Netgear DG834Gv1 DG834Gv2 Reference Manual
Netgear DG834Gv1 - 54 Mbps Wireless ADSL Firewall Modem Manual
 |
View all Netgear DG834Gv1 manuals
Add to My Manuals
Save this manual to your list of manuals |
Netgear DG834Gv1 manual content summary:
- Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 1
Reference Manual for the Model Wireless ADSL Firewall Router DG834G NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Phone 1-888-NETGEAR 202-10006-05 June 2005 202-10006-05, June 2005 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 2
Trademarks NETGEAR is a trademark of Netgear, Inc. Microsoft, Windows, and Windows NT and used in accordance with the instructions, may cause harmful interference to radio Importeurs Es wird hiermit bestätigt, daß das DG834G Wireless ADSL Firewall Router gemäß der im BMPT-AmtsblVfg 243/1991 und - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 3
TV receiver, it may become the cause of radio interference. Read instructions for correct handling. Customer Support Refer to the Support Information Card that shipped with your DG834G Wireless ADSL Firewall Router. World Wide Web NETGEAR maintains a World Wide Web home page that you can access at - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 4
iv 202-10006-05, June 2005 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 5
This Manual 1-2 How to Print this Manual 1-3 Chapter 2 Introduction About the Router ...2-1 Key Features ...2-1 A Powerful, True Firewall 2-2 802.11 Standards-based Wireless Networking 2-2 Easy Installation and Management 2-3 Protocol Support ...2-3 Virtual Private Networking (VPN 2-5 Content - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 6
the DG834G to Your LAN 3-5 How to Connect the Router 3-5 Auto-Detecting Your Internet Connection Type 3-9 Wizard-Detected PPPoE Login Account Setup 3-10 Wizard-Detected PPPoA Login Account Setup 3-11 Wizard-Detected Dynamic IP Account Setup 3-11 Wizard-Detected IP Over ATM Account Setup 3-12 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 7
5 Protecting Your Network Protecting Access to Your DG834G Wireless ADSL Firewall Router 5-1 How to Change the Built-In Password 5-1 Changing the Administrator Login Timeout 5-2 Configuring Basic Firewall Services 5-2 Blocking Keywords, Sites, and Services 5-3 How to Block Keywords and Sites - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 8
to Configure a Default DMZ Server 7-2 Connect Automatically, as Required 7-3 Disable Port Scan and DOS Protection 7-3 Respond to Ping on Internet WAN Port 7-3 MTU Size ...7-3 Configuring LAN IP Settings 7-3 DHCP ...7-5 Use Router as DHCP server 7-5 Reserved IP addresses 7-6 How to Configure - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 9
Connection 9-4 ADSL link ...9-4 WAN LED Blinking Yellow 9-4 WAN LED Off ...9-4 Obtaining a WAN IP Address 9-5 Troubleshooting PPPoE or PPPoA 9-6 Troubleshooting Internet Browsing 9-6 Troubleshooting a TCP/IP Network Using the Ping Utility 9-7 Testing the LAN Path to Your Router 9-7 Testing - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 10
Default Configuration and Password 9-9 Using the Reset button 9-9 Problems with Date and Time 9-9 Appendix A Technical Specifications Appendix B Network and Routing Basics Related Publications ...B-1 Basic Router Concepts B-1 What is a Router B-1 Routing Information Protocol B-2 IP Addresses - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 11
for Windows Computers C-19 Obtaining ISP Configuration Information for Macintosh Computers C-20 Restarting the Network C-21 Appendix D Wireless Networking Basics Wireless Networking Overview D-1 Infrastructure Mode D-1 Ad Hoc Mode (Peer-to-Peer Workgroup D-2 Network Name: Extended Service Set - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 12
Interface Addressing E-7 Firewalls ...E-8 Setting Up a VPN Tunnel Between Gateways E-8 VPNC IKE Security Parameters E-10 VPNC IKE Phase I Parameters E-10 VPNC IKE Phase II Parameters E-11 Testing and Troubleshooting E-11 Additional Reading ...E-11 Appendix F NETGEAR VPN Configuration DG834G to - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 13
Example F-13 Setting Up the Client-to-Gateway VPN Configuration (Telecommuter Example) .........F-14 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the VPN Router at the Employer's Main Office F-14 Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 14
xiv Contents 202-10006-05, June 2005 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 15
and server names, extensions, commands, IP addresses This guide uses the following formats to highlight special messages: Note: This format is used to highlight information of importance or special interest. This manual is written for the DG834G wireless router according to these specifications - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 16
Wireless ADSL Firewall Router DG834G How to Use This Manual The HTML version of this manual includes the following: • Buttons, and , for browsing forwards or backwards through the manual is described in the manual. •A button to access the full NETGEAR, Inc. online knowledge base for the - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 17
Wireless ADSL Firewall Router DG834G How to Print this Manual To print this manual you can choose one of the following several options, according to your needs. • Printing a Page in the HTML View. Each page in the HTML version of the manual of the window. Tip: If your printer supports printing two - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 18
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 1-4 About This Manual 202-10006-05, June 2005 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 19
NETGEAR DG834G Wireless ADSL Firewall Router. The DG834G wireless router is a combination of a built-in ADSL modem, router manual. About the Router The DG834G Wireless ADSL Firewall Router provides continuous, high-speed 10/100 Ethernet access between your Ethernet devices. The DG834G wireless router - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 20
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • Easy, Web-based setup for installation and management • Extensive Internet protocol support • Trustworthy VPN Communications over the Internet • VPN Wizard for easy VPN configuration • Content filtering • Auto Sensing and Auto - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 21
Visual monitoring The router's front panel LEDs provide an easy way to monitor its status and activity. • Flash erasable programmable read-only memory (EPROM) for firmware upgrades. Protocol Support The DG834G supports Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 22
Manual for the Model Wireless ADSL Firewall Router DG834G • The Ability to Enable or Disable IP Address Sharing by NAT The DG834G allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 23
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Virtual Private Networking (VPN) The DG834G wireless router provides a secure encrypted connection between your local area network (LAN) and remote networks or clients. It includes the following VPN features: • Supports 8 VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 24
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • AC power adapter (varies by region) • Category 5 (Cat 5) Ethernet cable • Telephone cable • Microfilters (quantity and type vary by region) • Wireless ADSL Firewall Router Resource CD, including: - This guide - Application Notes • - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 25
or received at 10 Mbps. No link is detected on this port. The Router's Rear Panel The rear panel of the DG834G Wireless ADSL Firewall Router (Figure 2-2) contains port connections. LAN ADSL Internet Power Figure 2-2: DG834G Rear Panel Reset Wireless Introduction 2-7 202-10006-05, June 2005 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 26
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Viewed from left to right, the rear panel contains the following elements: • AC power adapter outlet • Four Local Ethernet RJ-45 LAN ports for connecting the router to the local computers • Factory Default Reset push button • ADSL - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 27
on your Local Area Network (LAN) and connect to the Internet. It describes how to configure your DG834G Wireless ADSL Firewall Router for Internet access using the Setup Wizard, or how to manually configure your Internet connection. What You Need Before You Begin You need to prepare the following - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 28
Line Reference Manual for the Model Wireless ADSL Firewall Router DG834G Each device such as a telephone, fax machine, answering machine, or caller ID display will require an ADSL microfilter. Note: Do not connect the DG834G to the ADSL line through a microfilter unless the microfilter is a - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 29
. • For Windows 2000/XP, open the Local Area Network Connection, select the TCP/IP entry for the Ethernet adapter, and click Properties. • For Macintosh computers, open the TCP/IP or Network control panel. • You can also refer to the DG834G Resource CD for the NETGEAR Router ISP Guide which provides - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 30
Reference Manual for the Model Wireless ADSL Firewall Router DG834G ISP Multiplexing Method and Virtual Circuit Number: The default settings of your DG834G Wireless ADSL Firewall Router will work fine for most ISPs. However, some ISPs use a specific Multiplexing Method or a Virtual Circuit Number - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 31
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Connecting the DG834G to Your LAN This section provides instructions for connecting the DG834G wireless router. Note: The Resource CD included with your router contains an animated Installation Assistant to help you through this - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 32
DSL Phone Reference Manual for the Model Wireless ADSL Firewall Router DG834G . Line A Figure 3-4: Connecting an ADSL microfilter and phone Note: To use a one-line filter with a separate splitter, insert the splitter into the phone outlet, connect the one-line filter to - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 33
Reference Manual for the Model Wireless ADSL Firewall Router DG834G c. Connect the Ethernet cable (C) from your DG834G's LAN port to the Ethernet adapter in your computer. Line DSL Phone C 54 Mbps Wireless ADSL Firewall Router DG834G Figure 3-6: Connecting a computer to the DG834G wireless router - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 34
Manual for the Model Wireless ADSL Firewall Router DG834G 3. LOG IN TO THE DG834G. Note: Your computer needs to be configured for DHCP. For instructions on configuring for DHCP, please see Appendix C, "Preparing Your Network". a. Connect to the router by typing http://192.168.0.1 in the address - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 35
