Home » Netgear Manuals » Bridges & Routers » Netgear FVS338 » Manual Viewer

Netgear FVS338 FVS338 Reference Manual - Page 97

Creating a VPN Tunnel Connection to a VPN Client, Remote LAN IP Address and Subnet Mask

UPC - 606449037197

Add to My Manuals
Save this manual to your list of manuals

Page 97 highlights

FVS338 ProSafe VPN Firewall 50 Reference Manual The Local WAN IP address is the address used in the IKE negotiation phase. Automatically, the WAN IP address assigned by your ISP may display. You can modify the address to use your FQDN; required if the WAN Mode you selected is auto-rollover. 7. Enter the Remote LAN IP Address and Subnet Mask of the remote gateway. The information entered here must match the Local LAN IP and Subnet Mask of the remote gateway; otherwise the secure tunnel will fail to connect.The IP address range used on the remote LAN must be different from the IP address range used on the local LAN. 8. Click Apply to save your settings. the VPN Policies table will display showing your VPN policy. You can click the IKE Policies tab to view the corresponding IKE Policy. Creating a VPN Tunnel Connection to a VPN Client You can set up multiple Gateway VPN tunnel policies through the VPN Wizard. Multiple remote VPN Client policies can also be set up through the VPN Wizard by changing the default End Point Information settings. A remote client policy can support up to 25 clients. The remote clients must configure the "Local Identity" field in their policy as "PolicyName.fvs_remote.com". To create a VPN Client Policy using the VPN Wizard: 1. Select VPN from the main menu and VPN Wizard from the submenu. The VPN Wizard screen will display. 2. Select VPN Client as your VPN tunnel connection. The wizard needs to know if you are planning to connect to a remote Gateway or setting up the connection for a remote client/PC to establish a secure connection to this device. 3. Select a Connection Name. Enter an appropriate name for the connection. This name is not supplied to the remote VPN Endpoint. It is used to help you manage the VPN settings. 4. Enter a Pre-shared Key. The key must be entered both here and on the remote VPN Gateway, or the remote VPN Client. This key length should be minimum 8 characters and should not exceed 49 characters. This method does not require using a CA (Certificate Authority). 5. The Remote Identifier Information and the Local Identifier Information will display with the default IKE Client Policy values: fvs_remote.com for the remote end point and fvs_local.com for the local end point. 6. Click Apply. The VPN Client screen will display showing that the VPN Client has been enabled. Click the IKE Policies tab to view the corresponding IKE Client Policy. Virtual Private Networking 5-3 v1.0, March 2008

