NETGEAR DGND3700 Router Manual PDF (Setup & Configuration Guide)

Page 121 / 185 Scroll up to view Page 116 - 120

Virtual Private Networking

121

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700

Local LAN IP Address

The remote VPN

endpoint has to have

these IP addresses

entered as its remote

addresses.

Subnet Mask

Enter the network mask.

Single PC - no

Subnet

Select this option if there is no LAN (only a single PC) at the

remote endpoint. If this option is selected, no additional data is

required.

Single/Start IP

Address

•

The IP address for a single address, or the starting address for

an address range used on the LAN. If you want to make a single

server on your LAN available to remote users, use a single

address settings.

•

Any

. The remote VPN endpoint can be at any IP address.

Finish IP

Address

For an address range, enter the finish IP address. This has to be

an address range used on your LAN.

Subnet Mask

Enter the network mask.

Remote LAN IP Address

The remote VPN

endpoint has to have

these IP addresses

entered as its local

addresses.

IP Address

Single PC - no Subnet

. Select this option if there is no LAN (only

a single PC) at the remote endpoint. If this option is selected, no

additional data is required. The typical application is a PC running

the VPN client at the remote end.

Single/Start IP

Address

• Enter an IP address on the remote LAN. You can use this setting

to access a server.

• For a range of addresses, enter the starting IP address. This has

to be an address range used on the remote LAN.

•

Any

. Any outgoing traffic from specified

Local IP

computers

triggers an attempted VPN connection to the remote VPN

endpoint. Be sure you want this option before selecting it.

Finish IP

Address

Enter the finish IP address for a range of addresses. This must be

an address range used on the remote LAN.

Subnet Mask

Enter the network mask.

ESP Configuration

ESP (encapsulating

security payload)

provides security for the

payload (data) sent

through the VPN tunnel.

SPI

Enter the required security policy indexes (SPIs). Each policy has

to have unique SPIs. These settings have to match the remote

VPN endpoint. The

in

setting here has to match the

out

setting on

the remote VPN endpoint, and the

out

setting here has to match

the

in

setting on the remote VPN endpoint.

Encryption

Select an encryption algorithm, and enter the key in the field

provided. For 3DES, the keys should be 24 ASCII characters, and

for DES, the keys should be 8 ASCII characters.

•

DES

. The Data Encryption Standard (DES) processes input data

that is 64 bits wide, encrypting these values using a 56-bit key.

Faster but less secure than 3DES.

•

3DES

. (Triple DES) achieves a higher level of security by

encrypting the data three times using DES with three different,

unrelated keys.

Authentication

Select an authentication method.

Table 21.

VPN Manual Policy fields and settings

(continued)

Fields and Settings

Description

Downloaded from

www.Manualslib.com

manuals search engine

Page 122 / 185

122

8

8.

Advanced Settings

Configuring for unique situations

This chapter describes the advanced features of your wireless modem router. The information is

for users with a solid understanding of networking concepts who want to set the router up for

unique situations such as when remote access from the Internet by IP or domain name is

needed.

This chapter contains the following sections:

•

WAN Setup

•

Dynamic DNS

•

LAN Setup

•

Set Up Quality of Service (QoS)

•

Advanced Wireless Settings

•

Building Wireless Bridging and Repeating Networks

•

Remote Management

•

Static Routes

•

Universal Plug and Play

•

Advanced USB Settings

•

Traffic Meter

Downloaded from

www.Manualslib.com

manuals search engine

Page 123 / 185

Advanced Settings

123

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700

WAN Setup

Select

Advanced > WAN Setup

to display the following screen:

Figure 47. WAN Setup screen

WAN Preference

Configure whether the wireless modem router uses only one WAN port exclusively (either

ADSL WAN or Ethernet WAN) or detects automatically the WAN port to use.

Disable Port Scan and DOS Protection

The firewall protects your LAN against port scans and denial of service (DOS) attacks. This

protection should be disabled only in special circumstances.

