1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FWG114P
    5. /
  5. 30
Page 146 / 296 Scroll up to view Page 141 - 145
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
8-34
Virtual Private Networking
201-10301-02, May 2005
2.
Click
IKE Policies
under the VPN menu and click
Add
on the IKE Policies Menu.
Figure 8-23:
NETGEAR FWG114P v2 IKE Policy Configuration
Enter a descriptive name for the policy in the Policy Name field. This name is not supplied
to the remote VPN endpoint. It is used to help you manage the IKE policies. In our
example, we used
VPNclient
as the Policy Name.
From the Direction/Type drop-down box, select
Remote Access
.
From the Exchange Mode drop-down box, select
Aggressive Mode
. This will also be
selected in the VPN Client My Identity ID Type fields, as seen in
“Security Policy” on
page 8-41
.
From the Local Identity drop-down box, select
Fully Qualified Domain Name
(the actual
WAN IP address of the FWG114P v2 will also be used in the Connection ID Type fields of
the VPN Client as seen in
“Security Policy Editor New Connection” on page 8-39
).
For this example we typed
FWG114P v2
in the Local Identity Data field.
Page 147 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Virtual Private Networking
8-35
201-10301-02, May 2005
From the Remote Identity drop-down box, select
Fully Qualified Domain Name
.
Type
VPNclient
in the Remote Identity Data. This will also be entered in the VPN Client
My Identity ID Type fields, as seen in
“My Identity” on page 8-40
.
From the Encryption Algorithm drop-down box, select
3DES
. This will also be selected in
the VPN Client Security Policy Authentication Phase 1 Proposal 1 Encrypt Alg field, as
seen in
“Connection Security Policy Authentication (Phase 1)” on page 8-42
.
From the Authentication Algorithm drop-down box, select
SHA-1
.This will also be
selected in the VPN Client Security Policy Authentication Phase 1 Proposal 1 Hash Alg
field, as seen in
“Connection Security Policy Authentication (Phase 1)” on page 8-42
.
From the Authentication Method radio button, select
Pre-shared Key
. This will also be
selected in the VPN Client Security Policy Authentication Phase 1 Proposal 1
Authentication Method field, as seen in
“Connection Security Policy Authentication
(Phase 1)” on page 8-42
.
In the Pre-Shared Key field, type
hr5xb84l6aa9r6
. You must make sure the key is the
same for both the client and the FWG114P v2 Wireless Firewall/Print Server. This will
also be selected in the VPN client Security Policy Authentication Phase 1 Proposal 1
Encrypt Alg field, as seen in
“Connection Identity Pre-Shared Key” on page 8-41
.
From the Diffie-Hellman (DH) Group drop-down box, select
Group 2 (1024 Bit)
. This
will also be selected in the VPN Client Security Policy Authentication Phase 1 Proposal 1
Key Group field, as seen in
“Connection Security Policy Authentication (Phase 1)” on
page 8-42
.
In the SA Life Time field, type
86400
.
Click
Apply
. This will bring you back to the IKE Policies Menu.The FWG114P v2
IKE Policy
is now displayed in the IKE Policies page.
Page 148 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
8-36
Virtual Private Networking
201-10301-02, May 2005
3.
Click the
VPN Policies
link under the VPN category on the left side of the main menu. This
will take you to the VPN Policies Menu page. Click
Add
Auto Policy
. This will open a new
screen titled VPN – Auto Policy.
Figure 8-24:
VPN – Auto Policy
settings
Enter a unique name to identify this policy. This name is not supplied to the remote VPN
endpoint. In our example, we use
VPNclient
as the Policy Name.
From the IKE policy drop-down box, select
VPNclient
which is the IKE Policy that was
set up in the earlier step.
Page 149 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Virtual Private Networking
8-37
201-10301-02, May 2005
From the Remote VPN Endpoint Address Type drop-down box, select
IP Address
.
Type
0.0.0.0
as the Address Data of the client because we are assuming the remote PC will
have a dynamically assigned IP address. This will also be entered in the VPN Client
Internal Network IP Address field, as seen in
“My Identity” on page 8-40
.
Type
86400
in the SA Life Time (Seconds) field.
Type
0
in the SA Life Time (Kbytes) field.
