Netgear FVG318v1 Hub and Spoke VPN network using the VPN Prosafe Client
Netgear FVG318v1 - ProSafe 802.11g Wireless VPN Firewall Switch Manual
View all Netgear FVG318v1 manuals
Add to My Manuals
Save this manual to your list of manuals |
Netgear FVG318v1 manual content summary:
- Netgear FVG318v1 | Hub and Spoke VPN network using the VPN Prosafe Client - Page 1
over the Internet using VPNs (box-to-box and client-to-box). In particular it describes how to allow VPN clients (Spoke) to access Remote LANs (Spokes) via a single VPN connection to a central (Hub) Firewall/Router. The configuration can apply to any of the VPN Firewall/Router from firmware version - Netgear FVG318v1 | Hub and Spoke VPN network using the VPN Prosafe Client - Page 2
Table of Contents NETWORK SETUP...3 Physical setup...3 Logical setup ...3 Configuration of VPN policies on the Firewall/Routers 4 FVX538 VPN Config (Policy name: BoxtoBox 4 FVS338 VPN Config (Policy name: BoxtoBox 4 FVX538 VPN Config (Policy name: LAN1toVPN 5 FVX538 VPN Config (Policy name: - Netgear FVG318v1 | Hub and Spoke VPN network using the VPN Prosafe Client - Page 3
Internet via a modem or modem/router FVS338 connected to the Internet via a modem or modem/router VPN Client PCs connected Wireless/Wired to the Internet (via a LAN allowing IPSEC traffic) Logical setup FVX538 LAN IP: 172.22.101.101/24 DHCP: 172.22.101.0/24 Mode Config DHCP: 192.168.0.0/24 Firmware - Netgear FVG318v1 | Hub and Spoke VPN network using the VPN Prosafe Client - Page 4
on the Firewall/Routers FVX538 VPN Config (Policy name: BoxtoBox) Access the VPN Wizard via the VPN configuration page. Configure the Connection name (for admin reasons this will match the FVS338 box as BoxtoBox). ❶ ❶ Input the pre-shared key. Configure the Public or DNS address of the Remote - Netgear FVG318v1 | Hub and Spoke VPN network using the VPN Prosafe Client - Page 5
the VPN Wizard via the VPN configuration page. Create a new VPN client policy named LAN1toVPN (with any pre-shared key) Take note of the Remote and Local identifier whether using the default ones or new ones. Click on Apply Edit the LAN1toVPN. Change the Local IP setting to any and the Remote IP to - Netgear FVG318v1 | Hub and Spoke VPN network using the VPN Prosafe Client - Page 6
as 192.168.0.0/24 and the Remote IP subnet to be the LAN of the FVS338 as 172.22.102.0/24 Ensure that the Select IKE Policy is set to BoxtoBox Click on Apply FVS338 VPN Config (Policy name: LAN2Client) Access the VPN Wizard via the VPN configuration page. In the VPN Policy section click on Add - Netgear FVG318v1 | Hub and Spoke VPN network using the VPN Prosafe Client - Page 7
our scenario. Create a new VPN client policy Specify the Remote Party ID type as IP Subnet and the subnet and mask IP address will be specified at the WAN address of the FVX538 in our case In My identity change the pre-shared key to match the VPN policy LAN1toVPN created on the FVX538 (12345678) Set - Netgear FVG318v1 | Hub and Spoke VPN network using the VPN Prosafe Client - Page 8
run ipconfig to confirm once the VPN is established that the Virtual adapter interface is assigned with the IP address specified in the policy (in this case 192.168.0.1 ) Test the VPN connection to both the FVX538 and FVS338 by pinging each box LAN IP address FVS338 From Monitoring, Diagnostic on
Version 1.0
Hub and Spoke VPN using the VPN Prosafe Client
This document describes the steps to undertake in configuring a Hub-and-Spoke network over
the Internet using VPNs (box-to-box and client-to-box).
In particular it describes how to allow VPN clients (
Spoke
) to access Remote LANs (
Spokes
) via
a single VPN connection to a central (
Hub
) Firewall/Router.
The configuration can apply to any of the VPN Firewall/Router from firmware version 3.5.0.24 and
above, and VPN clients from version 10.8.3 and above.
The diagram below shows a typical scenario.
Internet
Spoke 2
192.168.0.x/24
VPN Box to Box connection
VPN Client to Box connection (mode config)
LAN2
LAN1
Client connection to LAN 2 via VPN Client connection to LAN1
FVS338 (Spoke 1)
Public IP: 83.71.251.20
LAN IP : 172.22.102.102
VPN Information:
BoxToBox
(To FVX538)
LAN2toClient
(FVS338 To VPN clients via FVX538)
FVX538
Public IP: 83.71.251.19
LAN IP: 172.22.101.101
VPN Information:
BoxToBox
(To FVS338)
LAN1toVPN
(FVX538 To VPN clients)
LAN2toClient
(VPN Clients to FVS338 via FVX538)
LAN1