1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 55
Page 271 / 414 Scroll up to view Page 266 - 270
Virtual Private Networking Using SSL Connections
271
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Figure 165.
SSL VPN Client screen for IPv6
3.
Complete the settings as explained in the following table:
Table 67.
SSL VPN Client screen settings for IPv4 and IPv6
Setting
Description
Client IP Address Range
Enable Full Tunnel Support
Select this check box to enable full-tunnel support. If you leave this check box
cleared (which is the default setting), full-tunnel support is disabled but
split-tunnel support is enabled, and you need to add client routes (see
Add
Routes for VPN Tunnel Clients
on page 272).
Note:
When full-tunnel support is enabled, client routes are not operable.
DNS Suffix
A DNS suffix to be appended to incomplete DNS search strings. This setting
is optional.
Primary DNS Server
The IP address of the primary DNS server that is assigned to the VPN tunnel
clients. This setting is optional.
Note:
If you do not assign a DNS server, the DNS settings remain
unchanged in the SSL VPN client after a VPN tunnel has been established.
Secondary DNS Server
The IP address of the secondary DNS server that is assigned to the VPN
tunnel clients. This setting is optional.
Page 272 / 414
Virtual Private Networking Using SSL Connections
272
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
4.
Click
Apply
to save your settings. VPN tunnel clients are now able to connect to the wireless
VPN firewall and receive a virtual IP address in the client address range.
Add Routes for VPN Tunnel Clients
The VPN tunnel clients assume that the following networks are located across the
VPN-over-SSL tunnel:
The subnet that contains the client IP address (that is, PPP interface), as determined by
the class of the address (Class A, B, or C).
Subnets that are specified in the Configured Client Routes table on the SSL VPN Client
screen.
If the assigned client IP address range is in a different subnet from the local network, or if the
local network has multiple subnets, or if you select split-tunnel operation, you need to define
client routes.
To add an SSL VPN tunnel client route:
1.
Select
VPN > SSL VPN > SSL VPN Client
.
The SSL VPN Client screen for IPv4
displays (see
Figure 164
on page 270).
2.
Specify the IP version for which you want to add a route:
IPv4
. In the upper right of the screen, the IPv4 radio button is already selected by
default. Go to
Step 3
.
IPv6
. Select the
IPv6
radio button. The SSL VPN Client screen displays the IPv6
settings (see
Figure 165
on page 271).
IPv4 screen only
Client Address
Range Begin
The first IP address of the IPv4 address range that you
want to assign to the VPN tunnel clients. By default, the
first IPv4 address is 192.168.251.1.
Client Address
Range End
The last IP address of the IPv4 address range that you
want to assign to the VPN tunnel clients. By default, the
last IPv4 address is 192.168.251.254.
IPv6 screen only
Client IPv6
Address Range
Begin
The first IP address of the IPv6 address range that you
want to assign to the VPN tunnel clients. By default, the
first IPv6 address is 4000::1.
Client IPv6
Address Range
End
The last IP address of the IPv6 address range that you
want to assign to the VPN tunnel clients. By default, the
last IPv6 address is 4000::200.
Table 67.
SSL VPN Client screen settings for IPv4 and IPv6 (continued)
Setting
Description
Page 273 / 414
Virtual Private Networking Using SSL Connections
273
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
3.
In the Add Routes for VPN Tunnel Clients section of the screen, specify information in the
following fields:
Destination Network
. The destination network IPv4 or IPv6 address of a local
network or subnet. For example, for an IPv4 route, enter 192.168.4.20.
Subnet Mask / Prefix Length
. For an IPv4 route, the address of the appropriate
subnet mask; for an IPv6 route, the prefix length.
4.
Click the
Add
table button. The new client route is added to the Configured Client Routes
table.
If VPN tunnel clients are already connected, disconnect and then reconnect the clients on the
SSL VPN Connection Status screen (see
View the SSL VPN Connection Status
on
page 285). Doing so allows the clients to receive new addresses and routes.
To change the specifications of an existing route and to delete an old route:
1.
Add a new route to the Configured Client Routes table.
2.
In the Configured Client Routes table, to the right of the route that is out-of-date, click the
Delete
table button.
If an existing route is no longer needed, you can delete it.
Use Network Resource Objects to Simplify Policies
Network resources are groups of IP addresses, IP address ranges, and services. By defining
resource objects, you can more quickly create and configure network policies. You do not
need to redefine the same set of IP addresses or address ranges when you configure the
same access policies for multiple users.
Defining network resources is optional; smaller organizations can choose to create access
policies using individual IP addresses or IP networks rather than predefined network
resources. But for most organizations, NETGEAR recommends that you use network
resources. If your server or network configuration changes, you can perform an update
quickly by using network resources instead of individually updating all of the user and group
policies.
Add New Network Resources
The resource name and service are independent of the IP version. However, the resource
definition (see
Edit Network Resources to Specify Addresses
on page 274) is dependant on
the IP version because you can assign either an IPv4 or an IPv6 address or network.
To define a network resource:
1.
Select
VPN > SSL VPN > Resources
.
The Resources screen displays. (The following
figure shows some resources in the List of Resources table as an example.)
Page 274 / 414
Virtual Private Networking Using SSL Connections
274
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Figure 166.
2.
In the Add New Resource section of the screen, specify information in the following fields:
Resource Name
. A descriptive name of the resource for identification and
management purposes.
Service
. From the Service drop-down list, select the type of service to which the
resource applies:
-
VPN Tunnel
. The resource applies only to a VPN tunnel.
-
Port Forwarding
. The resource applies only to port forwarding.
-
All
. The resource applies both to a VPN tunnel and to port forwarding.
3.
Click the
Add
table button. The new resource is added to the List of Resources table.
To delete one or more network resources:
1.
Select the check box to the left of each network resource that you want to delete, or
click the
Select All
table button to select all network resources.
2.
Click the
Delete
table button.
Edit Network Resources to Specify Addresses
To edit network resources:
1.
Select
VPN > SSL VPN > Resources
.
The Resources screen displays (see the
previous figure, which shows some examples).
2.
In the List of Resources table, to the right of the new resource in the Action column, click the
Edit
table button. A new screen that lets you edit the resource displays the IPv4 settings.
(The following figure shows some examples.)
Page 275 / 414
Virtual Private Networking Using SSL Connections
275
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
3.
Specify the IP version for which you want to add a portal layout:
IPv4
. In the upper right of the screen, the IPv4 radio button is already selected by
default. Go to
Step 4
.
IPv6
. Select the
IPv6
radio button. The screen that lets you edit the resource displays
the IPv6 settings. This screen is identical to the screen for IPv4 (see the next screen,
which shows some examples).
Figure 167.
4.
Complete the settings as explained in the following table:
Table 68.
Resources screen settings to edit a resource
Setting
Description
Add Resource Addresses
Resource Name
The unique identifier for the resource. You cannot modify the resource name
after you have created it on the first Resources screen.
Service
The SSL service that is assigned to the resource. You cannot modify the
service after you have assigned it to the resource on the first Resources
screen.

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top