Home » Netgear Manuals » Bridges & Routers » Netgear FVS318 » Manual Viewer

Netgear FVS318 FVS318v3 Reference Manual - Page 99

Table 6-1., VPN Manual Policy Configuration Fields

UPC - 606449023381

Add to My Manuals
Save this manual to your list of manuals

Page 99 highlights

Reference Manual for the ProSafe VPN Firewall FVS318v3 The VPN Manual Policy fields are defined in the following table. Table 6-1. VPN Manual Policy Configuration Fields Field General Policy Name Remote VPN Endpoint Traffic Selector Local IP Remote IP Authenticating Header (AH) Configuration SPI - Incoming SPI - Outgoing Enable Authentication Description These settings identify this policy and determine its major characteristics. The name of the VPN policy. Each policy should have a unique policy name. This name is not supplied to the remote VPN Endpoint. It is used to help you identify VPN policies. The WAN Internet IP address of the remote VPN firewall or client to which you wish to connect. The remote VPN endpoint must have this FVS318v3's WAN Internet IP address entered as its Remote VPN Endpoint. These settings determine if and when a VPN tunnel will be established. If network traffic meets all criteria, then a VPN tunnel will be created. The drop down menu allows you to configure the source IP address of the outbound network traffic for which this VPN policy will provide security. Usually, this address is from your network address space. The choices are: • ANY for all valid IP addresses in the Internet address space • Single IP Address • Range of IP Addresses • Subnet Address The drop down menu allows you to configure the destination IP address of the outbound network traffic for which this VPN policy will provide security. Usually, this address is from the remote site's corporate network address space. The choices are: • ANY for all valid IP addresses in the Internet address space • Single IP Address • Range of IP Addresses • Subnet Address AH specifies the authentication protocol for the VPN header. These settings must match the remote VPN endpoint. Note: The Incoming settings here must match the Outgoing settings on the remote VPN endpoint, and the Outgoing settings here must match the Incoming settings on the remote VPN endpoint. Enter a hexadecimal value (3 - 8 chars). Any value is acceptable, provided the remote VPN endpoint has the same value in its Outgoing SPI field. Enter a hexadecimal value (3 - 8 chars). Any value is acceptable, provided the remote VPN endpoint has the same value in its Incoming SPI field. Use this check box to enable or disable AH. Authentication is often not used. In this case, leave the check box unchecked. Advanced Virtual Private Networking January 2005 6-11

