Home » Netgear Manuals » Bridges & Routers » Netgear FVS318G » Manual Viewer

Netgear FVS318G FVS318G User Manual - Page 112

Pre-Shared Key, Check the Enable Perfect Forward Secrecy PFS box, and choose the Diffie-Hellman

UPC - 606449064827

Add to My Manuals
Save this manual to your list of manuals

Page 112 highlights

ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual e. From the ID Type pull-down menu, choose Domain name and enter the FQDN of the VPN firewall; in this example it is "local_id.com". f. Choose Gateway IP Address from the second pull-down menu and enter the WAN IP address of the VPN firewall; in this example it is "172.21.4.1". 2. From the left side of the menu, click My Identity and enter the following information: a. Click Pre-Shared Key and enter the key you configured in the FVS318G IKE menu. b. From the Select Certificate pull-down menu, choose None. c. From the ID Type pull-down menu, choose Domain Name and create an identifier based on the name of the IKE policy you created; for example "salesperson11.remote_id.com". d. Under Virtual Adapter pull-down menu, choose Preferred. The Internal Network IP Address should be 0.0.0.0. Note: If no box is displayed for Internal Network IP Address, go to Options/ Global Policy Settings, and check the box for "Allow to Specify Internal Network Address." e. Select your Internet Interface adapter from the Name pull-down menu. 3. On the left-side of the menu, choose Security Policy. a. Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio button. b. Check the Enable Perfect Forward Secrecy (PFS) box, and choose the Diffie-Hellman Group 2 from the PFS Key Group pull-down menu. c. Enable Replay Detection should be checked. 4. Click on Authentication (Phase 1) on the left-side of the menu and choose Proposal 1. Enter the Authentication values to match those in the VPN firewall ModeConfig Record menu. 5. Click on Key Exchange (Phase 2) on the left-side of the menu and choose Proposal 1. Enter the values to match your configuration of the VPN firewall ModeConfig Record menu. (The SA Lifetime can be longer, such as 8 hours [28800 seconds]). 6. Click the Save icon to save the Security Policy and close the VPN ProSafe VPN client. To test the connection: 1. Right-click on the VPN client icon in the Windows toolbar and click Connect. The connection policy you configured will appear; in this case "My Connections\modecfg_test". 5-26 Virtual Private Networking Using IPsec 1.1 November, 2009