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 3-9: Setup Wizard 4. CONNECT TO THE INTERNET The router is now properly attached to your network. You are now ready to configure your router to connect to the Internet. There are two ways you can configure your router to - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 36
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Note: If instead of the Setup Wizard menu, the main menu of the router's Configuration Manager as shown in Figure 3-15 appears, click the Setup Wizard link in the upper left to bring up this menu. 2. You must select a country and - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 37
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 3-10: Setup Wizard menu for PPPoE login accounts Enter the PPPoE login user name and password. Wizard-Detected PPPoA Login Account Setup If the Setup Wizard determines that your Internet service account uses a login protocol - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 38
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 3-12: Setup Wizard menu for Dynamic IP address Click Apply to set Dynamic IP as the connection method. Wizard-Detected IP Over ATM Account Setup If the Setup Wizard determines that your Internet service account uses IP over - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 39
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 4. Click the Test button to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 9, "Troubleshooting". Wizard-Detected Fixed IP (Static) Account Setup If the router determines - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 40
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 5. Click Apply to save the settings. 6. Click the Test button to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 9, "Troubleshooting". Testing Your Internet Connection After - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 41
for the Model Wireless ADSL Firewall Router DG834G ISP Does Not Require Login ISP Does Require Login Figure 3-15: Basic Settings menu How to Perform Manual Configuration We recommend that you start the manual configuration from the Setup Wizard: 1. Select your country and language. Language - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 42
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • Internet Connection Does Not Require a Login 6. Usually the default ADSL Settings work fine for most ISPs and you can skip this step. If you have any problems with your connection, check the ADSL Settings. See "ADSL Settings" on - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 43
for the Model Wireless ADSL Firewall Router DG834G Note: Disabling NAT will reboot the router and reset all the DG834G configuration settings to the factory default. Disable NAT only if you plan to install the DG834G in a setting where you will be manually administering the IP address space on the - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 44
NAT will reboot the router and reset all the DG834G configuration settings to the factory default. Disable NAT only if you plan to install the DG834G in a setting where you will be manually administering the IP address space on the LAN side of the router 3-18 Connecting the Router to the Internet - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 45
address" and enter it. 7. Click Apply to save your settings. 8. Click the Test button to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 9, "Troubleshooting". ADSL Settings The default settings of your DG834G Wireless ADSL Firewall Router - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 46
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 3-20 Connecting the Router to the Internet 202-10006-05, June 2005 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 47
Configuration This chapter describes how to configure the wireless features of your DG834G Wireless ADSL Firewall Router. Considerations for a Wireless Network In planning your wireless network, you should consider the level of security required. You should also select the physical placement - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 48
Reference Manual for the Model Wireless ADSL Firewall Router DG834G The time it takes to establish a wireless connection can vary depending with a compatible adapter. For this reason, use the security features of your wireless equipment. The DG834G wireless router provides highly effective security - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 49
Manual for the Model Wireless ADSL Firewall Router DG834G • Turn Off the Broadcast of the Wireless Network Name SSID. If you disable broadcast of the SSID, only devices that have the correct SSID can connect. This nullifies wireless network 'discovery' feature of some products, such as Windows - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 50
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 4-2: Wireless Settings menu The following parameters are in the Wireless Settings menu: • Wireless Network. - Name (SSID). The Service Set ID, also known as the wireless network name. Enter a value of up to 32 alphanumeric - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 51
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Note: This value is case sensitive. For example, Wireless is not the same as wireless. - Region. Select your region from the drop-down list. This field displays the region of operation for which the wireless interface is intended. - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 52
The DG834G provides two methods for creating WEP encryption keys: • Passphrase. These characters are case sensitive. Enter a word or group of printable characters in the Passphrase box and click the Generate button. Note: Not all wireless adapters support passphrase key generation. • Manual. These - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 53
, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA. Nevertheless, the wireless adapter hardware and driver must also support WPA. WPA-802.1x User authentication is implemented using 802.1x and RADIUS - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 54
Manual for the Model Wireless ADSL Firewall Router DG834G 5. Set the Channel. The default channel is 11. This field determines which operating frequency will be used. It should not be necessary to change the wireless channel unless you notice interference problems with another nearby wireless router - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 55
firewall at its default LAN address of http://192.168.0.1 with its default user name of admin and default password of password, or using whatever LAN address and password you have set up. 2. From the Wireless Settings menu, Wireless Station Access List section, click the Setup Access List button - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 56
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 4-4. Wireless Access menu 3. Select the Turn Access Control On check box to enable restricting wireless computers by their MAC addresses. 4. If the wireless station is currently connected to the network, you can select it - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 57
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Note: If you are configuring the router from a wireless computer whose MAC address is not in the Trusted Wireless Stations list, and you select Trusted Wireless Stations only, you will lose your wireless connection when you click - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 58
Manual for the Model Wireless ADSL Firewall Router DG834G Set your wireless adapter according to the authentication scheme you choose for the DG834G wireless router. Please refer This setting is useful for troubleshooting your wireless connection, but leaves your wireless data fully exposed. 64 or - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 59
Reference Manual for the Model Wireless ADSL Firewall Router DG834G How to Configure WEP To configure WEP data encryption, follow these steps: 1. Log in to the DG834G firewall at its default LAN address of http://192.168.0.1 with its default user name of admin and default password of password, or - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 60
your wireless adapter and WPA client software for instructions on configuring WPA settings. To configure WPA-PSK, follow these steps: 1. Log in at the default LAN address of http://192.168.0.1, with the default user name of admin and default password of password, or using whatever LAN address and - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 61
to protect your network. Protecting Access to Your DG834G Wireless ADSL Firewall Router For security reasons, the router has its own user name and password. Also, after a period of inactivity for a set length of time, the administrator login will automatically disconnect. When prompted, enter admin - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 62
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 5-2: Set Password menu 3. To change the password, first enter the old password, and then enter the new password twice. 4. Click Apply to save your changes. Note: After changing the password, you will be required to log in - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 63
Sites The DG834G wireless router allows you to restrict access to Internet content based on functions such as Web addresses and Web address keywords. 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 64
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 5-3: Block Sites menu 3. To enable keyword Apply. 6. To specify a trusted user, enter that computer's IP address in the Trusted IP Address box and click Apply. You can specify one trusted user, which is a computer that will - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 65
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 7. Click Apply to save your settings. Firewall Rules Firewall rules are used to block or allow specific traffic passing through from one side of the router to the other. Inbound rules (WAN to LAN) restrict access by outsiders to - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 66
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • To edit an existing rule, select its local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day. This rule is shown in Figure 5-5: - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 67
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 5-5: Rule example: A Local Public Web Server The parameters are: • Service From this list, select the application or service to be allowed or blocked. The list already displays many common services, but you are not limited - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 68
