Home » Netgear Manuals » Bridges & Routers » Netgear FVS336G » Manual Viewer

Netgear FVS336G FVS336G Reference Manual - Page 128

Configuring the SSL VPN Client

UPC - 606449052015

Add to My Manuals
Save this manual to your list of manuals

Page 128 highlights

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Remote users can now securely access network applications once they have logged into the SSL VPN portal and launched Port Forwarding. Configuring the SSL VPN Client The SSL VPN Client within the FVS336G will assign IP addresses to remote VPN tunnel clients. Because the VPN tunnel connection is a point-to-point connection, you can assign IP addresses from the corporate subnet to the remote VPN tunnel clients. Some additional considerations are: • So that the virtual (PPP) interface address of a VPN tunnel client does not conflict with addresses on the corporate network, configure an IP address range that does not directly overlap with addresses on your local network. For example, if 192.168.1.1 through 192.168.1.100 are currently assigned to devices on your local network, then start the client address range at 192.168.1.101 or choose an entirely different subnet altogether. • The VPN tunnel client cannot contact a server on the corporate network if the VPN tunnel client's Ethernet interface shares the same IP address as the server or the VPN firewall (for example, if your laptop has a network interface IP address of 10.0.0.45, then you won't be able to contact a server on the remote network that also has the IP address 10.0.0.45). • If you assign an entirely different subnet to the VPN tunnel clients than the subnet used by the corporate network, you must - Add a client route to configure the VPN tunnel client to connect to the corporate network using the VPN tunnel. - Create a static route on the corporate network's firewall to forward local traffic intended for the VPN tunnel clients to the VPN firewall. • Select whether you want to enable full tunnel or split tunnel support based on your bandwidth: - Full tunnel. Sends all of the client's traffic across the VPN tunnel. - Split tunnel. Sends only traffic destined for the corporate network based on the specified client routes. All other traffic is sent to the Internet. Split tunnel allows you to manage your company bandwidth by reserving the VPN tunnel for corporate traffic only. 6-10 Virtual Private Networking Using SSL Connections v1.0, March 2009

