Home » Netgear Manuals » Modems » Netgear DGND3300v2 » Manual Viewer

Netgear DGND3300v2 User Manual - Page 105

Dynamic IP, address, domain name, Fields and Settings, Description, IKE Keep Alive

Add to My Manuals
Save this manual to your list of manuals

Page 105 highlights

N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual Table 5. VPN - Auto Policy Screen Settings (Continued) Fields and Settings Description Parameters (Continued) SA Life Time The time interval before the SA (security association) expires. (It is automatically reestablished as required.) While using a short time period (or data amount) increases security, it also degrades performance. It is common to use periods over an hour (3600 seconds) for the SA life-time. This setting applies to both IKE and IPSec SAs. Enable IPSec PFS • If this check box is selected, security is enhanced by ensuring that (Perfect Forward the key is changed at regular intervals. Also, even if one key is Secrecy) broken, subsequent keys are no easier to break. (Each key has no relationship to the previous key.) • This setting applies to both IKE and IPSec SAs. When configuring the remote endpoint to match this setting, you might have to specify the key group used. For this device, the key group is the same as the DH Group setting in the IKE section. General Policy Name Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. It is used only to help you manage the policies. Remote VPN Endpoint • The remote VPN endpoint must have this VPN gateway's address entered as its remote VPN endpoint. • If the remote endpoint has a dynamic IP address, select Dynamic IP address. No address data input is required. You can set up multiple remote dynamic IP policies, but only one such policy can be enabled at a time. Otherwise, select an option (IP address or domain name) and enter the address of the remote VPN endpoint to which you want to connect. IKE Keep Alive • If you want to ensure that a connection is kept open, or, if that is not possible, that it is quickly reestablished when disconnected, select this check box. • The ping IP address must be associated with the remote endpoint. The remote LAN address must be used. This IP address will be pinged periodically to generate traffic for the VPN tunnel. The remote keep-alive IP address must be covered by the remote LAN IP range and must correspond to a device that can respond to ping. The range should be made as narrow as possible to meet this objective. Local LAN Subnet Mask The remote VPN endpoint must have these IP Single/Start IP Address addresses entered as its remote addresses. Enter the network mask. • Enter the IP address for a single address, or the starting address for an address range. A single address setting is used when you want to make a single server on your LAN available to remote users. A range must be an address range used on your LAN. • Any. The remote VPN endpoint might be at any IP address. Chapter 6. Virtual Private Networking | 105