Manual for the Model Wireless ADSL Firewall Router DG834G • Log You can select whether the traffic will be logged. The choices are: - Never - no log entries will be made for this service. - Always - any traffic for this service from a specified range of external IP addresses. In this case, we have - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 69
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • If the IP address of the local server computer is assigned by DHCP, it may change when the computer is rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu to keep the computer's IP address constant. • - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 70
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 5-7: Rule example: Blocking Instant Messenger The parameters are: • Service From this list, select the application or service to be allowed or blocked. The list already displays many common services, but you are not limited - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 71
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • WAN Users These settings determine which packets are covered by the rule, based on their destination WAN IP address. Select the desired option: - Any - all IP addresses are covered by this rule. - Address range -if this option is - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 72
your own service definitions. How to Define Services 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever Password and LAN address you have chosen for the router. 2. Select the Services link of - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 73
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • To create a new Service, click the Add Custom Service button. • To edit an existing Service, select its button on the left side of the table and click Edit Service. • To delete an existing Service, select its button on the left - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 74
in the Block Services menu or Port forwarding in the Ports menu, you can set up a schedule for when blocking occurs or when access is not restricted. 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 75
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 2. Select the Schedule link of the Security menu to display menu shown above in the Schedule Services menu. 3. To block Internet services based on a schedule, select Every Day or select one or more days. If you want to limit access - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 76
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 5-16 202-10006-05, June 2005 Protecting Your Network - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 77
factory default settings. The procedures below explain how to do these tasks. How to Back Up the Configuration to a File 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 78
To restore the factory default configuration settings without knowing the login password or IP address, you must use the Default Reset button on the rear panel of the router. See "DG834G Rear Panel" on page 2-7. Upgrading the Router's Firmware The software of the DG834G wireless router is stored in - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 79
Reference Manual for the Model Wireless ADSL Firewall Router DG834G How to Upgrade the Router Firmware Note: NETGEAR recommends that you back up your configuration before doing a firmware upgrade. After the upgrade is complete, you may need to restore your configuration settings. 1. Download and - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 80
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Network Management Information The DG834G provides a variety of status and usage information which is discussed below. Viewing Router Status and Usage Statistics From the Main Menu, under Maintenance, select Router Status to view - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 81
ON, the router will assign IP addresses to PCs on the LAN. IP Subnet Mask This field displays the IP Subnet Mask being used by the Local (LAN) port of the router. The default is 255.255.255.0. Modem These parameters apply to the Local (WAN) port of the router. ADSL Firmware Version The version - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 82
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 6-4: Router Statistics screen This screen shows the following statistics:. Table 6-1. Router Statistics Fields Field WAN, LAN, or Serial Port Status TxPkts RxPkts Collisions Tx B/s Rx B/s Up Time Poll Interval - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 83
the Model Wireless ADSL Firewall Router DG834G Figure 6-5: Connection Status screen for Dynamic IP Clicking the Renew button updates the status information. This screen shows the following statistics: Table 6-1. Connection Status Fields for Dynamic IP Field IP Address Subnet Mask Default Gateway - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 84
Reference Manual for the Model Wireless ADSL Firewall Router DG834G An alternate view of the Connection Status screen is shown in Figure 6-6 below: Figure 6-6: Connection Status screen for PPPoA Clicking the Renew button updates the status information. This screen shows the following statistics: - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 85
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Viewing Attached Devices The Attached Devices menu contains a table of all IP devices that the router has discovered on the local network. From the Main Menu of the browser interface, under the Maintenance heading, select Attached - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 86
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 6-8: Security Logs menu Log entries are described in Table 6-1 below: 6-10 202-10006-05, June 2005 Managing Your Network - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 87
Manual for the Model Wireless ADSL Firewall Router DG834G Table 6-1. Security Log entry descriptions Field Date and Time Description or Action Source IP from the LAN or WAN The name or IP address of the destination device or Web site. The service port number of the destination device, and whether - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 88
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Saving Log Files on a Server You can choose to write the logs to a computer running a syslog program. To activate this feature, select to Broadcast on Lan or enter the IP address of the server where the Syslog file will be written. - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 89
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Enabling Security Event E-mail Notification In order if you want to receive e-mail logs and alerts from the router. • Send alerts and logs via email. Enter the name or IP address of your ISP's outgoing (SMTP) mail server (such as - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 90
Reference Manual for the Model Wireless ADSL Firewall Router DG834G If the Weekly, Daily or Hourly option is selected and the log fills up before the specified period, the log is automatically e-mailed to the specified e-mail address. After the log is sent, it is cleared from the router's memory. If - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 91
Remote Management page, you can allow a user or users on the Internet to configure, upgrade and check the status of your DG834G Wireless ADSL Firewall Router. Note: Be sure to change the router's default password to a very secure password. The ideal password should contain no dictionary words from - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 92
Reference Manual for the Model Wireless ADSL Firewall Router DG834G When accessing your router from the Internet, you will type your router's WAN IP address in your browser's Address (in IE) or Location (in Netscape) box, followed by a colon (:) and the custom port number. For example, if your - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 93
NAT. The router is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well. In some cases, one local computer can run the application properly if that computer's IP address is entered as the Default DMZ Server - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 94
: 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever Password and LAN address you have chosen for the router. 2. From the Main Menu, under Advanced, click the WAN Setup link to view the page - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 95
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Connect Automatically, as Required Normally, this The router is shipped preconfigured to use private IP addresses on the LAN side, and to act as a DHCP server. The router's default LAN IP configuration is: • LAN IP addresses-192. - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 96
Manual for the Model Wireless ADSL Firewall Router DG834G These addresses are part of the Internet Engineering Task Force (IETF)-designated private address range for use in private networks, and should be suitable in most applications. If your network has a requirement to use a different IP - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 97
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • RIP Version This controls the format and the broadcasting method of the RIP packets that the router sends. It recognizes both formats when receiving. By default, this is set for RIP-1. - RIP-1 is universally supported. RIP-1 is - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 98
Manual for the Model Wireless ADSL Firewall Router DG834G • An IP Address from the range you have defined • Subnet Mask • Gateway IP Address is the router's LAN IP address • Primary DNS Server, if you entered a Primary DNS address in the Basic Settings menu; otherwise, the router's LAN IP address - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 99
Reference Manual for the Model Wireless ADSL Firewall Router DG834G How to Configure LAN TCP/IP Settings 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 100
in to your account, and register your new IP address. How to Configure Dynamic DNS 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 101
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 7. Type the User Name for your dynamic DNS account. 8. Type the Password (or key) for your dynamic yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org 10. Click Apply to save your configuration. Note: If your - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 102
Manual for the Model Wireless ADSL Firewall Router DG834G In this case you must define a static route, telling your router that 134.177.0.0 should be accessed through the ISDN router at 192.168.0.100. The static route would look like Figure 7-6. In this example: • The Destination IP Address and IP - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 103
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 3. To add or edit a Static Route: a. the Gateway IP Address, which must be a router on the same LAN segment as the router. h. Type a number between 1 and 15 as the Metric value. This represents the number of routers between your - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 104
