Page 81 / 212
Scroll up to view Page 76 - 80
Reference Manual for the ProSafe VPN Firewall FVS114
Basic Virtual Private Networking
5-25
202-10098-01, April 2005
6.
Repeat for the FVS114 on LAN B. Pay special attention and use the following network
settings as appropriate.
•
WAN IP of the remote VPN gateway (e.g.,
14.15.16.17
)
•
LAN IP settings of the remote VPN gateway:
—
IP Address (e.g,
192.168.0.1
)
—
Subnet Mask (e.g.,
255.255.255.0
)
—
Preshared Key (e.g.,
12345678
)
7.
Use the VPN Status screen to activate the VPN tunnel by performing the following steps:
a.
Open the FVS114 management interface and click on
VPN Status
under VPN to get the
VPN Status/Log screen (
Figure 5-30
).
Figure 5-30:
VPN Status/Log screen
b.
Click on
VPN Status
(
Figure 5-32
) to get the Current VPN Tunnels (SAs) screen
(
Figure 5-31
). Click on
Connect
for the VPN tunnel you want to activate.
Note:
The VPN Status screen is only one of three ways to active a VPN tunnel. See
“Activating a VPN Tunnel” on page 5-26
for information on the other ways.
Page 82 / 212
Reference Manual for the ProSafe VPN Firewall FVS114
5-26
Basic Virtual Private Networking
202-10098-01, April 2005
Figure 5-31:
Current VPN Tunnels (SAs) Screen
c.
Look at the VPN Status/Log screen (
Figure 5-30
) to verify that the tunnel is connected.
VPN Tunnel Control
Activating a VPN Tunnel
There are three ways to activate a VPN tunnel:
•
Start using the VPN tunnel.
•
Use the VPN Status page.
•
Activate the VPN tunnel by pinging the remote endpoint.
Start Using a VPN Tunnel to Activate It
To use a VPN tunnel, use a Web browser to go to a URL whose IP address or range is covered by
the policy for that VPN tunnel.
Using the VPN Status Page to Activate a VPN Tunnel
To use the VPN Status screen to activate a VPN tunnel, perform the following steps:
1.
Log in to the VPN Firewall.
2.
Open the FVS114 management interface and click on
VPN Status
under VPN to get the VPN
Status/Log screen (
Figure 5-32
).
Page 83 / 212
Reference Manual for the ProSafe VPN Firewall FVS114
Basic Virtual Private Networking
5-27
202-10098-01, April 2005
Figure 5-32:
VPN Status/Log screen
3.
Click
VPN Status
(
Figure 5-32
) to get the Current VPN Tunnels (SAs) screen (
Figure 5-33
).
Click
Connect
for the VPN tunnel you want to activate.
Figure 5-33:
Current VPN Tunnels (SAs) screen
Activate the VPN Tunnel by Pinging the Remote Endpoint
Note:
This section uses 192.168.3.1 for an example remote endpoint LAN IP address.
To activate the VPN tunnel by pinging the remote endpoint (192.168.3.1), do the following steps
depending on whether your configuration is client-to-gateway or gateway-to-gateway:
•
Client-to-Gateway Configuration
—to check the VPN Connection, you can initiate a request
from the remote PC to the FVS114’s network by using the “Connect” option in the NETGEAR
ProSafe menu bar. The NETGEAR ProSafe client will report the results of the attempt to
connect. Since the remote PC has a dynamically assigned WAN IP address, it must initiate the
request.
To perform a ping test using our example, start from the remote PC:
Page 84 / 212
Reference Manual for the ProSafe VPN Firewall FVS114
5-28
Basic Virtual Private Networking
202-10098-01, April 2005
a.
Establish an Internet connection from the PC.
b.
On the Windows taskbar, click the
Start
button, and then click
Run
.
c.
Type
ping -t 192.168.3.1
and then click
OK
.
Figure 5-34:
Running a Ping test to the LAN from the PC
This will cause a continuous ping to be sent to the first FVS114. Within two minutes, the
ping response should change from “timed out” to “reply.”
Note:
Use
Ctrl-C
to stop the pinging.
Figure 5-35:
Ping test results
Once the connection is established, you can open the browser of the PC and enter the LAN IP
address of the remote FVS114. After a short wait, you should see the login screen of the VPN
Firewall (unless another PC already has the FVS114 management interface open).
•
Gateway-to-Gateway Configuration
—test the VPN tunnel by pinging the remote network
from a PC attached to the FVS114.
a.
Open a command prompt (
Start
->
Run
->
cmd
).
b.
Type
ping 192.168.3.1
.
Page 85 / 212
Reference Manual for the ProSafe VPN Firewall FVS114
Basic Virtual Private Networking
5-29
202-10098-01, April 2005
Figure 5-36:
Pinging test results
Note:
The pings may fail the first time. If so, then try the pings a second time.
Verifying the Status of a VPN Tunnel
To use the VPN Status page to determine the status of a VPN tunnel, perform the following steps:
1.
Log in to the VPN Firewall.
2.
Open the FVS114 management interface and click
VPN Status
under VPN to get the VPN
Status/Log screen (
Figure 5-37
).
Figure 5-37:
VPN Status/Log screen
Log—this log shows the details of recent VPN activity, including the building of the VPN
tunnel. If there is a problem with the VPN tunnel, refer to the log for information about what
might be the cause of the problem.
•
Click
Refresh
to see the most recent entries.
19216811.live