Section	Page
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual	1
Contents	5
About This Manual	11
Conventions, Formats, and Scope	11
How to Print This Manual	12
Revision History	12
Chapter 1 Introduction	15
Key Features of the VPN Firewall Router	15
Advanced VPN Support for IPsec	16
A Powerful, True Firewall with Content Filtering	16
Autosensing Ethernet Connections with Auto Uplink	17
Extensive Protocol Support	17
Easy Installation and Management	18
Maintenance and Support	18
Package Contents	19
Front Panel Features	19
Rear Panel Features	21
Default IP Address, Login Name, and Password Location	22
Qualified Web Browsers	22
Qualified Web Browsers	22
Chapter 2 Connecting the FVS318G to the Internet	23
Understanding the Connection Steps	23
Logging into the VPN Firewall Router Router	24
Navigating the Menus	25
Configuring the Internet Connections	26
Automatically Detecting and Connecting	27
Manually Configuring the Internet Connection	29
Configuring the WAN Mode	33
Network Address Translation	33
Classical Routing	34
Configuring Dynamic DNS (Optional)	35
Configuring the Advanced WAN Options (Optional)	37
Chapter 3 LAN Configuration	39
Choosing the Firewall DHCP Options	39
Configuring the LAN Setup Options	40
Managing Groups and Hosts (LAN Groups)	43
Viewing the LAN Groups Database	44
Changing Group Names in the LAN Groups Database	47
Configuring DHCP Address Reservation	47
Configuring Multi Home LAN IP Addresses	48
Configuring Static Routes	49
Configuring Routing Information Protocol (RIP)	51
Chapter 4 Firewall Protection and Content Filtering	53
About Firewall Protection and Content Filtering	53
Using Rules to Block or Allow Specific Kinds of Traffic	54
About Services-Based Rules	55
Outbound Rules (Service Blocking)	55
Inbound Rules (Port Forwarding)	57
Viewing the Rules	60
Order of Precedence for Rules	60
Setting the Default Outbound Policy	61
Creating a LAN WAN Outbound Services Rule	61
Creating a LAN WAN Inbound Services Rule	62
Modifying Rules	63
Inbound Rules Examples	65
LAN WAN Inbound Rule: Hosting A Local Public Web Server	65
LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses	65
LAN WAN Inbound Rule: Setting Up One-to-One NAT Mapping	66
LAN WAN Inbound Rule: Specifying an Exposed Host	68
Outbound Rules Example	68
LAN WAN Outbound Rule: Blocking Instant Messenger	68
Adding Customized Services	68
Modifying a Service	70
Setting Quality of Service (QoS) Priorities	70
Attack Checks	71
Blocking Internet Sites (Content Filtering)	73
Configuring Source MAC Filtering	76
Configuring IP/MAC Address Binding Alerts	78
Configuring Port Triggering	79
Setting a Schedule to Block or Allow Specific Traffic	81
Configuring a Bandwidth Profile	82
Configuring Session Limits	83
E-Mail Notifications of Event Logs and Alerts	85
Administrator Tips	85
Chapter 5 Virtual Private Networking Using IPsec	87
Using the VPN Wizard for Client and Gateway Configurations	87
Creating Gateway to Gateway VPN Tunnels with the Wizard	88
Creating a Client to Gateway VPN Tunnel	91
Use the VPN Wizard Configure the Gateway for a Client Tunnel	91
Use the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection	93
Testing the Connections and Viewing Status Information	97
NETGEAR VPN Client Status and Log Information	97
FVS318G VPN Connection Status and Logs	99
Managing VPN Policies	100
Managing IKE Policies	100
The IKE Policies Tab Page	101
Managing VPN Policies	102
The VPN Policies Tab Page	102
Configuring Extended Authentication (XAUTH)	103
Configuring XAUTH for VPN Clients	104
User Database Configuration	105
RADIUS Client Configuration	105
Assigning IP Addresses to Remote Users (ModeConfig)	107
Mode Config Operation	108
Configuring the VPN Firewall Router	108
Configuring the ProSafe VPN Client for ModeConfig	111
Configuring Keepalives and Dead Peer Detection	113
Configuring Keepalive	113
Configuring NetBIOS Bridging with VPN	115
Chapter 6 Managing Users, Authentication, and Certificates	117
Managing Users	117
Changing the Administrator Login	118
Changing the Guest Login	119
Setting administrator timeout and domain display name	120
Changing Passwords and Settings	120
RADIUS Server External Authentication	122
Managing Certificates	123
Viewing and Loading CA Certificates	125
Viewing Active Self Certificates	126
Obtaining a Self Certificate from a Certificate Authority	126
Managing your Certificate Revocation List (CRL)	129
Chapter 7 Router and Network Management	131
Performance Management	131
Bandwidth Capacity	131
Features That Reduce Traffic	132
Service Blocking	132
Services	133
Groups and Hosts	133
Schedule	134
Block Sites	134
Source MAC Filtering	135
Features That Increase Traffic	135
Port Forwarding	135
Port Triggering	137
VPN Tunnels	137
Using QoS to Shift the Traffic Mix	137
Tools for Traffic Management	138
Changing Passwords and Administrator Settings	138
Enabling Remote Management Access	140
Using the Command Line Interface	143
Using an SNMP Manager	143
Configuration File Management	145
Backup and Restore Settings	145
Revert to Factory Default Settings	147
Upgrading the Firmware	147
Configuring Date and Time Service	148
Chapter 8 Troubleshooting	151
Basic Functions	151
Power LED Not On	152
LEDs Never Turn Off	152
LAN or WAN Port LEDs Not On	152
Troubleshooting the Web Configuration Interface	153
Troubleshooting the ISP Connection	154
Troubleshooting a TCP/IP Network Using a Ping Utility	155
Testing the LAN Path to Your VPN Firewall Router	155
Testing the Path from Your PC to a Remote Device	156
Restoring the Default Configuration and Password	157
Problems with Date and Time	158
Using the Diagnostics Utilities	159
Appendix A Technical Specifications and Factory Default Settings	161
Appendix B Related Documents	165
Appendix C Two Factor Authentication	167
Why do I need Two-Factor Authentication?	167
What are the benefits of Two-Factor Authentication?	167
What is Two-Factor Authentication	168
NETGEAR Two-Factor Authentication Solutions	168

Match case Limit results 1 per page

ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual

5-26

Virtual Private Networking Using IPsec

1.1 November, 2009

From the ID Type pull-down menu, choose Domain name and enter the FQDN of the

VPN firewall; in this example it is “local_id.com”.

Choose Gateway IP Address from the second pull-down menu and enter the WAN IP

address of the VPN firewall; in this example it is “172.21.4.1”.

From the left side of the menu, click My Identity and enter the following information:

Click

Pre-Shared Key

and enter the key you configured in the FVS318G IKE menu.

From the Select Certificate pull-down menu, choose None.

From the ID Type pull-down menu, choose Domain Name and create an identifier based

on the name of the IKE policy you created; for example “salesperson11.remote_id.com”.

Under Virtual Adapter pull-down menu, choose Preferred. The Internal Network IP

Address should be 0.0.0.0.

Select your Internet Interface adapter from the Name pull-down menu.

On the left-side of the menu, choose Security Policy.

Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio

button.

Check the Enable Perfect Forward Secrecy (PFS) box, and choose the Diffie-Hellman

Group 2 from the PFS Key Group pull-down menu.

Enable Replay Detection should be checked.

Click on Authentication (Phase 1) on the left-side of the menu and choose Proposal 1. Enter

the Authentication values to match those in the VPN firewall ModeConfig Record menu.

Click on Key Exchange (Phase 2) on the left-side of the menu and choose Proposal 1. Enter

the values to match your configuration of the VPN firewall ModeConfig Record menu. (The

SA Lifetime can be longer, such as 8 hours [28800 seconds]).

Click the Save icon to save the Security Policy and close the VPN ProSafe VPN client.

To test the connection:

Right-click on the VPN client icon in the Windows toolbar and click Connect. The connection

policy you configured will appear; in this case “My Connections\modecfg_test”.

Note:

If no box is displayed for Internal Network IP Address, go to Options/

Global Policy Settings, and check the box for “Allow to Specify Internal

Network Address.”