Home » Netgear Manuals » Modems » Netgear DG834Gv1 » Manual Viewer

Netgear DG834Gv1 DG834Gv2 Reference Manual - Page 145

Remote LAN, Single PC - no Subnet

Add to My Manuals
Save this manual to your list of manuals

Page 145 highlights

Reference Manual for the Model Wireless ADSL Firewall Router DG834G Remote LAN This identifies which PCs on the remote LAN are covered by this policy. For each selection, data must be provided as follows: • Single PC - no Subnet-select this option if there is no LAN (only a single PC) at the remote endpoint. If this option is selected, no additional data is required. The typical application is a PC running the VPN client at the remote end. • Single address-Enter an IP address in the "Single/Start IP address" field. This must be an address on the remote LAN. Typically, this setting is used when you wish to access a server on the remote LAN. • Range address-enter the starting IP address in the "Single/Start IP address" field, and the finish IP address in the "Finish IP address" field. This must be an address range used on the remote LAN. • Subnet address-enter an IP address in the "Single/Start IP address" field, and the desired network mask in the "Subnet Mask" field. The remote VPN endpoint must have these IP addresses entered as its "Local" addresses. IKE Direction/Type-this setting is used when determining if the IKE policy matches the current traffic. Select the desired option. • Responder only-incoming connections are allowed, but outgoing connections will be blocked. • Initiator and Responder-both incoming and outgoing connections are allowed. Exchange Mode-ensure the remote VPN endpoint is set to use "Main Mode". Diffie-Hellman (DH) Group-the Diffie-Hellman algorithm is used when exchanging keys. The DH Group setting determines the number of bit size used in the exchange. This value must match the value used on the remote VPN Gateway. Local Identity Type-select the desired option to match the "Remote Identity Type" setting on the remote VPN endpoint. • WAN IP Address-your Internet IP address. • Fully Qualified Domain Name-your domain name. • Fully Qualified User Name-your name, E-mail address, or other ID. Virtual Private Networking (Advanced Feature) 202-10006-05, June 2005 8-39

