1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS336Gv2
    5. /
  5. 22
Page 106 / 203 Scroll up to view Page 101 - 105
106
|
Chapter 6:
Virtual Private Networking Using SSL
New Template Style Guide Reference Manual
4.
Click
Add
. The “Operation Succeeded” message appears at the top of the tab, and the
new application entry is listed in the
List of Configured Applications for Port
Forwarding
table.
5.
Repeat this process to add other applications for use in port forwarding.
Adding A New Host Name
Once the server IP address and port information has been configured, remote users will be
able to access the private network servers using Port Forwarding. As a convenience for
users, you can also specify host name to IP address resolution for the network servers. Host
Name Resolution allows users to access TCP applications at familiar addresses such as
mail.example.com
or
ftp.example.com
rather than by IP addresses.
To add a host name for client name resolution:
1.
Select the
Port Forwarding
tab, shown in the previous section
“Adding Servers”
on
page 105.
2.
If the server you want to name does not appear in the
List of Configured Applications
for Port Forwarding
table, you must add it before you can rename it.
3.
In the
Add New Host Name for Port Forwarding
section of the screen, enter the IP
address of the server you want to name.
4.
In the
Fully Qualified Domain Name
field, enter the full server name.
5.
Click
Add
. The “Operation Succeeded” message appears at the top of the tab, and the
new entry is listed in the
List of Configured Host Names
.
for Port Forwarding
table.
Remote users can now securely access network applications once they have logged into the
SSL VPN portal and launched Port Forwarding.
Configuring the SSL VPN Client
The SSL VPN Client within the network storage will assign IP addresses to remote VPN
tunnel clients. Because the VPN tunnel connection is a point-to-point connection, you can
assign IP addresses from the corporate subnet to the remote VPN tunnel clients.
Some additional considerations are:
So that the virtual (PPP) interface address of a VPN tunnel client does not conflict with
addresses on the corporate network, configure an IP address range that does not directly
overlap with addresses on your local network. For example, if 192.168.1.1
through
192.168.1.100 are currently assigned to devices on your local network, then start the
client address range at 192.168.1.101 or choose an entirely different subnet altogether.
The VPN tunnel client cannot contact a server on the corporate network if the VPN tunnel
client’s Ethernet interface shares the same IP address as the server or the <Product
Name> (for example, if your laptop has a network interface IP address of 10.0.0.45, then
you will not be able to contact a server on the remote network that also has the IP
address 10.0.0.45).
Page 107 / 203
Chapter 6:
Virtual Private Networking Using SSL
|
107
New Template Style Guide Reference Manual
If you assign an entirely different subnet to the VPN tunnel clients than the subnet used
by the corporate network, you must:
-
Add a client route to configure the VPN tunnel client to connect to the corporate
network using the VPN tunnel.
-
Create a static route on the corporate network’s firewall to forward local traffic
intended for the VPN tunnel clients to the <Product Name>.
Select whether you want to enable full tunnel or split tunnel support based on your
bandwidth:
-
Full tunnel. Sends all of the client’s traffic across the VPN tunnel.
-
Split tunnel. Sends only traffic destined for the corporate network based on the
specified client routes. All other traffic is sent to the Internet. Split tunnel allows you to
manage your company bandwidth by reserving the VPN tunnel only for corporate
traffic.
Configuring the Client IP Address Range
Determine the address range to be assigned to VPN tunnel clients, then define the address
range.
To configure the client IP address range:
1.
Select VPN > SSL VPN from the menu, and then select the
SSL VPN Client
tab.
2.
Select
Enable Full Tunnel Support
unless you want split tunneling.
3.
(Optional) Enter a
DNS Suffix
to be appended to incomplete DNS search strings.
4.
Enter Primary and Secondary DNS Server IP addresses to be assigned to the VPN
tunnel clients.
Page 108 / 203
108
|
Chapter 6:
Virtual Private Networking Using SSL
New Template Style Guide Reference Manual
5.
In the
Client Address Range Begin
field, enter the first IP address of the IP address
range.
6.
In the
Client Address Range End
field, enter the last IP address of the IP address
range.
7.
Click
Apply
.
