Home » Netgear Manuals » Network Security & Firewall Devices » Netgear FVS318N » Manual Viewer

Netgear FVS318N FVS318 Reference Manual - Page 68

The FVS318 VPN tunnel, fields are defined in the following table., Table 6-1. - remote management

Add to My Manuals
Save this manual to your list of manuals

Page 68 highlights

Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall The FVS318 VPN tunnel network connection fields are defined in the following table. Table 6-1. VPN network connection configuration fields Field Description Connection Name The descriptive name of the VPN tunnel. Each tunnel should have a unique name. It is only used to help you identify VPN tunnels. Local IPSec identifier Enter a Local IPSec Identifier name for this endpoint. This name must be entered in the other VPN endpoint as the Remote IPSec Identifier. Remote IPSec identifier Enter a Remote IPSec Identifier name for the remote endpoint. This name must be entered in the other VPN endpoint as the Local IPSec Identifier. Tunnel can be accessed Use this field to manage what IP addresses in your LAN can use this VPN tunnel. from ... You can choose one of the following four options: 1. Any local address. This selection will enable any device on your LAN to communicate with the designated devices on the remote LAN communications through this tunnel. 2. A subnet of local addresses. Enter the Local LAN start IP address and subnet mask. For a discussion of calculating IP addresses based on a subnet mask, refer to "Netmask" on page B-4. 3. A range of local addresses, such as members of a department on your LAN. Enter the start and finish Local IP addresses. 4. A single local address, such as a single PC. Tunnel can access ... Remote WAN IP or FQDN Use this field to manage what IP addresses in the remote connection can use this VPN tunnel. You can choose one of the following four options: 1. A subnet of remote addresses. Enter a subnet for the remote LAN. For a discussion of calculating IP addresses based on a subnet mask, refer to "Netmask" on page B-4. 2. A range of remote addresses, such as members of a department. Enter the start and finish Local IP addresses. 3. A single remote address, such as a single PC. • If the PC is connected directly to the Internet, enter the PC's public IP address. • If the PC is connected to the Internet through a NAT router, select "A subnet of remote addresses" and enter the remote PC's LAN IP address in the Remote LAN start IP Address field, along with a Remote LAN IP Subnet Mask of 255.255.255.255. Then enter the NAT router's public (WAN) IP address or FQDN in the Remote WAN IP or FQDN field below. 4. The Remote WAN IP or FQDN. Enables traffic to the target remote VPN endpoint PC or VPN gateway identified by a WAN IP address or a FQDN. Enter the remote WAN IP address or FQDN. Enter the remote WAN IP address or FQDN. 6-4 Virtual Private Networking M-10146-01

