1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVL328
    5. /
  5. 40
Page 196 / 234 Scroll up to view Page 191 - 195
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
G-2
NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
May 2004, 202-10030-02
Figure G-1:
Addressing and Subnet Used for Examples
Step-By-Step Configuration of FVL328 or FWAG114 Gateway
1.
Log in to the FVL328 gateway as in the illustration.
Out of the box, the FVL328 is set for its default LAN address of
with its
default user name of
admin
and default password of
password
. Even though the remainder of
this document will refer to the FVL328, the login procedures and configuration menu screens
are the same for the FVL328 and the FWAG114.
Note:
Product updates are available on the NETGEAR Web site at
www.netgear.com/support/main.asp
. VPNC Interoperability guidelines can be found at
.
Gateway
0.0.0.0
66.120.188.153
192.168.0.0
WAN IP
WAN IP
LAN IP
Network Addresses
Client
PC with NETGEAR
ProSafe VPN client
FVL328
Page 197 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
G-3
May 2004, 202-10030-02
2.
Click
IKE Policies
under the VPN menu and click
Add
on the IKE Policies Menu.
Figure G-2:
NETGEAR FVL328 IKE Policy Configuration
Enter a descriptive name for the policy in the Policy Name field. This name is not supplied
to the remote VPN endpoint. It is used to help you manage the IKE policies. In our
example, we used
VPNclient
as the Policy Name.
From the Direction/Type drop-down box, select
Remote Access
.
From the Exchange Mode drop-down box, select
Aggressive Mode
. This will also be
selected in the FVL328 Prosafe High Speed VPN Firewall My Identity ID Type fields, as
seen in
“Security Policy” on page G-11
.
From the Local Identity drop-down box, select
Fully Qualified Domain Name
(the actual
WAN IP address of the FVL328 will also be used in the Connection ID Type fields of the
FVL328 Prosafe High Speed VPN Firewall as seen in
“Security Policy Editor New
Connection” on page G-8
).
Page 198 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
G-4
NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
May 2004, 202-10030-02
For this example we typed
FVL328
in the Local Identity Data field.
From the Remote Identity drop-down box, select
Fully Qualified Domain Name
.
Type
VPNclient
in the Remote Identity Data. This will also be entered in the FVL328
Prosafe High Speed VPN Firewall My Identity ID Type fields, as seen in
“My Identity” on
page G-9
.
From the Encryption Algorithm drop-down box, select
3DES
. This will also be selected in
the FVL328 Prosafe High Speed VPN Firewall Security Policy Authentication Phase 1
Proposal 1 Encrypt Alg field, as seen in
“Connection Security Policy Authentication
(Phase 1)” on page G-11
.
From the Authentication Algorithm drop-down box, select
SHA-1
.This will also be
selected in the FVL328 Prosafe High Speed VPN Firewall Security Policy Authentication
Phase 1 Proposal 1 Hash Alg field, as seen in
“Connection Security Policy Authentication
(Phase 1)” on page G-11
.
From the Authentication Method radio button, select
Pre-shared Key
. This will also be
selected in the FVL328 Prosafe High Speed VPN Firewall Security Policy Authentication
Phase 1 Proposal 1 Authentication Method field, as seen in
“Connection Security Policy
Authentication (Phase 1)” on page G-11
.
In the Pre-Shared Key field, type
hr5xb84l6aa9r6
. You must make sure the key is the
same for both the FVL328 and the FVL328 Firewall. This will also be selected in the
FVL328 Prosafe High Speed VPN Firewall Security Policy Authentication Phase 1
Proposal 1 Encrypt Alg field, as seen in
“Connection Identity Pre-Shared Key” on page
G-10
.
From the Diffie-Hellman (DH) Group drop-down box, select
Group 2 (1024 Bit)
. This
will also be selected in the FVL328 Prosafe High Speed VPN Firewall Security Policy
Authentication Phase 1 Proposal 1 Key Group field, as seen in
“Connection Security
Policy Authentication (Phase 1)” on page G-11
.
In the SA Life Time field, type
86400
.
Click
Apply
. This will bring you back to the IKE Policies Menu.The FVL328
IKE Policy is
now displayed in the IKE Policies page.
Page 199 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
G-5
May 2004, 202-10030-02
3.
Click the
VPN Policies
link under the VPN category on the left side of the main menu. This
will take you to the VPN Policies Menu page. Click
Add
Auto Policy
. This will open a new
screen titled VPN – Auto Policy.
Figure G-3:
NETGEAR FVL328 VPN – Auto Policy
General settings
Enter a unique name to identify this policy. This name is not supplied to the remote VPN
endpoint. In our example, we use
VPNclient
as the Policy Name.
From the IKE policy drop-down box, select
VPNclient
which is the IKE Policy that was
set up in the earlier step.
Page 200 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
G-6
NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
May 2004, 202-10030-02
From the Remote VPN Endpoint Address Type drop-down box, select
IP Address
.
Type
0.0.0.0
as the Address Data of the client because we are assuming the remote PC will
have a dynamically assigned IP address. This will also be entered in the FVL328 Prosafe
High Speed VPN Firewall Internal Network IP Address field, as seen in
“My Identity” on
page G-9
.
Type
86400
in the SA Life Time (Seconds) field.
Type
0
in the SA Life Time (Kbytes) field.
Check the
IPSec PFS
check box to enable Perfect Forward Secrecy. This will also be
entered in the FVL328 Prosafe High Speed VPN Firewall Security Policy Enable Perfect
Forward Secrecy check box, as seen in
“Security Policy” on page G-11
.
From the PFS Key Group drop-down box, select
Group 2 (1024 Bit)
. This will also be
entered in the FVL328 Prosafe High Speed VPN Firewall Security Policy PFS Key Group
drop-down selection box, as seen in
“Security Policy” on page G-11
.
From the Traffic Selector Local IP drop-down box, select
Subnet addresses
. This will
also be entered in the FVL328 Prosafe High Speed VPN Firewall Connection Remote
Party Identity and Addressing ID Type field, as seen in
“Security Policy Editor New
Connection” on page G-8
.
Type the starting LAN IP Address of the FVL328 in the Local IP Start IP Address field.
For this example, we used
192.168.0.0
which is the default LAN IP address of the
FVL328
.
This will also be entered in the FVL328 Prosafe High Speed VPN Firewall
Connection Remote Party Identity and Addressing Subnet field, as seen in
“Security
Policy Editor New Connection” on page G-8
.
Type the LAN Subnet Mask of the FVL328 (
255.255.255.0
in our example) in the Local
IP Subnet Mask field. This will also be entered in the FVL328 Prosafe High Speed VPN
Firewall Connection Remote Party Identity and Addressing Mask field, as seen in
“Security Policy Editor New Connection” on page G-8
.
From the Traffic Selector Remote IP drop-down box, select
Single addresses
.
Type
0.0.0.0
as the start IP Address of the in the Remote IP Start IP Address field because
we are assuming the remote PC will have a dynamically assigned IP address. This will
also be entered in the FVL328 Prosafe High Speed VPN Firewall My Identity Internal
Network IP Address field, as seen in
“My Identity” on page G-9
.
Select the
Enable Encryption
check box. This will also be selected in the FVL328
Prosafe High Speed VPN Firewall Security Policy Key Exchange (Phase 2) Encapsulation
Protocol (ESP) check box, as seen in
“Connection Security Policy Key Exchange (Phase
2)” on page G-12
.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top