Section	Page
Reference Manual for the ProSafe VPN Firewall FVS318v3	1
Product and Publication Details	4
Contents	5
Chapter 1 About This Manual	13
Audience, Scope, Conventions, and Formats	13
How to Use This Manual	14
How to Print this Manual	15
Chapter 2 Introduction	17
Key Features of the VPN Firewall	17
A Powerful, True Firewall with Content Filtering	18
Security	18
Autosensing Ethernet Connections with Auto Uplink	19
Extensive Protocol Support	19
Easy Installation and Management	20
Maintenance and Support	20
Package Contents	21
The FVS318v3 Front Panel	21
The FVS318v3 Rear Panel	22
NETGEAR-Related Products	23
NETGEAR Product Registration, Support, and Documentation	23
Chapter 3 Connecting the Firewall to the Internet	25
Prepare to Install Your FVS318v3 ProSafe VPN Firewall	25
First, Connect the FVS318v3	25
Now, Configure the FVS318v3 for Internet Access	28
Troubleshooting Tips	30
Overview of How to Access the FVS318v3 VPN Firewall	32
How to Log On to the FVS318v3 After Configuration Settings Have Been Applied	33
How to Bypass the Configuration Assistant	34
Using the Smart Setup Wizard	35
How to Manually Configure Your Internet Connection	36
Chapter 4 Firewall Protection and Content Filtering	39
Firewall Protection and Content Filtering Overview	39
Block Sites	40
Using Rules to Block or Allow Specific Kinds of Traffic	41
Inbound Rules (Port Forwarding)	43
Inbound Rule Example: A Local Public Web Server	43
Inbound Rule Example: Allowing a Videoconference from Restricted Addresses	44
Considerations for Inbound Rules	44
Outbound Rules (Service Blocking)	45
Outbound Rule Example: Blocking Instant Messenger	45
Order of Precedence for Rules	46
Default DMZ Server	46
Respond to Ping on Internet WAN Port	47
Services	48
Using a Schedule to Block or Allow Specific Traffic	50
Time Zone	51
Getting E-Mail Notifications of Event Logs and Alerts	52
Viewing Logs of Web Access or Attempted Web Access	54
Syslog	55
Chapter 5 Basic Virtual Private Networking	57
Overview of VPN Configuration	58
Client-to-Gateway VPN Tunnels	58
Gateway-to-Gateway VPN Tunnels	58
Planning a VPN	59
VPN Tunnel Configuration	61
How to Set Up a Client-to-Gateway VPN Configuration	61
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS318v3	62
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC	65
Monitoring the Progress and Status of the VPN Client Connection	72
Transferring a Security Policy to Another Client	74
Exporting a Security Policy	74
Importing a Security Policy	75
How to Set Up a Gateway-to-Gateway VPN Configuration	76
Procedure to Configure a Gateway-to-Gateway VPN Tunnel	77
VPN Tunnel Control	82
Activating a VPN Tunnel	82
Start Using a VPN Tunnel to Activate It	82
Using the VPN Status Page to Activate a VPN Tunnel	82
Activate the VPN Tunnel by Pinging the Remote Endpoint	83
Verifying the Status of a VPN Tunnel	85
Deactivating a VPN Tunnel	86
Using the Policy Table on the VPN Policies Page to Deactivate a VPN Tunnel	86
Using the VPN Status Page to Deactivate a VPN Tunnel	87
Deleting a VPN Tunnel	88
Chapter 6 Advanced Virtual Private Networking	89
Overview of FVS318v3 Policy-Based VPN Configuration	89
Using Policies to Manage VPN Traffic	90
Using Automatic Key Management	90
IKE Policies’ Automatic Key and Authentication Management	91
VPN Policy Configuration for Auto Key Negotiation	93
VPN Policy Configuration for Manual Key Exchange	97
Using Digital Certificates for IKE Auto-Policy Authentication	101
Certificate Revocation List (CRL)	102
Walk-Through of Configuration Scenarios on the FVS318v3	102
VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets	103
FVS318v3 Scenario 1: FVS318v3 to Gateway B IKE and VPN Policies	104
How to Check VPN Connections	109
Testing the Gateway A FVS318v3 LAN and the Gateway B LAN	109
FVS318v3 Scenario 2: FVS318v3 to FVS318v3 with RSA Certificates	110
Chapter 7 Maintenance	117
Viewing VPN Firewall Status Information	117
Viewing a List of Attached Devices	121
Upgrading the Firewall Software	121
Configuration File Management	123
Backing Up the Configuration	123
Restoring the Configuration	123
Erasing the Configuration	124
Changing the Administrator Password	124
Chapter 8 Advanced Configuration	125
How to Configure Dynamic DNS	125
Using the LAN IP Setup Options	126
Configuring LAN TCP/IP Setup Parameters	127
Using the Firewall as a DHCP server	128
Using Address Reservation	129
Configuring Static Routes	129
Static Route Example	131
Enabling Remote Management Access	131
Chapter 9 Troubleshooting	135
Basic Functioning	135
Power LED Not On	135
LEDs Never Turn Off	136
LAN or Internet Port LEDs Not On	136
Troubleshooting the Web Configuration Interface	137
Troubleshooting the ISP Connection	138
Troubleshooting a TCP/IP Network Using a Ping Utility	139
Testing the LAN Path to Your Firewall	139
Testing the Path from Your PC to a Remote Device	140
Restoring the Default Configuration and Password	141
Problems with Date and Time	141
Appendix A Technical Specifications	143
Appendix B Network, Routing, and Firewall Basics	145
Related Publications	145
Basic Router Concepts	145
What is a Router?	146
Routing Information Protocol	146
IP Addresses and the Internet	146
Netmask	148
Subnet Addressing	149
Private IP Addresses	151
Single IP Address Operation Using NAT	152
MAC Addresses and Address Resolution Protocol	153
Related Documents	153
Domain Name Server	153
IP Configuration by DHCP	154
Internet Security and Firewalls	154
What is a Firewall?	155
Stateful Packet Inspection	155
Denial of Service Attack	155
Ethernet Cabling	155
Category 5 Cable Quality	156
Inside Twisted Pair Cables	157
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	158
Appendix C Virtual Private Networking	161
What is a VPN?	161
What Is IPSec and How Does It Work?	162
IPSec Security Features	162
IPSec Components	162
Encapsulating Security Payload (ESP)	163
Authentication Header (AH)	164
IKE Security Association	164
Mode	165
Key Management	166
Understand the Process Before You Begin	166
VPN Process Overview	167
Network Interfaces and Addresses	167
Interface Addressing	167
Firewalls	168
VPN Tunnel Between Gateways	168
VPNC IKE Security Parameters	170
VPNC IKE Phase I Parameters	170
VPNC IKE Phase II Parameters	171
Testing and Troubleshooting	171
Additional Reading	171
Appendix D Preparing Your Network	173
Preparing Your Computers for TCP/IP Networking	173
Configuring Windows 95, 98, and Me for TCP/IP Networking	174
Install or Verify Windows Networking Components	174
Enabling DHCP to Automatically Configure TCP/IP Settings	176
Selecting Windows’ Internet Access Method	178
Verifying TCP/IP Properties	178
Configuring Windows NT4, 2000 or XP for IP Networking	179
Install or Verify Windows Networking Components	179
Enabling DHCP to Automatically Configure TCP/IP Settings	180
DHCP Configuration of TCP/IP in Windows XP	180
DHCP Configuration of TCP/IP in Windows 2000	182
DHCP Configuration of TCP/IP in Windows NT4	185
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	187
Configuring the Macintosh for TCP/IP Networking	188
MacOS 8.6 or 9.x	188
MacOS X	188
Verifying TCP/IP Properties for Macintosh Computers	189
Verifying the Readiness of Your Internet Account	190
Are Login Protocols Used?	190
What Is Your Configuration Information?	190
Obtaining ISP Configuration Information for Windows Computers	191
Obtaining ISP Configuration Information for Macintosh Computers	192
Restarting the Network	193
Appendix E VPN Configuration of NETGEAR FVS318v3	195
Case Study Overview	195
Gathering the Network Information	195
Configuring the Gateways	196
Activating the VPN Tunnel	199
The FVS318v3-to-FVS318v3 Case	200
Configuring the VPN Tunnel	200
Viewing and Editing the VPN Parameters	203
Initiating and Checking the VPN Connections	205
The FVS318v3-to-FVS318v2 Case	207
Configuring the VPN Tunnel	207
Viewing and Editing the VPN Parameters	210
Initiating and Checking the VPN Connections	212
The FVS318v3-to-FVL328 Case	214
Configuring the VPN Tunnel	214
Viewing and Editing the VPN Parameters	217
Initiating and Checking the VPN Connections	219
The FVS318v3-to-VPN Client Case	221
Client-to-Gateway VPN Tunnel Overview	221
Configuring the VPN Tunnel	222
Initiating and Checking the VPN Connections	230
Glossary	233
List of Glossary Terms	233
Numeric	233
A	233
B	234
C	234
D	235
E	236
G	236
I	236
L	238
M	238
P	239
Q	240
R	240
S	241
T	241
U	241