Section	Page
Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall	1
Contents	5
Chapter 1 About This Manual	13
Audience	13
Scope	13
Typographical Conventions	14
Special Message Formats	14
How to Use the HTML Version of this Manual	15
How to Print this Manual	16
Chapter 2 Introduction	17
About the FVS318	17
Key Features	17
Virtual Private Networking (VPN)	17
A Powerful, True Firewall	18
Content Filtering	18
Configurable Auto Uplink™ Ethernet Connection	18
Protocol Support	19
Easy Installation and Management	20
What’s in the Box?	21
The Firewall’s Front Panel	21
The Firewall’s Rear Panel	22
Chapter 3 Connecting the Firewall to the Internet	23
What You Will Need Before You Begin	23
LAN Hardware Requirements	23
Computer Requirements	23
Cable or DSL Modem Requirement	23
LAN Configuration Requirements	24
Internet Configuration Requirements	24
Where Do I Get the Internet Configuration Parameters?	24
Worksheet for Recording Your Internet Connection Information	25
How to Connect the FVS318 VPN Firewall	26
Wizard-Detected PPPoE Option	31
Wizard-Detected Dynamic IP Option	32
Wizard-Detected Fixed IP (Static) Option	33
Testing Your Internet Connection	34
How to Manually Configure Your Internet Connection	35
Chapter 4 Protecting Your Network	39
Protecting Access to Your FVS318 VPN Firewall	39
How to Change the Built-In Password	39
How to Change the Administrator Login Timeout	40
Using Basic Firewall Services	40
How to Block Keywords and Sites	41
How to Block or Allow Services	43
How to Add to the List of Services	45
Setting Times and Scheduling Firewall Services	48
How to Set Your Time Zone	48
How to Schedule Firewall Services	49
Chapter 5 Advanced WAN and LAN Configuration	51
Configuring Advanced WAN Settings	51
Setting Up A Default DMZ Server	51
Enabling Access to Local Servers Through a FVS318	52
How to Configure Port Forwarding to Local Servers	52
Respond to Ping on Internet WAN Port	53
How to Support Internet Services, Applications, or Games	53
How to Clear a Port Assignment	54
Local Web and FTP Server Example	54
How to Set Up Computers for Half Life, KALI or Quake III	54
Working with LAN IP Settings	55
What Does UPnP Support Do for Me?	55
How to Enable UPnP	56
Understanding LAN TCP/IP Setup Parameters	57
Setting the MTU Size	58
Using the Router as a DHCP Server	58
How to Specify Reserved IP Addresses	59
How to Configure LAN TCP/IP Settings	60
How to Configure Dynamic DNS	61
Using Static Routes	62
Static Route Example	62
How to Configure Static Routes	63
Chapter 6 Virtual Private Networking	65
Overview of VPN Configuration	65
Understanding How FVS318 VPN Tunnels Are Configured	66
Configuring VPN Network Connection Parameters	67
Configuring a SA Using IKE Main Mode	69
Configuring a SA Using IKE Aggressive Mode	70
Configuring a SA Using Manual Key Management	71
Planning a VPN	73
How to Configure a Network to Network VPN Tunnel	75
How to Configure a Remote PC to Network VPN	80
Monitoring the PC VPN Connection Using SafeNet Tools	90
How to Configure Manual Keys as an Alternative to IKE	92
How to Delete a Security Association	94
Blank VPN Tunnel Configuration Worksheets	95
Chapter 7 Managing Your Network	97
Network Management Information	97
Viewing Router Status and Usage Statistics	97
Viewing Attached Devices	100
Viewing, Selecting, and Saving Logged Information	101
Selecting What Information to Log	102
Saving Log Files on a Server	103
Examples of log messages	103
Activation and Administration	103
Dropped Packets	103
Enabling Security Event E-mail Notification	104
Backing Up, Restoring, or Erasing Your Settings	105
How to Back Up the Configuration to a File	105
How to Restore a Configuration from a File	106
How to Erase the Configuration	107
Running Diagnostic Utilities and Rebooting the Router	107
How to Enable Remote Management	108
How to Upgrade the Router’s Firmware	109
Chapter 8 Troubleshooting	111
Basic Functions	111
Power LED Not On	112
Test LED Never Turns On or Test LED Stays On	112
Local or Internet Port Link LEDs Not On	112
Troubleshooting the Web Configuration Interface	113
Troubleshooting the ISP Connection	114
Troubleshooting a TCP/IP Network Using a Ping Utility	115
Testing the LAN Path to Your Firewall	116
Testing the Path from Your PC to a Remote Device	116
Restoring the Default Configuration and Password	117
Problems with Date and Time	118
Appendix A Technical Specifications	119
Technical Specifications	119
Appendix B Networks, Routing, and Firewall Basics	121
Related Publications	121
Basic Router Concepts	121
What is a Router?	121
Routing Information Protocol	122
IP Addresses and the Internet	122
Netmask	124
Subnet Addressing	124
Private IP Addresses	127
Single IP Address Operation Using NAT	128
MAC Addresses and Address Resolution Protocol	129
Related Documents	129
Domain Name Server	129
IP Configuration by DHCP	130
Internet Security and Firewalls	130
What is a Firewall?	131
Stateful Packet Inspection	131
Denial of Service Attack	131
Ethernet Cabling	131
Category 5 Cable Quality	132
Inside Twisted Pair Cables	133
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	134
Appendix C Preparing Your Network	137
Preparing Your Computers for TCP/IP Networking	137
Configuring Windows 95, 98, and Me for TCP/IP Networking	138
Install or Verify Windows Networking Components	138
Enabling DHCP to Automatically Configure TCP/IP Settings	140
Selecting Windows’ Internet Access Method	142
Verifying TCP/IP Properties	142
Configuring Windows NT4, 2000 or XP for IP Networking	143
Install or Verify Windows Networking Components	143
DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4	144
DHCP Configuration of TCP/IP in Windows XP	144
DHCP Configuration of TCP/IP in Windows 2000	146
DHCP Configuration of TCP/IP in Windows NT4	149
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	150
Configuring the Macintosh for TCP/IP Networking	151
MacOS 8.6 or 9.x	151
MacOS X	152
Verifying TCP/IP Properties for Macintosh Computers	153
Verifying the Readiness of Your Internet Account	154
Are Login Protocols Used?	154
What Is Your Configuration Information?	154
Obtaining ISP Configuration Information for Windows Computers	155
Obtaining ISP Configuration Information for Macintosh Computers	156
Restarting the Network	157
Appendix D Virtual Private Networking	159
What is a VPN?	159
What Is IPSec and How Does It Work?	160
IPSec Security Features	160
IPSec Components	160
Encapsulating Security Payload (ESP)	161
Authentication Header (AH)	162
IKE Security Association	162
Mode	163
Key Management	164
Understand the Process Before You Begin	164
VPN Process Overview	165
Network Interfaces and Addresses	165
Interface Addressing	165
Firewalls	166
Setting Up a VPN Tunnel Between Gateways	166
VPNC IKE Security Parameters	168
VPNC IKE Phase I Parameters	168
VPNC IKE Phase II Parameters	169
Testing and Troubleshooting	169
Additional Reading	169
Appendix E NETGEAR VPN Configuration of FVS318 or FVM318 to FVL328	171
Configuration Profile	171
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	172
Step-By-Step Configuration of FVL328 Gateway B	175
Test the VPN Connection	179
Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to Cisco IOS	181
Configuration Profile	181
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	182
Step-By-Step Configuration of Cisco IOS Gateway B	185
Test the VPN Connection	188
Appendix G NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328	191
Configuration Profile	191
The Use of a Fully Qualified Domain Name (FQDN)	192
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	193
Step-By-Step Configuration of FVL328 Gateway B	197
Test the VPN Connection	202
Glossary	203
Numeric	203
A	203
B	204
C	205
D	206
E	207
F	207
G	208
H	208
I	208
L	210
M	210
N	211
O	212
P	212
Q	214
R	214
S	214
T	215
U	215
V	216
W	216

