NETGEAR FVS318N Router Manual PDF (Setup & Configuration Guide)

Page 251 / 414 Scroll up to view Page 246 - 250

Virtual Private Networking Using IPSec and L2TP Connections

251

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

4.

Click

Apply

to use the new settings immediately, and click

Save

to keep the settings for

future use.

Configure the Mode Config Global Parameters



To specify the global parameters:

1.

Click

Global Parameters

in the left column

of the Configuration Panel screen.

The

Global Parameters pane displays in the

Configuration Panel screen:

Figure 151.

2.

Specify the following default lifetimes in seconds to match the configuration on the wireless

VPN firewall:

•

Authentication (IKE)

,

Default

. Enter

3600

seconds.

•

Encryption (IPSec)

,

Default

. Enter

3600

seconds.

ESP

Encryption

Select

3DES

as the encryption algorithm from the drop-down list.

Authentication

Select

SHA-1

as the authentication algorithm from the drop-down list.

Mode

Select

Tunnel

as the encapsulation mode from the drop-down list.

PFS and Group

Select the

PFS

check box, and then select the

DH2 (1024)

key group from the drop-down

list.

Note:

On the wireless VPN firewall, this key group is referred to as Diffie-Hellman

Group 2 (1024 bit).

Table 60.

VPN client IPSec configuration settings (Mode Config) (continued)

Setting

Description

Page 252 / 414

Virtual Private Networking Using IPSec and L2TP Connections

252

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

3.

Select the

Dead Peer Detection (DPD)

check box, and configure the following DPD settings

to match the configuration on the wireless VPN firewall:

•

Check Interval

. Enter

30

seconds.

•

Max. number of entries

. Enter

3

retries.

•

Delay between entries

. Leave the default delay setting of 15 seconds.

4.

Click

Apply

to use the new settings immediately, and click

Save

to keep the settings for

future use.

The Mode Config configuration of the VPN client is now complete.

Test the Mode Config Connection



To test the Mode Config connection from the VPN client to the wireless VPN firewall:

1.

Right-click the system tray icon, and select

Open tunnel ‘Tunnel_ModeConfig’

.

Figure 152.

When the tunnel opens successfully, the

Tunnel opened

message displays above the

system tray, and the VPN client displays a green icon in the system tray.

Figure 153.

2.

Verify that the wireless VPN firewall issued an IP address to the VPN client. This IP

address displays in the VPN Client address field on the IPSec pane of the VPN client.

(The following figure shows the upper part of the IPSec pane only.)

Page 253 / 414

Virtual Private Networking Using IPSec and L2TP Connections

253

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Figure 154.

3.

From the client computer, ping a computer on the wireless VPN firewall LAN.

Modify or Delete a Mode Config Record

Note:

Before you modify or delete a Mode Config record, make sure it is

not used in an IKE policy.



To edit a Mode Config record:

1.

On the Mode Config screen (see

Figure 143

on page 238), click the

Edit

button in the

Action column for the record that you want to modify. The Edit Mode Config Record

screen displays. This screen is identical to the Add Mode Config Record screen (see

Figure 144

on page 239).

2.

Modify the settings as explained in

Table 56

on page 240.

3.

Click

Apply

to save your settings.



To delete one or more Mode Config records:

1.

On the Mode Config screen (see

Figure 143

on page 238), select the check box to the

left of each record that you want to delete, or click the

Select All

table button to select

all records.

2.

Click the

Delete

table button.

Configure Keep-Alives and Dead Peer Detection

In some cases, you might not want a VPN tunnel to be disconnected when traffic is idle, for

example, when client-server applications over the tunnel cannot tolerate the tunnel

establishment time. If you require a VPN tunnel to remain connected, you can use the

keep-alive and Dead Peer Detection (DPD) features to prevent the tunnel from being

disconnected and to force a reconnection if the tunnel disconnects for any reason.

For DPD to function, the peer VPN device on the other end of the tunnel also needs to

support DPD. Keep-alive, though less reliable than DPD, does not require any support from

the peer device.

Page 254 / 414

Virtual Private Networking Using IPSec and L2TP Connections

254

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Configure Keep-Alives

The keep-alive feature maintains the IPSec SA by sending periodic ping requests to a host

across the tunnel and monitoring the replies.



To configure the keep-alive feature on a configured VPN policy:

1.

Select

VPN > IPSec VPN > VPN Policies

.

The VPN Policies screen displays the IPv4

settings (see

Figure 139

on page 226).

2.

Specify the IP version for which you want to edit a VPN policy:

•

IPv4

. In the upper right of the screen, the IPv4 radio button is already selected by

default. Go to

Step 3

.

•

IPv6

. Select the

IPv6

radio button. The VPN Policies screen for IPv6 displays.

3.

In the List of VPN Policies table, click the

Edit

table button to the right of the VPN policy that

you want to edit. The Edit VPN Policy screen displays. (The following figure shows only the

top part with the General section of the Edit VPN Policy screen for IPv6.)

Figure 155.

Page 255 / 414

Virtual Private Networking Using IPSec and L2TP Connections

255

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

4.

Enter the settings as explained in the following table:

5.

Click

Apply

to save your settings.

Configure Dead Peer Detection

The Dead Peer Detection (DPD) feature lets the wireless VPN firewall maintain the IKE SA

by exchanging periodic messages with the remote VPN peer.



To configure DPD on a configured IKE policy:

1.

Select

VPN > IPSec VPN

. The IPSec VPN submenu tabs display with the IKE Policies

screen for IPv4 in view (see

Figure 137

on page 218).

2.

Specify the IP version for which you want to edit an IKE policy:

•

IPv4

. In the upper right of the screen, the IPv4 radio button is already selected by

default. Go to

Step 3

.

•

IPv6

. Select the

IPv6

radio button. The IKE Policies screen for IPv6 displays.

3.

In the List of IKE Policies table, click the

Edit

table button to the right of the IKE policy that

you want to edit. The Edit IKE Policy screen displays. (The following figure shows only the

IKE SA Parameters section of the screen).

Table 61.

Keep-alive settings

Setting

Description

General

Enable Keepalive

Select the

Yes

radio button to enable the keep-alive feature. Periodically, the

wireless VPN firewall sends keep-alive requests (ping packets) to the remote

endpoint to keep the tunnel alive. You need to specify the ping IP address in the

Ping IP Address field, the detection period in the Detection Period field, and the

maximum number of keep-alive requests that the wireless VPN firewall sends in

the Reconnect after failure count field.

Ping IP Address

The IP address that the wireless VPN firewall pings. The

address should be of a host that can respond to ICMP ping

requests.

Detection Period

The period in seconds between the keep-alive requests. The

default setting is 10 seconds.

Reconnect after

failure count

The maximum number of keep-alive requests before the

wireless VPN firewall tears down the connection and then

attempts to reconnect to the remote endpoint. The default

setting is 3 keep-alive requests.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share