Section	Page
Reference Manual for the Model Wireless ADSL Firewall Router DG834G	1
Product and Publication Details	3
Contents	5
Chapter 1 About This Manual	15
Audience, Scope, Conventions, and Formats	15
How to Use This Manual	16
How to Print this Manual	17
Chapter 2 Introduction	19
About the Router	19
Key Features	19
A Powerful, True Firewall	20
802.11 Standards-based Wireless Networking	20
Easy Installation and Management	21
Protocol Support	21
Virtual Private Networking (VPN)	23
Content Filtering	23
Auto Sensing and Auto Uplink™ LAN Ethernet Connections	23
What’s in the Box?	23
The Router’s Front Panel	24
The Router’s Rear Panel	25
Chapter 3 Connecting the Router to the Internet	27
What You Need Before You Begin	27
ADSL Microfilter Requirements	27
ADSL Microfilter	27
ADSL Microfilter with Built-In Splitter	28
Ethernet Cabling Requirements	28
Computer Hardware Requirements	28
LAN Configuration Requirements	28
Internet Configuration Requirements	29
Where Do I Get the Internet Configuration Parameters?	29
Record Your Internet Connection Information	29
Connecting the DG834G to Your LAN	31
How to Connect the Router	31
Auto-Detecting Your Internet Connection Type	35
Wizard-Detected PPPoE Login Account Setup	36
Wizard-Detected PPPoA Login Account Setup	37
Wizard-Detected Dynamic IP Account Setup	37
Wizard-Detected IP Over ATM Account Setup	38
Wizard-Detected Fixed IP (Static) Account Setup	39
Testing Your Internet Connection	40
Manually Configuring Your Internet Connection	40
How to Perform Manual Configuration	41
Internet Connection Requires Login and Uses PPPoE	42
Internet Connection Requires Login and Uses PPPoA	43
Internet Connection Does Note Require A Login	44
ADSL Settings	45
Chapter 4 Wireless Configuration	47
Considerations for a Wireless Network	47
Observe Performance, Placement, and Range Guidelines	47
Implement Appropriate Wireless Security	48
Understanding Wireless Settings	49
How to Set Up and Test Basic Wireless Connectivity	53
How to Restricting Wireless Access to Your Network	54
Restricting Access to Your Network by Turning Off Wireless Connectivity	55
Restricting Wireless Access Based on the Wireless Network Name (SSID)	55
Restricting Wireless Access Based on the Wireless Station Access List	55
Choosing WEP Authentication and Security Encryption Methods	57
Authentication Type Selection	57
Encryption Choices	58
How to Configure WEP	59
How to Configure WPA-PSK	60
Chapter 5 Protecting Your Network	61
Protecting Access to Your DG834G Wireless ADSL Firewall Router	61
How to Change the Built-In Password	61
Changing the Administrator Login Timeout	62
Configuring Basic Firewall Services	62
Blocking Keywords, Sites, and Services	63
How to Block Keywords and Sites	63
Firewall Rules	65
Inbound Rules (Port Forwarding)	66
Inbound Rule Example: A Local Public Web Server	66
Inbound Rule Example: Allowing Videoconferencing	68
Considerations for Inbound Rules	68
Outbound Rules (Service Blocking)	69
Outbound Rule Example: Blocking Instant Messenger	69
Order of Precedence for Rules	71
Services	72
How to Define Services	72
Setting Times and Scheduling Firewall Services	73
How to Set Your Time Zone	73
How to Schedule Firewall Services	74
Chapter 6 Managing Your Network	77
Backing Up, Restoring, or Erasing Your Settings	77
How to Back Up the Configuration to a File	77
How to Restore the Configuration from a File	78
How to Erase the Configuration	78
Upgrading the Router’s Firmware	78
How to Upgrade the Router Firmware	79
Network Management Information	80
Viewing Router Status and Usage Statistics	80
Viewing Attached Devices	85
Viewing, Selecting, and Saving Logged Information	85
Selecting What Information to Log	87
Saving Log Files on a Server	88
Examples of Log Messages	88
Activation and Administration	88
Dropped Packets	88
Enabling Security Event E-mail Notification	89
Running Diagnostic Utilities and Rebooting the Router	90
Enabling Remote Management	91
Configuring Remote Management	91
Chapter 7 Advanced Configuration	93
Configuring Advanced Security	93
Setting Up A Default DMZ Server	93
How to Configure a Default DMZ Server	94
Connect Automatically, as Required	95
Disable Port Scan and DOS Protection	95
Respond to Ping on Internet WAN Port	95
MTU Size	95
Configuring LAN IP Settings	95
DHCP	97
Use Router as DHCP server	97
Reserved IP addresses	98
How to Configure LAN TCP/IP Settings	99
Configuring Dynamic DNS	99
How to Configure Dynamic DNS	100
Using Static Routes	101
Static Route Example	101
How to Configure Static Routes	102
Universal Plug and Play (UPnP)	104
Chapter 8 Virtual Private Networking (Advanced Feature)	107
Overview of VPN Configuration	108
Client-to-Gateway VPN Tunnels	108
Gateway-to-Gateway VPN Tunnels	108
Planning a VPN	109
VPN Tunnel Configuration	112
How to Set Up a Client-to-Gateway VPN Configuration	112
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the DG834G	113
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC	118
How to Set Up a Gateway-to-Gateway VPN Configuration	126
VPN Tunnel Control	133
Activating a VPN Tunnel	133
Using the VPN Status Page to Activate a VPN Tunnel	133
Activate the VPN Tunnel by Pinging the Remote Endpoint	134
Start Using a VPN Tunnel to Active It	136
Verifying the Status of a VPN Tunnel	136
Deactivating a VPN Tunnel	138
Using the Policy Table on the VPN Policies Page to Deactivate a VPN Tunnel	138
Using the VPN Status Page to Deactivate a VPN Tunnel	139
Deleting a VPN Tunnel	141
How to Set Up VPN Tunnels in Special Circumstances	141
Using Auto Policy to Configure VPN Tunnels	142
Configuring VPN Network Connection Parameters	142
Example of Using Auto Policy	147
Using Manual Policy to Configure VPN Tunnels	154
Chapter 9 Troubleshooting	157
Basic Functioning	157
Power LED Not On	158
Test LED Never Turns On or Test LED Stays On	158
LAN or WAN Port LEDs Not On	158
Troubleshooting the Web Configuration Interface	159
Troubleshooting the ISP Connection	160
ADSL link	160
WAN LED Blinking Yellow	160
WAN LED Off	160
Obtaining a WAN IP Address	161
Troubleshooting PPPoE or PPPoA	162
Troubleshooting Internet Browsing	162
Troubleshooting a TCP/IP Network Using the Ping Utility	163
Testing the LAN Path to Your Router	163
Testing the Path from Your Computer to a Remote Device	164
Restoring the Default Configuration and Password	165
Using the Reset button	165
Problems with Date and Time	165
Appendix A Technical Specifications	167
Appendix B Network and Routing Basics	169
Related Publications	169
Basic Router Concepts	169
What is a Router?	169
Routing Information Protocol	170
IP Addresses and the Internet	170
Netmask	172
Subnet Addressing	172
Private IP Addresses	175
Single IP Address Operation Using NAT	175
MAC Addresses and Address Resolution Protocol	176
Related Documents	177
Domain Name Server	177
IP Configuration by DHCP	177
Internet Security and Firewalls	178
What is a Firewall?	178
Stateful Packet Inspection	178
Denial of Service Attack	179
Ethernet Cabling	179
Category 5 Cable Quality	179
Inside Twisted Pair Cables	180
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	181
Appendix C Preparing Your Network	183
Preparing Your Computers for TCP/IP Networking	183
Configuring Windows 95, 98, and Me for TCP/IP Networking	184
Installing or Verifying Windows Networking Components	184
Enabling DHCP to Automatically Configure TCP/IP Settings in Windows 95B, 98, and Me	186
Selecting the Windows’ Internet Access Method	188
Verifying TCP/IP Properties	188
Configuring Windows NT4, 2000 or XP for IP Networking	189
Installing or Verifying Windows Networking Components	189
DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4	190
DHCP Configuration of TCP/IP in Windows XP	190
DHCP Configuration of TCP/IP in Windows 2000	192
DHCP Configuration of TCP/IP in Windows NT4	195
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	197
Configuring the Macintosh for TCP/IP Networking	198
MacOS 8.6 or 9.x	198
MacOS X	198
Verifying TCP/IP Properties for Macintosh Computers	199
Verifying the Readiness of Your Internet Account	200
Are Login Protocols Used?	200
What Is Your Configuration Information?	200
Obtaining ISP Configuration Information for Windows Computers	201
Obtaining ISP Configuration Information for Macintosh Computers	202
Restarting the Network	203
Appendix D Wireless Networking Basics	205
Wireless Networking Overview	205
Infrastructure Mode	205
Ad Hoc Mode (Peer-to-Peer Workgroup)	206
Network Name: Extended Service Set Identification (ESSID)	206
Authentication and WEP Data Encryption	206
802.11 Authentication	207
Open System Authentication	207
Shared Key Authentication	208
Overview of WEP Parameters	209
Key Size	210
WEP Configuration Options	211
Wireless Channels	211
WPA Wireless Security	212
How Does WPA Compare to WEP?	213
How Does WPA Compare to IEEE 802.11i?	214
What are the Key Features of WPA Security?	214
WPA Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS	216
WPA Data Encryption Key Management	218
Is WPA Perfect?	220
Product Support for WPA	220
Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged	220
Changes to Wireless Access Points	220
Changes to Wireless Network Adapters	221
Changes to Wireless Client Programs	222
Appendix E Virtual Private Networking	223
What is a VPN?	223
What Is IPSec and How Does It Work?	224
IPSec Security Features	224
IPSec Components	224
Encapsulating Security Payload (ESP)	225
Authentication Header (AH)	226
IKE Security Association	226
Mode	227
Key Management	228
Understand the Process Before You Begin	228
VPN Process Overview	229
Network Interfaces and Addresses	229
Interface Addressing	229
Firewalls	230
Setting Up a VPN Tunnel Between Gateways	230
VPNC IKE Security Parameters	232
VPNC IKE Phase I Parameters	232
VPNC IKE Phase II Parameters	233
Testing and Troubleshooting	233
Additional Reading	233
Appendix F NETGEAR VPN Configuration	235
DG834G to FVL328	235
Configuration Profile	235
Step-By-Step Configuration	236
DG834G with FQDN to FVL328	240
Configuration Profile	240
The Use of a Fully Qualified Domain Name (FQDN)	241
Step-By-Step Configuration	242
Configuration Summary (Telecommuter Example)	247
Setting Up the Client-to-Gateway VPN Configuration (Telecommuter Example)	248
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the VPN Router at the Employer’s Main Office	248
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter’s Home Office	250
Monitoring the VPN Tunnel (Telecommuter Example)	259
Viewing the PC Client’s Connection Monitor and Log Viewer	259
Viewing the VPN Router’s VPN Status and Log Information	261

