Page 111 / 240
Scroll up to view Page 106 - 110
ProSafe VPN Firewall 200 FVX538 Reference Manual
Virtual Private Networking
5-7
v1.0, March 2009
Use the VPN Wizard Configure the Gateway for a Client Tunnel
1.
From the main menu, go to
VPN > IPSec VPN > VPN Wizard
. The VPN Wizard
displays.
2.
Select
VPN Client
as your VPN tunnel connection.
3.
Create a
Connection Name
like “Client to GW1”.
This descriptive name is not supplied to the remote VPN client; it is only for your reference.
4.
Enter a
Pre-shared Key
; in this example, we are using
r3m0+eC1ient,
which must also be
entered in the VPN client software. The key length must be 8 characters minimum and cannot
exceed 49 characters.
5.
The public
Remote and Local Identifier
are automatically filled in by pre-pending the first
several letters of the model number of your gateway to form FQDNs used in the VPN policies.
In this example, we are using GW1_remote.com, and GW1_local.com.
Figure 5-8
•
VPN Client connection
•
Connection name
•
Pre-shared key:
r3m0+eC1ient
•
Remote identifier
•
Local identifier
Page 112 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
5-8
Virtual Private Networking
v1.0, March 2009
6.
Click
Apply
to save your settings: the VPN Policies page shows the policy is now enabled.
Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection
From a PC with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to
connect to the FVX538. Follow these steps to configure your VPN client.
1.
Right-click on the VPN client icon in your Windows toolbar, choose
Security Policy Editor,
and verify that the
Options > Secure > Specified Connections
selection is enabled.
Figure 5-9
Figure 5-10
Page 113 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Virtual Private Networking
5-9
v1.0, March 2009
2.
In the upper left of the Policy Editor window, click the New Document icon (the first on the
left) to open a New Connection. Give the New Connection a name; in this example, we are
using
gw1
.
Fill in the other options according to the instructions below.
•
Under Connection Security, verify that the Secure radio button is selected.
•
From the
ID Type
pull-down menu, choose
IP Subnet
.
•
Enter the LAN IP
Subnet Address
and
Subnet Mask
of the FVX538 LAN; in this
example, we are using 192.168.2.0.
•
Check the
Use
checkbox and choose
Secure Gateway Tunnel
from the pull-down menu.
•
From the
first
ID Type
pull-down menus, choose
Domain Name.
Enter the FQDN
address which the FVX538 VPN Wizard provided; in this example, we are using
gw1_local.com.
•
From the second
ID Type
pull-down menu, choose
Gateway IP Address
and enter the
WAN IP Gateway address of the FVX538; in this example, we are using 21.208.216.81.
Figure 5-11
Page 114 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
5-10
Virtual Private Networking
v1.0, March 2009
3.
In the left frame, click
My Identity
. Fill in the options according to the instructions below.
•
From the
Select Certificate
pull-down menu, choose
None
.
•
Click
Pre-Shared Key
to enter the key you provided in the VPN Wizard; in this example,
we are using
r3m0+eC1ient
.
•
From the ID Type pull-down menu, choose
Domain Name.
•
Leave
Virtual Adapter
disabled.
•
In
Network Adapter
select the adapter you will use; the IP address of the selected adapter
will display.
Figure 5-12
r3m0+eC1ient
Page 115 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Virtual Private Networking
5-11
v1.0, March 2009
4.
Verify the Security Policy settings; no changes are needed.
•
On the left, click
Security Policy
to view the settings: no changes are needed.
•
On the left, expand
Authentication (Phase 1)
and click
Proposal 1
:
no changes are
needed.
•
On the left, expand
Key Exchange (Phase 2)
and click
Proposal 1
. No changes are
needed.
5.
In the upper left of the window, click the disk icon to save the policy.
Figure 5-13
19216811.live