1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVL328
    5. /
  5. 20
Page 96 / 234 Scroll up to view Page 91 - 95
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
6-26
Virtual Private Networking
May 2004, 202-10030-02
5.
After applying these changes, you will see a table entry like the one below.
Figure 6-15:
VPN Policies table
Now all traffic from the range of LAN IP addresses specified on FVL328 A and FVL328 B
will flow over a secure VPN tunnel.
How to Check VPN Connections
You can test connectivity and view VPN status information on the FVL328.
1.
To test connectivity between the Gateway A FVL328 LAN and the Gateway B LAN, follow
these steps:
a.
Using our example, from a computer attached to the FVL328 on LAN A, on a Windows
computer click the Start button on the taskbar and then click Run.
b.
Type
ping -t
172.23.9.1
, and then click OK.
c.
This will cause a continuous ping to be sent to the LAN interface of Gateway B. After
between several seconds and two minutes, the ping response should change from “timed
out” to “reply.”
d.
At this point the connection is established.
Page 97 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Virtual Private Networking
6-27
May 2004, 202-10030-02
2.
To test connectivity between the FVL328 Gateway A and Gateway B WAN ports, follow these
steps:
a.
Using our example, log in to the FVL328 on LAN A, go to the main menu Maintenance
section and click the Diagnostics link.
b.
To test connectivity to the WAN port of Gateway B, enter
22.23.24.25
, and then click
Ping.
c.
This will cause a ping to be sent to the WAN interface of Gateway B. After between
several seconds and two minutes, the ping response should change from “timed out” to
“reply.” You may have to run this test several times before you get the “reply” message
back from the target FVL328.
d.
At this point the connection is established.
Note
: If you want to ping the FVL328 as a test of network connectivity, be sure the FVL328 is
configured to respond to a ping on the Internet WAN port by checking the check box seen in
the Rules menu. However, to preserve a high degree of security, you should turn off this
feature when you are finished with testing.
3.
To view the FVL328 event log and status of Security Associations, follow these steps:
a.
Go to the FVL328 main menu VPN section and click the VPN Status link.
b.
The log screen will display a history of the VPN connections, and the IPSec SA and IKE
SA tables will report the status and data transmission statistics of the VPN tunnels for each
policy.
FVL328 Scenario 2: Authenticating with RSA Certificates
The following is a typical gateway-to-gateway VPN that uses Public Key Infrastructure X.509
(PKIX) certificates for authentication. The network setup is identical to the one given in Scenario
1. The IKE Phase 1 and Phase 2 parameters are identical to the ones given in Scenario 1, with the
exception that the identification is done with signatures authenticated by PKIX certificates.
Note
: Before completing this configuration scenario, make sure the correct Time Zone is set on the
FVL328. For instructions on this topic, please see,
“Setting the Time Zone” on page 5-14
.
1.
Obtain a root certificate.
a.
Obtain the root certificate (which includes the CA’s public key) from a Certificate
Authority (CA).
Page 98 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
6-28
Virtual Private Networking
May 2004, 202-10030-02
Note:
The procedure for obtaining certificates differs between a CA like Verisign and a
CA such as a Windows 2000 certificate server, which an organization operates for
providing certificates for its members. For example, an administrator of a Windows 2000
certificate server might provide it to you via e-mail.
b.
Save the certificate as a text file called
trust.txt
.
2.
Install the trusted CA certificate for the Trusted Root CA.
a.
Log in to the FVL328.
b.
From the main menu VPN section, click the CAs link.
c.
Click Add to add a CA.
d.
Click Browse to locate the
trust.txt
file.
e.
Click Upload.
Figure 6-16:
Certificate Authorities table
You will now see a screen such as the one above showing that the Certificate Authority is
now registered with the FVL328.
3.
Create a certificate request for the FVL328.
a.
From the main menu VPN section, click the Certificates link.
Page 99 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Virtual Private Networking
6-29
May 2004, 202-10030-02
b.
Click the Generate Request button to display the screen illustrated in
Figure 6-17
below.
.
Figure 6-17:
Generate Self Certificate Request menu
c.
Fill in the fields on the Add Self Certificate screen.
Required
Name. Enter a name to identify this certificate.
Subject. This is the name other organizations will see as the holder (owner) of this
certificate. This should be your registered business name or official company
name. Generally, all certificates should have the same value in the Subject field.
Hash Algorithm. Select the desired option: MD5 or SHA1.
Signature Algorithm: RSA.
Signature Key Length. Select the desired option: 512, 1024, or 2048.
Optional
IP Address. If you have a fixed IP address on your WAN (Internet) port, you can
enter it here. Otherwise, you should leave this blank.
Domain Name. If you have a domain name, you can enter it here. Otherwise, you
should leave this blank.
E-mail Address. You can enter your e-mail address here.
Page 100 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
6-30
Virtual Private Networking
May 2004, 202-10030-02
d.
Click the Next button to continue. The FVL328 generates a Self Certificate Request as
shown below.
Figure 6-18:
Self Certificate Request data
4.
Transmit the Self Certificate Request data to the Trusted Root CA.
a.
Highlight the text in the Data to supply to CA area, copy it, and paste it into a text file.
b.
Give the certificate request data to the CA. In the case of a Windows 2000 internal CA,
you might simply e-mail it to the CA administrator. The procedures of a CA like Verisign
and a CA such as a Windows 2000 certificate server administrator will differ. Follow the
procedures of your CA.
c.
When you have finished gathering the Self Certificate Request data, click the Done button.
You will return to the Certificates screen where your pending “FVL328” Self Certificate
Request will be listed, as illustrated in
Figure 6-19
below.
Highlight, copy and
paste this data into
a text file.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top