1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS328
    5. /
  5. 41
Page 201 / 224 Scroll up to view Page 196 - 200
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
NETGEAR VPN Client to NETGEAR the FVS328
H-5
December 2003, M-10041-01
3.
Click the
VPN Policies
link under the VPN category on the left side of the main menu. This
will take you to the VPN Policies Menu page. Click
Add
Auto Policy
. This will open a new
screen titled VPN – Auto Policy.
Figure H-3:
NETGEAR FVS328 VPN – Auto Policy
General settings
Enter a unique name to identify this policy. This name is not supplied to the remote VPN
endpoint. In our example, we use
VPNclient
as the Policy Name.
From the IKE policy drop-down box, select
VPNclient
which is the IKE Policy that was
set up in the earlier step.
Page 202 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
H-6
NETGEAR VPN Client to NETGEAR the FVS328
December 2003, M-10041-01
From the Remote VPN Endpoint Address Type drop-down box, select
IP Address
.
Type
0.0.0.0
as the Address Data of the client because we are assuming the remote PC will
have a dynamically assigned IP address. This will also be entered in the VPN Client
Internal Network IP Address field, as seen in
“My Identity” on page H-9
.
Type
86400
in the SA Life Time (Seconds) field.
Type
0
in the SA Life Time (Kbytes) field.
Check the
IPSec PFS
check box to enable Perfect Forward Secrecy. This will also be
entered in the VPN Client Security Policy Enable Perfect Forward Secrecy check box, as
seen in
“Security Policy” on page H-10
.
From the PFS Key Group drop-down box, select
Group 2 (1024 Bit)
. This will also be
entered in the VPN Client Security Policy PFS Key Group drop-down selection box, as
seen in
“Security Policy” on page H-10
.
From the Traffic Selector Local IP drop-down box, select
Subnet addresses
. This will
also be entered in the VPN Client Connection Remote Party Identity and Addressing ID
Type field, as seen in
“Security Policy Editor New Connection” on page H-8
.
Type the starting LAN IP Address of the FVS328 in the Local IP Start IP Address field.
For this example, we used
192.168.0.0
which is the default LAN IP address of the
FVS328
.
This will also be entered in the VPN Client Connection Remote Party Identity
and Addressing Subnet field, as seen in
“Security Policy Editor New Connection” on page
H-8
.
Type the LAN Subnet Mask of the FVS328 (
255.255.255.0
in our example) in the Local
IP Subnet Mask field. This will also be entered in the VPN Client Connection Remote
Party Identity and Addressing Mask field, as seen in
“Security Policy Editor New
Connection” on page H-8
.
From the Traffic Selector Remote IP drop-down box, select
Single addresses
.
Type
0.0.0.0
as the start IP Address of the in the Remote IP Start IP Address field because
we are assuming the remote PC will have a dynamically assigned IP address. This will
also be entered in the VPN Client My Identity Internal Network IP Address field, as seen
in
“My Identity” on page H-9
.
Select the
Enable Encryption
check box. This will also be selected in the VPN Client
Security Policy Key Exchange (Phase 2) Encapsulation Protocol (ESP) check box, as seen
in
“Connection Security Policy Key Exchange (Phase 2)” on page H-12
.
From the ESP Configuration Encryption Algorithm drop-down box, select
3DES
. This
will also be entered in the VPN Client Security Policy Key Exchange (Phase 2) Encrypt
Alg field, as seen in
“Connection Security Policy Key Exchange (Phase 2)” on page H-12
.
Page 203 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
NETGEAR VPN Client to NETGEAR the FVS328
H-7
December 2003, M-10041-01
Select
Enable Authentication
in the ESP Configuration Enable Authentication check
box.
Note
: Do not confuse this with the Authentication Protocol (AH) option. Using the AH
option will prevent clients behind a home NAT router from connecting.
From the ESP Configuration Authentication Algorithm drop-down box, select
SHA-1
.
This will also be entered in the VPN Client Security Policy Key Exchange (Phase 2) Hash
Alg field, as seen in
“Connection Security Policy Key Exchange (Phase 2)” on page H-12
.
Select the
NETBIOS Enable
check box to enable networking features like Windows
Network Neighborhood.
Click
Apply
to save your changes. You will be taken back to the VPN Policies Menu page.
4.
When the screen returns to the VPN Policies, make sure the Enable check box is selected.
Click
Apply
to save your changes.
Step-By-Step Configuration of the Netgear VPN Client B
This procedure describes linking a remote PC and a LAN. The LAN will connect to the Internet
using an FVS328 with a static IP address. The PC can be directly connected to the Internet through
dialup, cable or DSL modem, or other means, and we will assume it has a dynamically assigned IP
address.
1.
Install the Netgear VPN Client Software on the PC.
Note:
The Netgear ProSafe VPN Client has the ability to “Import” a predefined
configuration profile. The FVS328.SPD file on the FVS328 ProSafe VPN Firewall with
Dial Back-up
Resource CD (230-10041-01)
includes all the settings identified in this
procedure.
Whenever importing policy settings, you should first export any existing settings you
may have configured to prevent the new imported settings from replacing an existing
working configuration.
To import this policy, use the Security Policy Editor File menu to select Import Policy,
and select the FVS328.SPD file at D:\Software\Policies where D is the drive letter of
your CD-ROM drive.
Page 204 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
H-8
NETGEAR VPN Client to NETGEAR the FVS328
December 2003, M-10041-01
You may need to insert your Windows CD to complete the installation.
Reboot your PC after installing the client software.
2.
Configure the Connection Network Settings.
Figure H-4:
Security Policy Editor New Connection
a.
Run the Security Policy Editor program and create a VPN Connection.
Figure H-5:
Security Policy Editor Options menu
Note:
Before installing the Netgear VPN Client software, be sure to turn off any virus
protection or firewall software you may be running on your PC.
Page 205 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
NETGEAR VPN Client to NETGEAR the FVS328
H-9
December 2003, M-10041-01
Note
: If the configuration settings on this screen are not available for editing, go to the
Options menu, select Secure, and Specified Options to enable editing these settings.
From the Edit menu of the Security Policy Editor, click
Add
, then
Connection
. A “New
Connection” listing appears. Rename the “New Connection” to
FVS328
.
b.
ensure that the following settings are configured:
In the Connection Security box, Secure is selected.
In the Protocol menu, All is selected.
The Connect using Secure Gateway Tunnel check box is selected.
c.
In this example, select IP Subnet as the ID Type,
192.168.0.0
in the Subnet field (the
Subnet address is the LAN IP Address of the FVS328 with 0 as the last number), and
255.255.255.0 i
n the Mask field, which is the LAN Subnet Mask of the FVS328.
d.
In the ID Type menus, select
Domain Name
and
Gateway IP Address
. Enter
FVS328
in
the Domain Name field. In this example,
66.120.188.153
would be used for the Gateway
IP Address, which is the static IP address for the FVS328 WAN port.
3.
Configure the Connection Identity Settings.
a.
In the Network Security Policy list, click the My Identity subheading.
Figure H-6:
My Identity
In this example, select Domain Name as the ID Type, and enter
VPNclient
. Also, accept
the default Internal Network IP Address of 0.0.0.0.
Figure H-7:
My Identity Pre-Shared Key

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top