Section	Page
N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2	1
Table of Contents	3
1. Router Internet Setup	7
Using the Setup Manual	7
Logging In to Your N300 Wireless Modem Router	8
Using the Setup Wizard	9
Viewing or Manually Configuring Your ISP Settings	10
Configuring ADSL Settings	14
2. Wireless Settings	15
Planning Your Wireless Network	15
Wireless Placement and Range Guidelines	16
Wireless Security Options	17
Manually Configuring Your Wireless Settings	18
Configuring WEP Wireless Security	20
Configuring WPA, WPA2, or Mixed WPA2 + WPA Wireless Security	22
Using Push 'N' Connect (WPS) to Configure Your Wireless Network	24
Using a WPS Button to Add a WPS Client	24
Using PIN Entry to Add a WPS Client	25
Configuring Advanced WPS Settings	27
Connecting Additional Wireless Client Devices after WPS Setup	27
Adding More WPS Clients	28
Adding Both WPS and Non-WPS Clients	28
Restricting Access to Your N300 Wireless Modem Router	29
Wireless Guest Networks	30
Live Parental Controls	32
3. Security Settings	34
Protecting Access to Your N300 Wireless Modem Router	34
Changing the Built-In Password	35
Restricting Access by MAC Address	35
Blocking Access to Internet Sites	37
Firewall Rules	38
Port Forwarding	41
Adding a Pre-set Port Forwarding Rule	42
Adding a Custom Port Forwarding Rule	42
Port Triggering	43
Blocking Access to Internet Services	44
Scheduling Blocking	45
Viewing Logs of Web Access or Attempted Web Access	46
Configuring Email Alert and Web Access Log Notifications	47
Setting the Time	49
4. Network Maintenance	50
Upgrading the Firmware	50
Manually Check for Firmware Upgrades	51
Viewing N300 Wireless Modem Router Status Information	52
Connection Status	55
Statistics	56
Viewing a List of Attached Devices	57
Managing the Configuration File	57
Backing Up and Restoring the Configuration	58
Erasing the Configuration	58
Running Diagnostic Utilities and Rebooting the Router	58
Enabling Remote Management Access	59
Traffic Meter	61
5. USB Storage	64
USB Drive Requirements	65
File Sharing Scenarios	65
Sharing Photos with Friends and Family	66
Storing Files in a Central Location for Printing	66
Sharing Large Files with Colleagues	66
USB Storage Basic Settings	67
Editing a Network Folder	68
Configuring USB Storage Advanced Settings	69
Creating a Network Folder	71
Media Server Settings	72
Unmounting a USB Drive	72
Specifying Approved USB Devices	72
Connecting to the USB Drive from a Remote Computer	73
Locating the Internet Port IP Address	73
Accessing the Router’s USB Drive Remotely Using FTP	74
Connecting to the USB Drive with Microsoft Network Settings	74
Enabling File and Printer Sharing	74
6. Virtual Private Networking	76
Overview of VPN Configuration	76
Client-to-Gateway VPN Tunnels	77
Gateway-to-Gateway VPN Tunnels	77
Planning a VPN	78
VPN Tunnel Configuration	79
Setting Up a Client-to-Gateway VPN Configuration	80
Step 1: Configure the Client-to-Gateway VPN Tunnel	80
Step 2: Configure the NETGEAR ProSafe VPN Client	83
Setting Up a Gateway-to-Gateway VPN Configuration	90
VPN Tunnel Control	94
Activating a VPN Tunnel	94
Verifying the Status of a VPN Tunnel	97
Deactivating a VPN Tunnel	98
Deleting a VPN Tunnel	100
Setting Up VPN Tunnels in Special Circumstances	100
Using Auto Policy to Configure VPN Tunnels	101
Using Manual Policy to Configure VPN Tunnels	109
7. Advanced Settings (Part 1)	112
Using the LAN Setup Options	112
Using the N300 Wireless Modem Router as a DHCP Server	114
Address Reservation	115
Using a Dynamic DNS Service	116
Configuring the WAN Setup Options	117
Setting Up a Default DMZ Server	119
Setting Up Quality of Service (QoS)	119
Configuring QoS for Internet Access	120
Editing or Deleting an Existing QoS Policy	123
Configuring Static Routes	123
Wireless Repeating (Also Called WDS)	125
Wireless Repeating Function	126
Setting Up the Base Station	127
Setting Up a Repeater Unit	128
8. Advanced Settings (Part 2)	130
Common Connection Types	130
Assessing Your Speed Requirements	131
Optimizing Your Network Bandwidth	132
Optimizing Wireless Performance	133
Changing the MTU Size	134
Universal Plug and Play	135
A. Troubleshooting	137
Quick Tips	137
Troubleshooting with the LEDs	138
Cannot Access the N300 Wireless Modem Router Menu	140
Cannot Access the Internet	141
Checking the Configuration	141
Checking the WAN IP Address	141
Troubleshooting a Network Using the Ping Utility	142
Testing the LAN Path to Your Router	143
Testing the Path from Your Computer to a Remote Device	143
Problems with Date and Time	144
Wireless Connectivity	145
Viewing Available Networks	145
B. Default Configuration and Technical Specifications	147
Restoring the Factory Configuration Settings	147
Using the Restore Factory Settings Button	147
Technical Specifications	150
C. NETGEAR VPN Configuration	151
Configuration Profile	151
Step-by-Step Configuration	152
N300 Wireless Modem Router with FQDN to Gateway B	153
Configuration Profile	153
Step-by-Step Configuration	155
Configuration Summary (Telecommuter Example)	157
Setting Up Client-to-Gateway VPN (Telecommuter Example)	158
Step 1: Configure Gateway A (VPN Router at Main Office)	159
Step 2: Configure Gateway B (VPN Router at Regional Office)	160
Monitoring the VPN Tunnel (Telecommuter Example)	166
Viewing the VPN Router’s VPN Status and Log Information	167
D. Notification of Compliance	168
E. Related Documents	172

Match case Limit results 1 per page

Chapter 6.

Virtual Private Networking

105

N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual

Parameters

(Continued)

SA Life Time

The time interval before the SA (security association) expires. (It is

automatically reestablished as required.) While using a short time

period (or data amount) increases security, it also degrades

performance. It is common to use periods over an hour (3600 seconds)

for the SA life-time. This setting applies to both IKE and IPSec SAs.

Enable IPSec PFS

(Perfect Forward

Secrecy)

• If this check box is selected, security is enhanced by ensuring that

the key is changed at regular intervals. Also, even if one key is

broken, subsequent keys are no easier to break. (Each key has no

relationship to the previous key.)

• This setting applies to both IKE and IPSec SAs. When configuring

the remote endpoint to match this setting, you might have to specify

the key group used. For this device, the key group is the same as the

DH Group setting in the IKE section.

General

Policy Name

Enter a unique name to identify this policy. This name is not supplied to

the remote VPN endpoint. It is used only to help you manage the

policies.

Remote VPN

Endpoint

• The remote VPN endpoint must have this VPN gateway's address

entered as its remote VPN endpoint.

• If the remote endpoint has a dynamic IP address, select

Dynamic IP

address

. No address data input is required. You can set up multiple

remote dynamic IP policies, but only one such policy can be enabled

at a time. Otherwise, select an option (

IP address

domain name

)

and enter the address of the remote VPN endpoint to which you want

to connect.

IKE Keep Alive

• If you want to ensure that a connection is kept open, or, if that is not

possible, that it is quickly reestablished when disconnected, select

this check box.

• The ping IP address must be associated with the remote endpoint.

The remote LAN address must be used. This IP address will be

pinged periodically to generate traffic for the VPN tunnel. The remote

keep-alive IP address must be covered by the remote LAN IP range

and must correspond to a device that can respond to ping. The range

should be made as narrow as possible to meet this objective.

Local LAN

The remote VPN

endpoint must

have these IP

addresses entered

as its remote

addresses.

Subnet Mask

Enter the network mask.

Single/Start IP

Address

•

Enter the IP address for a single address, or the starting address for

an address range. A single address setting is used when you want to

make a single server on your LAN available to remote users. A range

must be an address range used on your LAN.

•

Any

. The remote VPN endpoint might be at any IP address.

Table 5.

VPN - Auto Policy Screen Settings

(Continued)

Fields and Settings

Description