1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRXN3205
    5. /
  5. 28
Page 136 / 218 Scroll up to view Page 131 - 135
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
7-8
Virtual Private Networking Using SSL
v1.0, October 2008
1.
Select VPN > SSL VPN from the main/submenu, and then select the Port Forwarding tab. The
Port Forwarding screen display.
2.
In the
Add New Application for Port Forwarding
section, enter the IP address of an internal
server or host computer.
3.
In the
TCP Port
field, enter the TCP port number of the application to be tunneled. The table
below lists many commonly used TCP applications and port numbers.
Figure 7-4
Table 7-1.
Port Forwarding Applications/TCP Port Numbers
TCP Application
Port Number
FTP Data (usually not needed)
20
FTP Control Protocol
21
SSH
22
a
a. Users can specify the port number together with
the host name or IP address.
Telnet
23
a
SMTP (send mail)
25
HTTP (web)
80
POP3 (receive mail)
110
NTP (network time protocol)
123
Citrix
1494
Terminal Services
3389
VNC (virtual network computing)
5900 or 5800
Page 137 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Virtual Private Networking Using SSL
7-9
v1.0, October 2008
4.
Click
Add
.
The “Operation succeeded” message appears at the top of the tab, and the new application
entry is listed in the
List of Configured Applications
.
5.
Repeat this process to add other applications for use in Port Forwarding.
Adding A New Host Name
Once the server IP address and port information has been configured, remote users will be able to
access the private network servers using Port Forwarding. As a convenience for users, you can also
specify host name to IP address resolution for the network servers. Host Name Resolution allows
users to access TCP applications at familiar addresses such as
mail.example.com
or
ftp.example.com
rather than by IP addresses.
To add a host name for client name resolution, follow these steps:
1.
Select the Port Forwarding tab, shown in
Figure 7-4
.
2.
If the server you want to name does not appear in the
List of Configured Applications for
Port Forwarding
, you must add it before you can rename it.
3.
In the
Add New Host Name for Port Forwarding
section, enter the IP address of the server
you want to name.
4.
In the
Fully Qualified Domain Name
field, enter the full server name.
5.
Click
Add
.
The “Operation succeeded” message appears at the top of the tab, and the new entry is listed in
the
List of Configured Host Names
.
Remote users can now securely access network applications once they have logged into the SSL
VPN portal and launched Port Forwarding.
Configuring the SSL VPN Client
The SSL VPN Client within the SRXN3205 will assign IP addresses to remote VPN tunnel clients.
Because the VPN tunnel connection is a point-to-point connection, you can assign IP addresses
from the corporate subnet to the remote VPN tunnel clients.
Some additional considerations are:
Page 138 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
7-10
Virtual Private Networking Using SSL
v1.0, October 2008
So that the virtual (PPP) interface address of a VPN tunnel client does not conflict with
addresses on the corporate network, configure an IP address range that does not directly
overlap with addresses on your local network. For example, if 192.168.1.1
through
192.168.1.100 are currently assigned to devices on your local network, then start the client
address range at 192.168.1.101 or choose an entirely different subnet altogether.
The VPN tunnel client cannot contact a server on the corporate network if the VPN tunnel
client’s Ethernet interface shares the same IP address as the server or the firewall (for example,
if your laptop has a network interface IP address of 10.0.0.45, then you won’t be able to
contact a server on the remote network that also has the IP address 10.0.0.45).
If you assign an entirely different subnet to the VPN tunnel clients than the subnet used by the
corporate network, you must
Add a client route to configure the VPN tunnel client to connect to the corporate network
using the VPN tunnel.
Create a static route on the corporate network’s firewall to forward local traffic intended
for the VPN tunnel clients to the firewall.
Select whether you want to enable full tunnel or split tunnel support based on your bandwidth:
Full tunnel. Sends all of the client’s traffic across the VPN tunnel.
Split tunnel. Sends only traffic destined for the corporate network based on the specified
client routes. All other traffic is sent to the Internet. Split tunnel allows you to manage
your company bandwidth by reserving the VPN tunnel for corporate traffic only.
Page 139 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Virtual Private Networking Using SSL
7-11
v1.0, October 2008
Configuring the Client IP Address Range
Determine the address range to be assigned to VPN tunnel clients, then define the address range.
To configure the client IP address range:
1.
Select
VPN
>
SSL VPN
from the main/submenu, and then select the SSL VPN Client tab. The
SSL VPN Client screen displays.
2.
Select
Enable Full Tunnel Support
unless you want split tunneling.
3.
(Optional) Enter a
DNS Suffix
to be appended to incomplete DNS search strings.
4.
Enter Primary and Secondary DNS Server IP addresses to be assigned to the VPN tunnel
clients.
5.
In the
Client Address Range Begin
field, enter the first IP address of the IP address range.
6.
In the
Client Address Range End
field, enter the last IP address of the IP address range.
7.
Click
Apply
.
The “Operation succeeded” message appears at the top of the tab.
VPN tunnel clients are now able to connect to the firewall and receive a virtual IP address in the
client address range.
Figure 7-5
Note:
In split tunneling, appropriate client routes must be added to allow traffic to be
directed through the VPN tunnel. In full tunneling, all traffic is forwarded
through the tunnel, including Internet traffic; client routes are not required.
Page 140 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
7-12
Virtual Private Networking Using SSL
v1.0, October 2008
Adding Routes for VPN Tunnel Clients
The VPN Tunnel Clients assume that the following networks are located across the VPN over the
SSL tunnel:
The subnet containing the client IP address (PPP interface), as determined by the class of the
address (Class A, B, or C).
Subnets specified in the Configured Client Routes table.
If the assigned client IP address range is in a different subnet than the corporate network, or the
corporate network has multiple subnets, you must define Client Routes.
To add an SSL VPN Tunnel client route, follow these steps:
1.
Access the SSL VPN Client tab shown in
Figure 7-5
.
2.
In the
Add Routes
section, enter the Destination Network IP address of a local area network
or subnet. For example, enter 192.168.0.0.
3.
Enter the appropriate
Subnet Mask
.
4.
Click
Add
.
The “Operation succeeded” message appears at the top of the tab and the new client route is
listed in the Configured Client Routes table.
Restart the firewall if VPN tunnel clients are currently connected. Restarting forces clients to
reconnect and receive new addresses and routes.
Replacing and Deleting Client Routes
If the specifications of an existing route need to be changed, follow these steps:
1.
Make a new entry with the correct specifications.
2.
In the
Configured Client Routes
table, click the
Delete
button in the actions column.
3.
If an existing route is no longer needed for any reason, you can delete it.
Note:
VPN client routs need to be added in split tunnel mode only.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top