Home » Netgear Manuals » Bridges & Routers » Netgear DG834 » Manual Viewer

Netgear DG834 DG834v3 Reference Manual - Page 114

IPSec PFS Perfect Forward Secrecy, Fully Qualified User Name

UPC - 606449029109

Add to My Manuals
Save this manual to your list of manuals

Page 114 highlights

Reference Manual for the ADSL Modem Router DG834 v3 • Fully Qualified User Name-the name, E-mail address, or other ID of the remote VPN endpoint. Remote Identity Data-enter the data for the selection above. (If "IP Address" is selected, no input is required.) Parameters. Encryption Algorithm-encryption Algorithm used for both IKE and IPSec. This setting must match the setting used on the remote VPN Gateway. DES and 3DES are supported. • DES-the Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting these values using a 56 bit key. Faster but less secure than 3DES. • 3DES-(Triple DES) achieves a higher level of security by encrypting the data three times using DES with three different, unrelated keys. Authentication Algorithm-authentication Algorithm used for both IKE and IPSec. This setting must match the setting used on the remote VPN Gateway. Auto, MD5, and SHA-1 are supported. Auto negotiates with the remote VPN endpoint and is not available in responder-only mode. • MD5-128 bits, faster but less secure. • SHA-1 (default)-160 bits, slower but more secure. Pre-shared Key-the key must be entered both here and on the remote VPN Gateway. SA Life Time-this determines the time interval before the SA (Security Association) expires. (It will automatically be re-established as required.) While using a short time period (or data amount) increases security, it also degrades performance. It is common to use periods over an hour (3600 seconds) for the SA Life Time. This setting applies to both IKE and IPSec SAs. IPSec PFS (Perfect Forward Secrecy)-if enabled, security is enhanced by ensuring that the key is changed at regular intervals. Also, even if one key is broken, subsequent keys are no easier to break. (Each key has no relationship to the previous key.) This setting applies to both IKE and IPSec SAs. When configuring the remote endpoint to match this setting, you may have to specify the "Key Group" used. For this device, the "Key Group" is the same as the "DH Group" setting in the IKE section. 6-40 Virtual Private Networking (Advanced Feature) v1.1, October 2006

