Reference Manual for the ProSafe VPN Firewall FVS114

Basic Virtual Private Networking

5-5

202-10098-01, April 2005

VPN Tunnel Configuration

There are two tunnel configurations and three ways to configure them:

•

Use the VPN Wizard to configure a VPN tunnel (recommended for most situations):

—

See

“How to Set Up a Client-to-Gateway VPN Configuration” on page 5-5

.

—

See

“How to Set Up a Gateway-to-Gateway VPN Configuration” on page 5-20

.

•

See

Chapter 6, “Advanced Virtual Private Networking

” when the VPN Wizard and its VPNC

defaults (see

Table 5-1

on

page 5-4

) are not appropriate for your special circumstances.

How to Set Up a Client-to-Gateway VPN Configuration

Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a

network gateway (see

Figure 5-3

) involves the following two steps:

•

“Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS114” on page 5-6

uses the

VPN Wizard to configure the VPN tunnel between the remote PC and network gateway.

•

“Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC” on page 5-9

configures the NETGEAR ProSafe VPN Client endpoint.

Figure 5-3:

Client-to-gateway VPN tunnel

192.168.3.1

VPN Tunnel

FVS114

24.0.0.1

PC

(Running NETGEAR

ProSafe VPN Client)

PCs

Reference Manual for the ProSafe VPN Firewall FVS114

5-6

Basic Virtual Private Networking

202-10098-01, April 2005

Step 1: Configuring the Client-to-Gateway VPN Tunnel on the

FVS114

Follow this procedure to configure a client-to-gateway VPN tunnel using the VPN Wizard.

1.

Log in to the FVS114 at its LAN address of

with its default user name of

admin

and password of

password

. Click the

VPN Wizard

link in the main menu to display

this screen. Click

Next

to proceed.

Figure 5-4:

VPN Wizard start screen

2.

Fill in the Connection Name and the pre-shared key, select the type of target end point, and

click

Next

to proceed.

Note:

The Connection Name is arbitrary and not relevant to how the configuration functions.

Note:

This section uses the VPN Wizard to set up the VPN tunnel using the VPNC

default parameters listed in

Table 5-1 on page 5-4

. If you have special requirements not

covered by these VPNC-recommended parameters, refer to

Chapter 6, “Advanced

Virtual Private Networking

” to set up the VPN tunnel.

Reference Manual for the ProSafe VPN Firewall FVS114

Basic Virtual Private Networking

5-7

202-10098-01, April 2005

Figure 5-5:

Connection Name and Remote IP Type

The Summary screen below displays.

Figure 5-6:

VPN Wizard Summary

Enter the new Connection Name:

(

RoadWarrior

in this example)

Enter the pre-shared key:

(

12345678

in this example)

Select the radio button:

A remote VPN client (single PC)

Reference Manual for the ProSafe VPN Firewall FVS114

5-8

Basic Virtual Private Networking

202-10098-01, April 2005

To view the VPNC recommended authentication and encryption settings used by the VPN

Wizard, click the

here

link (see

Figure 5-6

). Click

Back

to return to the

Summary

screen.

Figure 5-7:

VPNC Recommended Settings

3.

Click

Done

on the Summary screen (see

Figure 5-6

) to complete the configuration procedure.

The VPN Policies menu below displays showing that the new tunnel is enabled.

Figure 5-8:

VPN Policies

To view or modify the tunnel settings, select the radio button next to the tunnel entry and click

Edit

.

Reference Manual for the ProSafe VPN Firewall FVS114

Basic Virtual Private Networking

5-9

202-10098-01, April 2005

Step 2: Configuring the NETGEAR ProSafe VPN Client on the

Remote PC

This procedure describes how to configure the NETGEAR ProSafe VPN Client. This example

assumes the PC running the client has a dynamically assigned IP address.

The PC must have the NETGEAR ProSafe VPN Client program installed that supports IPSec. Go

to the NETGEAR Web site (

) and select VPN01L_VPN05L in the Product

Quick Find drop-down menu for information on how to purchase the NETGEAR ProSafe VPN

Client.

1.

Install the NETGEAR ProSafe VPN Client on the remote PC and reboot.

a.

You may need to insert your Windows CD to complete the installation.

b.

If you do not have a modem or dial-up adapter installed in your PC, you may see the

warning message stating “The NETGEAR ProSafe VPN Component requires at least one

dial-up adapter be installed.” You can disregard this message.

c.

Install the IPSec Component. You may have the option to install either the VPN Adapter

or the IPSec Component or both. The VPN Adapter is not necessary.

d.

The system should show the ProSafe icon (

) in the system tray after rebooting.

e.

Double-click the system tray icon to open the Security Policy Editor.

2.

Add a new connection.

a.

Run the NETGEAR ProSafe Security Policy Editor program and create a VPN

Connection.

b.

From the Edit menu of the Security Policy Editor, click

Add

, then

Connection

. A “New

Connection” listing appears in the list of policies. Rename the “New Connection” so that it

matches the Connection Name you entered in the VPN Settings of the FVS114 on LAN A.

Note:

Before installing the NETGEAR ProSafe VPN Client software, be sure to turn off

any virus protection or firewall software you may be running on your PC.

Note:

The procedure in this section explains how to create a new security policy from

scratch. For the procedure on how to import an existing security policy that has already

been created on another client running the NETGEAR ProSafe VPN Client, see

“Transferring a Security Policy to Another Client” on page 5-17

.