Check the
IPSec PFS
check box to enable Perfect Forward Secrecy. This will also be
entered in the VPN Client Security Policy Enable Perfect Forward Secrecy check box, as
seen in
“Security Policy” on page 8-41
.
From the PFS Key Group drop-down box, select
Group 2 (1024 Bit)
. This will also be
entered in the VPN Client Security Policy PFS Key Group drop-down selection box, as
seen in
“Security Policy” on page 8-41
.
From the Traffic Selector Local IP drop-down box, select
Subnet addresses
. This will
also be entered in the VPN Client Connection Remote Party Identity and Addressing ID
Type field, as seen in
“Security Policy Editor New Connection” on page 8-39
.
Note:
Selecting ANY for the Traffic Selectors means all traffic goes through the IPSec
tunnel and prevents access to the Internet.
Type the starting LAN IP Address of the FWG114P v2 in the Local IP Start IP Address
field. For this example, we used
192.168.0.0
which is the default LAN IP address of the
FWG114P v2
.
This will also be entered in the VPN Client Connection Remote Party
Identity and Addressing Subnet field, as seen in
“Security Policy Editor New Connection”
on page 8-39
.
Type the LAN Subnet Mask of the FWG114P v2 (
255.255.255.0
in our example) in the
Local IP Subnet Mask field. This will also be entered in the VPN Client Connection
Remote Party Identity and Addressing Mask field, as seen in
“Security Policy Editor New
Connection” on page 8-39
.
From the Traffic Selector Remote IP drop-down box, select
Single addresses
.
Type
0.0.0.0
as the start IP Address of the in the Remote IP Start IP Address field because
we are assuming the remote PC will have a dynamically assigned IP address. This will
also be entered in the VPN Client My Identity Internal Network IP Address field, as seen
in
“My Identity” on page 8-40
.
Select the
Enable Encryption
check box. This will also be selected in the VPN Client
Security Policy Key Exchange (Phase 2) Encapsulation Protocol (ESP) check box, as seen
in
“Connection Security Policy Key Exchange (Phase 2)” on page 8-43
.
From the ESP Configuration Encryption Algorithm drop-down box, select
3DES
. This
will also be entered in the VPN Client Security Policy Key Exchange (Phase 2) Encrypt
Alg field, as seen in
“Connection Security Policy Key Exchange (Phase 2)” on page 8-43
.
Page 150 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
8-38
Virtual Private Networking
201-10301-02, May 2005
Select
Enable Authentication
in the ESP Configuration Enable Authentication check
box.
Note
: Do not confuse this with the Authentication Protocol (AH) option. Using the AH
option will prevent clients behind a home NAT router from connecting.
From the ESP Configuration Authentication Algorithm drop-down box, select
SHA-1
.
This will also be entered in the VPN Client Security Policy Key Exchange (Phase 2) Hash
Alg field, as seen in
“Connection Security Policy Key Exchange (Phase 2)” on page 8-43
.
Select the
NETBIOS Enable
check box to enable networking features like Windows
Network Neighborhood.
Click
Apply
to save your changes. You will be taken back to the VPN Policies Menu page.
4.
When the screen returns to the VPN Policies, make sure the Enable check box is selected.
Click
Apply
to save your changes.
Step-By-Step Configuration of the Netgear VPN Client
This procedure describes linking a remote PC and a LAN. The LAN will connect to the Internet
using an FWG114P v2 with a static IP address. The PC can be directly connected to the Internet
through dialup, cable or DSL modem, or other means, and we will assume it has a dynamically
assigned IP address.
Note:
The Netgear ProSafe VPN Client has the ability to “Import” a predefined
configuration profile. The FWG114P
V
2.SPD file on the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Resource CD for the ProSafe Wireless
802.11g
Firewall/Print Server Model FWG114P (SW-10023-03)
includes all the
settings identified in this procedure.
Whenever importing policy settings, you should first export any existing settings you
may have configured to prevent the new imported settings from replacing an existing
working configuration.
To import this policy, use the Security Policy Editor File menu to select Import Policy,
and select the FWG114P v2.SPD file at D:\Software\Policies where D is the drive letter
of your CD-ROM drive.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top