Page 76 / 203
Scroll up to view Page 71 - 75
76
|
Chapter 5:
Virtual Private Networking Using IPsec
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Use the VPN Wizard Configure the Gateway for a Client Tunnel
1.
Select VPN > IPsec VPN from the menu.
2.
Click the
VPN Wizard
tab to display the VPN Wizard screen.
3.
Select
VPN Client
as your VPN tunnel connection.
4.
Create a
Connection Name
such as “Client to GW1”.
This descriptive name is not supplied to the remote VPN client; it is only for your
reference.
5.
Enter a
Pre-shared Key
; in this example, we are using r3m0+eC1ient, which must also
be entered in the VPN client software. The key length must be 8 characters minimum
and cannot exceed 49 characters.
6.
Choose which WAN port to use as the VPN tunnel end point.
Note:
If you are using a dual WAN rollover configuration, after completing
the wizard, you must manually update the VPN policy to enable VPN
rollover. This allows the VPN tunnel to roll over when the WAN Mode
is set to Auto Rollover. The wizard will not set up the VPN policy with
rollover enabled.
Page 77 / 203
Chapter 5:
Virtual Private Networking Using IPsec
|
77
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
7.
The public
Remote and Local Identifier
are automatically filled in by pre-pending the
first several letters of the model number of your gateway to form FQDNs used in the
VPN policies. In this example, we are using GW1_remote.com, and GW1_local.com.
Tip:
To assure tunnels stay active, after completing the wizard, manually edit
the VPN policy to enable keepalive which periodically sends ping
packets to the host on the peer side of the network to keep the tunnel
alive.
8.
Click
Apply
to save your settings: the VPN Policies screen shows the policy is now
enabled.
Use the NETGEAR VPN Client Security Policy Editor to Create a Secure
Connection
From a PC with the NETGEAR ProSafe VPN Client installed, configure a VPN client policy to
connect to the VPN firewall.
To configure your VPN client:
1.
Right-click on the VPN client icon in your Windows toolbar, choose
Security Policy
Editor,
and verify that the
Options
>
Secure
>
Specified Connections
selection is
enabled.
Figure 5-7
Verifying the Specified Connections setting in Windows
Page 78 / 203
78
|
Chapter 5:
Virtual Private Networking Using IPsec
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
2.
In the upper left of the Policy Editor window, click the New Document icon (the first on
the left) to open a New Connection. Give the New Connection a name; in this example,
we are using
gw1
.
Fill in the other options according to the instructions below.
•
Under Connection Security, verify that the Secure radio button is selected.
•
In the
ID Type
field, choose
IP Subnet
.
•
Enter the LAN IP
Subnet Address
and
Subnet Mask
of the VPN firewall LAN; in this
example, we are using 192.168.2.0.
•
Check the
Use
checkbox and choose
Secure Gateway Tunnel
from the drop-down
list.
•
In the
first
ID Type
field, choose
Domain Name.
Enter the FQDN address which the
VPN firewall VPN Wizard provided; in this example, we are using gw1_local.com.
•
In the second
ID Type
field, choose
Gateway IP Address
and enter the WAN IP
Gateway address of the VPN firewall; in this example, we are using 21.208.216.81.
Page 79 / 203
Chapter 5:
Virtual Private Networking Using IPsec
|
79
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
3.
In the left frame, click
My Identity
. Fill in the options according to the instructions below.
•
From the
Select Certificate
drop-down list, choose
None
.
•
Click
Pre-Shared Key
to enter the key you provided in the VPN Wizard; in this
example, we are using “r3m0+eClient”.
•
From the
ID Type
drop-down list, choose
Domain Name.
•
Leave
Virtual Adapter
disabled.
•
In
Network Adapter
select the adapter you will use; the IP address of the selected
adapter is displayed.
4.
Verify the Security Policy settings; no changes are needed.
Figure 5-8
Verifing Security Policy settings
•
On the left, click
Security Policy
to view the settings: no changes are needed.
Page 80 / 203
80
|
Chapter 5:
Virtual Private Networking Using IPsec
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
•
On the left, expand
Authentication (Phase 1)
and click
Proposal 1
:
no changes are
needed.
•
On the left, expand
Key Exchange (Phase 2)
and click
Proposal 1
. No changes are
needed.
5.
In the upper left of the window, click the disk icon to save the policy.
Testing the Connections and Viewing Status
Information
Both the NETGEAR VPN Client and the VPN firewall provide VPN connection and status
information. This information is useful for verifying the status of a connection and
troubleshooting problems with a connection.
NETGEAR VPN Client Status and Log Information
To test a client connection and view the status and log information, follow these steps.
1.
To test the client connection, from your PC, right-click on the VPN client icon in your
Windows toolbar and choose
Connect...
, then
My Connections\gw1
.
Within 30 seconds you should receive the message “Successfully connected to My
Connections\gw1”.
The VPN client icon in the system tray should state On:
2.
To view more detailed additional status and troubleshooting information from the
NETGEAR VPN client, follow these steps.
19216811.live