Match case Limit results 1 per page

Reference Manual for the ProSafe VPN Firewall FVS318v3

Advanced Virtual Private Networking

6-11

January 2005

The VPN Manual Policy fields are defined in the following table.

Table 6-1.

VPN Manual Policy Configuration Fields

Field

Description

General

These settings identify this policy and determine its major characteristics.

Policy Name

The name of the VPN policy. Each policy should have a unique policy

name. This name is not supplied to the remote VPN Endpoint. It is used to

help you identify VPN policies.

Remote VPN Endpoint

The WAN Internet IP address of the remote VPN firewall or client to which

you wish to connect. The remote VPN endpoint must have this

FVS318v3’s WAN Internet IP address entered as its Remote VPN

Endpoint.

Traffic Selector

These settings determine if and when a VPN tunnel will be established. If

network traffic meets

all

criteria, then a VPN tunnel will be created.

Local IP

The drop down menu allows you to configure the source IP address of the

outbound network traffic for which this VPN policy will provide security.

Usually, this address is from your network address space. The choices are:

•

ANY for all valid IP addresses in the Internet address space

•

Single IP Address

•

Range of IP Addresses

•

Subnet Address

Remote IP

The drop down menu allows you to configure the destination IP address of

the outbound network traffic for which this VPN policy will provide security.

Usually, this address is from the remote site's corporate network address

space. The choices are:

•

ANY for all valid IP addresses in the Internet address space

•

Single IP Address

•

Range of IP Addresses

•

Subnet Address

Authenticating Header (AH)

Configuration

AH specifies the authentication protocol for the VPN header. These

settings must match the remote VPN endpoint.

Note:

The Incoming settings here must match the Outgoing settings on the

remote VPN endpoint, and the Outgoing settings here must match the

Incoming settings on the remote VPN endpoint.

SPI - Incoming

Enter a hexadecimal value (3 - 8 chars). Any value is acceptable, provided

the remote VPN endpoint has the same value in its Outgoing SPI field.

SPI - Outgoing

Enter a hexadecimal value (3 - 8 chars). Any value is acceptable, provided

the remote VPN endpoint has the same value in its Incoming SPI field.

Enable Authentication

Use this check box to enable or disable AH. Authentication is often not

used. In this case, leave the check box unchecked.