Section	Page
FVS338 ProSafe VPN Firewall 50 Reference Manual	1
Contents	7
About This Manual	13
Conventions, Formats and Scope	13
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Introduction	17
Key Features	17
Full Routing on Both the Broadband and Serial WAN Ports	18
A Powerful, True Firewall with Content Filtering	18
Security	18
Autosensing Ethernet Connections with Auto Uplink	19
Extensive Protocol Support	19
Easy Installation and Management	20
Maintenance and Support	20
Package Contents	20
Router Hardware Components	21
Router Front Panel	21
Router Rear Panel	22
Rack Mounting Hardware	23
Factory Default Login	23
Chapter 2 Connecting the FVS338 to the Internet	25
Connecting the VPN Firewall to Your Network	25
Logging in to the VPN Firewall	25
Configuring your Internet Connection	26
Setting the Router’s MAC Address (Advanced Options)	31
Manually Configuring Your Internet Connection	33
Programming the Traffic Meter (if Desired)	36
Configuring the WAN Mode	39
Configuring Dynamic DNS (If Needed)	40
Chapter 3 LAN Configuration	43
Configuring Your LAN (Local Area Network)	43
Using the VPN Firewall as a DHCP Server	43
Configuring Multi-Home LAN IPs	46
Managing Groups and Hosts	48
Creating the Network Database	48
Setting Up Address Reservation	52
Configuring Static Routes	52
Static Route Example	53
RIP Configuration	54
Chapter 4 Firewall Protection and Content Filtering	57
About Firewall Security	57
Using Rules to Block or Allow Specific Kinds of Traffic	57
Services-Based Rules	58
Order of Precedence for Firewall Rules	62
Setting LAN WAN Rules	63
LAN WAN Outbound Services Rules	64
LAN WAN Inbound Services Rules	65
Attack Checks	66
Session Limit	68
Inbound Rules Examples	69
Outbound Rules Example - Blocking Instant Messenger	74
Adding Customized Services	74
Specifying Quality of Service (QoS) Priorities	76
Setting a Schedule to Block or Allow Traffic	77
Setting Block Sites (Content Filtering)	78
Enabling Source MAC Filtering	80
IP/MAC Binding	82
Setting Up Port Triggering	84
Bandwidth Limiting	86
E-Mail Notifications of Event Logs and Alerts	88
Administrator Information	92
Chapter 5 Virtual Private Networking	95
Dual WAN Port Systems	95
Setting up a VPN Connection using the VPN Wizard	96
Creating a VPN Tunnel to a Gateway	96
Creating a VPN Tunnel Connection to a VPN Client	97
IKE Policies	98
IKE Policy Operation	98
IKE Policy Table	98
VPN Policies	99
VPN Policy Operation	100
VPN Policy Table	100
VPN Tunnel Connection Status	101
Creating a VPN Gateway Connection: Between FVS338 and FVX538	102
Configuring the FVS338	102
Configuring the FVX538	105
Testing the Connection	106
Creating a VPN Client Connection: VPN Client to FVS338	106
Configuring the FVS338	107
Configuring the VPN Client	108
Testing the Connection	113
Extended Authentication (XAUTH) Configuration	114
Configuring XAUTH for VPN Clients	115
User Database Configuration	116
RADIUS Client Configuration	117
Manually Assigning IP Addresses to Remote Users (ModeConfig)	119
ModeConfig Operation	120
Setting Up ModeConfig	120
Configuring the ProSafe VPN Client for ModeConfig	124
Certificates	127
Trusted Certificates (CA Certificates)	127
Self Certificates	128
Managing your Certificate Revocation List (CRL)	131
Chapter 6 Router and Network Management	133
Performance Management	133
VPN Firewall Features That Reduce Traffic	133
VPN Firewall Features That Increase Traffic	136
Using QoS to Shift the Traffic Mix	139
Tools for Traffic Management	139
Administration	139
Changing Passwords and Settings	139
Enabling Remote Management Access	141
Using a SNMP Manager	144
Settings Backup and Firmware Upgrade	146
Setting the Time Zone	148
Monitoring the Router	149
Enabling the Traffic Meter	150
Setting Login Failures and Attacks Notification	151
Viewing Port Triggering Status	153
Viewing Router Configuration and System Status	154
Monitoring WAN Ports Status	155
Monitoring VPN Tunnel Connection Status	156
VPN Logs	157
DHCP Log	157
Performing Diagnostics	158
Chapter 7 Troubleshooting	161
Basic Functions	161
Power LED Not On	161
LEDs Never Turn Off	162
LAN or Internet Port LEDs Not On	162
Troubleshooting the Web Configuration Interface	162
Troubleshooting the ISP Connection	164
Troubleshooting a TCP/IP Network Using a Ping Utility	165
Testing the LAN Path to Your Firewall	165
Testing the Path from Your PC to a Remote Device	166
Restoring the Default Configuration and Password	167
Problems with Date and Time	167
Appendix A Default Settings and Technical Specifications	169
Appendix B System Logs and Error Messages	173
System Log Messages	173
System Startup	173
Reboot	174
NTP	174
Login/Logout	175
Firewall Restart	175
IPSec Restart	176
WAN Status	176
Web Filtering and Content Filtering Logs	180
Traffic Metering Logs	182
Unicast Logs	182
FTP Logging	183
Invalid Packet Logging	183
Routing Logs	186
LAN to WAN Logs	187
LAN to DMZ Logs	187
DMZ to WAN Logs	187
WAN to LAN Logs	187
DMZ to LAN Logs	188
WAN to DMZ Logs	188
Appendix C Related Documents	189

Match case Limit results 1 per page

FVS338 ProSafe VPN Firewall 50 Reference Manual

Virtual Private Networking

5-3

v1.0, March 2008

The Local WAN IP address is the address used in the IKE negotiation phase. Automatically,

the WAN IP address assigned by your ISP may display. You can modify the address to use

your FQDN; required if the WAN Mode you selected is auto-rollover.

Enter the

Remote LAN IP Address and Subnet Mask

of the remote gateway.

The information entered here must match the Local LAN IP and Subnet Mask of the remote

gateway; otherwise the secure tunnel will fail to connect.The IP address range used on the

remote LAN must be different from the IP address range used on the local LAN.

Click

Apply

to save your settings. the

VPN Policies

table will display showing your VPN

policy. You can click the IKE Policies tab to view the corresponding IKE Policy.

Creating a VPN Tunnel Connection to a VPN Client

You can set up multiple Gateway VPN tunnel policies through the VPN Wizard. Multiple remote

VPN Client policies can also be set up through the VPN Wizard by changing the default End Point

Information settings. A remote client policy can support up to 25 clients. The remote clients must

configure the “Local Identity” field in their policy as “PolicyName.fvs_remote.com”.

To create a VPN Client Policy using the VPN Wizard:

Select

VPN

from the main menu and

VPN Wizard

from the submenu. The

VPN Wizard

screen will display.

Select

VPN Client

as your

VPN tunnel connection

. The wizard needs to know if you are

planning to connect to a remote Gateway or setting up the connection for a remote client/PC to

establish a secure connection to this device.

Select a

Connection Name

. Enter an appropriate name for the connection. This name is not

supplied to the remote VPN Endpoint. It is used to help you manage the VPN settings.

Enter a

Pre-shared Key

. The key must be entered both here and on the remote VPN Gateway,

or the remote VPN Client. This key length should be minimum 8 characters and should not

exceed 49 characters. This method does not require using a CA (Certificate Authority).

The

Remote Identifier Information

and the

Local Identifier Information

will display with

the default IKE Client Policy values:

fvs_remote.com

for the remote end point and

fvs_local.com

for the local end point.

Click

Apply

. The

VPN Client

screen will display showing that the VPN Client has been

enabled. Click the IKE Policies tab to view the corresponding IKE Client Policy.