NETGEAR FVL328 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

NETGEAR

FVL328

Page 191 / 234 Scroll up to view Page 186 - 190

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

NETGEAR VPN Configuration FVS318 or FVM318 to FVL328

F-9

May 2004, 202-10030-02

Figure F-10:

NETGEAR FVL328 VPN – Auto Policy (part 2)

–

From the Traffic Selector Remote IP drop-down box, select Subnet address.

–

Type the starting LAN IP Address of Gateway A (

10.5.6.1

in our example) in the Remote

IP Start IP Address field.

–

Type the finishing LAN IP Address of Gateway A (

0.0.0.0

in our example) in the Remote

IP Finish IP Address field.

–

Type the LAN Subnet Mask of Gateway A (

255.255.255.0

in our example) in the Remote

IP Subnet Mask field.

–

From the AH Configuration Authentication Algorithm drop-down box, select MD5.

–

Select Enable Encryption in the ESP Configuration Enable Encryption check box.

–

From the ESP Configuration Encryption Algorithm drop-down box, select 3DES.

–

Select Enable Authentication in the ESP Configuration Enable Authentication check box.

–

From the ESP Configuration Authentication Algorithm drop-down box, select MD5.

–

Select NETBIOS Enable in the NETBIOS Enable check box.

Click the Apply Button. You will be taken back to the VPN Policies Menu page.

Page 192 / 234

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

F-10

NETGEAR VPN Configuration FVS318 or FVM318 to FVL328

May 2004, 202-10030-02

Figure F-11:

NETGEAR FVL328 VPN Policies Menu (Post Configuration)

When the screen returns to the

VPN Policies

, make sure the

Enable

check box is selected.

Click the

Apply

button.

Test the VPN Connection

From a PC behind the NETGEAR FVS318 or FVM318 gateway A attempt to ping the remote

FVL328 gateway B LAN Interface address (example address 172.23.9.1)

From a PC behind the FVL328 gateway B attempt to ping the remote NETGEAR FVS318 or

FVM318 gateway A LAN Interface address (example address 10.5.6.1)

Click the Router Status link on the left side of the Settings management GUI. Click the Show

VPN Status button below. This will take you to the IPSec Connection Status Screen. If the

connection is functioning properly, the State fields will show “Estab.”

Click the Router Status link on the left side of the Settings management GUI. Click the Show

VPN Logs button below. NETGEAR log files should be similar to the example below.

Page 193 / 234

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

NETGEAR VPN Configuration FVS318 or FVM318 to FVL328

F-11

May 2004, 202-10030-02

13:19:02 - FVS318 IPSec:sizeof(connection)=1724 sizeof(state)=10048 sizeof(SA)=732

13:19:42 - FVS318 IPsec:call

ipsecdoi_initiate

13:19:42 - FVS318 IPsec:New State index:0, sno:1

13:19:42 - FVS318 IPsec:Initiating Main Mode

13:19:42 - FVS318 IPsec:main_outI1() policy=65

13:19:42 - FVS318 IKE:[toFVL328] Initializing IKE Main Mode

13:19:42 - FVS318 IKE:[toFVL328] TX >> MM_I1 : 22.23.24.25

13:19:42 - FVS318 IPsec:inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1

13:19:42 - FVS318 IPsec:Receive Packet address:0x1806f14 from 22.23.24.25

13:19:42 - FVS318 IPsec:main_inR1_outI2()

13:19:42 - FVS318 IKE:[toFVL328] RX << MM_R1 : 22.23.24.25

13:19:42 - FVS318 IPsec:Oakley Transform 1 accepted

13:19:42 - FVS318 IKE:OAKLEY_PRESHARED_KEY/OAKLEY_3DES_CBC/MODP1536

13:19:42 - FVS318 IKE:[toFVL328] TX >> MM_I2 : 22.23.24.25

13:19:42 - FVS318 IPsec:inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1

13:19:44 - FVS318 IPsec:Receive Packet address:0x1806f14 from 22.23.24.25

13:19:44 - FVS318 IPsec:main_inR2_outI3()