Manual for the Model Wireless ADSL Firewall Router DG834G Universal Plug and Play (UPnP) Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, access the network and connect to other devices as needed. UPnP devices can automatically discover the services default - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 105
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • UPnP Portmap Table: The UPnP Portmap Table displays the IP address of each UPnP device that is currently accessing the Router and which ports (Internal and External) that device has opened. The UPnP Portmap Table also displays - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 106
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 7-14 202-10006-05, June 2005 Advanced Configuration - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 107
Private Networking (Advanced Feature) This chapter describes how to use the virtual private networking (VPN) features of the DG834G wireless router. VPN communications paths are called tunnels. VPN tunnels provide secure, encrypted communications between your local network and a remote network or - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 108
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Overview of VPN Configuration Two common scenarios for configuring VPN tunnels are between a remote personal computer and a network gateway and between two or more network gateways. The DG834G supports both of these types of VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 109
Reference Manual for the Model Wireless ADSL Firewall Router DG834G DG834G VPN Firewall A VPN Tunnel DG834G VPN Firewall B PCs PCs Figure 8-2: Gateway-to-Gateway VPN Tunnel A VPN between two or more NETGEAR VPN-enabled routers is a good way to connect branch or home offices and business - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 110
Wireless ADSL Firewall Router DG834G Table 8-1. VPN Tunnel Configuration Worksheet Connection Name: Pre-Shared Key: Secure Association -- Main Mode or Manual in seconds: VPN Endpoint Local IPSec ID LAN IP Address Subnet Mask FQDN or Gateway IP (WAN IP Address) To set up a VPN connection, you - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 111
Model Wireless ADSL Firewall Router DG834G • What method will you use to configure your VPN tunnels? - The VPN Wizard using VPNC defaults (see Table 8-2) - The typical automated Internet Key Exchange (IKE) setup (see "Using Auto Policy to Configure VPN Tunnels" on page 8-36) - A Manual Keying setup - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 112
Reference Manual for the Model Wireless ADSL Firewall Router DG834G VPN Tunnel Configuration There are two tunnel configurations and three ways to configure them: • Use the VPN Wizard to configure a VPN tunnel (recommended for most situations): - See "How to Set Up a Client-to-Gateway VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 113
Manual for the Model Wireless ADSL Firewall Router DG834G 22.23.24.25 DG834G VPN Tunnel 0.0.0.0 192.168.3.1 PCs Figure 8-3: Client-to-Gateway VPN Tunnel PC (Running NETGEAR ProSafe VPN Client) Step 1: Configuring the Client-to-Gateway VPN Tunnel on the DG834G Note: This section uses the VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 114
Model Wireless ADSL Firewall Router DG834G The worksheet below identifies the parameters used in the following procedure. A blank worksheet is at "Planning a VPN" on page 8-3. Table 8-3. VPN Tunnel Configuration Worksheet Connection Name: Pre-Shared Key: Secure Association -- Main Mode or Manual - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 115
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 8-4: VPN Wizard Start Screen 2. Fill in the (e.g., 12345678) Select the radio button: A remote VPN client (single PC) Figure 8-5: Connection Name and Remote IP Type Virtual Private Networking (Advanced Feature) 8-9 202- - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 116
Reference Manual for the Model Wireless ADSL Firewall Router DG834G The Summary screen below displays. Figure 8-6: VPN Wizard Summary 8-10 Virtual Private Networking (Advanced Feature) 202-10006-05, June 2005 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 117
Reference Manual for the Model Wireless ADSL Firewall Router DG834G To view the VPNC recommended authentication and encryption settings used by the VPN Wizard, click the "here" link (see Figure 8-6). Click Back to return to the Summary screen. 1 hour Figure 8-7: VPNC Recommended Settings 3. Click - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 118
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Note: Refer to "Using Auto Policy to Configure VPN Tunnels" on page 8-36 to enable the IKE keepalive capability on an existing VPN tunnel. Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC This procedure describes - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 119
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Note: In this example, the Connection Name used on the client side of the VPN tunnel is toDG834 and it does not have to match the RoadWarrior Connection Name used on the gateway side of the VPN tunnel (see Figure 8-5) because - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 120
Manual for the Model Wireless ADSL Firewall Router DG834G • In this example, type 192.168.3.1 in the Subnet field as the network address of the DG834G. • Enter 255.255.255.0 in the Mask field as the LAN Subnet Mask of the DG834G. • Select All in the Protocol menu to allow all traffic through the VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 121
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • In the Network Security Policy list on the left side of the Security Policy Editor window, click on My Identity. Figure 8-12: Security Policy Editor My Identity • Choose None in the Select Certificate menu. • Select IP Address in - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 122
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 5. Configure the VPN Client Authentication Proposal. In this step, you will provide the type of encryption (DES or 3DES) to be used for this connection. This selection must match your selection in the DG834G configuration. • In the - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 123
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • Expand the window, select Save. After you have configured and saved the VPN client information, your PC will automatically open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 124
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 8. Check the VPN Connection. To check the VPN Connection, you can initiate a request from the remote PC to the DG834G's network by using the "Connect" option in the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client will report - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 125
Manual for the Model Wireless ADSL Firewall Router DG834G Information on the progress and status of the VPN client connection can be viewed by opening the NETGEAR ProSafe Log Viewer. 1. To launch this function, click on the Windows Start button, then select Programs, then NETGEAR ProSafe VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 126
Manual for the Model Wireless ADSL Firewall Router DG834G • The DG834G has a LAN IP address of 192.168.3.1. • The VPN client PC has a dynamically assigned address -to-Gateway VPN Configuration Note: This section uses the VPN Wizard to set up the VPN tunnel using the VPNC default parameters listed in - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 127
for the Model Wireless ADSL Firewall Router DG834G Table 8-4. VPN Tunnel Configuration Worksheet Connection Name: Pre-Shared Key: Secure Association -- Main Mode or Manual Keys: Perfect Forward Secrecy -- Enabled or Disabled: NETBIOS -- Enabled or Disabled: Encryption Protocol -- DES or 3DES - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 128
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Follow this procedure to configure a gateway-to-gateway VPN tunnel using the VPN Wizard. 1. Log in to the DG834G on LAN A at its default LAN address of http://192.168.0.1 with its default user name of admin and password of password. - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 129
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 3. Fill in the IP Address or FQDN for the target VPN endpoint WAN connection and click Next. Enter the WAN IP address of the remote VPN gateway: (e.g., 22.23.24.25) Figure 8-23: Remote IP 4. Identify the IP addresses at the target - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 130
Reference Manual for the Model Wireless ADSL Firewall Router DG834G The Summary screen below displays. Figure 8-25: VPN Wizard Summary 8-24 Virtual Private Networking (Advanced Feature) 202-10006-05, June 2005 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 131
Reference Manual for the Model Wireless ADSL Firewall Router DG834G To view the VPNC recommended authentication and encryption settings used by the VPN Wizard, click the "here" link (see Figure 8-25). Click Back to return to the Summary screen. 1 hour Figure 8-26: VPN Recommended Settings 5. Click - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 132
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 6. Repeat for the DG834G on LAN B and pay special attention to use the following network settings as appropriate. • WAN IP of the remote VPN gateway (e.g., 14.15.16.17) • LAN IP settings of the remote VPN gateway: - IP Address (e.g, - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 133
Manual for the Model Wireless ADSL Firewall Router DG834G Figure 8-29: Current VPN Tunnels (SAs) Screen c. Look at the VPN Status/Log screen (Figure 8-28) to verify that the tunnel is connected. VPN Tunnel Control Activating a VPN Tunnel There are three ways to activate a VPN tunnel: • Use the VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 134
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 8-30: VPN Status/Log Screen 3. Click on VPN Status (Figure 8-30) to get the Current VPN Tunnels (SAs) screen (Figure 8-31). Click on Connect for the VPN tunnel you want to activate. Figure 8-31: Current VPN Tunnels (SAs) - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 135
Manual for the Model Wireless ADSL Firewall Router DG834G To activate the VPN tunnel by pinging the remote endpoint (e.g., 192.168.3.1), do the following steps depending on whether your configuration is client-to-gateway or gateway-to-gateway: • Client-to-Gateway Configuration-to check the VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 136
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Once the connection is established, you can open the browser of the PC and enter the LAN IP address of the remote DG834G. After a short wait, you should see the login screen of the Router (unless another PC already has the DG834G - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 137
