NETGEAR FVG318 Router Manual PDF (Setup & Configuration Guide)

Page 156 / 176 Scroll up to view Page 151 - 155

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

B-2

Related Documents

v1.0, September 2007

Page 157 / 176

VPN Configuration of NETGEAR FVG318

C-1

v1.0, September 2007

Appendix C

VPN Configuration of NETGEAR FVG318

This is a case study on how to configure a secure IPSec VPN tunnel on a NETGEAR FVS318v3.

This case study follows the VPN Consortium interoperability profile guidelines (found at

http://www.vpnc.org/InteropProfiles/Interop-01.html

).

This study covers the following situations:

•

FVS318v3 to FVS318v3 (see

page C-3

)

•

FVS318v3 to FVS318v2 (see

page C-7

)

•

FVS318v3 to FVL328 (see

page C-10

)

•

FVS318v3 to VPN Client (see

page C-13

)

Case Study Overview

The procedure for configuring a VPN tunnel between two gateway endpoints is as follows:

1.

Gather the network information

2.

Configure gateway A

3.

Configure gateway B

4.

Activate the VPN tunnel

Gathering the Network Information

The configuration in this document follows the addressing and configuration mechanics defined

by the VPN Consortium. Gather all the necessary information before you begin the configuration

process. Verify whether the firmware is up to date, all of the addresses that will be necessary, and

all of the parameters that need to be set on both sides. Check that there are no firewall restrictions.

Note:

Product updates are available on the NETGEAR, Inc. Web site at

http://www.netgear.com/support/main.asp

.

Page 158 / 176

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

C-2

VPN Configuration of NETGEAR FVG318

v1.0, September 2007

Configuring the Gateways

Configure each gateway:

1.

Configure Gate A.

a.

Log in to the router at Gateway A.

b.

Use the VPN Wizard to configure this router.

Enter the requested information as prompted by the VPN Wizard:

•

Connection Name and Pre-Shared Key

•

Remote WAN IP address

•

Remote LAN IP Subnet: IP Address and Subnet Mask:

2.

Repeat the above steps for Gateway B.

a.

Log in to the router at Gateway B.

b.

Use the VPN Wizard to configure this router.

Enter the requested information as prompted by the VPN Wizard.

Figure C-1

Note:

The WAN and LAN IP addresses must be unique at each end of the VPN tunnel.

Page 159 / 176

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

VPN Configuration of NETGEAR FVG318

C-3

v1.0, September 2007

Activating the VPN Tunnel

You can activate the VPN tunnel by testing connectivity and viewing the VPN tunnel status

information as described in the following flowchart:

Figure C-2

All traffic from the range of LAN IP addresses specified on the router at Gateway A and the router

at Gateway B will now flow over a secure VPN tunnel.

The FVG318-to-FVG318 Case

Note:

The default log in address for the FVG318 router is

http://192.168.0.1

with the

default user name of

admin

and default password of

password

. The login address

will change to the local LAN IP subnet address after you configure the router. The

user name and password will also change to the ones you have chosen to use in

your installation.

Table C-1. Policy Summary

VPN Consortium Scenario:

Scenario 1

Type of VPN

LAN-to-LAN or Gateway-to-Gateway

Test Step 1

Ping Remote

LAN IP Address

Test Step 2

Ping Remote

WAN IP Address

Test Step 3

View VPN

Tunnel Status

Start

Fix the

Router Network

Fix the

VPN Tunnel

End

Fail

Pass

Fail

Pass

and then Retest

Page 160 / 176

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

C-4

VPN Configuration of NETGEAR FVG318

v1.0, September 2007

Configuring the VPN Tunnel

This scenario assumes all ports are open on the FVG318.

Use this scenario illustration and configuration screens as a model to build your configuration.

1.

Log in to the FVG318 labeled Gateway A.

Log in at the default address of

http://192.168.0.1

with the default user name of

admin

and

default password of

password

(or using whatever password and LAN address you have

chosen).

2.

Use the VPN Wizard to configure the FVG318 at Gateway A.

•

Connection Name:

Scenario_1

(in this example)

•

Pre-Shared Key:

12345678

(in this example), must be the same at both VPN tunnel

endpoints

•

Remote WAN IP address:

22.23.24.25

(in this example), must be unique at each VPN

tunnel endpoint

•

Remote LAN IP Subnet

–

IP Address:

172.23.9.1

(in this example), must be unique at each VPN tunnel endpoint

Security Scheme:

IKE with Preshared Secret/Key

IP Addressing:

NETGEAR-Gateway A

Static IP address

NETGEAR-Gateway B

Static IP address

Figure C-3

Note:

Based on the network addresses used in this example, you would log in to the

LAN IP address of

http://10.5.6.1

at Gateway A.

Table C-1. Policy Summary

FVG318

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share