1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVX538
    5. /
  5. 28
Page 136 / 240 Scroll up to view Page 131 - 135
ProSafe VPN Firewall 200 FVX538 Reference Manual
5-32
Virtual Private Networking
v1.0, March 2009
4.
In the
General
section:
a.
Enter a description name in the Policy Name Field such as “salesperson”. This name will
be used as part of the remote identifier in the VPN client configuration.
b.
Set Direction/Type to Responder.
c.
The Exchange Mode will automatically be set to Aggressive.
5.
For Local information:
d.
Select Fully Qualified Domain Name for the Local Identity Type.
e.
Enter an identifier in the Remote Identity Data field that is not used by any other IKE
policies. This identifier will be used as part of the local identifier in the VPN client
configuration.
6.
Specify the IKE SA parameters. These settings must be matched in the configuration of the
remote VPN client. Recommended settings are:
Encryption Algorithm: 3DES
Authentication Algorithm: SHA-1
Diffie-Hellman: Group 2
SA Lifetime: 3600 seconds
7.
Enter a Pre-Shared Key that will also be configured in the VPN client.
8.
XAUTH is disabled by default. To enable XAUTH, select:
Edge Device
to use this router as a VPN concentrator where one or more gateway tunnels
terminate. (If selected, you must specify the
Authentication Type
to be used in verifying
credentials of the remote VPN gateways.)
IPsec Host
if you want this gateway to be authenticated by the remote gateway. Enter a
Username and Password to be associated with the IKE policy. When this option is chosen,
you will need to specify the user name and password to be used in authenticating this
gateway (by the remote gateway).
9.
If Edge Device was enabled, select the
Authentication Type
from the pull down menu which
will be used to verify account information: User Database, RADIUS-CHAP or RADIUS-PAP.
Users must be added through the User Database screen (see
“User Database Configuration” on
page 5-25
or
“RADIUS Client Configuration” on page 5-27
).
Note:
If RADIUS-PAP is selected, the router will first check the User Database to
see if the user credentials are available. If the user account is not present, the
router will then connect to the RADIUS server.
Page 137 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Virtual Private Networking
5-33
v1.0, March 2009
10.
Click
Apply.
The new policy will appear in the IKE Policies Table (a sample policy is shown
below)
Configuring the ProSafe VPN Client for ModeConfig
From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN
client connection.
To configure the client PC:
1.
Right-click the VPN client icon in the Windows toolbar. In the upper left of the Policy Editor
window, click the New Policy editor icon.
a.
Give the connection a descriptive name such as “modecfg_test” (this name will only be
used internally).
Figure 5-26
Page 138 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
5-34
Virtual Private Networking
v1.0, March 2009
b.
From the ID Type pull-down menu, select IP Subnet.
c.
Enter the IP Subnet and Mask of the VPN firewall (this is the LAN network IP address of
the gateway).
d.
Check the Connect using radio button and select Secure Gateway Tunnel from the pull-
down menu.
e.
From the ID Type pull-down menu, select Domain name and enter the FQDN of the VPN
firewall; in this example it is “local_id.com”.
f.
Select Gateway IP Address from the second pull-down menu and enter the WAN IP
address of the VPN firewall; in this example it is “172.21.4.1”.
2.
From the left side of the menu, click My Identity and enter the following information:
a.
Click
Pre-Shared Key
and enter the key you configured in the FVX538 IKE menu.
b.
From the Select Certificate pull-down menu, select None.
c.
From the ID Type pull-down menu, select Domain Name and create an identifier based on
the name of the IKE policy you created; for example “remote_id.com”.
Figure 5-27
Page 139 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
Virtual Private Networking
5-35
v1.0, March 2009
d.
Under Virtual Adapter pull-down menu, select Preferred. The Internal Network IP
Address should be 0.0.0.0.
e.
Select your Internet Interface adapter from the Name pull-down menu.
3.
On the left-side of the menu, select Security Policy.
a.
Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio
button.
b.
Check the Enable Perfect Forward Secrecy (PFS) radio button, and select the Diffie-
Hellman Group 2 from the PFS Key Group pull-down menu.
c.
Enable Replay Detection should be checked.
4.
Click on Authentication (Phase 1) on the left-side of the menu and select Proposal 1. Enter the
Authentication values to match those in the VPN firewall ModeConfig Record menu.
Note:
If no box is displayed for Internal Network IP Address, go to Options/
Global Policy Settings, and check the box for “Allow to Specify Internal
Network Address.”
Figure 5-28
remote_id.com
Page 140 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
5-36
Virtual Private Networking
v1.0, March 2009
5.
Click on Key Exchange (Phase 2) on the left-side of the menu and select Proposal 1. Enter the
values to match your configuration of the VPN firewall ModeConfig Record menu. (The SA
Lifetime can be longer, such as 8 hours (28800 seconds)).
6.
Click the Save icon to save the Security Policy and close the VPN ProSafe VPN client.
Figure 5-29
Figure 5-30

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top