Page 161 / 185 Scroll up to view Page 156 - 160
NETGEAR VPN Configuration
161
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
3.
On the Gateway B router menu, under VPN, select
IKE Policies
, and click the
Edit
button
to display the IKE Policy Configuration screen:
toGW_A
14.15.16.17
22.23.24.25
4.
On Gateway B router menu, under VPN, select
VPN Policies
, and click the
Edit
button to
display the VPN - Auto Policy screen:
172
23
9
10
5
6
1
14.15.16.17
toGW_A
toGW_A
5.
Test the VPN tunnel by pinging the remote network from a PC attached to Gateway A
(wireless modem router).
a.
Open the command prompt (select
Start > Run > cmd
).
Downloaded from
www.Manualslib.com
manuals search engine
Page 162 / 185
NETGEAR VPN Configuration
162
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
b.
Type
ping 172.23.9
.
If the pings fail the first time, try the pings a second time.
Wireless Modem Router with FQDN to Gateway B
This section is a case study on how to configure a VPN tunnel from a NETGEAR wireless
modem router to a gateway using a fully qualified domain name (FQDN) to resolve the public
address of one or both routers. This case study follows the VPN Consortium interoperability
profile guidelines (found at
).
Configuration Profile
The configuration in this section follows the addressing and configuration mechanics defined
by the VPN Consortium. Gather the necessary information before you begin configuration.
Verify that the firmware is up to date, and that you have all the addresses and parameters to
be set on both sides. Check that there are no firewall restrictions.
Gateway A
WAN IP
Internet
10.506.0/24
(DGND3700)
LAN IP
10.5.6.1
example.org
WAN IP
example2.org
Gateway B
LAN IP
172.23.9.1
172.23.9.0/24
(FQDN)
(FQDN)
Figure 63. VPNC example, network interface addressing
Table 25.
Wireless modem router with FQDN to Gateway B profile summary
VPN Consortium Scenario
Scenario 1
Type of VPN
LAN-to-LAN or gateway-to-gateway (not PC/client-to-gateway)
Security scheme:
IKE with pre-shared secret/key (not certificate based)
IP addressing:
Downloaded from
www.Manualslib.com
manuals search engine
Page 163 / 185
NETGEAR VPN Configuration
163
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Use a Fully Qualified Domain Name (FQDN)
Many ISPs provide connectivity to their customers using dynamic instead of static IP
addressing. This means that a user’s IP address does not remain constant over time, which
presents a challenge for gateways attempting to establish VPN connectivity.
A Dynamic DNS (DDNS) service allows a user whose public IP address is dynamically
assigned to be located by a host or domain name. It provides a central public database
where information (such as email addresses, host names, and IP addresses) can be stored
and retrieved. Now, a gateway can be configured to use a third-party service instead of a
permanent and unchanging IP address to establish bidirectional VPN connectivity.
To use DDNS, you have to register with a DDNS service provider. Some DDNS service
providers include:
DynDNS: www.dyndns.org
TZO.com: netgear.tzo.com
ngDDNS: ngddns.iego.net
In this example, Gateway A is configured using a sample FQDN provided by a DDNS service
provider. In this case the hostname dgnd3300v2.dyndns.org for Gateway A was provided
using the DynDNS service. Gateway B uses the DDNS service provider when establishing a
VPN tunnel.
To establish VPN connectivity, Gateway A has to be configured to use Dynamic DNS, and
Gateway B has to be configured to use a DNS host name provided by a DDNS service
provider to find Gateway A. Again, the following step-by-step procedures assume that you
have already registered with a DDNS service provider and have the configuration information
necessary to set up the gateways.
Step-by-Step Configuration
To configure a VPN tunnel:
1.
Log in to Gateway A (your wireless modem router) as described in
Log In to the N600
Modem Router
on page 24.
This example assumes that you have set the local LAN address as 10.5.6.1 for Gateway
A and have set your own password.
2.
On Gateway A, configure the Dynamic DNS settings.
NETGEAR-Gateway A
Fully qualified domain name (FQDN)
NETGEAR-Gateway B
FQDN
Table 25.
Wireless modem router with FQDN to Gateway B profile summary
(continued)
VPN Consortium Scenario
Scenario 1
Downloaded from
www.Manualslib.com
manuals search engine
Page 164 / 185
NETGEAR VPN Configuration
164
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
a.
Under Advanced, select
Dynamic DNS
.
b.
Fill in the fields with account and host name settings.
Select the
Use a Dynamic DNS Service
check box.
In the
Host Name
field, type
dgnd3300v2.dyndns.org
.
In the
User Name
field, enter the account user name.
In the
Password
field, enter the account password.
c.
Click
Apply
.
d.
Click
Show Status
. The resulting screen should show Update OK: good:
3.
On NETGEAR Gateway B, configure the Dynamic DNS settings. Assume a correctly
configured DynDNS account.
a.
From the main menu, select
Dynamic DNS
.
b.
Select the
DynDNS.org
radio button.
Downloaded from
www.Manualslib.com
manuals search engine
Page 165 / 185
NETGEAR VPN Configuration
165
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
The Dynamic DNS screen displays:
c.
Fill in the fields with the account and host name settings.
In the
Host and Domain Name
field, enter
fvl328.dyndns.org
.
In the
User Name
field, enter the account user name.
In the
Password
field, enter the account password.
d.
Click
Apply.
e.
Click
Show Status
.
The resulting screen should show Update OK: good:
4.
Configure the N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 as in
the gateway-to-gateway procedures using the VPN Wizard (see
Set Up a
Gateway-to-Gateway VPN Configuration
on page 101), being certain to use appropriate
network addresses for the environment.
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top