1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS336Gv3
    5. /
  5. 20
Page 96 / 203 Scroll up to view Page 91 - 95
96
|
Chapter 5:
Virtual Private Networking Using IPsec
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
2.
Click the
VPN Policies
tab, then click the
Edit
button next to the desired VPN policy.
3.
In the
General
section of the Edit VPN Policy screen, locate the keepalive configuration
settings, as shown in .
4.
Click the
Yes
radio button to enable keepalive.
5.
In the
Ping IP Address
boxes, enter an IP address on the remote LAN. This must be
the address of a host that can respond to ICMP ping requests.
6.
Enter the
Detection Period
to set the time between ICMP ping requests. The default is
10 seconds.
7.
In
Reconnect after failure count
, set the number of consecutive missed responses that
will be considered a tunnel connection failure. The default is 3 missed responses. When
the VPN firewall senses a tunnel connection failure, it forces a reestablishment of the
tunnel.
8.
Click
Apply
at the bottom of the screen.
Configuring Dead Peer Detection
The Dead Peer Detection feature maintains the IKE SA by exchanging periodic messages
with the remote VPN peer. To configure Dead Peer Detection on a configured IKE policy,
follow these steps:
1.
Select VPN > Policies from the menu.
2.
Click the
IKE Policies
tab, then click the
Edit
button next to the desired VPN policy.
Page 97 / 203
Chapter 5:
Virtual Private Networking Using IPsec
|
97
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
3.
In the
IKE SA Parameters
section of the Edit IKE Policy screen, locate the Dead Peer
Detection configuration settings, as shown in .
4.
Click the
Yes
radio button to
Enable Dead Peer Detection
.
5.
Enter the
Detection Period
to set the interval between consecutive DPD R-U-THERE
messages. DPD R-U-THERE messages are sent only when the IPSec traffic is idle. The
default is 10 seconds.
6.
In
Reconnect after failure count
, set the number of DPD failures allowed before
tearing down the connection. The default is 3 failures. When the VPN firewall senses an
IKE connection failure, it deletes the IPSec and IKE Security Association and forces a
reestablishment of the connection.
7.
Click
Apply
at the bottom of the screen.
Configuring NetBIOS Bridging with VPN
Windows networks use the Network Basic Input/Output System (NetBIOS) for several basic
network services such as naming and neighborhood device discovery. Because VPN routers
do not normally pass NetBIOS traffic, these network services do not work for hosts on
opposite ends of a VPN connection. To solve this problem, you can configure the VPN
firewall to bridge NetBIOS traffic over the VPN tunnel.
To enable NetBIOS bridging on a configured VPN tunnel:
1.
Select VPN > Policies from the menu.
2.
Click the
VPN Policies
tab, then click the
Edit
button next to the desired VPN policy.
Page 98 / 203
98
|
Chapter 5:
Virtual Private Networking Using IPsec
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
3.
In the
General
section of the Edit VPN Policy screen, click the
Enable NetBIOS
checkbox.
4.
Click
Apply
at the bottom of the screen.
Page 99 / 203
Chapter 6:
Virtual Private Networking Using SSL
|
99
Virtual Private Networking Using SSL
6
The NETGEAR <Product Name> <Product Model Number> provides a hardware-based SSL
VPN solution designed specifically to provide remote access for mobile users to their corporate
resources, bypassing the need for a pre-installed VPN client on their computers. Using the
familiar Secure Sockets Layer (SSL) protocol, commonly used for e-commerce transactions, the
network storage can authenticate itself to an SSL-enabled client, such as a standard web
browser. Once the authentication and negotiation of encryption information is completed, the
server and client can establish an encrypted connection. With support for 10 concurrent
sessions, users can easily access the remote network for a customizable, secure, user portal
experience from virtually any available platform.
This chapter contains the following sections:
Understanding the Portal Options
” on this page.
“Planning for SSL VPN”
on page 100.
“Creating the Portal Layout”
on page 101.
“Configuring Domains, Groups, and Users”
on page 104.
“Configuring Applications for Port Forwarding”
on page 104.
“Configuring the SSL VPN Client”
on page 106.
“Using Network Resource Objects to Simplify Policies”
on page 109.
“Configuring User, Group, and Global Policies”
on page 110.
Understanding the Portal Options
The network storage’s SSL VPN portal offers two levels of SSL service to the remote user:
VPN Tunnel
The network storage can provide the full network connectivity of a VPN tunnel using the
remote user’s browser in the place of a traditional IPsec VPN client. The SSL capability of
the user’s browser provides authentication and encryption, establishing a secure
connection to the <Product Name>.
Page 100 / 203
100
|
Chapter 6:
Virtual Private Networking Using SSL
New Template Style Guide Reference Manual
Upon successful connection, an ActiveX-based SSL VPN client is downloaded to the
remote PC that will allow the remote user to virtually join the corporate network. The SSL
VPN Client provides a PPP (point-to-point) connection between the client and the
<Product Name>, and a virtual network interface is created on the user’s PC. The
<Product Name> will assign the PC an IP address and DNS server IP addresses,
allowing the remote PC to access network resources in the same manner as if it were
connected directly to the corporate network, subject to any policy restrictions configured
by the administrator.
Port Forwarding
Like VPN Tunnel, Port Forwarding is a web-based client that installs transparently and
then creates a virtual, encrypted tunnel to the remote network. However, Port Forwarding
differs from VPN Tunnel in several ways. For example, Port Forwarding:
-
Only supports TCP connections, not UDP or other IP protocols.
-
Detects and reroutes individual data streams on the user’s PC to the Port Forwarding
connection rather than opening up a full tunnel to the corporate network.
-
Offers more fine grained management than VPN Tunnel. The administrator defines
individual applications and resources that will be available to remote users.
The SSL VPN portal can present the remote user with one or both of these SSL service
levels, depending on the configuration by the administrator.
Planning for SSL VPN
To set up and activate SSL VPN connections, you will perform these basic steps in this order:
1.
Edit the existing SSL Portal or create a new one.
When remote users log in to the SSL <Product Name>, they see a portal page that you
can customize to present the resources and functions that you choose to make available.
2.
Create one or more authentication domains for authentication of SSL VPN users.
When remote users log in to the SSL <Product Name>, they must specify a domain to
which their login account belongs. The domain determines the authentication method to
be used and the portal layout that will be presented, which in turn determines the network
resources to which they will have access. Because you must assign a portal layout when
creating a domain, the domain is created after you have created the portal layout.
3.
Create one or more groups for your SSL VPN users.
When you define the SSL VPN policies that determine network resource access for your
SSL VPN users, you can define global policies, group policies, or individual policies.
Because you must assign an authentication domain when creating a group, the group is
created after you have created the domain.
4.
Create one or more SSL VPN user accounts.
Because you must assign a group when creating a SSL VPN user account, the user
account is created after you have created the group.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top