NETGEAR SRX5308 Router Manual PDF (Setup & Configuration Guide)

Page 211 / 469 Scroll up to view Page 206 - 210

Virtual Private Networking Using IPSec

and

L2TP Connections

211

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 133.

5.

Configure a VPN policy on the remote gateway that allows connection to the VPN firewall.

6.

Activate the IPSec VPN connection:

a.

Select

VPN > Connection Status

.

The Connection Status submenu tabs display with

the IPSec VPN Connection Status screen in view:

Figure 134.

b.

Locate the policy in the table, and click the

Connect

table button. The IPSec VPN

connection becomes active.

Note:

When using FQDNs, if the Dynamic DNS service is slow to update

its servers when your DHCP WAN address changes, the VPN tunnel

fails because the FQDNs do not resolve to your new address. If you

have the option to configure the update interval, set it to an

appropriately short time.

Page 212 / 469

Virtual Private Networking Using IPSec

and

L2TP Connections

212

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Create an IPv4 Client-to-Gateway VPN Tunnel with the

Wizard

Figure 135.

To configure a VPN client tunnel, follow the steps in the following sections:

•

Use the VPN Wizard to Configure the Gateway for a Client Tunnel

on page

212.

•

Use the NETGEAR VPN Client Wizard to Create a Secure Connection

on page

215

or

Manually Create a Secure Connection Using the NETGEAR VPN Client

on page

220.

Use the VPN Wizard to Configure the Gateway for a Client Tunnel



To set up a client-to-gateway VPN tunnel using the VPN Wizard:

1.

Select

VPN > IPSec VPN > VPN Wizard

.

In the upper right of the screen, the IPv4 radio

button is selected by default. The VPN Wizard screen displays the IPv4 settings. (The

following figure contains an example.)

Page 213 / 469

Virtual Private Networking Using IPSec

and

L2TP Connections

213

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 136.

To display the wizard default settings, click the

VPN Wizard default values

option arrow

in the upper right of the screen. A pop-up screen displays (see

Figure

127

on page

205),

showing the wizard default values. After you complete the wizard, you can modify these

settings for the tunnel policy that you have set up.

2.

Complete the settings as described in the following table:

Table 46.

IPSec VPN Wizard settings for a client-to-gateway tunnel

Setting

Description

About VPN Wizard

This VPN tunnel will connect

to the following peers

Select the

VPN Client

radio button. The default remote FQDN (remote.com)

and the default local FQDN (local.com) display in the End Point Information

section of the screen.

Connection Name and Remote IP Type

What is the new Connection

Name?

Enter a descriptive name for the connection. This name is used to help you

to manage the VPN settings; the name is not supplied to the VPN client.

What is the pre-shared key?

Enter a pre-shared key. The key needs to be entered both here and on the

remote VPN gateway, or the remote VPN client. This key needs to have a

minimum length of 8 characters and cannot exceed 49 characters.

Page 214 / 469

Virtual Private Networking Using IPSec

and

L2TP Connections

214

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

3.

Click

Apply

to save your settings. The IPSec VPN policy is now added to the List of VPN

Policies table on the VPN Policies screen for IPv4. By default, the VPN policy is enabled.

This VPN tunnel will use the

following local WAN Interface

Select a WAN interface from the drop-down list to specify which local WAN

interface the VPN tunnel uses as the local endpoint.

Select the

Enable RollOver?

check box to enable VPN rollover, and select

a WAN interface from the drop-down list to the right of the check box to

specify the interface to which the VPN rollover should occur.

Note:

If the VPN firewall is configured to function in WAN auto-rollover

mode, you can use the VPN Wizard to configure VPN rollover and do not

need to configure this manually.

End Point Information

a

What is the Remote Identifier

Information?

When you select the Client radio button in the About VPN Wizard section of

the screen, the default remote FQDN (remote.com) is automatically entered.

Use the default remote FQDN, or enter another FQDN.

Note:

The remote ID on the VPN firewall is the local ID on the VPN client.

It might be less confusing to configure an FQDN such as client.com as the

remote ID on the VPN firewall and then enter client.com as the local ID on

the VPN client.

What is the Local Identifier

Information?

When you select the Client radio button in the About VPN Wizard section of

the screen, the default local FQDN (local.com) is automatically entered. Use

the default local FQDN, or enter another FQDN.

Note:

The local ID on the VPN firewall is the remote ID on the VPN client.

It might be less confusing to configure an FQDN such as router.com as the

local ID on the VPN firewall and then enter router.com as the remote ID on

the VPN client.

Secure Connection Remote Accessibility

What is the remote LAN IP

Address?

These fields are masked out for VPN client connections.

What is the remote LAN

Subnet Mask?

a. Both local and remote endpoints should be defined as either FQDNs or IP addresses. A combination of

an IP address and an FQDN is not supported.

Table 46.

IPSec VPN Wizard settings for a client-to-gateway tunnel (continued)

Setting

Description

Page 215 / 469

Virtual Private Networking Using IPSec

and

L2TP Connections

215

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 137.

Note:

When you are using FQDNs, if the Dynamic DNS service is slow to

update its servers when your DHCP WAN address changes, the

VPN tunnel fails because the FQDNs do not resolve to your new

address. If you have the option to configure the update interval, set it

to an appropriately short time.

4.

Optional step: Collect the information that you need to configure the VPN client. You can

print the following table to keep track of this information.

Use the NETGEAR VPN Client Wizard to Create a Secure Connection

The VPN client lets you set up the VPN connection manually (see

Manually Create a Secure

Connection Using the NETGEAR VPN Client

on page

220) or with the integrated

Configuration Wizard, which is the easier and preferred method. The Configuration Wizard

configures the default settings and provides basic interoperability so that the VPN client can

easily communicate with the VPN firewall (or third-party VPN devices). The Configuration

Wizard does not let you enter the local and remote IDs, so you need to manually enter this

information.

Table 47.

Information required to configure the VPN client

Component

Enter the information that you collected

Example

Pre-shared key

I7!KL39dFG_8

Remote identifier information

remote.com

Local identifier information

local.com

Router’s LAN network IPv4 address

192.168.1.0

Router’s WAN IPv4 address

192.168.15.175

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share