The “Operation Successful” message appears at the top of the tab.
VPN tunnel clients are now able to connect to the <Product Name> and receive a virtual IP
address in the client address range.
Adding Routes for VPN Tunnel Clients
The VPN Tunnel Clients assume that the following networks are located across the VPN over
SSL tunnel:
The subnet containing the client IP address (PPP interface), as determined by the class
of the address (Class A, B, or C).
Subnets specified in the Configured Client Routes table.
If the assigned client IP address range is in a different subnet than the corporate network or if
the corporate network has multiple subnets, you must define Client Routes.
To add an SSL VPN Tunnel client route:
1.
Access the SSL VPN Client screen shown in the previous section
“Configuring the Client
IP Address Range”
on page 107.
2.
In the
Add Routes for VPN Tunnel Clients
section, enter the destination network IP
address of a local area network or subnet. For example, enter 192.168.0.0.
3.
Enter the appropriate
Subnet Mask
.
4.
Click
Add
.
The “Operation Successful” message appears at the top of the tab and the new client
route is listed in the Configured Client Routes table.
Note:
You must also add a static route on your corporate firewall that
directs local traffic destined for the VPN tunnel client address range
to the <Product Name>.
Restart the <Product Name> if VPN tunnel clients are currently connected. Restarting forces
clients to reconnect and receive new addresses and routes.
Page 109 / 203
Chapter 6:
Virtual Private Networking Using SSL
|
109
New Template Style Guide Reference Manual
Replacing and Deleting Client Routes
If an existing route is no longer needed, or if the specifications of an existing route need to be
changed, follow these steps:
1.
Make a new entry with the correct specifications. (This step is not applicable if you only
want to delete the route.)
2.
In the
Configured Client Routes
table, click the
Delete
button adjacent to the
out-of-date route entry.
Using Network Resource Objects to Simplify Policies
Network resources are groups of IP addresses, IP address ranges, and services. By defining
resource objects, you can more quickly create and configure network policies. You will not
need to redefine the same set of IP addresses or address ranges when configuring the same
access policies for multiple users.
Defining network resources is optional; smaller organizations can choose to create access
policies using individual IP addresses or IP networks rather than predefined network
resources. But for most organizations, we recommend that you use network resources. If
your server or network configuration changes, by using network resources you can perform
an update quickly instead of individually updating all of the user and group policies.
Adding New Network Resources
To define a network resource:
1.
Select VPN > SSL VPN from the main men, and then select the
Resources
tab.
2.
In the
Add New Resource
section, type the (qualified) resource name in the
Resource
Name
field.
3.
From the
Service
drop-down list, select the type of service to which the resource will
apply: either VPN Tunnel or Port Forwarding.
4.
Click
Add
.
Page 110 / 203
110
|
Chapter 6:
Virtual Private Networking Using SSL
New Template Style Guide Reference Manual
The “Operation Successful” message appears at the top of the tab, and the newly-added
resource name appears on the
Defined Resource Addresses
table.
5.
Next to the new resource, click the
Edit
button. The Add Resource Addresses screen is
displayed.
6.
From the
Object Type
drop-down list, select one of the following:
IP Address
. Enter an IP address or fully qualified domain name in the
IP
Address/Name
field.
IP Network
.
Enter the IP network address in the
Network Address
field. Enter the
mask length in the
Mask Length
(0-31) field.
7.
Enter the
Port Range or Port Number
for the IP Address or IP Network you selected.
8.
Click
Apply
to add the IP address or IP network to the resource. The new configuration
appears in the
Defined Resource Addresses
table, as shown in .
Configuring User, Group, and Global Policies
An administrator can define and apply user, group and global policies to predefined network
resource objects, IP addresses, address ranges, or all IP addresses and to different SSL
VPN services. A specific hierarchy is invoked over which policies take precedence.
The <Product Name> policy hierarchy is defined as:
1.
User Policies take precedence over all group policies.
2.
Group Policies take precedence over all global policies.
3.
If two or more user, group or global policies are configured,
the most specific policy
takes precedence.
For example, a policy configured for a single IP address takes precedence over a policy
configured for a range of addresses. And a policy that applies to a range of IP addresses

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top