NETGEAR SRX5308 Router Manual PDF (Setup & Configuration Guide)

Page 201 / 469 Scroll up to view Page 196 - 200

201

5

5.

Virtual Private Networking Using

IPSec

and

L2TP Connections

This chapter describes how to use the IP security (IPSec) virtual private networking (VPN)

features of the VPN firewall to provide secure, encrypted communications between your local

network and a remote network or computer. The chapter contains the following sections:

•

Considerations for Dual WAN Port Systems

•

Use the IPSec VPN Wizard for Client and Gateway Configurations

•

Test the Connection and View Connection and Status Information

•

Manage IPSec VPN Policies

•

Configure Extended Authentication (XAUTH)

•

Assign IPv4 Addresses to Remote Users (Mode Config)

•

Configure Keep-Alives and Dead Peer Detection

•

Configure NetBIOS Bridging with IPSec VPN

•

Configure the PPTP Server

•

Configure the L2TP Server

Page 202 / 469

Virtual Private Networking Using IPSec

and

L2TP Connections

202

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Considerations for Dual WAN Port Systems

If two WAN ports are configured for either IPv4 or IPv6, you can enable either auto-rollover

mode for increased system reliability or load balancing mode for optimum bandwidth

efficiency. The selection of the WAN mode determines how you need to configure the VPN

features.

The use of fully qualified domain names (FQDNs) in VPN policies is mandatory when the

WAN ports function in auto-rollover mode or load balancing mode, and is also required for

VPN tunnel failover. When the WAN ports function in load balancing mode, you cannot

configure VPN tunnel failover. An FQDN is optional when the WAN ports function in load

balancing mode if the IP addresses are static, but mandatory if the WAN IP addresses are

dynamic.

See

Virtual Private Networks

on page

421 for more information about the IP addressing

requirements for VPNs in the dual WAN modes.

For information about how to select and configure a Dynamic DNS service for resolving

FQDNs, see

Configure Dynamic DNS

on page

49. For information about WAN mode

configuration, see

Configure the IPv4 WAN Mode

on page

29.

The following diagrams and table show how the WAN mode selection relates to VPN

configuration.

Figure 123.

Figure 124.

Rest of

VPN firewall

functions

VPN firewall

WAN port

functions

VPN firewall

rollover

control

Multiple WAN Port Model

WAN 1 port

WAN 2 port

Internet

Same FQDN required for both WAN ports

WAN auto-rollover: FQDN required for VPN

Rest of

VPN firewall

functions

VPN firewall

WAN port

functions

Load

balancing

control

Multiple WAN Port Model

WAN 1 port

WAN 2 port

Internet

FQDN required for dynamic IP addresses

WAN load balancing: FQDN optional for VPN

FQDN optional for static IP addresses

Page 203 / 469

Virtual Private Networking Using IPSec

and

L2TP Connections

203

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

The following table summarizes the WAN addressing requirements (FQDN or IP address) for

a VPN tunnel in either dual WAN mode.

Use the IPSec VPN Wizard for Client and Gateway

Configurations

You can use the IPSec VPN Wizard to configure multiple gateway or client VPN tunnel

policies.

The following sections provide wizard and NETGEAR ProSafe VPN Client software

configuration procedures:

•

Create an IPv4 Gateway-to-Gateway VPN Tunnel with the Wizard

on page

204

•

Create an IPv6 Gateway-to-Gateway VPN Tunnel with the Wizard

on page

208

•

Create an IPv4 Client-to-Gateway VPN Tunnel with the Wizard

on page

212

Note:

Although the VPN firewall supports IPv6, the NETGEAR ProSafe

VPN Client supports IPv4 only; a future release of the VPN Client

might support IPv6.

Configuring a VPN tunnel connection requires that you specify all settings on both sides of

the VPN tunnel to match or mirror each other precisely, which can be a daunting task. The

VPN Wizard efficiently guides you through the setup procedure with a series of questions that

determine the IPSec keys and VPN policies it sets up. The VPN Wizard also configures the

settings for the network connection: security association (SA), traffic selectors, authentication

algorithm, and encryption. The settings that the VPN Wizard uses are based on the

recommendations of the VPN Consortium (VPNC), an organization that promotes

multivendor VPN interoperability.

Table 43.

IP addressing for VPNs in dual WAN port systems

Configuration and WAN IP address

Rollover mode

a

a. After a rollover, all tunnels need to be reestablished using the new WAN IP address.

Load balancing mode

VPN Road Warrior

(client to gateway)

Fixed

FQDN required

FQDN Allowed (optional)

Dynamic

FQDN required

VPN Gateway-to-Gateway

(gateway to gateway)

Fixed

FQDN required

FQDN Allowed (optional)

Dynamic

FQDN required

VPN Telecommuter

(client to gateway through a

NAT router)

Fixed

FQDN required

FQDN Allowed (optional)

Dynamic

FQDN required

Page 204 / 469

Virtual Private Networking Using IPSec

and

L2TP Connections

204

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Create an IPv4 Gateway-to-Gateway VPN Tunnel with the

Wizard

Figure 125.



To set up an IPv4 gateway-to-gateway VPN tunnel using the VPN Wizard:

1.

Select

VPN > IPSec VPN > VPN Wizard

.

In the upper right of the screen, the IPv4 radio

button is selected by default. The VPN Wizard screen displays the IPv4 settings. (The

following screen contains some examples that do not relate to other examples in this

manual.)

Figure 126.

Page 205 / 469

Virtual Private Networking Using IPSec

and

L2TP Connections

205

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

To view the wizard default settings, click the

VPN Wizard default values

option arrow

in

the upper right of the screen. A pop-up screen displays (see the following figure),

showing the wizard default values. The default values are the same for IPv4 and IPv6.

Figure 127.

2.

Complete the settings as described in the following table:

Table 44.

IPSec VPN Wizard settings for an IPv4 gateway-to-gateway tunnel

Setting

Description

About VPN Wizard

This VPN tunnel will connect

to the following peers

Select the

Gateway

radio button. The local WAN port’s IP address or

Internet name displays in the End Point Information section of the screen.

Connection Name and Remote IP Type

What is the new Connection

Name?

Enter a descriptive name for the connection. This name is used to help you

to manage the VPN settings; the name is not supplied to the remote VPN

endpoint.

What is the pre-shared key?

Enter a pre-shared key. The key needs to be entered both here and on the

remote VPN gateway. This key needs to have a minimum length of

8

characters and should not exceed 49 characters.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share