NETGEAR FVG318 Router Manual PDF (Setup & Configuration Guide)

Page 171 / 176 Scroll up to view Page 166 - 170

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

VPN Configuration of NETGEAR FVG318

C-15

v1.0, September 2007

b.

Add a new connection using the Edit/Add/Connection menu and rename it

Scenario_1

.

(

Scenario_1

is used in this example to reflect the fact that the connection uses the Pre-

Shared Key security scheme and encryption parameters proposed by the VPN

Consortium, but you may want to choose a name for your connection that is meaningful to

your specific installation. The name you choose does not have to match the name used at

the gateway end of the VPN tunnel.)

c.

Program the

Scenario_1

connection screen as follows (see

Figure C-8

):

•

Connection Security:

Secure

•

Remote Party Identity and Addressing: Select

IP Subnet

from the ID Type menu and

then enter

10.5.6.1

for

Subnet

,

255.255.255.0

for

Mask

, and leave

All

for

Protocol

.

(The

Subnet

and

Mask

parameters entered here must match the

Start IP address

and

Subnet Mask

parameters of the

Local IP Traffic Selector

on the

VPN Auto policy

screen shown in

Figure C-9

for the gateway router.)

•

Enable

Connect Using Secure Gateway Tunnel

; select

Domain Name

for

ID_Type

;

enter

fvs_local

for

Domain Name

; and enter

14.15.16.17

for

Gateway IP Address

.

(

Domain Name

must match the

Local Identity Data

parameter of the

IKE Policy

Configuration

screen shown in

Figure C-8

for the gateway router. Also,

Gateway IP

Address

must match the WAN IP address of the gateway router shown in

Figure C-8

.)

•

Expand the Scenario_1 screen hierarchy by clicking the + sign in front of Scenario_1.

Then expand the rest of the screen hierarchies by clicking the rest of the + signs.

Figure C-7

Page 172 / 176

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

C-16

VPN Configuration of NETGEAR FVG318

v1.0, September 2007

d.

Select

Security Policy

on the left hierarchy menu and then select

Aggressive Mode

under

Select Phase 1 Negotiation Mode

(see

Figure C-9

). (The

Select Phase 1 Negotiation

Mode

choice must match the

Exchange Mode

setting for the

General IKE Policy

Configuration

parameters shown in

Figure C-9

for the gateway router.)

e.

Select My Identity on the left hierarchy menu and program the screen as follows (see

Figure C-10

):

•

Under

My Identity

, select

None

for

Select Certificate

(since we are using a Pre-

Shared Key in this scenario). Then enter

12345678

for the

Pre-Shared Key

value.

(The

Preshared-Key

value must match the value you entered in the VPN Wizard for

the gateway

Pre-Shared Key

value shown in

Figure C-10

.)

Figure C-8

Figure C-9

Page 173 / 176

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

VPN Configuration of NETGEAR FVG318

C-17

v1.0, September 2007

•

Under

My Identity

, select

Domain Name

for the

ID Type

and then enter

fvs_remote

.

(

Domain Name

must match the

Remote Identity Data

parameter of the

IKE Policy

Configuration

screen shown in

Figure C-10

for the gateway router.)

f.

Verify the

Authentication (Phase 1)

and

Key Exchange (Phase 1)

Proposal 1

screen

parameters (see

Figure C-11

) match the

IKE SA Parameters

of the

IKE Policy

Configuration

screen shown in

Figure C-11

for the gateway router.

g.

Save the

Scenario_1

connection using Save under the File menu. You can also export the

connection parameters using Export Security Policy under the File menu.

Figure C-10

Figure C-11

Preshared Key

must be the same

at both ends of the

VPN tunnel

Page 174 / 176

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

C-18

VPN Configuration of NETGEAR FVG318

v1.0, September 2007

You are new ready to activate the tunnel, but you must do it from the client endpoint (see

“Initiating and Checking the VPN Connections” on page C-18

). In the client-to-gateway scenario,

the gateway router will not know the client’s IP address until the client initiates the traffic.

Initiating and Checking the VPN Connections

You can test connectivity and view VPN status information on the FVG318 and VPN Client

according to the testing flowchart shown in

Figure C-2

. To test the VPN tunnel from the Gateway

A LAN, do the following:

1.

Test 1: Launch Scenario_1 Connection from Client PC: To check the VPN Connection, you

can initiate a request from the remote PC to the VPN router’s network by using the Connect

option in the VPN Client’s menu bar (see

Figure C-12

). Since the remote PC has a

dynamically assigned WAN IP address, it must initiate the request.

a.

Open the popup menu by right-clicking on the system tray icon.

b.

Select

Connect

to open the

My Connections

list.

c.

Choose

Scenario_1

.

The VPN Client reports the results of the attempt to connect. Once the connection is

established, you can access resources of the network connected to the VPN router.

Alternative Ping Test

: To perform a ping test as an alternative, start from the remote PC:

a.

From a Windows Client PC, click the

Start

button on the task bar and then click

Run

.

b.

Type

ping -t 10.5.6.1

, and then click

OK

.

c.

This will cause a continuous ping to be sent to the LAN interface of Gateway A. Within

two minutes, the ping response should change from timed out to reply.

At this point the VPN-tunnel-endpoint-to-VPN-tunnel-endpoint connection is established.

Figure C-12

Page 175 / 176

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

VPN Configuration of NETGEAR FVG318

C-19

v1.0, September 2007

2.

Test 2: Ping Remote WAN IP Address (if Test 1 fails): To test connectivity between the

Gateway A and Gateway B WAN ports, follow these steps:

a.

From a Windows Client PC, click the

Start

button on the task bar and then click

Run

.

b.

Type

ping -t 14.151.6.17

, and then click

OK

.

c.

This causes a ping to be sent to the WAN interface of Gateway A. Within two minutes, the

ping response should change from timed out to reply. You may have to run this test several

times before you get the reply message back from the target FVS318v3.

d.

At this point the gateway-to-gateway connection is verified.

3.

Test 3: View VPN Tunnel Status: To view the FVG318 event log and status of Security

Associations, go to the FVG318 main menu VPN section and click the VPN Status link. For

the For the VPN Client, click VPN Status on the VPN Status/Log screen.

a.

Open the popup menu by right-clicking on the system tray icon.

b.

Select

Connection Monitor

.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share