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 8-35: VPN Status/Log Screen 3. Click on VPN Status (Figure 8-30) to get the Current VPN Tunnels (SAs) screen (Figure 8-31). This table lists the following data for each active VPN Tunnel. • SPI-each SA has a unique SPI ( - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 138
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 8-36: Current VPN Tunnels (SAs) Screen Deactivating a VPN Tunnel Sometimes a VPN tunnel must be deactivated for testing purposes. There are two ways to deactivate a VPN tunnel: • Policy table on VPN Policies page • VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 139
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 8-37: VPN Policies 3. Clear the Enable check box for the VPN tunnel you want to deactivate and click Apply. (To reactivate the tunnel, check the Enable box and click Apply.) Using the VPN Status Page to Deactivate a VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 140
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 8-38: VPN Status/Log Screen 3. Click VPN Status (Figure 8-38) to get the Current VPN Tunnels (SAs) screen (Figure 8-39). Click Drop for the VPN tunnel you want to deactivate. Figure 8-39: Current VPN Tunnels (SAs) Screen - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 141
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Note: When NETBIOS is enabled (which it is in the VPNC defaults implemented by the VPN Wizard), automatic traffic will reactivate the tunnel. To prevent reactivation from happening, either disable NETBIOS or disable the policy for - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 142
for the Model Wireless ADSL Firewall Router DG834G • Manual Policy-for a Manual Keying setup in which you must specify each phase of the connection, see "Using Manual Policy to Configure VPN Tunnels" on page 8-48. Manual Policy does not use IKE. Rather, you manually enter all the authentication - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 143
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 8-41: DG834G VPN Tunnel Auto Policy Configuration Menu Virtual Private Networking (Advanced Feature) 202-10006-05, June 2005 8-37 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 144
Reference Manual for the Model Wireless ADSL Firewall Router DG834G The DG834G VPN tunnel network connection fields are defined as follows: General These settings identify this policy and determine its major characteristics. • Policy Name-Enter a unique name to - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 145
Manual for the Model Wireless ADSL Firewall Router DG834G VPN client at the remote end. • Single address-Enter an IP address in the "Single/Start IP address" field. This must be an address are allowed. Exchange Mode-ensure the remote VPN endpoint is set to use "Main Mode". Diffie-Hellman (DH - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 146
Manual for the Model Wireless ADSL Firewall Router DG834G Local Identity Data-enter the data for the selection above. (If "WAN IP Address" is selected, no input is required.) Remote Identity Type-select the desired option to match the "Local Identity Type" setting on the remote VPN endpoint. • IP - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 147
Reference Manual for the Model Wireless ADSL Firewall Router DG834G This setting applies to both IKE and IPSec .17 DG834G VPN Firewall VPN Tunnel 22.23.24.25 B DG834G VPN Firewall 192.168.0.1 192.168.3.1 PCs PCs Figure 8-42: Gateway-to-Gateway VPN Tunnel 1. Set the LAN IPs on each DG834G to - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 148
for the Model Wireless ADSL Firewall Router DG834G Table 8-1. VPN Tunnel Configuration Worksheet Connection Name: Pre-Shared Key: Secure Association -- Main Mode or Manual Keys: Perfect Forward Secrecy -- Enabled or Disabled: NETBIOS -- Enabled or Disabled: Encryption Protocol -- DES or 3DES - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 149
Model Wireless ADSL Firewall Router DG834G 2. Open the DG834G on LAN A management interface and click on VPN Policies. Figure 8-43: VPN Policies Screen 3. Click Add Auto Policy. 4. Enter policy settings (see Figure 8-44). • General - Policy Name = GtoG - Remote VPN Endpoint Address Type = Fixed IP - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 150
Reference Manual for the Model Wireless ADSL Firewall Router DG834G - Remote Identity Type = use default setting • Parameters - Encryption Algorithm = 3DES - Authentication Algorithm = MD5 - Pre-shared Key = 12345678 8-44 Virtual Private Networking (Advanced Feature) 202-10006-05, June 2005 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 151
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 8-44: VPN Auto Policies Screen Virtual Private Networking (Advanced Feature) 202-10006-05, June 2005 8-45 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 152
Manual for the Model Wireless ADSL Firewall Router DG834G 5. Click Apply. The Get VPN Policies web page is displayed. Figure 8-45: VPN Policies Screen 6. Repeat for the DG834G on LAN B and pay special attention to use the following network settings as appropriate. • General, Remote Address - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 153
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure 8-46: VPN Status/Log Screen b. Click VPN Status (Figure 8-46) to display the Current VPN Tunnels (SAs) screen (Figure 8-47). Click on Connect for the VPN tunnel you want to activate. Figure 8-47: Current VPN Tunnels (SAs) - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 154
for the Model Wireless ADSL Firewall Router DG834G Using Manual Policy to Configure VPN Tunnels As an alternative to IKE, you may use Manual Keying, in which you must specify each phase of the connection. A "Manual" VPN policy requires all settings for the VPN tunnel to be manually input at each - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 155
Reference Manual for the Model Wireless ADSL Firewall Router DG834G General The DG834G VPN tunnel network connection fields are defined as follows: • Policy Name-enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. It is used only to help you manage the - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 156
Manual for the Model Wireless ADSL Firewall Router DG834G • Range address-enter the starting IP address in the "Single/Start IP address" field, and the finish IP address in the "Finish IP address" field. This must be an address range used on the remote LAN. • Subnet address-enter an IP address - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 157
chapter gives information about troubleshooting your DG834G Wireless ADSL Firewall Router. After each problem description, instructions are provided to help you diagnose and solve the problem. For the common problems listed, go to the section indicated. • Is the router on? • Have I connected the - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 158
to see if the router recovers. • Clear the router's configuration to factory defaults. This will set the router's IP address to 192.168.0.1. This procedure is explained in "Using the Reset button" on page 9-9. If the error persists, you might have a hardware problem and should contact technical - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 159
and reboot your computer. • If your router's IP address was changed and you do not know the current IP address, clear the router's configuration to factory defaults. This will set the router's IP address to 192.168.0.1. This procedure is explained in "Using the Reset button" on page 9-9. • Make sure - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 160
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • Click the Refresh or Reload button in the Web browser. The changes may have occurred, but the Web browser may be caching the old configuration. Troubleshooting the ISP Connection If your router is unable to access the Internet, - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 161
router's ADSL Settings accordingly. • Your ISP may require a login program. Ask your ISP whether they require PPP over Ethernet (PPPoE) or PPP over ATM (PPPOA) login. • If you have selected a login program, you may have incorrectly set the Service Name, User Name and Password. See "Troubleshooting - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 162
Service Name, User Name or Password. There also may be a provisioning problem with your ISP. Note: Unless you connect manually, the router will not authenticate using PPPoE or PPPoA until data is transmitted to the network. Troubleshooting Internet Browsing If your router can obtain an IP address - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 163
Manual for the Model Wireless ADSL Firewall Router DG834G A DNS server is a host on the Internet that translates Internet names (such as www addresses) to numeric IP addresses. Typically your ISP will provide the addresses of one or two DNS servers for your use. If you entered a DNS address - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 164
Manual for the Model Wireless ADSL Firewall Router DG834G • Wrong physical connections - Make sure the LAN port LED is on. If the LED is off, follow the instructions a remote device. From the Windows run menu, type: PING -n 10 where is the IP address of a remote device such - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 165
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the router's administration password to password and the IP address to 192.168.0.1. You can - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 166
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 9-10 202-10006-05, June 2005 Troubleshooting - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 167
for the DG834G Wireless ADSL Firewall Router. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP, PPP over Ethernet (PPPoE) or PPP over ATM (PPPoA), RFC 1483 Bridged or Routed Ethernet, and RFC 1577 Classical IP over ATM Power Adapter North - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 168
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Electromagnetic Emissions Meets requirements of: Interface Specifications LAN: WAN: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B 10BASE-T or 100BASE-Tx, RJ-45 ADSL, Dual RJ-11, pins 2 and 3 T1.413, G.DMT, G.Lite - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 169
vary in performance and scale, number of routing protocols supported, and types of physical WAN connection they support. The DG834G Wireless ADSL Firewall Router is a small office router that routes the IP protocol over a single-user broadband connection. Network and Routing Basics B-1 202-10006 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 170
