Netgear FVS338 FVS338 Reference Manual - Page 116

FVS338 ProSafe VPN Firewall 50 Reference Manual ModeConfig Operation After IKE Phase 1 is complete, the VPN connection initiator (remote user/client) asks for IP configuration parameters such as IP address, subnet mask and name server addresses. The ModeConfig module will allocate an IP address from the configured IP address pool and will activate a temporary IPSec policy using the template security proposal information configured in the ModeConfig record. Note: After configuring a Mode Config record, you must go to the IKE Policies menu and configure an IKE policy using the newly-created Mode Config record as the Remote Host Configuration Record. The VPN Policies menu does not need to be edited. Setting Up ModeConfig Two menus must be configured-the ModeConfig menu and the IKE Policies menu. To configure the ModeConfig menu: 1. Select VPN from the main menu and Mode Config from the submenu. The Mode Config screen will display. 2. Click Add. The Add Mode Config Record screen will display. 3. Enter a descriptive Record Name such as "Remote Users". 4. Assign at least one range of IP Pool addresses in the First IP Pool field to give to remote VPN clients. Note: The IP Pool should not be within your local network IP addresses. Use a different range of private IP addresses such as 172.20.xx.xx. 5. If you have a WINS Server on your local network, enter its IP address. 6. Enter one or two DNS Server IP addresses to be used by remote VPN clients. 7. If you enable Perfect Forward Secrecy (PFS), select DH Group 1 or 2. This setting must match exactly the configuration of the remote VPN client, 8. Specify the Local IP Subnet to which the remote client will have access. Typically, this is your router's LAN subnet, such as 192.168.2.1/255.255.255.0. (If not specified, it will default to the LAN subnet of the device.) 5-24 v1.0, March 2009 Virtual Private Networking