NETGEAR FVX538 Router Manual PDF (Setup & Configuration Guide)

Page 106 / 240 Scroll up to view Page 101 - 105

ProSafe VPN Firewall 200 FVX538 Reference Manual

5-2

Virtual Private Networking

v1.0, March 2009

The diagrams and table below show how the WAN mode selection relates to VPN configuration.

Table 5-1

summarizes the WAN addressing requirements (FQDN or IP address) for your VPN

tunnel in either dual WAN mode.

Figure 5-1

Figure 5-2

Table 5-1.

IP Addressing for VPNs in Dual WAN Port Systems

Configuration and WAN IP address

Rollover Mode

a

a. All tunnels must be re-established after a rollover using the new WAN IP address.

Load Balancing Mode

VPN Road Warrior

(client-to-gateway)

Fixed

FQDN required

FQDN Allowed (optional)

Dynamic

FQDN required

VPN Gateway-to-Gateway

Fixed

FQDN required

FQDN Allowed (optional)

Dynamic

FQDN required

VPN Telecommuter

(client-to-gateway through

a NAT router)

Fixed

FQDN required

FQDN Allowed (optional)

Dynamic

FQDN required

Rest of

Firewall

Functions

Firewall

WAN Port

Functions

Firewall

Rollover

Control

Firewall

WAN 1 Port

WAN 2 Port

Internet

Same FQDN required for both WAN ports

WAN Auto-Rollover: FQDN Required for VPN

Rest of

Firewall

Functions

Firewall

WAN Port

Functions

Load

Balancing

Control

Firewall

WAN 1 Port

WAN 2 Port

Internet

FQDN required for dynamic IP addresses

WAN Load Balancing: FQDN Optional for VPN

FQDN optional for static IP addresses

Page 107 / 240

ProSafe VPN Firewall 200 FVX538 Reference Manual

Virtual Private Networking

5-3

v1.0, March 2009

Using the VPN Wizard for Client and Gateway Configurations

You use the VPN Wizard to configure multiple gateway or client VPN tunnel policies.

The section below provides wizard and NETGEAR

VPN Client

configuration procedures for the

following scenarios:

•

Using the wizard to configure a VPN tunnel between 2 VPN gateways

•

Using the wizard to configure a VPN tunnel between a VPN gateway and a VPN client

Configuring a VPN tunnel connection requires that all settings and parameters on both sides of the

VPN tunnel match or mirror each other precisely, which can be a daunting task. The VPN Wizard

efficiently guides you through the setup procedure with a series of questions that will determine

the IPsec keys and VPN policies it sets up. The VPN Wizard will also set the parameters for the

network connection: Security Association, traffic selectors, authentication algorithm, and

encryption. The parameters used by the VPN wizard are based on the recommendations of the

VPN Consortium (VPNC), an organization that promotes multi-vendor VPN interoperability.

Creating Gateway to Gateway VPN Tunnels with the Wizard

Follow these steps to set up a gateway VPN tunnel using the VPN Wizard.

Tip:

When using dual WAN port networks, use the VPN Wizard to configure the basic

parameters and them edit the VPN and IKE Policy screens for the various VPN

scenarios.

Figure 5-3

Page 108 / 240

ProSafe VPN Firewall 200 FVX538 Reference Manual

5-4

Virtual Private Networking

v1.0, March 2009

1.

Select

VPN > IPsec VPN > VPN Wizard

to display the VPN Wizard tab page.

To view the wizard default settings, click the VPN Default values link. You can modify these

settings after completing the wizard.

2.

Select

Gateway

as your connection type.

3.

Create a

Connection Name

. Enter a descriptive name for the connection. This name used to

help you manage the VPN settings; is not supplied to the remote VPN endpoint.

4.

Enter a

Pre-shared Key

. The key must be entered both here and on the remote VPN gateway,

or the remote VPN client. This key must be a minimum of 8 characters and should not exceed

49 characters.

5.

Choose which WAN port to use as the VPN tunnel end point.

6.

Enter the

Remote and Local WAN IP

Addresses or Internet Name

s of the gateways which

will connect.

Figure 5-4

Note:

If you are using a dual WAN rollover configuration, after completing the

wizard, you must manually update the VPN policy to enable VPN rollover.

This allows the VPN tunnel to roll over when the WAN Mode is set to Auto

Rollover. The wizard will not set up the VPN policy with rollover enabled.

•

Gateway connection

•

Connection name

•

Pre-shared key

•

Remote and local

WAN addresses

•

Remote LAN IP

address and subnet

Page 109 / 240

ProSafe VPN Firewall 200 FVX538 Reference Manual

Virtual Private Networking

5-5

v1.0, March 2009

•

Both the remote WAN address and your local WAN address are required.

•

The remote WAN IP address must be a public address or the Internet name of the remote

gateway. The

Internet name

is the Fully Qualified Domain Name (FQDN) as registered in

a Dynamic DNS service. Both local and remote endpoints should be defined as either

FQDN or IP addresses. A combination of IP address and FQDN is not allowed.

7.

Enter the local LAN IP and Subnet Mask of the remote gateway in the

Remote LAN IP

Address and Subnet Mask

fields.

8.

Click

Apply

to save your settings: the VPN Policies page shows the policy is now enabled.

9.

If you are connecting to another NETGEAR VPN firewall, use the VPN Wizard to configure

the second VPN firewall to connect to the one you just configured.

Tip:

To assure tunnels stay active, after completing the wizard, manually edit the

VPN policy to enable keepalive which periodically sends ping packets to

the host on the peer side of the network to keep the tunnel alive.

Tip:

For DHCP WAN configurations, first, set up the tunnel with IP addresses.

Once you validate the connection, use the wizard to create new policies

using FQDN for the WAN addresses.

Note:

The Remote LAN IP address

must

be in a different subnet than the Local LAN

IP address. For example, if the local subnet is 192.168.1.x, then the remote

subnet could be 192.168.10.x. but

could not

be 192.168.1.x. If this information

is incorrect, the tunnel will fail to connect.

Figure 5-5

Page 110 / 240

ProSafe VPN Firewall 200 FVX538 Reference Manual

5-6

Virtual Private Networking

v1.0, March 2009

After both firewalls are configured, go to

VPN > IPsec VPN > Connection Status

to display

the status of your VPN connections.

The tunnel will automatically establish when both the local and target gateway policies are

appropriately configured and enabled,

Creating a Client to Gateway VPN Tunnel

Follow these steps to configure the a VPN client tunnel:

•

Configure the client policies on the gateway.

•

Configure the VPN client to connect to the gateway.

Figure 5-6

Note:

When using FQDN, if the dynamic DNS service is slow to update their servers

when your DHCP WAN address changes, the VPN tunnel will fail because the

FQDN does not resolve to your new address. If you have the option to

configure the update interval, set it to an appropriately short time.

Figure 5-7

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share