update one another and check for changes to add to the routing table. The DG834G wireless router supports both the older RIP-1 and the newer RIP-2 protocols. Among other improvements, RIP-2 supports subnet and multicast protocols. RIP is not required for most home applications. IP Addresses - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 171
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Class A Network Class B Node Network Class C Node Network Node Figure 9-1: Three Main Address Classes The five address classes are: • Class A Class A addresses can have up to 16,777,214 hosts on a single network. They use - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 172
Manual for the Model Wireless ADSL Firewall Router DG834G This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network. For each unique value of the network portion of the address, the base address of the range (host address - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 173
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Subnet addressing allows us to split one IP network address into smaller multiple physical networks known as subnetworks. Some of the node numbers are used as a subnet number instead. A Class B address gives us 16 bits of node - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 174
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Table 9-1. Netmask Notation Translation Table for One Octet Number of /8 /16 /24 /25 /26 /27 /28 /29 /30 /31 /32 NETGEAR strongly recommends that you configure all hosts on a LAN segment to use the same netmask for the - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 175
192.168.255.255 NETGEAR recommends that you choose your private network number from this range. The DHCP server of the DG834G wireless router is preconfigured to automatically assign private addresses. Regardless of your particular situation, do not create an arbitrary IP address; always follow the - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 176
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Private IP addresses assigned by user 192.168.0.2 IP addresses assigned by ISP 192.168.0.3 192.168.0.4 192.168.0.1 172.21.15.105 Internet 192.168.0.5 7786EA Figure 9-3: Single IP Address Operation Using NAT This scheme - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 177
Manual for the Model Wireless ADSL Firewall Router DG834G Related Documents The station with the correct IP address responds with its own MAC address directly to the sending device. The receiving station provides the transmitting station with the required destination MAC address. The IP address - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 178
Reference Manual for the Model Wireless ADSL Firewall Router DG834G The DG834G wireless router also functions as a DHCP client when connecting to the ISP. The router can automatically obtain an IP address, subnet mask, DNS server addresses, and a gateway address if the ISP provides this information - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 179
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Denial of Service Attack A hacker may be able to prevent your network from operating or communicating by launching a Denial of Service (DoS) attack. The method used for such an attack can be as simple as merely flooding your site - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 180
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 10 ft. (3 m) from the wall outlet to the desktop in the device. Computers and workstation adapter cards are usually media-dependent interface ports, called MDI or uplink ports. Most repeaters and switch ports are configured as media - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 181
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure B-2: Crossover Twisted-Pair Cable Figure B-3: Category 5 UTP Cable with Male RJ-45 Plug at Each End Note: Flat "silver satin" telephone cable may have - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 182
Reference Manual for the Model Wireless ADSL Firewall Router DG834G When connecting a PC to a PC, or a hub port to and blue pairs will be exchanged from one connector to the other. The DG834G wireless router incorporates Auto UplinkTM technology (also called MDI/MDIX). Each LOCAL Ethernet port will - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 183
the DG834G Wireless ADSL Firewall Router and how to verify the readiness of broadband Internet service from an Internet service provider (ISP). Note: If an ISP technician configured your computer during the installation of a broadband modem, or if you configured it using instructions provided - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 184
Reference Manual for the Model Wireless ADSL Firewall Router DG834G In your IP network, each PC and the router must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 185
Reference Manual for the Model Wireless ADSL Firewall Router DG834G You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 186
Reference Manual for the Model Wireless ADSL Firewall Router DG834G If you need Client for Microsoft Networks: a. Click the to take effect. Enabling DHCP to Automatically Configure TCP/IP Settings in Windows 95B, 98, and Me After the TCP/IP protocol components are installed, each PC must be assigned - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 187
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Verify the following settings as shown: • Client for Microsoft Network exists • Ethernet adapter is present • TCP/IP is present • Primary Network Logon is set to Windows logon Click on the Properties button. The following TCP/IP - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 188
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • By default, the IP Address tab is open on this window. • Verify the following: Obtain an IP address automatically is selected. If not selected, click in the radio button to the left of it to select it. This setting is required to - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 189
Manual for the Model Wireless ADSL Firewall Router DG834G 2. Type winipcfg, and then click OK. The IP Configuration window opens, which lists (among other things), your IP address, subnet mask, and default gateway. 3. From the drop-down box, select your Ethernet adapter. The window is updated - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 190
Reference Manual for the Model Wireless ADSL Firewall Router DG834G DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP. The following steps will walk you through the - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 191
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • Now you should be at the Local Area Network Connection Status window. This box displays the connection status, duration, speed, and activity statistics. • Administrator logon access rights are needed to use this window. • Click - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 192
Wireless ADSL Firewall Router DG834G • Verify that the Obtain an IP address automatically radio button is selected. • Verify that Obtain DNS server address automatically radio button is selected. • Click the OK button. This completes the DHCP configuration of TCP/ IP in Windows XP. Repeat these - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 193
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • Click on the My Network Places icon on the Windows desktop. This will bring up a window called Network and for Microsoft Networks and • Internet Protocol (TCP/IP) • Click OK. Preparing Your Network 202-10006-05, June 2005 C-11 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 194
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • With Internet Protocol (TCP/IP) selected, click on Properties to open the Internet Protocol (TCP/IP) Properties dialogue box. • Verify that • Obtain an IP address automatically is selected. • Obtain DNS server address - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 195
Reference Manual for the Model Wireless ADSL Firewall Router DG834G DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Follow this procedure to configure TCP/IP with DHCP in Windows NT 4.0. • Choose - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 196
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • Highlight the TCP/IP Protocol in the Network Protocols box, and click on the Properties button. C-14 202-10006-05, June 2005 Preparing Your Network - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 197
Model Wireless ADSL Firewall Router DG834G • The TCP/IP Properties dialog box now displays. • Click the IP Address tab. • Select the radio button marked Obtain an IP address from a DHCP server. • Click OK. This completes the configuration of TCP/IP in Windows NT. Restart the PC. Repeat these steps - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 198
Manual for the Model Wireless ADSL Firewall Router DG834G • The default gateway is 192.168.0.1 4. Type exit Configuring the Macintosh for TCP/IP Networking Beginning with Macintosh Operating System 7, TCP/IP box empty. 4. Close the TCP/IP Control Panel. 5. Repeat this for each Macintosh on your - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 199
Panels, then TCP/IP. The panel is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends: • The IP Address is between 192.168.0.2 and 192.168.0.254 • The Subnet mask is 255.255.255.0 • The Router address is 192.168 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 200
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem. This - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 201
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • An IP address and subnet mask • A gateway IP address, which is the address of the ISP's router • One or more domain name server (DNS) IP addresses • Host name and domain suffix For example, your account's full server names may - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 202
Reference Manual for the Model Wireless ADSL Firewall Router DG834G If an IP address appears under Installed Gateways, write down the address. This is the ISP's gateway address. Select the address and then click Remove to remove the gateway address. 6. Select the DNS Configuration tab. If any DNS - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 203
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Restarting the Network Once you have set up your computers to work with the router, you must reset the network for the devices to be able to communicate correctly. Restart any computer that is connected to the firewall. After - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 204
Reference Manual for the Model Wireless ADSL Firewall Router DG834G C-22 202-10006-05, June 2005 Preparing Your Network - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 205
fixed range or area of coverage, interacting with wireless nodes via an antenna. In the infrastructure mode, the wireless access point converts airwave data into wired Ethernet data, acting as a bridge between the wired LAN and wireless clients. Connecting multiple Access Points via a wired Ethernet - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 206