Default DMZ Server

The default demilitarized zone (DMZ) server feature is helpful when you use online games

and video conferencing applications that are incompatible with NAT. The wireless modem

router is programmed to recognize some of these applications and to work correctly with

them, but there are other applications that might not function well. In some cases, one local

computer can run the application correctly if that computer’s IP address is entered as the

default DMZ server.

Note:

For security reasons, you should avoid using the default DMZ server

feature. When a computer is designated as the default DMZ server,

it loses much of the protection of the firewall and is exposed to many

exploits from the Internet. If compromised, the computer can be

used to attack your network.

Downloaded from

www.Manualslib.com

manuals search engine

Page 124 / 185

Advanced Settings

124

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700

Incoming traffic from the Internet is usually discarded by the wireless modem router unless

the traffic is a response to one of your local computers or a service that you have configured

in the Ports screen. Instead of discarding this traffic, you can have it forwarded to one

computer on your network. This computer is called the default DMZ server.



To assign a computer or server to be a default DMZ server:

1.

In the

WAN Setup

screen, select the

Default DMZ Server

check box.

Figure 48.

Default DMZ Server setting

2.

Type the IP address for that server and click

Apply

.

Respond to Ping on Internet Port

If you want the wireless modem router to respond to a ping from the Internet, select this

check box. This should be used only as a diagnostic tool, because it allows your wireless

modem router to be discovered, which can be a security problem. Do not select this check

box unless you have a specific reason to do so.

MTU Size (in bytes)

The normal maximum transmission unit (MTU) value for most Ethernet networks is 1500

bytes, 1492 bytes for PPPoE connections, and 1458 for PPPoA connections. For some ISPs

you might need to reduce the MTU. But this is rarely required, and should not be done unless

you are sure it is necessary for your ISP connection.

NAT Filtering

This option determines how the router deals with inbound traffic. The Secured option

provides a secured firewall to protect the PCs on LAN from attacks from the Internet, but it

might cause some Internet games, point-to-point applications, and multimedia applications

no work. The Open option, on the other hand, provides a much less secured firewall, while it

allows almost all Internet applications to work.

Downloaded from

www.Manualslib.com

manuals search engine

Page 125 / 185

Advanced Settings

125

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700

Disable SIP ALG

The Session Initiation Protocol (SIP) Application Level Gateway (ALG) is enabled by default

to optimize VoIP phone calls that use the SIP. The Disable SIP ALG check box allows you to

disable the SIP ALG. Disabling the SIP ALG might be useful when running certain

applications.

Dynamic DNS

If your network has a permanently assigned IP address, you can register a domain name and

have that name linked with your IP address by public Domain Name Servers (DNS).

However, if your Internet account uses a dynamically assigned IP address, you do not know

in advance what your IP address is, and the address can change frequently. In this case, use

a commercial Dynamic DNS service that lets you register your domain to its IP address and

forwards traffic directed at your domain to your frequently changing IP address.

The router has a client that can connect to a Dynamic DNS service provider. Once you have

configured your ISP account information in the router, whenever your ISP-assigned IP

address changes, your router contacts your Dynamic DNS service provider, logs in to your

account, and registers your new IP address.



To enable dynamic DNS:

1.

Select

Advanced > Dynamic DNS

to display the following screen.

Figure 49.

Dynamic DNS screen

2.

Access the website of one of the Dynamic DNS service providers whose names appear in

the

Service Provider

drop-down list, and register for an account. For example, for

dyndns.org, go to www.dyndns.org.

3.

Select the

Use a Dynamic DNS Service

check box.

4.

Select the name of your Dynamic DNS service provider.

5.

Type the host name that your Dynamic DNS service provider gave you. The Dynamic DNS

service provider might call this the domain name. If your URL is myName.dyndns.org, then

your host name is myName.

6.

Type the user name for your Dynamic DNS account.

7.

Type the password (or key) for your Dynamic DNS account.

Downloaded from

www.Manualslib.com

manuals search engine

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share