Netgear FVS336G-100NAS Reference Manual - Page 110

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual 6. Assign at least one range of IP Pool addresses in the First IP Pool field to give to remote VPN clients. Note: The IP Pool should not be within your local network IP addresses. Use a different range of private IP addresses such as 172.20.xx.xx. 7. If you have a WINS Server on your local network, enter its IP address. 8. Enter one or two DNS Server IP addresses to be used by remote VPN clients. 9. If you enable Perfect Forward Secrecy (PFS), choose DH Group 1 or 2. This setting must match exactly the configuration of the remote VPN client, 10. Specify the Local IP Subnet to which the remote client will have access. Typically, this is your VPN firewall's LAN subnet, such as 192.168.2.1/255.255.255.0. (If not specified, it will default to the LAN subnet of the VPN firewall.) 11. Specify the VPN policy settings. These settings must match the configuration of the remote VPN client. Recommended settings are: • SA Lifetime: 3600 seconds • Authentication Algorithm: SHA-1 • Encryption Algorithm: 3DES 12. Click Apply. The new record should appear in the VPN Remote Host Mode Config Table. Next, you must configure an IKE Policy: 1. On the main menu, click VPN. The IKE Policies screen is displayed showing the current policies in the List of IKE Policies Table. (See Figure 5-10 on page 5-12.) 2. Click Add to configure a new IKE Policy. The Add IKE Policy screen is displayed.(See Figure 5-11 on page 5-13.) 3. Enable Mode Config by checking the Yes radio box and selecting the Mode Config record you just created from the pull-down menu. (You can view the parameters of the selected record by clicking the View selected radio box.) Mode Config works only in Aggressive Mode, and Aggressive Mode requires that both ends of the tunnel be defined by an FQDN. 4. In the General section: 5-22 Virtual Private Networking Using IPsec v1.0, October 2007