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Ad Hoc Mode (Peer-to-Peer Workgroup) In an ad mode enables you to quickly set up a small wireless workgroup and allows workgroup members to exchange data or share printers as supported by Microsoft networking in the various Windows - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 207
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • Shared Key. With Shared Key authentication, only those PCs that possess the correct authentication key can join the network. By default, IEEE 802.11 wireless devices operate in an Open System network. Wired Equivalent Privacy (WEP - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 208
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 2. The access point authenticates the station. 3. challenge text to the station. 3. The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and sends the encrypted text to the access point. 4. - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 209
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 802.11b Authentication Shared Key Steps 1) Authentication request sent to AP 2) AP sends challenge text Client 3) Client encrypts attempting challenge text and to connect sends it back to AP Access Point Router Cable/DSL - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 210
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Key Size The IEEE 802.11 standard supports two types of WEP encryption: 40-bit and 128-bit. The 64-bit WEP data encryption method allows for a five-character (40-bit) input. Additionally, 24 factory-set bits are added to the - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 211
Manual for the Model Wireless ADSL Firewall Router DG834G WEP Configuration Options The WEP settings must match on all 802.11 devices that are within the same wireless use WEP key 2 as its default key to transmit while a client adapter can use WEP key 3 as its default key to transmit. The two devices - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 212
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Table D-2: 802.11b/g Radio Frequency Channels Channel 1 2 supported by the wireless products in various countries are different. For example, Channels 1 to 11 are supported in the U.S. and Canada, and Channels 1 to 13 are supported - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 213
Manual for the Model Wireless ADSL Firewall Router DG834G will have to support WPA. NETGEAR will implement WPA on wireless adapters on a particular wireless LAN must use the same encryption key. A major problem with the 802.11 standard is that the keys are cumbersome to change. If you do not update - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 214
Reference Manual for the Model Wireless ADSL Firewall Router DG834G For 802.11, WEP encryption is optional. For WPA draft that are not included in WPA are secure IBSS (Ad-Hoc mode), secure fast handoff (for specialized 802.11 VoIP phones), as well as enhanced encryption protocols, such as AES-CCMP. - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 215
Manual for the Model Wireless ADSL Firewall Router DG834G Standard). We talk more about TKIP and AES when addressing data privacy below. • Authentication. EAP over 802.1X of the pre-shared key. If the supplicant detects that the service set does not contain a WPA information element then it knows - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 216
a RADIUS infrastructure, WPA supports the use of a pre-shared key. Together, these technologies provide a framework for strong user authentication. Windows XP implements 802.1x natively, and several NETGEAR switch and wireless access point products support 802.1x. D-12 Wireless Networking Basics - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 217
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Client with a WPAenabled wireless adapter and supplicant (Win XP, Funk, Meetinghouse) For example, a WPA-enabled AP For example, a RADIUS server 1 2 3 4 6 5 7 Figure D-4: 802.1x Authentication Sequence The AP sends Beacon - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 218
Manual for the Model Wireless ADSL Firewall Router DG834G point is that the software supporting the specific EAP type resides upgrade an 802.1x-compliant access point. As a result, you can update the EAP authentication type to such devices as token cards (Smart Cards), Kerberos, one-time passwords - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 219
Manual for the Model Wireless ADSL Firewall Router DG834G bits in the encrypted payload and update the encrypted ICV without being detected support will not be required initially for Wi-Fi certification. This is viewed as the optimal choice for security conscience organizations, but the problem - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 220
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Is WPA Perfect? WPA is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS) attacks. If the access point receives two data packets that fail the message integrity code (MIC) within 60 seconds - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 221
be able to pass the adapter's WPA capabilities and security configuration to the Wireless Zero Configuration service. Microsoft has worked with many wireless vendors to embed the WPA firmware update in the wireless adapter driver. So, to update your Microsoft Windows wireless client, all you have to - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 222
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Changes to Wireless Client Programs Wireless client programs must be updated to permit the configuration of WPA authentication (and preshared key) and the new WPA encryption algorithms (TKIP and the optional AES component). To - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 223
VPN is also used to describe private networks, such as Frame Relay, Asynchronous Transfer Mode VPNs use encryption to provide data security, which increases the network's resistance to data tampering or theft. IPSec-based VPNs can be created over any type of IP of connecting home users is also very - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 224
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • Remote Access: Remote access enables telecommuters because the organization must pay the associated long distance telephone and service costs. Remote access VPNs greatly reduce expenses by enabling mobile workers to dial a local - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 225
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • Encapsulating Security Payload (ESP): Provides confidentiality, authentication not delivered to the intended receiver. ESP also provides all encryption services in IPSec. Encryption translates a readable message into an unreadable - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 226
Reference Manual for the Model Wireless ADSL Firewall Router DG834G The ESP header is inserted into the packet between the IP header and any subsequent up multiple SAs to enable multiple secure VPNs, as well as define SAs within the VPN to support different departments and business partners. E-4 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 227
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Mode SAs operate using modes. A mode is the method in which the IPSec protocol is applied to the packet. IPSec can be used in tunnel mode or transport mode. Typically, the tunnel mode is used for gateway-to-gateway IPSec tunnel - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 228
Manual for the Model Wireless ADSL Firewall Router DG834G Key Management IPSec uses the Internet Key Exchange (IKE) protocol to facilitate and automate the SA setup a VPN before you begin the configuration process. You should understand whether the firmware is up to date, all of the addresses that - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 229
Reference Manual for the Model Wireless ADSL Firewall Router DG834G VPN Process Overview Even though IPSec is standards-based, each vendor has its own set of terms and procedures for implementing the standard. Because of these differences, it may be a good idea to review some of the terms and the - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 230
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Table E-1. WAN (Internet/Public) and LAN (Internal/Private) Addressing Gateway Gateway A Gateway A Gateway B Gateway B LAN or WAN LAN (Private) WAN (Public) LAN (Private) WAN (Public) VPNC Example Address 10.5.6.1 14.15.16.17 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 231
Reference Manual for the Model Wireless ADSL Firewall Router DG834G DG834G VPN Firewall A VPN Tunnel DG834G VPN Firewall B PCs PCs Figure E-5: VPN Tunnel SA The SA contains all the information necessary for gateway A to negotiate a secure and encrypted communication stream with gateway B. - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 232
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 1. The IPSec software on Host A initiates the follow the examples given for Scenario 1 of the VPN Consortium. VPNC IKE Phase I Parameters The IKE Phase 1 parameters used: • Main mode • TripleDES • SHA-1 • MODP group 1 • - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 233
Reference Manual for the Model Wireless ADSL Firewall Router DG834G • SA lifetime of 28800 seconds (eight hours) VPNC IKE Phase II Parameters The IKE Phase 2 parameters used in Scenario 1 are: • TripleDES • SHA-1 • ESP tunnel mode • MODP group 1 • Perfect forward secrecy for rekeying - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 234
Manual for the Model Wireless ADSL Firewall Router DG834G . • [RFC 1483] Multiprotocol Encapsulation over ATM Adaptation Layer 5, Juha Heinanen, Telecom Finland, July 1993 , November 1998. • [RFC 2407] D. Piper, The Internet IP Security Domain of Interpretation for ISAKMP, November 1998. • [RFC 2474 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 235
B Scenario 1 LAN-to-LAN or Gateway-to-Gateway (not PC/Client-to-Gateway) IKE with Preshared Secret/Key (not Certificate-based) June 2004 DG834G firmware version V2.10.17 FVL328 with firmware version V2.0_07 Static IP address Static IP address NETGEAR VPN Configuration F-1 202-10006-05, June 2005 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 236
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 10.5.6.0/24 LAN IP 10.5.6.1 VPNC Example Network Interface Addressing Gateway A DG834G 14.15.16.17 WAN IP 22.23.24.25 WAN IP Gateway B FVL328 172.23.9.0/24 LAN IP 172.23.9.1 Figure F-1: Addressing and Subnet Used for - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 237
Reference Manual for the Model Wireless ADSL Firewall Router DG834G toFVL328 10.5.6.1 172.23.9.1 Click VPN Policies under Advanced - VPN to invoke this screen toFVL328 22.23.24.25 10 5 6 172 23 9 Figure F-2: Viewing and editing the VPN parameters of the DG834G at gateway A NETGEAR VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 238
