1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS114
    5. /
  5. 22
Page 106 / 212 Scroll up to view Page 101 - 105
Reference Manual for the ProSafe VPN Firewall FVS114
6-18
Advanced Virtual Private Networking
202-10098-01, April 2005
c.
From the main menu Advanced section, click the
LAN IP Setup
link. The following
menu appears
Figure 6-8: LAN IP Setup menu
d.
Configure the LAN IP address according to the settings above and click
Apply
to save
your settings. For more information on LAN TCP/IP setup topics, please see
“Configuring
LAN TCP/IP Setup Parameters” on page 8-5
.
Note:
After you click
Apply
to change the LAN IP address settings, your workstation will
be disconnected from the FVS114. You will have to log on with
which is
now the address you use to connect to the built-in Web-based configuration manager of
the FVS114.
Page 107 / 212
Reference Manual for the ProSafe VPN Firewall FVS114
Advanced Virtual Private Networking
6-19
202-10098-01, April 2005
3.
Set up the IKE Policy illustrated below on the FVS114.
a.
From the main menu VPN section, click on the
IKE Policies
link, and then click the
Add
button to display the screen below.
Figure 6-9: Scenario 1 IKE Policy
b.
Configure the IKE Policy according to the settings in the illustration above and click
Apply
to save your settings. For more information on IKE Policy topics, please see
“IKE
Policies’ Automatic Key and Authentication Management” on page 6-3
.
Page 108 / 212
Reference Manual for the ProSafe VPN Firewall FVS114
6-20
Advanced Virtual Private Networking
202-10098-01, April 2005
4.
Set up the FVS114 VPN -Auto Policy illustrated below.
a.
From the main menu VPN section, click on the
VPN Policies
link, and then click on the
Add Auto Policy
button.
Figure 6-10: Scenario 1 VPN - Auto Policy
b.
Configure the IKE Policy according to the settings in the illustration above and click
Apply
to save your settings. For more information on IKE Policy topics, please see
“IKE
Policies’ Automatic Key and Authentication Management” on page 6-3
.
5.
After applying these changes, all traffic from the range of LAN IP addresses specified on
FVS114 A and FVS114 B will flow over a secure VPN tunnel.
WAN IP
address
LAN IP
addresses
Page 109 / 212
Reference Manual for the ProSafe VPN Firewall FVS114
Advanced Virtual Private Networking
6-21
202-10098-01, April 2005
How to Check VPN Connections
You can test connectivity and view VPN status information on the FVS114 (see also
“VPN Tunnel
Control” on page 5-26
).
Testing the Gateway A FVS114 LAN and the Gateway B LAN
1.
Using our example, from a PC attached to the FVS114 on LAN A, on a Windows PC click the
Start
button on the taskbar and then click
Run
.
2.
Type
ping -t
172.23.9.1
, and then click
OK
.
3.
This will cause a continuous ping to be sent to the LAN interface of Gateway B. Within two
minutes, the ping response should change from timed out to reply.
4.
At this point the connection is established.
5.
To test connectivity between the FVS114 Gateway A and Gateway B WAN ports, follow these
steps:
a.
Using our example, log in to the FVS114 on LAN A, go to the main menu Maintenance
section and click the
Diagnostics
link.
b.
To test connectivity to the WAN port of Gateway B, enter
22.23.24.25
, and then click
Ping
.
c.
This causes a ping to be sent to the WAN interface of Gateway B. Within two minutes, the
ping response should change from timed out to reply. You may have to run this test several
times before you get the reply message back from the target FVS114.
d.
At this point the connection is established.
Note
: If you want to ping the FVS114 as a test of network connectivity, be sure the FVS114 is
configured to respond to a ping on the Internet WAN port by checking the check box seen in
Figure 4-2
on
page 4-4
. However, to preserve a high degree of security, you should turn off
this feature when you are finished with testing.
6.
To view the FVS114 event log and status of Security Associations, follow these steps:
a.
Go to the FVS114 main menu VPN section and click the
VPN Status
link.
b.
The log screen displays a history of the VPN connections, and the IPSec SA and IKE SA
tables will report the status and data transmission statistics of the VPN tunnels for each
policy.
Page 110 / 212
Reference Manual for the ProSafe VPN Firewall FVS114
6-22
Advanced Virtual Private Networking
202-10098-01, April 2005
FVS114 Scenario 2: FVS114 to FVS114 with RSA Certificates
The following is a typical gateway-to-gateway VPN that uses Public Key Infrastructure x.509
(PKIX) certificates for authentication. The network setup is identical to the one given in
Scenario 1. The IKE Phase 1 and Phase 2 parameters are identical to the ones given in Scenario 1,
with the exception that the identification is done with signatures authenticated by PKIX
certificates.
Note
: Before completing this configuration scenario, make sure the correct Time Zone is set on the
FVS114. For instructions on this topic, see
“Time Zone” on page 4-14
.
1.
Obtain a root certificate.
a.
Obtain the root certificate (that includes the public key) from a Certificate Authority (CA)
Note:
The procedure for obtaining certificates differs from a CA like Verisign and a CA
such as a Windows 2000 certificate server, which an organization operates for providing
certificates for its members. For example, an administrator of a Windows 2000 certificate
server might provide it to you via e-mail.
b.
Save the certificate as a text file called
trust.txt
.
2.
Install the trusted CA certificate for the Trusted Root CA.
a.
Log in to the FVS114.
b.
From the main menu VPN section, click the
CAs
link.
c.
Click
Add
to add a CA.
d.
Click
Browse
to locate the
trust.txt
file.
e.
Click
Upload
.
3.
Create a certificate request for the FVS114.
a.
From the main menu VPN section, click the
Certificates
link.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top