NETGEAR FVS318N Router Manual PDF (Setup & Configuration Guide)

Page 246 / 414 Scroll up to view Page 241 - 245

Virtual Private Networking Using IPSec and L2TP Connections

246

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Note:

Perform these tasks from a computer that has the NETGEAR

ProSafe VPN Client installed.

To configure the VPN client for Mode Config operation, create authentication settings

(phase 1 settings), create an associated IPSec configuration (phase 2 settings), and then

specify the global parameters.

Configure the Mode Config Authentication Settings (Phase 1 Settings)



To create new authentication settings:

1.

Right-click the VPN client icon in your Windows system tray, and select

Configuration

Panel

. The Configuration Panel screen displays:

Figure 146.

2.

In the tree list pane of the Configuration Panel screen, right-click

VPN Configuration

,

and

select

New Phase 1

.

Figure 147.

Page 247 / 414

Virtual Private Networking Using IPSec and L2TP Connections

247

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

3.

Change the name of the authentication phase (the default is Gateway):

a.

Right-click the authentication phase name.

b.

Select

Rename

.

c.

Type

GW_ModeConfig

.

d.

Click anywhere in the tree list pane.

Note:

This is the name for the authentication phase that is used only for the

VPN client, not during IKE negotiation. You can view and change this name in

the tree list pane. This name needs to be a unique name.

The Authentication pane displays in the

Configuration Panel screen, with the

Authentication tab selected by default:

Figure 148.

4.

Specify the settings that are explained in the following table.

Table 58.

VPN client authentication settings (Mode Config)

Setting

Description

Interface

Select

Any

from the drop-down list.

Remote Gateway

Enter the remote IP address or DNS name of the wireless VPN firewall. For example,

enter

192.168.15.175

.

Preshared Key

Select the

Preshared Key

radio button. Enter the pre-shared key that you already

specified on the wireless VPN firewall. For example, enter

H8!spsf3#JYK2!

. Confirm

the key in the Confirm field.

Page 248 / 414

Virtual Private Networking Using IPSec and L2TP Connections

248

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

5.

Click

Apply

to use the new settings immediately, and click

Save

to keep the settings for

future use.

6.

Click the

Advanced

tab in the Authentication pane. The Advanced pane displays:

Figure 149.

7.

Specify the settings that are explained in the following table.

IKE

Encryption

Select the

3DES

encryption algorithm from the drop-down list.

Authentication

Select the

SHA1

authentication algorithm from the drop-down list.

Key Group

Select the

DH2 (1024)

key group from the drop-down list.

Note:

On the wireless VPN firewall, this key group is referred to as

Diffie-Hellman Group 2 (1024 bit).

Table 59.

VPN client advanced authentication settings (Mode Config)

Setting

Description

Advanced features

Mode Config

Select this check box to enable Mode Config.

Aggressive Mode

Select this check box to enable aggressive mode as the mode of negotiation with

the wireless VPN firewall.

Table 58.

VPN client authentication settings (Mode Config) (continued)

Setting

Description

Page 249 / 414

Virtual Private Networking Using IPSec and L2TP Connections

249

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

8.

Click

Apply

to use the new settings immediately, and click

Save

to keep the settings for

future use.

Create the Mode Config IPSec Configuration (Phase 2 Settings)

Note:

On the wireless VPN firewall, the IPSec configuration (phase 2

settings) is referred to as the IKE settings.



To create an IPSec configuration:

1.

In the tree list pane of the Configuration Panel screen, right-click the

GW_ModeConfig

authentication phase name, and then select

New Phase 2

.

2.

Change the name of the IPSec configuration (the default is Tunnel):

a.

Right-click the IPSec configuration name.

b.

Select

Rename

.

c.

Type

Tunnel_ModeConfig

.

d.

Click anywhere in the tree list pane.

Note:

This is the name for the IPSec configuration that is used only for the

VPN client, not during IPSec negotiation. You can view and change this name

in the tree list pane. This name needs to be a unique name.

The IPSec pane displays in the

Configuration Panel screen, with the IPSec tab selected

by default:

NAT-T

Select

Automatic

from the drop-down list to enable the VPN client and wireless

VPN firewall to negotiate NAT-T.

Local and Remote ID

Local ID

As the type of ID, select

DNS

from the Local ID drop-down list because you

specified FQDN in the wireless VPN firewall configuration.

As the value of the ID, enter

client.com

as the local ID for the VPN client.

Note:

The remote ID on the wireless VPN firewall is the local ID on the VPN

client.

Remote ID

As the type of ID, select

DNS

from the Remote ID drop-down list because you

specified an FQDN in the wireless VPN firewall configuration.

As the value of the ID, enter

router.com

as the remote ID for the wireless VPN

firewall.

Note:

The local ID on the wireless VPN firewall is the remote ID on the VPN

client.

Table 59.

VPN client advanced authentication settings (Mode Config) (continued)

Setting

Description

Page 250 / 414

Virtual Private Networking Using IPSec and L2TP Connections

250

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Figure 150.

3.

Specify the settings that are explained in the following table.

Table 60.

VPN client IPSec configuration settings (Mode Config)

Setting

Description

VPN Client

address

This field is masked out because Mode Config is selected. After an IPSec connection is

established, the IP address that is issued by the wireless VPN firewall displays in this field

(see

Figure 155

on page 254).

Address Type

Select

Subnet address

from the drop-down list.

Remote host

address

The address that you need to enter depends on whether or not you have specified a LAN

IP network address in the Local IP Address field on the Add Mode Config Record screen

of the wireless VPN firewall:

• If you left the Local IP Address field blank, enter the wireless VPN firewall’s default LAN

IP address as the remote host address that opens the VPN tunnel. For example, enter

192.168.1.1

.

• If you specified a LAN IP network address in the Local IP Address field, enter the

address that you specified as the remote host address that opens the VPN tunnel.

Subnet mask

Enter

255.255.255.0

as the remote subnet mask of the wireless VPN firewall that opens

the VPN tunnel. This is the LAN IP subnet mask that you specified in the Local Subnet

Mask field on the Add Mode Config Record screen of the wireless VPN firewall. If you left

the Local Subnet Mask field blank, enter the wireless VPN firewall’s default IP subnet

mask.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share