NETGEAR FVL328 Router Manual PDF (Setup & Configuration Guide)

Page 86 / 234 Scroll up to view Page 81 - 85

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

6-16

Virtual Private Networking

May 2004, 202-10030-02

1.

Log in to the FVS318 on LAN A at its default LAN address of

http://192.168.0.1

with its

default user name of

admin

and password of

password

. Click the VPN Wizard link in the

main menu to display this screen. Click

Figure 6-5:

VPN Wizard Start Screen

2.

Fill in the Connection Name, pre-shared key, and select the type of target end point, and click

Figure 6-6:

Connection Name and Remote IP Type

Page 87 / 234

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

Virtual Private Networking

6-17

May 2004, 202-10030-02

3.

Fill in the IP Address or FQDN for the target VPN endpoint WAN connection and click

Figure 6-7:

Remote IP

4.

Identify the IP addresses at the target endpoint which can use this tunnel, and click

Figure 6-8:

Secure Connection Remote Accessibility

The Summary screen below displays.

Page 88 / 234

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

6-18

Virtual Private Networking

May 2004, 202-10030-02

Figure 6-9:

VPN Wizard Summary

To view the VPNC recommended authentication and encryption Phase 1 and Phase 2 settings

the VPN Wizard used, click the “

here

” link.

5.

Click

Done

to complete the configuration procedure. The VPN Settings menu displays

showing that the new tunnel is enabled

To view or modify the tunnel settings, select the radio button next to the tunnel entry and click

Edit.

Walk-Through of Configuration Scenarios

There are a variety of configurations you might implement with the FVL328. The scenarios listed

below illustrate typical configurations you might use in your organization.

In order to help make it easier to set up an IPsec system, the following two scenarios are provided.

These scenarios were developed by the VPN Consortium (

http://www.vpnc.org

). The goal is to

make it easier to get the systems from different vendors to interoperate. NETGEAR is providing

you with both of these scenarios in the following two formats:

Page 89 / 234

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

Virtual Private Networking

6-19

May 2004, 202-10030-02

•

VPN Consortium Scenarios without any product implementation details

•

VPN Consortium Scenarios based on the FVL328 user interface

The purpose of providing these two versions of the same scenarios is to help you determine where

the two vendors use different vocabulary. Seeing the examples presented in these different ways

will reveal how systems from different vendors do the same thing. See

Appendix E, “Virtual

Private Networking

” for a full discussion of VPN and the configuration templates NETGEAR

developed for publishing multi-vendor VPN integration configuration case studies.

VPNC Scenario 1: Gateway-to-Gateway with Preshared Secrets

The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication.

Figure 6-10:

VPN Consortium Scenario 1

Gateway A connects the internal LAN 10.5.6.0/24 to the Internet. Gateway A's LAN interface has

the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17.

Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway B's WAN (Internet)

interface has the address 22.23.24.25. Gateway B's LAN interface address, 172.23.9.1, can be used

for testing IPsec but is not needed for configuring Gateway A.

Note:

The /24 after the IP address refers to the full range of IP addresses. For example, 10.5.6.0/24

refers to IP address 10.5.6.0 with the netmask 255.255.255.0.

Note:

See

Appendix F, “NETGEAR VPN Configuration FVS318 or FVM318 to

FVL328

for a detailed procedure for configuring VPN communications between a

NETGEAR FVS318 and a FVL328. NETGEAR publishes additional interoperability

scenarios with various gateway and client software products. Look on the NETGEAR

Web site at

www.netgear.com/docs

for more details.

10.5.6.0/24

10.5.6.1

Gateway A

14.15.16.17

22.23.24.25

172.23.9.0/24

Internet

Gateway B

172.23.9.1

Page 90 / 234

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

6-20

Virtual Private Networking

May 2004, 202-10030-02

The IKE Phase 1 parameters used in Scenario 1 are:

•

Main mode

•

TripleDES

•

SHA-1

•

MODP group 2 (1024 bits)

•

pre-shared secret of "hr5xb84l6aa9r6"

•

SA lifetime of 28800 seconds (eight hours) with no kbytes rekeying

The IKE Phase 2 parameters used in Scenario 1 are:

•

TripleDES

•

SHA-1

•

ESP tunnel mode

•

MODP group 2 (1024 bits)

•

Perfect forward secrecy for rekeying

•

SA lifetime of 3600 seconds (one hour) with no kbytes rekeying

•

Selectors for all IP protocols, all ports, between 10.5.6.0/24 and 172.23.9.0/24, using IPv4

subnets

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share