Home » Netgear Manuals » Bridges & Routers » Netgear FVS336G » Manual Viewer

Netgear FVS336G FVS336G Reference Manual - Page 97

Virtual Private Networking Using IPsec, Considerations for Dual WAN Port Systems

UPC - 606449052015

Add to My Manuals
Save this manual to your list of manuals

Page 97 highlights

Chapter 5 Virtual Private Networking Using IPsec This chapter describes how to use the IPsec virtual private networking (VPN) features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to provide secure, encrypted communications between your local network and a remote network or computer. This chapter contains the following sections: • "Considerations for Dual WAN Port Systems" on page 5-1 • "Configuring an IPsec VPN Connection using the VPN Wizard" on page 5-4 • "Managing VPN Tunnel Policies" on page 5-13 • "Creating a VPN Client Connection: VPN Client to FVS336G" on page 5-16 • "Configuring Extended Authentication (XAUTH)" on page 5-19 • "Manually Assigning IP Addresses to Remote Users (ModeConfig)" on page 5-23 • "Configuring Keepalives and Dead Peer Detection" on page 5-29 • "Configuring NetBIOS Bridging with VPN" on page 5-31 Considerations for Dual WAN Port Systems If both of the WAN ports of the VPN firewall are configured, you can enable either Auto-Rollover mode for increased system reliability or Load Balancing mode for optimum bandwidth efficiency. The WAN mode selection determines how several of the VPN features must be configured. Refer to "Virtual Private Networks (VPNs)" on page C-10 for an overview of the IP addressing requirements for VPN in the two dual WAN modes. To aid in determining the WAN addressing requirements (FQDN or IP address) for your VPN tunnel in either dual WAN mode, see Table 5-1. Table 5-1. IP Addressing for VPNs in Dual WAN Port Systems Configuration and WAN IP address VPN Road Warrior (client-to-gateway) Fixed Dynamic Rollover Modea FQDN required FQDN required Load Balancing Mode Allowed (FQDN optional) FQDN required 5-1 v1.2, June 2008

