Wireless Modem Router with FQDN to Gateway B
This section is a case study on how to configure a VPN tunnel from a NETGEAR N300
wireless modem router to a gateway using a fully qualified domain name (FQDN) to resolve
the public address of one or both routers. This case study follows the VPN Consortium
interoperability profile guidelines (found at
).
Configuration Profile
The configuration in this section follows the addressing and configuration mechanics defined
by the VPN Consortium. Gather the necessary information before you begin configuration.
toGW_A
toGW_A
14.15.16.17
172
23
9
10
5
6
1
Downloaded from
www.Manualslib.com
manuals search engine
Page 154 / 177
154
|
Appendix C.
NETGEAR VPN Configuration
N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual
Verify that the firmware is up to date, and that you have all the addresses and parameters to
be set on both sides. Check that there are no firewall restrictions.
Figure 72. VPNC Example, Network Interface Addressing
Using a Fully Qualified Domain Name (FQDN)
Many ISPs provide connectivity to their customers using dynamic instead of static IP
addressing. This means that a user’s IP address does not remain constant over time, which
presents a challenge for gateways attempting to establish VPN connectivity.
A Dynamic DNS (DDNS) service allows a user whose public IP address is dynamically
assigned to be located by a host or domain name. It provides a central public database where
information (such as email addresses, host names, and IP addresses) can be stored and
retrieved. Now, a gateway can be configured to use a third-party service instead of a
permanent and unchanging IP address to establish bidirectional VPN connectivity.
To use DDNS, you must register with a DDNS service provider. Some DDNS service
providers include:
DynDNS: www.dyndns.org
TZO.com: netgear.tzo.com
ngDDNS: ngddns.iego.net
In this example, Gateway A is configured using a sample FQDN provided by a DDNS service
provider. In this case we established the hostname dgnd3300v2.dyndns.org for Gateway A
using the DynDNS service. Gateway B uses the DDNS service provider when establishing a
VPN tunnel.
Table 9.
N300 Wireless Modem Router with FQDN to Gateway B Profile Summary
VPN Consortium Scenario
Scenario 1
Type of VPN
LAN-to-LAN or gateway-to-gateway (not PC/client-to-gateway)
Security scheme:
IKE with pre-shared secret/key (not certificate based)
IP addressing:
NETGEAR-Gateway A
Fully qualified domain name (FQDN)
NETGEAR-Gateway B
FQDN
Gateway A
WAN IP
Internet
10.506.0/24
(DGND3300v2)
LAN IP
10.5.6.1
example.org
WAN IP
example2.org
Gateway B
LAN IP
172.23.9.1
172.23.9.0/24
(FQDN)
(FQDN)
Downloaded from
www.Manualslib.com
manuals search engine
Page 155 / 177
Appendix C.
NETGEAR VPN Configuration
|
155
N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual
To establish VPN connectivity, Gateway A must be configured to use Dynamic DNS, and
Gateway B must be configured to use a DNS host name provided by a DDNS service
provider to find Gateway A. Again, the following step-by-step procedures assume that you
have already registered with a DDNS service provider and have the configuration information
necessary to set up the gateways.
Step-by-Step Configuration
1.
Log in to Gateway A (your N300 wireless modem router) as described in
Logging In to
Your N300 Wireless Modem Router
on page
8.
This example assumes that you have set the local LAN address as 10.5.6.1 for Gateway
A and have set your own password.
2.
On Gateway A, configure the Dynamic DNS settings.
a.
Under Advanced, select
Dynamic DNS
.
b.
Fill in the fields with account and host name settings.
Select the
Use a Dynamic DNS Service
check box.
In the Host Name field, type
dgnd3300v2.dyndns.org
.
In the User Name field, enter the account user name.
In the Password field, enter the account password.
c.
Click
Apply
.
d.
Click
Show Status
. The resulting screen should show Update OK: good:
Downloaded from
www.Manualslib.com
manuals search engine

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top