Match case Limit results 1 per page

Reference Manual for the Model FVS318 Broadband

ProSafe VPN Firewall

6-4

Virtual Private Networking

M-10146-01

The FVS318 VPN tunnel

network connection

fields are defined in the following table.

Table 6-1.

VPN network connection configuration fields

Field

Description

Connection Name

The descriptive name of the VPN tunnel. Each tunnel should have a unique

name. It is only used to help you identify VPN tunnels.

Local IPSec identifier

Enter a Local IPSec Identifier name for this endpoint. This name must be entered

in the other VPN endpoint as the Remote IPSec Identifier.

Remote IPSec identifier

Enter a Remote IPSec Identifier name for the remote endpoint. This name must

be entered in the other VPN endpoint as the Local IPSec Identifier.

Tunnel can be accessed

from ...

Use this field to manage what IP addresses in your LAN can use this VPN tunnel.

You can choose one of the following four options:

Any local address.

This selection will enable any device on your LAN to communicate with the

designated devices on the remote LAN communications through this tunnel.

A subnet of local addresses.

Enter the Local LAN start IP address and subnet mask. For a discussion of

calculating IP addresses based on a subnet mask, refer to

“Netmask“ on page

B-4

A range of local addresses, such as members of a department on your LAN.

Enter the start and finish Local IP addresses.

A single local address, such as a single PC.

Tunnel can access ...

Use this field to manage what IP addresses in the remote connection can use this

VPN tunnel. You can choose one of the following four options:

A subnet of remote addresses.

Enter a subnet for the remote LAN. For a discussion of calculating IP

addresses based on a subnet mask, refer to

“Netmask“ on page B-4

A range of remote addresses, such as members of a department.

Enter the start and finish Local IP addresses.

A single remote address, such as a single PC.

•

If the PC is connected directly to the Internet, enter the PC’s public IP

address.

•

If the PC is connected to the Internet through a NAT router, select “A subnet

of remote addresses” and enter the remote PC’s LAN IP address in the

Remote LAN start IP Address field, along with a Remote LAN IP Subnet

Mask of 255.255.255.255. Then enter the NAT router’s public (WAN) IP

address or FQDN in the Remote WAN IP or FQDN field below.

The Remote WAN IP or FQDN.

Enables traffic to the target remote VPN endpoint PC or VPN gateway

identified by a WAN IP address or a FQDN. Enter the remote WAN IP address

or FQDN.

Remote WAN IP

or FQDN

Enter the remote WAN IP address or FQDN.