Section	Page
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual	1
Contents	7
About This Manual	13
Conventions, Formats, and Scope	13
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Introduction	17
Key Features	17
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	18
Advanced VPN Support for Both IPsec and SSL	18
A Powerful, True Firewall with Content Filtering	19
Autosensing Ethernet Connections with Auto Uplink	19
Extensive Protocol Support	20
Easy Installation and Management	20
Maintenance and Support	21
Package Contents	21
Front Panel Features	22
Rear Panel Features	23
Default IP Address, Login Name, and Password Location	24
Qualified Web Browsers	24
Chapter 2 Connecting the FVS336G to the Internet	27
Understanding the Connection Steps	27
Logging into the VPN Firewall Router	28
Navigating the Menus	30
Configuring the Internet Connections	30
Automatically Detecting and Connecting	30
Manually Configuring the Internet Connection	34
Configuring the WAN Mode (Required for Dual WAN)	37
Network Address Translation	38
Classical Routing	38
Configuring Auto-Rollover Mode	39
Configuring Load Balancing	41
Configuring Dynamic DNS (Optional)	43
Configuring the Advanced WAN Options (Optional)	45
Additional WAN Related Configuration	47
Chapter 3 LAN Configuration	49
Using the VPN Firewall as a DHCP server	49
Configuring the LAN Setup Options	50
Managing Groups and Hosts (LAN Groups)	53
Viewing the LAN Groups Database	54
Changing Group Names in the LAN Groups Database	55
Configuring DHCP Address Reservation	56
Configuring Multi Home LAN IP Addresses	57
Configuring Static Routes	58
Configuring Static Routes	58
Configuring Routing Information Protocol (RIP)	60
Chapter 4 Firewall Protection and Content Filtering	63
About Firewall Protection and Content Filtering	63
Using Rules to Block or Allow Specific Kinds of Traffic	64
About Services-Based Rules	65
Viewing the Rules	69
Order of Precedence for Rules	70
Setting the Default Outbound Policy	70
Creating a LAN WAN Outbound Services Rule	71
Creating a LAN WAN Inbound Services Rule	72
Inbound Rules Examples	74
Outbound Rules Example	77
Adding Customized Services	77
Setting Quality of Service (QoS) Priorities	79
Attack Checks	80
Blocking Internet Sites (Content Filtering)	82
Configuring Source MAC Filtering	86
Configuring IP/MAC Address Binding Alerts	88
Configuring Port Triggering	89
Setting a Schedule to Block or Allow Specific Traffic	91
Configuring a Bandwidth Profile	92
Configuring Session Limits	94
E-Mail Notifications of Event Logs and Alerts	95
Administrator Tips	95
Chapter 5 Virtual Private Networking Using IPsec	97
Considerations for Dual WAN Port Systems	97
Configuring an IPsec VPN Connection using the VPN Wizard	100
Creating a VPN Tunnel to a Gateway	100
Creating a VPN Tunnel Connection to a VPN Client	104
Managing VPN Tunnel Policies	109
About IKE	109
Managing IKE Policies	109
About the IKE Policy Table	110
VPN Policy	110
VPN Tunnel Connection Status	112
Creating a VPN Client Connection: VPN Client to FVS336G	112
Configuring the FVS336G	113
Configuring the VPN Client	113
Testing the Connection	115
Configuring Extended Authentication (XAUTH)	115
Configuring XAUTH for VPN Clients	116
User Database Configuration	117
RADIUS Client Configuration	117
Manually Assigning IP Addresses to Remote Users (ModeConfig)	119
Mode Config Operation	119
Configuring the VPN Firewall	120
Configuring the ProSafe VPN Client for ModeConfig	123
Configuring Keepalives and Dead Peer Detection	125
Configuring Keepalive	125
Configuring NetBIOS Bridging with VPN	127
Chapter 6 Virtual Private Networking Using SSL Connections	129
Understanding the Portal Options	129
Planning for SSL VPN	130
Creating the Portal Layout	131
Configuring Domains, Groups, and Users	135
Configuring Applications for Port Forwarding	135
Adding Servers	136
Adding A New Host Name	137
Configuring the SSL VPN Client	138
Configuring the Client IP Address Range	139
Adding Routes for VPN Tunnel Clients	140
Replacing and Deleting Client Routes	140
Using Network Resource Objects to Simplify Policies	141
Adding New Network Resources	141
Configuring User, Group, and Global Policies	143
Viewing Policies	144
Adding a Policy	145
Chapter 7 Managing Users, Authentication, and Certificates	149
Adding Authentication Domains, Groups, and Users	149
Creating a Domain	149
Creating a Group	151
Creating a New User Account	152
Setting User Login Policies	154
Managing Certificates	156
Viewing and Loading CA Certificates	157
Viewing Active Self Certificates	158
Obtaining a Self Certificate from a Certificate Authority	159
Managing your Certificate Revocation List (CRL)	162
Chapter 8 Router and Network Management	165
Performance Management	165
Bandwidth Capacity	165
Features That Reduce Traffic	166
Features That Increase Traffic	169
Using QoS to Shift the Traffic Mix	172
Tools for Traffic Management	172
Changing Passwords and Administrator Settings	172
Enabling Remote Management Access	174
Using the Command Line Interface	176
Using an SNMP Manager	177
Configuration File Management	179
Upgrading the Firmware	181
Configuring Date and Time Service	182
Chapter 9 Monitoring System Performance	185
Enabling the Traffic Meter	185
Activating Notification of Events and Alerts	188
Viewing Firewall Logs	190
Viewing Router Configuration and System Status	191
Monitoring the Status of WAN Ports	193
Monitoring Attached Devices	194
Reviewing the DHCP Log	196
Monitoring Active Users	196
Viewing Port Triggering Status	197
Monitoring VPN Tunnel Connection Status	198
Reviewing the VPN Logs	199
Chapter 10 Troubleshooting	201
Basic Functions	201
Power LED Not On	202
LEDs Never Turn Off	202
LAN or WAN Port LEDs Not On	202
Troubleshooting the Web Configuration Interface	203
Troubleshooting the ISP Connection	204
Troubleshooting a TCP/IP Network Using a Ping Utility	205
Testing the LAN Path to Your VPN Firewall	205
Testing the Path from Your PC to a Remote Device	206
Restoring the Default Configuration and Password	207
Problems with Date and Time	207
Using the Diagnostics Utilities	208
Appendix A Default Settings and Technical Specifications	211
Appendix B Related Documents	215
Appendix C Network Planning for Dual WAN Ports	217
What You Will Need to Do Before You Begin	217
Cabling and Computer Hardware Requirements	219
Computer Network Configuration Requirements	219
Internet Configuration Requirements	220
Where Do I Get the Internet Configuration Parameters?	220
Internet Connection Information Form	221
Overview of the Planning Process	222
Inbound Traffic	222
Virtual Private Networks (VPNs)	222
The Roll-over Case for Firewalls With Dual WAN Ports	223
The Load Balancing Case for Firewalls With Dual WAN Ports	223
Inbound Traffic	224
Inbound Traffic to Single WAN Port (Reference Case)	224
Inbound Traffic to Dual WAN Port Systems	224
Virtual Private Networks (VPNs)	226
VPN Road Warrior (Client-to-Gateway)	227
VPN Gateway-to-Gateway	230
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	233