NETGEAR FVS318N Router Manual PDF (Setup & Configuration Guide)

Page 206 / 414 Scroll up to view Page 201 - 205

Virtual Private Networking Using IPSec and L2TP Connections

206

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Figure 122.

b.

Specify the default lifetimes in seconds:

•

Authentication (IKE)

,

Default

. The default lifetime value is 3600 seconds.

Change this setting to

28800

seconds to match the configuration of the wireless

VPN firewall.

•

Encryption (IPSec)

,

Default

. The default lifetime value is 1200 seconds. Change

this setting to

3600

seconds to match the configuration of the wireless VPN

firewall.

9.

Click

Apply

to use the new settings immediately, and click

Save

to keep the settings for

future use.

The VPN client configuration is now complete.

Instead of using the wizard on the VPN client, you can also manually configure the VPN

client, which is explained in the following section.

Manually Create a Secure Connection Using the NETGEAR VPN Client

Note:

Perform these tasks from a computer that has the NETGEAR

ProSafe VPN Client installed.

To manually configure a VPN connection between the VPN client and the wireless VPN

firewall, create authentication settings (phase 1 settings), create an associated IPSec

configuration (phase 2 settings), and then specify the global parameters.

Page 207 / 414

Virtual Private Networking Using IPSec and L2TP Connections

207

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Configure the Authentication Settings (Phase 1 Settings)



To create new authentication settings:

1.

Right-click the VPN client icon in your Windows system tray, and select

Configuration

Panel

. The Configuration Panel screen displays:

Figure 123.

2.

In the tree list pane of the Configuration Panel screen, right-click

VPN Configuratio

n, and

select

New Phase 1

.

Figure 124.

3.

Change the name of the authentication phase (the default is Gateway):

a.

Right-click the authentication phase name.

b.

Select

Rename

.

c.

Type

vpn_client

.

d.

Click anywhere in the tree list pane.

Page 208 / 414

Virtual Private Networking Using IPSec and L2TP Connections

208

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Note:

This is the name for the authentication phase that is used only for the

VPN client, not during IKE negotiation. You can view and change this name in

the tree list pane. This name needs to be a unique name.

The Authentication pane displays in the

Configuration Panel screen, with the

Authentication tab selected by default.

Figure 125.

4.

Specify the settings that are explained in the following table.

Table 46.

VPN client authentication settings

Setting

Description

Interface

Select

Any

from the drop-down list.

Remote Gateway

Enter the remote IP address or DNS name of the wireless VPN firewall. For example,

enter

192.168.15.175

.

Preshared Key

Select the

Preshared Key

radio button. Enter the pre-shared key that you already

specified on the wireless VPN firewall. For example, enter

I7!KL39dFG_8

. Confirm

the key in the Confirm field.

IKE

Encryption

Select the

3DES

encryption algorithm from the drop-down list.

Authentication

Select the

SHA1

authentication algorithm from the drop-down list.

Key Group

Select the

DH2 (1024)

key group from the drop-down list.

Note:

On the wireless VPN firewall, this key group is referred to as

Diffie-Hellman Group 2 (1024 bit).

Page 209 / 414

Virtual Private Networking Using IPSec and L2TP Connections

209

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

5.

Click

Apply

to use the new settings immediately, and click

Save

to keep the settings for

future use.

6.

Click the

Advanced

tab in the Authentication pane. The Advanced pane displays:

Figure 126.

7.

Specify the settings that are explained in the following table.

Table 47.

VPN client advanced authentication settings

Setting

Description

Advanced features

Aggressive Mode

Select this check box to enable aggressive mode as the mode of negotiation with

the wireless VPN firewall.

NAT-T

Select

Automatic

from the drop-down list to enable the VPN client and wireless

VPN firewall to negotiate NAT-T.

Local and Remote ID

Local ID

As the type of ID, select

DNS

from the Local ID drop-down list because you

specified FQDN in the wireless VPN firewall configuration.

As the value of the ID, enter

remote.com

as the local ID for the VPN client.

Note:

The remote ID on the wireless VPN firewall is the local ID on the VPN

client. It might be less confusing to configure an FQDN such as client.com as the

remote ID on the wireless VPN firewall and then enter client.com as the local ID

on the VPN client.

Page 210 / 414

Virtual Private Networking Using IPSec and L2TP Connections

210

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

8.

Click

Apply

to use the new settings immediately, and click

Save

to keep the settings for

future use.

Create the IPSec Configuration (Phase 2 Settings)

Note:

On the wireless VPN firewall, the IPSec configuration (phase 2

settings) is referred to as the IKE settings.



To create an IPSec configuration:

1.

In the tree list pane of the Configuration Panel screen, right-click the

vpn_client

authentication phase name, and then select

New Phase 2

.

2.

Change the name of the IPSec configuration (the default is Tunnel):

a.

Right-click the IPSec configuration name.

b.

Select

Rename

.

c.

Type

netgear_platform

.

d.

Click anywhere in the tree list pane.

Note:

This is the name for the IPSec configuration that is used only for the

VPN client, not during IPSec negotiation. You can view and change this name

in the tree list pane. This name needs to be a unique name.

The IPSec pane displays in the

Configuration Panel screen, with the IPSec tab selected

by default:

Remote ID

As the type of ID, select

DNS

from the Remote ID drop-down list because you

specified an FQDN in the wireless VPN firewall configuration.

As the value of the ID, enter

local.com

as the remote ID for the wireless VPN

firewall.

Note:

The local ID on the wireless VPN firewall is the remote ID on the VPN

client. It might be less confusing to configure an FQDN such as router.com as the

local ID on the wireless VPN firewall and then enter router.com as the remote ID

on the VPN client.

Table 47.

VPN client advanced authentication settings (continued)

Setting

Description

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share