Page 101 / 185
Scroll up to view Page 96 - 100
Virtual Private Networking
101
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Note:
While your PC is connected to a remote LAN through a VPN, you
might not have normal Internet access. If this is the case, you have
to close the VPN connection to have normal Internet access.
Set Up a Gateway-to-Gateway VPN Configuration
Note:
This section describes how to use the VPN Wizard to set up the
VPN tunnel using the VPNC default parameters listed in
Table 16
on
page 89. If you have special requirements not covered by these
VPNC-recommended parameters, see
Set Up VPN Tunnels in
Special Circumstances
on page 111 for information about how to set
up the VPN tunnel.
Follow this procedure to configure a gateway-to-gateway VPN tunnel using the VPN Wizard.
VPN tunnel
Internet
IP:192.168.3.1
Gateway B
Gateway A
22.23.24.25
14.15.16.17
Figure 45. Gateway-to-gateway VPN tunnel
Set the LAN IPs on each wireless modem router to different subnets and configure each
correctly for the Internet. The subsequent examples assume the settings shown in the
following table.
Table 18.
Gateway-to-gateway VPN tunnel configuration worksheet
Parameter
Value to Be Entered
Field Selection
Connection Name
GtoGr
N/A
Pre-Shared Key
12345678
N/A
Secure Association
N/A
Main Mode
Manual Keys
Perfect Forward Secrecy
N/A
Enabled
Disabled
Encryption Protocol
N/A
DES
3DES
Downloaded from
www.Manualslib.com
manuals search engine
Page 102 / 185
Virtual Private Networking
102
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Note:
The LAN IP address ranges of each VPN endpoint has to be
different. The connection will fail if both are using the NETGEAR
default address range of 192.168.0.x.
To configure a gateway-to-gateway VPN tunnel using the VPN Wizard:
1.
Log in to Gateway A on LAN A. From the main menu, select
VPN Wizard
.
Click
Next
,
and the Step 1 of 3 screen displays.
2.
Fill in the Connection Name and pre-shared key fields. Select the radio button for the type of
target endpoint, and click
Next
, and the Step 2 of 3 screen displays.
Authentication Protocol
N/A
MD5
SHA-1
Diffie-Hellman (DH) Group
N/A
Group 1
Group 2
Key Life in seconds
28800 (8 hours)
N/A
IKE Life Time in seconds
3600 (1 hour)
N/A
VPN Endpoint
Local IPSecID
LAN IP Address
Subnet Mask
FQDN or Gateway
IP (WAN IP
Address)
Gateway_A
GW_A
192.168.0.1
255.255.255.0
14.15.16.17
Gateway_B
GW_B
192.168.3.1
255.255.255.0
22.23.24.25
Table 18.
Gateway-to-gateway VPN tunnel configuration worksheet
(continued)
Parameter
Value to Be Entered
Field Selection
Downloaded from
www.Manualslib.com
manuals search engine
Page 103 / 185
Virtual Private Networking
103
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
3.
Fill in the IP address or FQDN for the target VPN endpoint WAN connection, and click
Next
.
and the Step 3 of 3 screen displays.
4.
Fill in the
IP Address
and
Subnet Mask
fields for the target endpoint that can use this
tunnel, and click
Next
.
The VPN Wizard Summary screen displays:
To view the VPNC-recommended authentication and encryption settings used by the
VPN Wizard, click the
here
link.
5.
Click
Done
on the Summary screen.
The VPN Policies screen displays, showing that the new tunnel is enabled.
Downloaded from
www.Manualslib.com
manuals search engine
Page 104 / 185
Virtual Private Networking
104
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Note:
See
Use Auto Policy to Configure VPN Tunnels
on page 112 for
information about how to enable the IKE keep-alive capability on an
existing VPN tunnel.
6.
Repeat these steps for the gateway on LAN B, and pay special attention to the following
network settings:
•
WAN IP of the remote VPN gateway (for example, 14.15.16.17)
•
LAN IP settings of the remote VPN gateway:
-
-
Subnet mask (for example, 255.255.255.0)
-
Pre-shared key (for example, 12345678)
7.
Use the VPN Status screen to activate the VPN tunnel by performing the following steps:
Note:
The VPN Status screen is only one of three ways to active a VPN
tunnel. See
Activate a VPN Tunnel
on page 105 for information
about the other ways.
a.
On the wireless modem router menu, select
VPN Status
. The VPN Status/Log screen
displays:
Downloaded from
www.Manualslib.com
manuals search engine
Page 105 / 185
Virtual Private Networking
105
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
b.
Click the
VPN Status
button to display the Current VPN Tunnels (SAs) screen:
c.
Click
Connect
for the VPN tunnel you want to activate. View the VPN Status/Log
screen to verify that the tunnel is connected.
VPN Tunnel Control
Activate a VPN Tunnel
There are three ways to activate a VPN tunnel:
•
Use the VPN Status screen.
•
Ping the remote endpoint.
•
Start using the VPN tunnel.
Note:
See
Use Auto Policy to Configure VPN Tunnels
on page 112 for
information about how to enable the IKE keep-alive capability on an
existing VPN tunnel.
Use the VPN Status Screen to Activate a VPN Tunnel
To use the VPN Status screen to activate a VPN tunnel:
1.
Log in to the wireless modem router.
Downloaded from
www.Manualslib.com
manuals search engine
19216811.live