Page 116 / 238
Scroll up to view Page 111 - 115
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
7-4
Virtual Private Networking
202-10085-01, March 2005
Figure 7-3:
Functional operation of FVS124G WAN ports for load balancing mode
Rest of
FVS124G
Functions
FVS124G
WAN Port
Functions
Load
Balancing
Control
FVS124G Firewall
WAN 1 Port
WAN 2 Port
Internet
FQDN required (dynamic IP addresses)
FVS124G Functional Block Diagram
Dynamic DNS screens
FQDN setup for WAN1 port
Select Dynamic DNS service
FQDN optional (static IP addresses)
Select Dynamic DNS service
FQDN setup for WAN2 port
Page 117 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Virtual Private Networking
7-5
202-10085-01, March 2005
Creating a VPN Connection: Between FVX538 and FVS124G
This section describes how to configure a VPN connection between a NETGEAR FVX538 VPN
Firewall and a NETGEAR FVS124G VPN Firewall.
Using each firewall's VPN Wizard, we will create a set of policies (IKE and VPN) that will allow
the two firewalls to connect from locations with fixed IP addresses. Either firewall can initiate the
connection.
This procedure was developed and tested using:
•
Netgear FVX538 VPN Firewall with version 1.6.11 firmware
–
WAN1 IP address is 10.1.0.118
–
•
Netgear FVS124g VPN Firewall with version 1.0 firmware
–
WAN IP address is 10.1.1.150
–
LAN IP address subnet is 192.168.2.1 255.255.255.0
Configuring the FVX538
1.
Select the VPN Wizard
2.
Give the client connection a name, such as
to_fvs
.
3.
Enter a value for the pre-shared key.
4.
Select 'a remote VPN gateway'.
Figure 7-4:
VPN Wizard start page
Page 118 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
7-6
Virtual Private Networking
202-10085-01, March 2005
5.
Click Next.
6.
Enter the WAN IP address of the remote FVS124G.
7.
Click WAN1 to bind this connection to the WAN1 port.
Figure 7-5:
WAN IP address of remote FVS124G
8.
Click Next.
9.
Enter the LAN IP address and subnet mask of the remote FVS124G.
Figure 7-6:
LAN IP address and subnet mask of remote FVS124G
10.
Click Next.
Page 119 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Virtual Private Networking
7-7
202-10085-01, March 2005
11.
Click Done to create the 'to_fvs' IKE and VPN policies.
In the IKE Policies menu, the 'to_fvs' IKE policy will appear in the table.
Figure 7-7:
IKE Policies
12.
You can view the IKE parameters by selecting 'to_fvs' and clicking Edit. It should not be
necessary to make any changes.
Figure 7-8:
FVX538-to-FVS124G IKE screen
Page 120 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
7-8
Virtual Private Networking
202-10085-01, March 2005
13.
In the VPN Policies menu, the 'to_fvs' VPN policy will appear in the table.
Figure 7-9:
FVX538 VPN Policies screen
19216811.live