NETGEAR SRX5308 Router Manual PDF (Setup & Configuration Guide)

Page 221 / 469 Scroll up to view Page 216 - 220

Virtual Private Networking Using IPSec

and

L2TP Connections

221

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Configure the Authentication Settings (Phase 1 Settings)



To create new authentication settings:

1.

Right-click the VPN client icon in your Windows system tray, and select

Configuration

Panel

. The Configuration Panel screen displays:

Figure 144.

2.

In the tree list pane of the Configuration Panel screen, right-click

VPN Configuratio

n, and

select

New Phase 1

.

Figure 145.

3.

Change the name of the authentication phase (the default is Gateway):

a.

Right-click the authentication phase name.

b.

Select

Rename

.

c.

Type

vpn_client

.

d.

Click anywhere in the tree list pane.

Page 222 / 469

Virtual Private Networking Using IPSec

and

L2TP Connections

222

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Note:

This is the name for the authentication phase that is used only for the

VPN client, not during IKE negotiation. You can view and change this name in

the tree list pane. This name needs to be a unique name.

The Authentication pane displays in the

Configuration Panel screen, with the

Authentication tab selected by default.

Figure 146.

4.

Specify the settings that are described in the following table.

Table 49.

VPN client authentication settings

Setting

Description

Interface

Select

Any

from the drop-down list.

Remote Gateway

Enter the remote IP address or DNS name of the VPN firewall. For example, enter

192.168.15.175

.

Preshared Key

Select the

Preshared Key

radio button. Enter the pre-shared key that you already

specified on the VPN firewall. For example, enter

I7!KL39dFG_8

. Confirm the key in

the Confirm field.

IKE

Encryption

Select the

3DES

encryption algorithm from the drop-down list.

Authentication

Select the

SHA1

authentication algorithm from the drop-down list.

Key Group

Select the

DH2 (1024)

key group from the drop-down list.

Note:

On the VPN firewall, this key group is referred to as

Diffie-Hellman Group 2 (1024 bit).

Page 223 / 469

Virtual Private Networking Using IPSec

and

L2TP Connections

223

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

5.

Click

Apply

to use the new settings immediately, and click

Save

to keep the settings for

future use.

6.

Click the

Advanced

tab in the Authentication pane. The Advanced pane displays:

Figure 147.

7.

Specify the settings that are described in the following table.

Table 50.

VPN client advanced authentication settings

Setting

Description

Advanced features

Aggressive Mode

Select this check box to enable aggressive mode as the mode of negotiation with

the VPN firewall.

NAT-T

Select

Automatic

from the drop-down list to enable the VPN client and VPN

firewall to negotiate NAT-T.

Page 224 / 469

Virtual Private Networking Using IPSec

and

L2TP Connections

224

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

8.

Click

Apply

to use the new settings immediately, and click

Save

to keep the settings for

future use.

Create the IPSec Configuration (Phase 2 Settings)

Note:

On the VPN firewall, the IPSec configuration (phase 2 settings) is

referred to as the IKE settings.



To create an IPSec configuration:

1.

In the tree list pane of the Configuration Panel screen, right-click the

vpn_client

authentication phase name, and select

New Phase 2

.

2.

Change the name of the IPSec configuration (the default is Tunnel):

a.

Right-click the IPSec configuration name.

b.

Select

Rename

.

c.

Type

netgear_platform

.

d.

Click anywhere in the tree list pane.

Note:

This is the name for the IPSec configuration that is used only for the

VPN client, not during IPSec negotiation. You can view and change this name

in the tree list pane. This name needs to be a unique name.

The IPSec pane displays in the Configuration Panel screen, with the IPSec tab selected

by default:

Local and Remote ID

Local ID

As the type of ID, select

DNS

from the Local ID drop-down list because you

specified FQDN in the VPN firewall configuration.

As the value of the ID, enter

remote.com

as the local ID for the VPN client.

Note:

The remote ID on the VPN firewall is the local ID on the VPN client. It might

be less confusing to configure an FQDN such as client.com as the remote ID on

the VPN firewall and then enter client.com as the local ID on the VPN client.

Remote ID

As the type of ID, select

DNS

from the Remote ID drop-down list because you

specified an FQDN in the VPN firewall configuration.

As the value of the ID, enter

local.com

as the remote ID for the VPN firewall.

Note:

The local ID on the VPN firewall is the remote ID on the VPN client. It might

be less confusing to configure an FQDN such as router.com as the local ID on the

VPN firewall and then enter router.com as the remote ID on the VPN client.

Table 50.

VPN client advanced authentication settings (continued)

Setting

Description

Page 225 / 469

Virtual Private Networking Using IPSec

and

L2TP Connections

225

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 148.

3.

Specify the settings that are described in the following table.

Table 51.

VPN client IPSec configuration settings

Setting

Description

VPN Client address

Either enter

0.0.0.0

as the IP address, or enter a virtual IP address that the VPN

client uses in the VPN firewall’s LAN; the computer (for which the VPN client

opened a tunnel) appears in the LAN with this IP address.

Address Type

Select

Subnet address

from the drop-down list. This selection defines which

addresses the VPN client can communicate with after the VPN tunnel is

established.

Remote LAN address

Enter

192.168.1.0

as the remote IP address (that is, LAN network address) of the

gateway that opens the VPN tunnel.

Subnet mask

Enter

255.255.255.0

as the remote subnet mask of the gateway that opens the VPN

tunnel.

ESP

Encryption

Select

3DES

as the encryption algorithm from the drop-down list.

Authentication

Select

SHA-1

as the authentication algorithm from the drop-down

list.

Mode

Select

Tunnel

as the encapsulation mode from the drop-down list.

PFS and Group

Select the

PFS

check box, and select the

DH2 (1024)

key group from the

drop-down list.

Note:

On the VPN firewall, this key group is referred to as Diffie-Hellman Group

2

(1024 bit).

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share