NETGEAR SRXN3205 Router Manual PDF (Setup & Configuration Guide)

Page 101 / 218 Scroll up to view Page 96 - 100

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

Firewall Security and Content Filtering

5-27

v1.0, October 2008

–

Protocol: Indicates the network protocol (i.e. HTTP, FTP, etc.) used by the device to

connect to the VPN firewall.

–

Int. Port (Internal Port): Indicates if any internal ports are opened by the UPnP device.

–

Ext. Port (External Port): Indicates if any external ports are opened by the UPnP device.

–

IP Address: List the IP address of the UPnP device accessing the VPN firewall.

E-Mail Notifications of Event Logs and Alerts

The Firewall Logs can be configured to log and then e-mail denial of access, general attack

information, and other information to a specified e-mail address. For example, your VPN firewall

will log security-related events such as: accepted and dropped packets on different segments of

your LAN; denied incoming and outgoing service requests; hacker probes and login attempts; and

other general information based on the settings you input on the

Firewall Logs & E-mail

menu. In

addition, if you have set up Content Filtering on the Block Sites screen (see

“Setting Block Sites

(Content Filtering)” on page 5-18

), a log will be generated when someone on your network tries to

access a blocked site.

To configure e-mail or syslog notification, or to view the logs, see

“Activating Notification of

Events and Alerts” on page 11-3

.

Administrator Tips

Consider the following operational items:

1.

As an option, you can enable remote management if you have to manage distant sites from a

central location (see

“Enabling Remote Management Access” on page 9-10

).

2.

Although rules are the basic way of managing the traffic through your system (see

“Using

Rules & Services to Block or Allow Traffic” on page 5-2

), you can further refine your control

with the following optional features of the firewall:

•

Groups and hosts (see

“Managing Groups and Hosts (LAN Groups)” on page 3-4

)

•

Services (see

“Services-Based Rules” on page 5-2

)

•

Schedules (see

“Setting Schedules to Block or Allow Traffic” on page 5-17

)

•

Block sites (see

“Setting Block Sites (Content Filtering)” on page 5-18

)

•

Source MAC filtering (see

“Enabling Source MAC Filtering (Address Filter)” on page 5-

20

)

•

Port triggering (see

“Enabling Port Triggering” on page 5-23

)

Page 102 / 218

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

5-28

Firewall Security and Content Filtering

v1.0, October 2008

Page 103 / 218

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

Virtual Private Networking Using IPsec

6-1

v1.0, October 2008

Chapter 6

Virtual Private Networking Using IPsec

This chapter describes how to use the IPsec virtual private networking (VPN) features of the

ProSafe Wireless-N VPN Firewall to provide secure, encrypted communications between your

local network and a remote network or computer.

This chapter contains the following sections:

•

“Using the VPN Wizard for Client and Gateway Configurations”

•

“Creating Gateway to Gateway VPN Tunnels with the Wizard”

•

“Creating a Client to Gateway VPN Tunnel with the Wizard”

•

“Viewing or Modifying IKE and VPN Policy Settings”

•

“Managing VPN Tunnel Policies”

•

“Manually Assigning IP Addresses to Remote Users (ModeConfig)”

•

“Extended Authentication (XAUTH) Configuration”

Using the VPN Wizard for Client and Gateway Configurations

Configuring a VPN tunnel connection requires that all settings and parameters on both sides of the

VPN tunnel match or mirror each other precisely, which can be a daunting task. The VPN Wizard

efficiently guides you through the setup procedure with a series of questions that will determine

the IPsec keys and VPN policies it sets up. The VPN Wizard will also set the parameters for the

network connection: Security Association, traffic selectors, authentication algorithm, and

encryption. The parameters used by the VPN wizard are based on the recommendations of the

VPN Consortium (VPNC), an organization that promotes multi-vendor VPN interoperability.

The section below provides wizard and NETGEAR

VPN Client

configuration procedures for the

following scenarios:

•

Using the wizard to configure a VPN tunnel between 2 VPN gateways

•

Using the wizard to configure a VPN tunnel between a VPN gateway and a VPN client

Page 104 / 218

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

6-2

Virtual Private Networking Using IPsec

v1.0, October 2008

Creating Gateway to Gateway VPN Tunnels with the Wizard

You can configure multiple gateway VPN tunnel policies through the VPN Wizard. You can also

set up multiple remote VPN client policies through the VPN Wizard.

To set up a gateway VPN Tunnel using the VPN Wizard:

1.

Select

VPN > IPsec VPN

from the main/submenu.

2.

Click the

VPN Wizard

tab and the VPN Wizard screen displays.

To view the wizard default settings, click the VPN Default values link. You can modify these

settings after completing the wizard.

3.

Select

Gateway

as your

VPN tunnel connection

.

4.

Create a

Connection Name

. Enter an appropriate name for the connection. This name is not

supplied to the remote VPN endpoint. It is used to help you manage the VPN settings.

5.

Enter a

Pre-shared Key

. The key must be entered both here and on the remote VPN gateway,

or the remote VPN client. This key should be minimum of 8 characters and should not exceed

49 characters. This method does not require using a CA (Certificate Authority).

Figure 6-1

Page 105 / 218

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

Virtual Private Networking Using IPsec

6-3

v1.0, October 2008

6.

Enter the

Remote WAN IP

Address or Internet Name

of the gateway to which you want to

connect.

•

Both the remote WAN address and your local WAN address are required.

•

The remote WAN IP address must be a public address or the Internet name of the remote

gateway. The

Internet name

is the Fully Qualified Domain Name (FQDN) as registered in

a Dynamic DNS service (see

“Configuring Dynamic DNS” on page 2-11

). Both local and

remote endpoints should be defined as either FQDN or IP addresses. A combination of IP

address and FQDN is not permissible.

7.

Enter the

Local WAN IP Address or FQDN

of your SRXN3205.

The Local WAN IP address is used in the IKE negotiation phase. The WAN IP address

assigned by your ISP may display automatically. You can modify the address to use your

FQDN.

8.

Enter the

Remote LAN IP Address and Subnet Mask

of the remote gateway.

The Remote LAN IP address information you input on this screen is the local LAN IP and

Subnet Mask of the remote gateway. If this information is incorrect, the tunnel will fail to

connect.

Click the

VPN Wizard Default Values

option arrow at the top right of the screen to view the

recommended VPNC parameters that will be used for additional settings configured by the

Wizard. You can always modify the default settings after completing the wizard. If you do

modify those settings, you will have to make the same modifications on both of the gateway

units.

9.

Click

Apply

to save your settings.

The

VPN Policies

screen is displayed showing the new policy as enabled.

Click

Edit

in the

Action

column adjacent to the policy to view or modify your policy settings.

Note:

When the SRXN3205 is online, this IP address is automatically filled in.

Tip:

The Remote LAN IP address

must

be in a different subnet than the Local LAN

IP address. For example, if the local subnet is 192.168.1.x, then the remote

subnet could be 192.168.10.x. but

could not

be 192.168.1.x.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share