NETGEAR FVS328 Router Manual PDF (Setup & Configuration Guide)

Page 196 / 224 Scroll up to view Page 191 - 195

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

G-12

NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328

December 2003, M-10041-01

Page 197 / 224

NETGEAR VPN Client to NETGEAR the FVS328

H-1

December 2003, M-10041-01

Appendix H

NETGEAR VPN Client

to NETGEAR the FVS328

Follow these procedures to configure a VPN tunnel from a NETGEAR ProSafe VPN Client to an

FVS328. This case study follows the Virtual Private Network Consortium (VPNC) interoperability

profile guidelines. The menu options for the FVS328, FVL328, and FWAG114 are the same.

Configuration Profile

The configuration in this document follows the addressing and configuration mechanics defined

by the VPN Consortium. Gather all the necessary information before you begin the configuration

process. Verify whether the firmware is up to date, all of the addresses that will be necessary, and

all of the parameters that need to be set on both sides. Check that there are no firewall restrictions.

Table H-1.

Summary

VPN Consortium Scenario:

Scenario 1

Type of VPN

PC/Client-to-Gateway

Security Scheme:

IKE with Preshared Secret/Key (not Certificate-based)

Date Tested:

December 2003

Model/Firmware Tested:

Gateway

NETGEAR FVS328 firmware v 1.0

Client

FVS328 ProSafe VPN Firewall with Dial Back-up v10.1

IP Addressing:

Gateway

Static IP address

Client

Dynamic

Page 198 / 224

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

H-2

NETGEAR VPN Client to NETGEAR the FVS328

December 2003, M-10041-01

Figure H-1:

Addressing and Subnet Used for Examples

Step-By-Step Configuration of FVS328 Gateway

1.

Log in to the FVS328 gateway as in the illustration.

Out of the box, the FVS328 is set for its default LAN address of

http://192.168.0.1

with its

default user name of

admin

and default password of

password

. Even though the remainder of

this document will refer to the FVS328, the login procedures and configuration menu screens

are the same for the FVS328 and the FWAG114.

Note:

Product updates are available on the NETGEAR Web site at

www.netgear.com/support/main.asp

. VPNC Interoperability guidelines can be found at

http://www.vpnc.org/InteropProfiles

.

Gateway

0.0.0.0

66.120.188.153

192.168.0.0

WAN IP

LAN IP

Network Addresses

Client

PC with NETGEAR

ProSafe VPN client

FVL328

Page 199 / 224

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

NETGEAR VPN Client to NETGEAR the FVS328

H-3

December 2003, M-10041-01

2.

Click

IKE Policies

under the VPN menu and click

Add

on the IKE Policies Menu.

Figure H-2:

NETGEAR FVS328 IKE Policy Configuration

–

Enter a descriptive name for the policy in the Policy Name field. This name is not supplied

to the remote VPN endpoint. It is used to help you manage the IKE policies. In our

example, we used

VPNclient

as the Policy Name.

–

From the Direction/Type drop-down box, select

Remote Access

.

–

From the Exchange Mode drop-down box, select

Aggressive Mode

. This will also be

selected in the VPN Client My Identity ID Type fields, as seen in

“Security Policy” on

page H-10

.

–

From the Local Identity drop-down box, select

Fully Qualified Domain Name

(the actual

WAN IP address of the FVS328 will also be used in the Connection ID Type fields of the

VPN Client as seen in

“Security Policy Editor New Connection” on page H-8

).

–

For this example we typed

FVS328

in the Local Identity Data field.

Page 200 / 224

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

H-4

NETGEAR VPN Client to NETGEAR the FVS328

December 2003, M-10041-01

–

From the Remote Identity drop-down box, select

Fully Qualified Domain Name

.

–

Type

VPNclient

in the Remote Identity Data. This will also be entered in the VPN Client

My Identity ID Type fields, as seen in

“My Identity” on page H-9

.

–

From the Encryption Algorithm drop-down box, select

3DES

. This will also be selected in

the VPN Client Security Policy Authentication Phase 1 Proposal 1 Encrypt Alg field, as

seen in

“Connection Security Policy Authentication (Phase 1)” on page H-11

.

–

From the Authentication Algorithm drop-down box, select

SHA-1

.This will also be

selected in the VPN Client Security Policy Authentication Phase 1 Proposal 1 Hash Alg

field, as seen in

“Connection Security Policy Authentication (Phase 1)” on page H-11

.

–

From the Authentication Method radio button, select

Pre-shared Key

. This will also be

selected in the VPN Client Security Policy Authentication Phase 1 Proposal 1

Authentication Method field, as seen in

“Connection Security Policy Authentication

(Phase 1)” on page H-11

.

–

In the Pre-Shared Key field, type

hr5xb84l6aa9r6

. You must make sure the key is the

same for both the client and the FVS328 Firewall. This will also be selected in the VPN

client Security Policy Authentication Phase 1 Proposal 1 Encrypt Alg field, as seen in

“Connection Identity Pre-Shared Key” on page H-10

.

–

From the Diffie-Hellman (DH) Group drop-down box, select

Group 2 (1024 Bit)

. This

will also be selected in the VPN Client Security Policy Authentication Phase 1 Proposal 1

Key Group field, as seen in

“Connection Security Policy Authentication (Phase 1)” on

page H-11

.

–

In the SA Life Time field, type

86400

.

Click

Apply

. This will bring you back to the IKE Policies Menu.The FVS328

IKE Policy is

now displayed in the IKE Policies page.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share