Match case Limit results 1 per page

Reference Manual for the Model Wireless ADSL Firewall Router DG834G

Virtual Private Networking (Advanced Feature)

8-39

202-10006-05, June 2005

Remote LAN

This identifies which PCs on the remote LAN are covered by this policy. For each selection, data

must be provided as follows:

•

Single PC - no Subnet

—

select this option if there is no LAN (only a single PC) at the remote

endpoint. If this option is selected, no additional data is required. The typical application is a

PC running the VPN client at the remote end.

•

Single address

—

Enter an IP address in the "Single/Start IP address" field. This must be an

address on the remote LAN. Typically, this setting is used when you wish to access a server on

the remote LAN.

•

Range address

—

enter the starting IP address in the "Single/Start IP address" field, and the

finish IP address in the "Finish IP address" field. This must be an address range used on the

remote LAN.

•

Subnet address

—

enter an IP address in the "Single/Start IP address" field, and the desired

network mask in the "Subnet Mask" field.

The remote VPN endpoint must have these IP addresses entered as its "Local" addresses.

IKE

Direction/Type

—

this setting is used when determining if the IKE policy matches the current

traffic. Select the desired option.

•

Responder only

—incoming connections are allowed, but outgoing connections will be

blocked.

•

Initiator and Responder

—

both incoming and outgoing connections are allowed.

Exchange Mode

—

ensure the remote VPN endpoint is set to use "Main Mode".

Diffie-Hellman (DH) Group

—

the Diffie-Hellman algorithm is used when exchanging keys. The

DH Group setting determines the number of bit size used in the exchange. This value must match

the value used on the remote VPN Gateway.

Local Identity Type

—select the desired option to match the "Remote Identity Type" setting on the

remote VPN endpoint.

•

WAN IP Address

—

your Internet IP address.

•

Fully Qualified Domain Name

—

your domain name.

•

Fully Qualified User Name

—

your name, E-mail address, or other ID.