Section	Page
Reference Manual for the ADSL Modem Router DG834 v3	1
Contents	7
Chapter 1 About This Manual	11
Audience, Scope, Conventions, and Formats	11
How to Print this Manual	12
Chapter 2 Introduction	13
About the Modem Router	13
Key Features	14
A Powerful, True Firewall	14
Easy Installation and Management	15
Protocol Support	15
Virtual Private Networking (VPN)	17
Auto Sensing and Auto Uplink™ LAN Ethernet Connections	17
Content Filtering	17
Trend Micro Home Network Security	17
What’s in the Box?	18
The Modem Router’s Front Panel	19
The Router’s Rear Panel	20
Connecting the Router to the Internet	21
Chapter 3 Protecting Your Network	23
Protecting Access to Your DG834 ADSL Modem Router	23
How to Change the Built-In Password	23
Changing the Administrator Login Timeout	24
Configuring Basic Firewall Services	25
Blocking Keywords, Sites, and Services	25
How to Block Keywords and Sites	25
Firewall Rules	27
Inbound Rules (Port Forwarding)	28
Outbound Rules (Service Blocking)	31
Order of Precedence for Rules	33
Services	34
How to Define Services	34
Setting Times and Scheduling Firewall Services	35
How to Set Your Time Zone	35
How to Schedule Firewall Services	37
Trend Micro Home Network Security	37
Security Service Settings	38
Parental Controls Settings	40
Chapter 4 Managing Your Network	45
Backing Up, Restoring, or Erasing Your Settings	45
How to Back Up the Configuration to a File	45
How to Restore the Configuration from a File	46
How to Erase the Configuration	46
Upgrading the Modem Router’s Firmware	46
How to Upgrade the Modem Router Firmware	47
Network Management Information	48
Viewing Modem Router Status and Usage Statistics	48
Viewing Attached Devices	52
Viewing, Selecting, and Saving Logged Information	52
Examples of Log Messages	55
Enabling Security Event E-mail Notification	56
Running Diagnostic Utilities and Rebooting the Modem Router	57
Enabling Remote Management	58
Configuring Remote Management	59
Chapter 5 Advanced Configuration	61
Configuring Advanced Security	61
Setting Up A Default DMZ Server	62
Connect Automatically, as Required	63
Disable Port Scan and DOS Protection	63
Respond to Ping on Internet WAN Port	64
MTU Size	64
Configuring LAN IP Settings	64
DHCP	66
How to Configure LAN TCP/IP Settings	68
Configuring Dynamic DNS	68
How to Configure Dynamic DNS	69
Using Static Routes	70
Static Route Example	70
How to Configure Static Routes	71
Universal Plug and Play (UPnP)	73
Chapter 6 Virtual Private Networking (Advanced Feature)	75
Overview of VPN Configuration	75
Client-to-Gateway VPN Tunnels	76
Gateway-to-Gateway VPN Tunnels	76
Planning a VPN	77
VPN Tunnel Configuration	79
How to Set Up a Client-to-Gateway VPN Configuration	80
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the DG834 v3	80
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC	85
How to Set Up a Gateway-to-Gateway VPN Configuration	94
VPN Tunnel Control	101
Activating a VPN Tunnel	101
Verifying the Status of a VPN Tunnel	104
Deactivating a VPN Tunnel	106
Deleting a VPN Tunnel	108
How to Set Up VPN Tunnels in Special Circumstances	110
Using Auto Policy to Configure VPN Tunnels	110
Using Manual Policy to Configure VPN Tunnels	120
Chapter 7 Troubleshooting	125
Basic Functioning	125
Power LED Not On	126
Test LED Never Turns On or Test LED Stays On	126
LAN or Internet Port LEDs Not On	126
Troubleshooting the Web Configuration Interface	127
Troubleshooting the ISP Connection	128
ADSL link	128
Obtaining a WAN IP Address	129
Troubleshooting PPPoE or PPPoA	130
Troubleshooting Internet Browsing	131
Troubleshooting a TCP/IP Network Using the Ping Utility	131
Testing the LAN Path to Your Router	131
Testing the Path from Your Computer to a Remote Device	132
Restoring the Default Configuration and Password	133
Using the Reset button	133
Problems with Date and Time	134
Appendix A Technical Specifications	135
Appendix B NETGEAR VPN Configuration	137
DG834 v3 to FVL328	137
Configuration Profile	137
Step-By-Step Configuration	138
DG834 v3 with FQDN to FVL328	142
Configuration Profile	142
Step-By-Step Configuration	144
Configuration Summary (Telecommuter Example)	150
Setting Up the Client-to-Gateway VPN Configuration (Telecommuter Example)	151
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the VPN Router at the Employer’s Main Office	151
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter’s Home Office	153
Monitoring the VPN Tunnel (Telecommuter Example)	163
Viewing the PC Client’s Connection Monitor and Log Viewer	163
Viewing the VPN Router’s VPN Status and Log Information	164

Match case Limit results 1 per page

Reference Manual for the ADSL Modem Router DG834 v3

6-40

Virtual Private Networking (Advanced Feature)

v1.1, October 2006

•

Fully Qualified User Name

—

the name, E-mail address, or other ID of the remote VPN

endpoint.

Remote Identity Data

—enter the data for the selection above. (If "IP Address" is selected, no

input is required.)

Parameters.

Encryption Algorithm

—encryption Algorithm used for both IKE and IPSec. This

setting must match the setting used on the remote VPN Gateway. DES and 3DES are supported.

•

DES—the Data Encryption Standard (DES) processes input data that is 64 bits wide,

encrypting these values using a 56 bit key. Faster but less secure than 3DES.

•

3DES—(Triple DES) achieves a higher level of security by encrypting the data three times

using DES with three different, unrelated keys.

Authentication Algorithm

—authentication Algorithm used for both IKE and IPSec. This setting

must match the setting used on the remote VPN Gateway. Auto, MD5, and SHA-1 are supported.

Auto negotiates with the remote VPN endpoint and is not available in responder-only mode.

•

MD5—128 bits, faster but less secure.

•

SHA-1 (default)—160 bits, slower but more secure.

Pre-shared Key

—the key must be entered both here and on the remote VPN Gateway.

SA Life Time

—this determines the time interval before the SA (Security Association) expires. (It

will automatically be re-established as required.) While using a short time period (or data amount)

increases security, it also degrades performance. It is common to use periods over an hour (3600

seconds) for the SA Life Time. This setting applies to both IKE and IPSec SAs.

IPSec PFS (Perfect Forward Secrecy)

—if enabled, security is enhanced by ensuring that the key

is changed at regular intervals. Also, even if one key is broken, subsequent keys are no easier to

break. (Each key has no relationship to the previous key.)

This setting applies to both IKE and IPSec SAs. When configuring the remote endpoint to match

this setting, you may have to specify the "Key Group" used. For this device, the "Key Group" is

the same as the "DH Group" setting in the IKE section.