13:19:44 - FVS318 IKE:[toFVL328] RX << MM_R2 : 22.23.24.25

13:19:44 - FVS318 IKE:[toFVL328] TX >> MM_I3 : 22.23.24.25

13:19:44 - FVS318 IPsec:inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1

13:19:46 - FVS318 IPsec:Receive Packet address:0x1806f14 from 22.23.24.25

13:19:46 - FVS318 IPsec:main_inR3()

13:19:46 - FVS318 IKE:[toFVL328] RX << MM_R3 : 22.23.24.25

13:19:46 - FVS318 IPsec:Decoded Peer's ID is ID_IPV4_ADDR:22.23.24.25and 22.23.24.25in st

13:19:46 - FVS318 IPsec:inserting event EVENT_SA_REPLACE, timeout in 28740 seconds for #1

13:19:46 - FVS318 IPsec:STATE_MAIN_I4: ISAKMP SA established

13:19:46 - FVS318 IPsec:New State index:1, sno:2

13:19:46 - FVS318 IPsec:quick_outI1()

13:19:46 - FVS318 IPsec:New Message ID generated:570001

13:19:46 - FVS318 IPsec:initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS

13:19:46 - FVS318 IKE:[toFVL328] TX >> QM_I1 : 211.26.0.186

13:19:46 - FVS318 IPsec:in get_ipsec_spi() spi=cf01ea7d

13:19:46 - FVS318 IPsec:My generated SPI=cf01ea7d

13:19:46 - FVS318 IPsec:inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2

13:19:48 - FVS318 IPsec:Receive Packet address:0x1806f14 from 22.23.24.25

13:19:48 - FVS318 IPsec:loglog[3] ignoring informational payload, type IPSEC_RESPONDER_LIFETIME

13:19:48 - FVS318 IPsec:quick_inR1_outI2()

13:19:48 - FVS318 IKE:[toFVL328] RX << QM_R1 : 22.23.24.25

13:19:48 - FVS318 IKE:[ESP_3DES/AUTH_ALGORITHM_HMAC_SHA1/In SPI:cf01ea7d,Out

SPI:e51e148d]

13:19:48 - FVS318 IPsec:****Install OUTBOUNDSA:

13:19:48 - FVS318 IPsec: ESP(3DES-CBC SHA-1)

13:19:48 - FVS318 IPsec:****Install INBOUND SA:

13:19:48 - FVS318 IPsec: ESP(3DES-CBC SHA-1)

13:19:48 - FVS318 IKE:[toFVL328] TX >> QM_I2 : 22.23.24.25

13:19:48 - FVS318 IKE:[toFVL328] established with 22.23.24.25 successfully

13:19:48 - FVS318 IPsec:inserting event EVENT_SA_REPLACE, timeout in 3540 seconds for #2

13:19:48 - FVS318 IPsec:STATE_QUICK_I2: sent QI2, IPsec SA established

End of Log ----------

Page 194 / 234

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

F-12

NETGEAR VPN Configuration FVS318 or FVM318 to FVL328

May 2004, 202-10030-02

Page 195 / 234

NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router

G-1

May 2004, 202-10030-02

Appendix G

NETGEAR VPN Client

to NETGEAR FVL328 or FWAG114 VPN Router

Follow these procedures to configure a VPN tunnel from a NETGEAR ProSafe VPN Client to an

FVL328. This case study follows the Virtual Private Network Consortium (VPNC)

interoperability profile guidelines. The configuration options for the FVS328 and FWAG114 are

the same.

Configuration Profile

The configuration in this document follows the addressing and configuration mechanics defined

by the VPN Consortium. Gather all the necessary information before you begin the configuration

process. Verify whether the firmware is up to date, all of the addresses that will be necessary, and

all of the parameters that need to be set on both sides. Check that there are no firewall restrictions.

Table G-1.

Summary

VPN Consortium Scenario:

Scenario 1

Type of VPN

PC/Client-to-Gateway

Security Scheme:

IKE with Preshared Secret/Key (not Certificate-based)

Date Tested:

December 2003

Model/Firmware Tested:

Gateway

NETGEAR FVL328 firmware v 1.5 or FWAG114 firmware v 2.1

Client

FVL328 Prosafe High Speed VPN Firewall v10.1

IP Addressing:

Gateway

Static IP address

Client

Dynamic

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share