Section	Page
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual	1
Contents	7
About This Manual	13
Conventions, Formats, and Scope	13
Revision History	14
Chapter 1 Introduction	15
Key Features	15
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	16
Advanced VPN Support for Both IPsec and SSL	16
A Powerful, True Firewall with Content Filtering	17
Autosensing Ethernet Connections with Auto Uplink	17
Extensive Protocol Support	18
Easy Installation and Management	18
Maintenance and Support	19
Package Contents	19
Front Panel Features	20
Rear Panel Features	21
Default IP Address, Login Name, and Password Location	22
Qualified Web Browsers	22
Chapter 2 Connecting the FVS336G to the Internet	23
Understanding the Connection Steps	23
Logging into the VPN Firewall Router	24
Navigating the Menus	25
Configuring the Internet Connections	26
Automatically Detecting and Connecting	27
Manually Configuring the Internet Connection	29
Configuring the WAN Mode (Required for Dual WAN)	32
Network Address Translation	33
Classical Routing	34
Configuring Auto-Rollover Mode	34
Configuring Load Balancing	36
Configuring Dynamic DNS (Optional)	38
Configuring the Advanced WAN Options (Optional)	40
Additional WAN Related Configuration	42
Chapter 3 LAN Configuration	43
Choosing the Firewall DHCP Options	43
Configuring the LAN Setup Options	44
Managing Groups and Hosts (LAN Groups)	47
Viewing the LAN Groups Database	48
Changing Group Names in the LAN Groups Database	49
Configuring DHCP Address Reservation	50
Configuring Multi Home LAN IP Addresses	51
Configuring Static Routes	52
Configuring Static Routes	52
Configuring Routing Information Protocol (RIP)	54
Chapter 4 Firewall Protection and Content Filtering	57
About Firewall Protection and Content Filtering	57
Using Rules to Block or Allow Specific Kinds of Traffic	58
About Services-Based Rules	59
Viewing the Rules	64
Order of Precedence for Rules	64
Setting the Default Outbound Policy	64
Creating a LAN WAN Outbound Services Rule	65
Creating a LAN WAN Inbound Services Rule	66
Inbound Rules Examples	67
Outbound Rules Example	70
Adding Customized Services	70
Setting Quality of Service (QoS) Priorities	72
Attack Checks	73
Blocking Internet Sites (Content Filtering)	74
Configuring Source MAC Filtering	77
Configuring IP/MAC Address Binding Alerts	79
Configuring Port Triggering	80
Setting a Schedule to Block or Allow Specific Traffic	82
Configuring a Bandwidth Profile	82
Configuring Session Limits	84
E-Mail Notifications of Event Logs and Alerts	85
Administrator Tips	85
Chapter 5 Virtual Private Networking Using IPsec	87
Considerations for Dual WAN Port Systems	87
Using the VPN Wizard for Client and Gateway Configurations	89
Creating Gateway to Gateway VPN Tunnels with the Wizard	89
Creating a Client to Gateway VPN Tunnel	92
Testing the Connections and Viewing Status Information	98
NETGEAR VPN Client Status and Log Information	98
FVS336G VPN Connection Status and Logs	100
Managing VPN Policies	101
Managing IKE Policies	101
Managing VPN Policies	103
Configuring Extended Authentication (XAUTH)	104
Configuring XAUTH for VPN Clients	105
User Database Configuration	106
RADIUS Client Configuration	106
Assigning IP Addresses to Remote Users (ModeConfig)	108
Mode Config Operation	109
Configuring the VPN Firewall	109
Configuring the ProSafe VPN Client for ModeConfig	112
Configuring Keepalives and Dead Peer Detection	114
Configuring Keepalive	114
Configuring NetBIOS Bridging with VPN	116
Chapter 6 Virtual Private Networking Using SSL Connections	119
Understanding the Portal Options	119
Planning for SSL VPN	120
Creating the Portal Layout	121
Configuring Domains, Groups, and Users	125
Configuring Applications for Port Forwarding	125
Adding Servers	126
Adding A New Host Name	127
Configuring the SSL VPN Client	128
Configuring the Client IP Address Range	129
Adding Routes for VPN Tunnel Clients	130
Replacing and Deleting Client Routes	130
Using Network Resource Objects to Simplify Policies	131
Adding New Network Resources	131
Configuring User, Group, and Global Policies	133
Viewing Policies	134
Adding a Policy	135
Chapter 7 Managing Users, Authentication, and Certificates	139
Adding Authentication Domains, Groups, and Users	139
Creating a Domain	139
Creating a Group	141
Creating a New User Account	142
Setting User Login Policies	143
Changing Passwords and Settings	145
RADIUS Server External Authentication	147
Managing Certificates	148
Viewing and Loading CA Certificates	149
Viewing Active Self Certificates	150
Obtaining a Self Certificate from a Certificate Authority	151
Managing your Certificate Revocation List (CRL)	153
Chapter 8 Router and Network Management	155
Performance Management	155
Bandwidth Capacity	155
Features That Reduce Traffic	156
Features That Increase Traffic	159
Using QoS to Shift the Traffic Mix	162
Tools for Traffic Management	162
Changing Passwords and Administrator Settings	162
Enabling Remote Management Access	164
Using the Command Line Interface	166
Using an SNMP Manager	167
Configuration File Management	169
Upgrading the Firmware	171
Configuring Date and Time Service	172
Chapter 9 Monitoring System Performance	175
Enabling the Traffic Meter	175
Activating Notification of Events and Alerts	178
Viewing Firewall Logs	180
Viewing Router Configuration and System Status	181
Monitoring the Status of WAN Ports	183
Monitoring Attached Devices	184
Reviewing the DHCP Log	186
Monitoring Active Users	186
Viewing Port Triggering Status	187
Monitoring VPN Tunnel Connection Status	188
Reviewing the VPN Logs	189
Chapter 10 Troubleshooting	191
Basic Functions	191
Power LED Not On	192
LEDs Never Turn Off	192
LAN or WAN Port LEDs Not On	192
Troubleshooting the Web Configuration Interface	193
Troubleshooting the ISP Connection	194
Troubleshooting a TCP/IP Network Using a Ping Utility	195
Testing the LAN Path to Your VPN Firewall	195
Testing the Path from Your PC to a Remote Device	196
Restoring the Default Configuration and Password	197
Problems with Date and Time	197
Using the Diagnostics Utilities	198
Appendix A Default Settings and Technical Specifications	201
Appendix B Related Documents	205
Appendix C Network Planning for Dual WAN Ports	207
What You Will Need to Do Before You Begin	207
Cabling and Computer Hardware Requirements	209
Computer Network Configuration Requirements	209
Internet Configuration Requirements	209
Where Do I Get the Internet Configuration Parameters?	210
Internet Connection Information Form	211
Overview of the Planning Process	212
Inbound Traffic	212
Virtual Private Networks (VPNs)	212
The Roll-over Case for Firewalls With Dual WAN Ports	213
The Load Balancing Case for Firewalls With Dual WAN Ports	213
Inbound Traffic	214
Inbound Traffic to Single WAN Port (Reference Case)	214
Inbound Traffic to Dual WAN Port Systems	214
Virtual Private Networks (VPNs)	216
VPN Road Warrior (Client-to-Gateway)	217
VPN Gateway-to-Gateway	220
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	223
Appendix D Two Factor Authentication	227
Why do I need Two-Factor Authentication?	227
What are the benefits of Two-Factor Authentication?	227
What is Two-Factor Authentication	228
NETGEAR Two-Factor Authentication Solutions	228

Match case Limit results 1 per page

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual

6-10

Virtual Private Networking Using SSL Connections

v1.0, March 2009

Remote users can now securely access network applications once they have logged into the SSL

VPN portal and launched Port Forwarding.

Configuring the SSL VPN Client

The SSL VPN Client within the FVS336G will assign IP addresses to remote VPN tunnel clients.

Because the VPN tunnel connection is a point-to-point connection, you can assign IP addresses

from the corporate subnet to the remote VPN tunnel clients.

Some additional considerations are:

•

So that the virtual (PPP) interface address of a VPN tunnel client does not conflict with

addresses on the corporate network, configure an IP address range that does not directly

overlap with addresses on your local network. For example, if 192.168.1.1

through

192.168.1.100 are currently assigned to devices on your local network, then start the client

address range at 192.168.1.101 or choose an entirely different subnet altogether.

•

The VPN tunnel client cannot contact a server on the corporate network if the VPN tunnel

client’s Ethernet interface shares the same IP address as the server or the VPN firewall (for

example, if your laptop has a network interface IP address of 10.0.0.45, then you won’t be able

to contact a server on the remote network that also has the IP address 10.0.0.45).

•

If you assign an entirely different subnet to the VPN tunnel clients than the subnet used by the

corporate network, you must

–

Add a client route to configure the VPN tunnel client to connect to the corporate network

using the VPN tunnel.

–

Create a static route on the corporate network’s firewall to forward local traffic intended

for the VPN tunnel clients to the VPN firewall.

•

Select whether you want to enable full tunnel or split tunnel support based on your bandwidth:

–

Full tunnel. Sends all of the client’s traffic across the VPN tunnel.

–

Split tunnel. Sends only traffic destined for the corporate network based on the specified

client routes. All other traffic is sent to the Internet. Split tunnel allows you to manage

your company bandwidth by reserving the VPN tunnel for corporate traffic only.