1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS338
    5. /
  5. 20
Page 96 / 178 Scroll up to view Page 91 - 95
FVS338 ProSafe VPN Firewall 50 Reference Manual
5-6
Virtual Private Networking
v1.0, September 2006
Manual
. All settings (including the keys) for the VPN tunnel are manually input at each end
(both VPN endpoints). No third party server or organization is involved.
Auto
. Some parameters for the VPN tunnel are generated automatically by using the IKE
(Internet Key Exchange) protocol to perform negotiations between the two VPN endpoints
(the Local ID Endpoint and the Remote ID Endpoint).
In addition, a CA (Certificate Authority) can also be used to perform authentication (see
“Certificates” on page 5-33
). To use a CA, each VPN Gateway must have a Certificate from the
CA. For each Certificate, there is both a “Public Key” and a “Private Key”. The “Public Key” is
freely distributed, and is used to encrypt data. The receiver then uses their “Private Key” to decrypt
the data (without the Private Key, decryption is impossible). CAs can be beneficial since using
them reduces the amount of data entry required on each VPN Endpoint.
VPN Policy Operation
The VPN Policies screen allows you to add additional policies—either Auto or Manual—and to
manage the VPN policies already created. You can edit policies, enable or disable them, or delete
them entirely. The rules for VPN policy use conform to:
1.
Traffic covered by a policy will automatically be sent via a VPN tunnel.
2.
The VPN tunnel is created according to the parameters in the SA (Security Association).
3.
The remote VPN Endpoint must have a matching SA, or it will refuse the connection.
VPN Policy Table
When you use the VPN Wizard to set up a VPN tunnel, both a VPN Policy and an IKE Policy is
established and populated in both Tables on the VPN Policies screen. The name you selected as the
VPN Tunnel connection name during Wizard setup identifies both the VPN Policy and IKE Policy.
You can also edit exiting policies, add new VPN policies directly or change the policy hierarchy to
the Policy Table. The Policy Table contains the following fields:
! (Status)
. Indicates whether the policy is enabled (green circle) or disabled (grey circle). To
Enable or Disable a Policy, check the radio box adjacent to the circle and click
Enable
or
Disable
, as required.
Name
. Each policy is given a unique name (the Connection Name when using the VPN
Wizard). Client Policies are annotated by an “*”.
Type
. The Type is “Auto” or “Manual” as described previously (Auto is used during VPN
Wizard configuration).
Page 97 / 178
FVS338 ProSafe VPN Firewall 50 Reference Manual
Virtual Private Networking
5-7
v1.0, September 2006
Local
. IP address (either a single address, range of address or subnet address) on your local
LAN. Traffic must be from (or to) these addresses to be covered by this policy. (Subnet
address is the default IP address when using the VPN Wizard).
Remote
. IP address or address range of the remote network. Traffic must be to (or from) these
addresses to be covered by this policy. (The VPN Wizard default requires the remote LAN IP
address and subnet mask for a gateway policy).
AH
. Authentication Header. This specifies the authentication protocol for the VPN header
(VPN Wizard default is disabled).
ESP
. Encapsulating Security Payload. This specifies the encryption protocol used for the VPN
data (VPN Wizard default is enabled).
VPN Tunnel Connection Status
Recent VPN tunnel activity is shown on the
IPSec Connection Status
screen (accessed by
selecting
VPN
from the main menu and
Connection Status
from the submenu).You can set a Poll
Interval (in seconds) to check the connection status of all active IKE Policies to obtain the latest
VPN tunnel activity. The Active IPSec (SA)s table also lists current data for each active IPSec SA
(Security Association):
Policy Name.
The name of the VPN policy associated with this SA.
Endpoint
. The IP address on the remote VPN Endpoint.
Tx (KBytes)
. The amount of data transmitted over this SA.
Tx (Packets).
The number of packets transmitted over this SA.
State
. The current state of the SA. Phase 1 is “Authentication phase” and Phase 2 is “Key
Exchange phase”.
Action
. Allows you to terminate or build the SA (connection), if required.
Page 98 / 178
FVS338 ProSafe VPN Firewall 50 Reference Manual
5-8
Virtual Private Networking
v1.0, September 2006
Creating a VPN Gateway Connection: Between FVS338 and
FVX538
This section describes how to configure a VPN connection between a NETGEAR FVS338 VPN
Firewall and a NETGEAR FVX538 VPN Firewall.
Using each firewall's VPN Wizard, we will create a set of policies (IKE and VPN) that will allow
the two firewalls to connect from locations with fixed IP addresses. Either firewall can initiate the
connection.
This procedure was developed and tested using:
Netgear FVS338 VPN Firewall
WAN IP address: 10.1.32.41
LAN IP address subnet:192.168.1.1/255.255.255.0
Netgear FVX538 VPN Firewall
WAN1 IP address: 10.1.0.118
LAN IP address subnet: 192.168.2.1/255.255.255.0
Configuring the FVS338
To configure the FVS338 using the VPN Wizard:
1.
Select
VPN
from the main menu and
VPN Wizard
from the submenu. The
VPN Wizard
screen will display.
2.
Check the
Gateway
radio box to establish a gateway-to-gateway VPN tunnel.
3.
Give the new connection a name such as
to_fvx.
4.
Enter a value for the pre-shared key.
5.
Enter the WAN IP address or Internet name of the remote WAN and the WAN IP Address or
Internet name of the local WAN. The address type must match.
6.
Enter the remote LAN IP address and subnet mask.
7.
Click
Apply
to create the IKE and VPN policies.
Page 99 / 178
FVS338 ProSafe VPN Firewall 50 Reference Manual
Virtual Private Networking
5-9
v1.0, September 2006
The
IKE Policies
screen will display showing the new “to_fvx” policy.
You can view the IKE parameters by clicking
Edit
in the
Action
column adjacent to the “to-
fvs” policy. It should not be necessary to make any changes.
Figure 5-1
Figure 5-2
Page 100 / 178
FVS338 ProSafe VPN Firewall 50 Reference Manual
5-10
Virtual Private Networking
v1.0, September 2006
Click the
IKE Policies
tab to view the corresponding IKE Policy. The
IKE Policies
screen
will display.
You can view the VPN parameters by clicking
Edit
in the
Actions
column adjacent to
“to_fvx”. It should not be necessary to make any changes
Figure 5-3
Figure 5-4

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top