Page 166 / 185 Scroll up to view Page 161 - 165
NETGEAR VPN Configuration
166
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
The LAN addresses used in this example are as follows:
Table 26.
Device
LAN IP Address
LAN Subnet Mask
DGND3700
10.5.6.1
255.255.255.0
FVL328
172.23.6.1
255.255.255.0
a.
For the connection name, enter
toFVL328
.
b.
For the remote WAN's IP address, enter
fvl328.dyndns.org
.
c.
Enter the following:
IP Address.
172.23.9.1
Subnet Mask.
255.255.255.0
5.
Configure the FVL328 as in the gateway-to-gateway procedures for the VPN Wizard (see
Set Up a Gateway-to-Gateway VPN Configuration
on page 101), being certain to use
appropriate network addresses for the environment.
a.
For the connection name, enter
toDGND3300v2
.
b.
For the remote WAN's IP address, enter
dgnd3300v2.dyndns.org
.
c.
Enter the following:
IP Address.
10.5.6.1
Subnet Mask.
255.255.255.0
6.
Test the VPN tunnel by pinging the remote network from a PC attached to the N600
Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700.
a.
Open the command prompt (select
Start > Run > cmd
)
b.
Type
ping 172.23.9.1
.
If the pings fail the first time, try the pings a second time.
Configuration Summary (Telecommuter Example)
The configuration in this section follows the addressing and configuration mechanics defined
by the VPN Consortium. Gather the necessary information before you begin configuration.
Downloaded from
www.Manualslib.com
manuals search engine
Page 167 / 185
NETGEAR VPN Configuration
167
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Verify that the firmware is up to date, and make sure you have all the addresses and
parameters to be set on both sides. Assure that there are no firewall restrictions
Table 27.
Configuration summary (telecommuter example)
VPN Consortium Scenario
Scenario 1
Type of VPN:
PC/client-to-gateway, with client behind NAT router
Security scheme:
IKE with pre-shared secret/key (not certificate based)
IP addressing:
Gateway
Fully qualified domain name (FQDN)
Client
Dynamic
.
Gateway A
(main office)
Gateway B
LAN IP
192.168.0.1
192.168.0.1/24
FQDN
ntgr.dyndns.org
“from_GW_A”
WAN IP
Internet
WAN IP
0.0.0.0
“toGW_A”
IP: 192.168.2.3
(regional office)
Client PC
(running NETGEAR
ProSafe VPN client)
Figure 64. Telecommuter example
Set Up Client-to-Gateway VPN (Telecommuter Example)
Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN client and a
network gateway involves two steps, described in the following sections:
Step 1: Configure Gateway A (VPN Router at Main Office)
on page 168.
Step 2: Configure Gateway B (VPN Router at Regional Office)
on page 169 describes
configuring the NETGEAR ProSafe VPN client endpoint.
Downloaded from
www.Manualslib.com
manuals search engine
Page 168 / 185
NETGEAR VPN Configuration
168
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Step 1: Configure Gateway A (VPN Router at Main Office)
To configure a VPN tunnel:
1.
Log in to the VPN router. Select
VPN Policies
to display the VPN Policies screen. Click
Add Auto Policy
to proceed and enter the information.
toGW_A.com (in this example)
fromGW_A.com (in this example)
fromGW_A
(in the example)
192.168.2.3 (in this example)
IKE Keep Alive is optional; has to match
Remote LAN IP Address when enabled
(remote PC must respond to pings)
(Remote NAT router has to have
Address Reservation set and
VPN Passthrough enabled)
2.
Click
Apply
when you are finished to display the VPN Policies screen.
To view or modify the tunnel settings, select the radio button next to the tunnel entry, and then
click
Edit
.
Downloaded from
www.Manualslib.com
manuals search engine
Page 169 / 185
NETGEAR VPN Configuration
169
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Step 2: Configure Gateway B (VPN Router at Regional Office)
This procedure assumes that the PC running the client has a dynamically assigned IP
address.
The PC has to have a VPN client program installed that supports IPSec (in this case study,
the NETGEAR VPN ProSafe Client is used). Go to the NETGEAR website
(
www.netgear.com
) for information about how to purchase the NETGEAR ProSafe VPN
Client.
Note:
Before installing the software, be sure to turn off any virus protection
or firewall software you might be running on your PC.
To configure a VPN tunnel:
1.
Install the NETGEAR ProSafe VPN Client on the remote PC, and then reboot.
a.
You might need to insert your Windows CD to complete the installation.
b.
If you do not have a modem or dial-up adapter installed in your PC, you might see
the warning message stating, “The NETGEAR ProSafe VPN Component requires at
least one dial-up adapter be installed.” You can disregard this message.
c.
Install the IPSec component. You might have the option to install either the VPN
adapter or the IPSec component or both. The VPN adapter is not necessary.
d.
The system should show the ProSafe icon (
) in the system tray after you reboot.
e.
Double-click the system tray icon to open the Security Policy Editor.
2.
Add a new connection.
a.
Run the NETGEAR ProSafe Security Policy Editor program, and create a VPN
connection.
b.
From the Edit menu of the Security Policy Editor, select
Add > Connection
. A New
Connection listing appears in the list of policies.
c.
Rename the new connection to match the connection name you entered in the VPN
settings of Gateway A. Choose connection names that make sense to the people
using and administrating the VPN.
Downloaded from
www.Manualslib.com
manuals search engine
Page 170 / 185
NETGEAR VPN Configuration
170
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Note:
In this example, the connection name on the client side of the VPN
tunnel is toGW_A. It does not have to match the VPN_client connection name
used on the gateway side of the VPN tunnel because connection names do not
affect how the VPN tunnel functions.
d.
In the Connection Security section, select
Secure
.
toGW_A
e.
In the ID Type drop-down list, select
IP Subnet
.
f.
In this example, in the
Subnet
field, type
192.168.0.1
as the network address of the
wireless modem router.
g.
In the
Mask
field, enter
255.255.255.0
as the LAN subnet mask of the wireless
modem router.
h.
In the Protocol drop-down list, select
All
to allow all traffic through the VPN tunnel.
i.
Select the
Connect
using
Secure Gateway Tunnel
check box.
j.
In the ID Type drop-down list, select
Domain Name
, and enter
fromGW_A.com
(in
this example).
k.
Select
Gateway Hostname
and enter
ntgr.dyndns.org
(in this example).
3.
Configure the security policy in the wireless modem router software.
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top