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 2. Configure the FVL328 as in the Gateway-to-Gateway procedures for the VPN Wizard (see "How to Set Up a Gateway-to-Gateway VPN Configuration" on page 8-20), being certain to use appropriate network addresses for the environment. a. - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 239
Reference Manual for the Model Wireless ADSL Firewall Router DG834G toDG834 22.23.24.25 14.15.16.17 Click IKE Policies under VPN to invoke this screen toDG834 22.23.24.25 14.15.16.17 toDG834 172.23.9.1 10.5.6.1 Click VPN Policies under VPN to invoke this screen toDG834 toDG834 14.15.16.17 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 240
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 3. Test the VPN tunnel by pinging the remote network from a PC attached to the DG834G. a. Open the command prompt (Start -> Run -> cmd) b. ping 172.23.9.1 Figure F-4: ping 172.23.9.1 Note: The pings may fail the first time. If this - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 241
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Table F-1. Profile Summary VPN Consortium Scenario: Type of VPN Security Scheme: Date Tested: Model/Firmware Tested: NETGEAR-Gateway A NETGEAR-Gateway B IP Addressing: NETGEAR-Gateway A NETGEAR-Gateway B Scenario 1 LAN-to-LAN or - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 242
Manual for the Model Wireless ADSL Firewall Router DG834G A Dynamic DNS (DDNS) service allows a user whose public IP address is dynamically assigned to be located by a host or domain name. It provides a central public database where information (such as email addresses, host names and IP addresses - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 243
box Use a Dynamic DNS Service. • Host Name = dg834g.dyndns.org • User Name = c. Click Show Status. The resulting screen should show Update OK: good (see Figure F-7). Figure F-7: Status Screen NETGEAR VPN Configuration F-9 202-10006 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 244
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 4. On the FVL328, configure the Dynamic DNS settings. Assume a properly configured DynDNS account. a. Browse to the Dynamic DNS Setup Screen (see Figure F-8) in the Advanced menu. Figure F-8: Dynamic DNS Setup Screen b. Select the - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 245
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Figure F-9: Dynamic DNS Setup Screen c. Click Show Status. The resulting screen should show Update OK: good (see Figure F-10). Figure F-10: Status Screen NETGEAR VPN Configuration 202-10006-05, June 2005 F-11 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 246
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 5. Configure the DG834G as in the Gateway-to-Gateway procedures using the VPN Wizard (see "How to Set Up a Gateway-to-Gateway VPN Configuration" on page 8-20), being certain to use appropriate network addresses for the environment. - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 247
Scheme: Date Tested: Model/Firmware Tested: Gateway Client IP Addressing: Gateway Client Scenario 1 PC/client-to-gateway, with client behind NAT router IKE with Preshared Secret/Key (not Certificate-based) May 2005 DG834G firmware version v2.10.20 NETGEAR ProSafe VPN Client v10.5.1 (build 8) Fully - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 248
VPN router at its LAN address of http://192.168.0.1 with its default user name of admin and password of password. Click the VPN Policies link in the main menu to display the VPN Policies screen. Click Add Auto Policy to proceed and enter the information. F-14 202-10006-05, June 2005 NETGEAR VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 249
Reference Manual for the Model Wireless ADSL Firewall Router DG834G fromDG834G (in the example) Dynamic IP address IKE Keep Alive is optional; must match Remote LAN IP Address when enabled (remote PC must respond to pings) Subnet address 192.168.0.1 (in this example) 255.255.255.0 Single address 192 - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 250
This procedure describes how to configure the DG834G Wireless ADSL Firewall Router. We will assume the PC running the client has a dynamically assigned IP address. The PC must have a VPN client program installed that supports IPSec (in this case study, the NETGEAR VPN ProSafe Client is used). Go to - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 251
Reference Manual for the Model Wireless ADSL Firewall Router DG834G b. If you do not have a modem or dial-up adapter installed in your PC, you may see the warning message stating "The NETGEAR ProSafe VPN Component requires at least one dial-up adapter be installed." You can disregard this message. - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 252
Manual for the Model Wireless ADSL Firewall Router DG834G ntgr Figure F-16: Security Policy Editor Connection settings c. Select Secure in the Connection Security check box. d. Select IP Subnet in the ID Type menu. e. In this example, type 192.168.0.1 in the Subnet field as the network address - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 253
Reference Manual for the Model Wireless ADSL Firewall Router DG834G b. Click on the Security Policy subheading to show the Security Policy menu. Figure F-17: Security Policy Editor security policy c. Select the Main Mode in the Select Phase 1 Negotiation Mode check box. 4. Configure the VPN Client - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 254
Reference Manual for the Model Wireless ADSL Firewall Router DG834G a. In the Network Security Policy list on the left side of the Security Policy Editor window, click My Identity. Figure F-18: Security Policy Editor my identity b. Choose None in the Select Certificate menu. c. Select Domain Name - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 255
Reference Manual for the Model Wireless ADSL Firewall Router DG834G e. Click the Pre-Shared Key button. In the Pre-Shared Key dialog box, click the Enter Key button. Enter the DG834G's Pre-Shared Key and click OK. In this example, 12345678 is entered. This field is case sensitive. Figure F-19: - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 256
Reference Manual for the Model Wireless ADSL Firewall Router DG834G b. Expand the Authentication subheading by select Unspecified. g. In the Key Group menu, select Diffie-Hellman Group 2. 6. Configure the VPN Client Key Exchange Proposal. In this step, you will provide the type of encryption (DES - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 257
Manual for the Model Wireless ADSL Firewall Router DG834G window, select Save. After you have configured and saved the VPN client information, your PC will automatically open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router's LAN. NETGEAR VPN - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 258
Connection, you can initiate a request from the remote PC to the VPN router's network by using the Connect option in the DG834G wireless router menu bar (see Figure F-22). Since the remote PC has a dynamically assigned WAN IP address, it must initiate the request. a. Right-click the system tray icon - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 259
progress and status of the VPN client connection, open the DG834G Wireless ADSL Firewall Router Log Viewer. 1. To launch this function, click on the Windows Start button, then select Programs, then DG834G Wireless ADSL Firewall Router, then Log Viewer. NETGEAR VPN Configuration 202-10006-05, June - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 260
Manual for the Model Wireless ADSL Firewall Router DG834G Note: Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN to a remote LAN through a VPN, you might not have normal Internet access. If this is the case - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 261
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Viewing the VPN Router's VPN Status and Log Information To view information on the status of the VPN client connection, open the VPN router's VPN Status screen by following the steps below: 1. To view this screen, click the Router - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 262
Reference Manual for the Model Wireless ADSL Firewall Router DG834G 2. To view the VPN tunnels status, click the VPN Status link on the right side of the main menu. Current VPN Tunnels (SAs) screen F-28 202-10006-05, June 2005 NETGEAR VPN Configuration - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 263
of an access point (AP). Ad-hoc mode is also referred to as peer-to-peer mode or an Independent Basic Service Set (IBSS). Ad-hoc mode is useful for establishing a network where wireless infrastructure does not exist or where services are not required. ADSL Asymmetric Digital Subscriber Line See - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 264
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Cat 5 Denial of Service attack DHCP DMZ DNS Domain Name Domain Name Server DSLAM Dynamic Host Configuration Protocol Gateway IP Category 5 unshielded twisted pair (UTP) cabling. An Ethernet network operating at 10 Mbits/second ( - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 265
Reference Manual for the Model Wireless ADSL Firewall Router DG834G IP Address IPSec ISP Internet Protocol LAN local area network MAC address Mbps MDI/MDIX MSB MTU Maximum Transmit A four-byte number uniquely defining each host on the Internet. Ranges of addresses are assigned by Internic, an - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 266
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Netmask Network Address Translation packet PPP PPPoA PPPoE PPP over ATM PPP over Ethernet PPTP PSTN Point-to-Point Protocol RADIUS RFC RIP 4 A number that explains which part of an IP address comprises the network address and - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 267
Manual for the Model Wireless ADSL Firewall Router DG834G router Routing Information Protocol SSID subnet mask Universal Plug and Play UTP VCI VPI WAN WEP wide area network Wi-Fi A device that forwards data between networks. An IP router forwards data based on IP source and destination addresses - Netgear DG834Gv1 | DG834Gv2 Reference Manual - Page 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G Windows Internet Naming Service WINS WPA WINS. Windows Internet Naming Service is a server process for resolving Windows-based computer names to IP addresses. If a remote network contains a WINS server, your Windows PCs can gather
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
 |
 |
202-10006-05, June 2005
202-10006-05
June 2005
NETGEAR
, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
Phone 1-888-NETGEAR
Reference Manual for the
Model Wireless ADSL
Firewall Router DG834G