Home » Netgear Manuals » Bridges & Routers » Netgear FVX538 » Manual Viewer

Netgear FVX538 FVX538 Reference Manual - Page 116

Creating a VPN Gateway Connection: Between FVX538 and FVS338, Configuring the FVX538

UPC - 606449037234

Add to My Manuals
Save this manual to your list of manuals

Page 116 highlights

ProSafe VPN Firewall 200 FVX538 Reference Manual • Tx (KBytes). The amount of data transmitted over this SA. • Tx (Packets). The number of packets transmitted over this SA. • State. The current state of the SA. Phase 1 is "Authentication phase" and Phase 2 is "Key Exchange phase". • Action. Allows you to terminate or build the SA (connection), if required. Creating a VPN Gateway Connection: Between FVX538 and FVS338 This section describes how to configure a VPN connection between a NETGEAR FVX538 VPN Firewall and a NETGEAR FVS338 VPN Firewall. Using the VPN Wizard for each VPN firewall, we will create a set of policies (IKE and VPN) that will allow the two firewalls to connect from locations with fixed IP addresses. Either firewall can initiate the connection. This procedure was developed using: • Netgear FVX538 VPN Firewall - WAN1 IP address is 10.1.32.40 - LAN IP address subnet is 192.168.1.1/255.255.255.0 • Netgear FVS338 VPN Firewall (remote gateway) - WAN IP address is 10.1.1.150 - LAN IP address subnet is 192.168.2.1/255.255.255.0 Configuring the FVX538 To configure the FVX538 VPN Wizard: 1. Select VPN from the main menu. The Policies submenu will display showing the IKE Policies screen 2. Select VPN Wizard. The VPN Wizard screen will display. 3. Select the VPN Tunnel connection type; in this case, the Gateway radio box is selected. 4. Give the client connection a name, such as to_fvs. 5. Enter a value for the pre-shared key. 5-14 v1.0, August 2006 Virtual Private Networking

Section	Page
ProSafe VPN Firewall 200 FVX538 Reference Manual	1
Contents	7
About This Manual	13
Conventions, Formats and Scope	13
How to Use This Manual	14
How to Print this Manual	14
Revision History	15
Chapter 1 Introduction	17
Key Features	17
Dual WAN Ports for Increased Reliability or Outbound Load Balancing	18
A Powerful, True Firewall with Content Filtering	18
Security Features	19
Autosensing Ethernet Connections with Auto Uplink	19
Extensive Protocol Support	19
Trend Micro Integration	20
Easy Installation and Management	20
Maintenance and Support	21
Package Contents	21
Router Front Panel	22
Router Rear Panel	24
Rack Mounting Hardware	25
The Router’s IP Address, Login Name, and Password	25
Default Log In Settings	26
Chapter 2 Connecting the FVX538 to the Internet	29
Logging into the VPN Firewall	29
Configuring the Internet Connections to Your ISPs	30
Setting the Router’s MAC Address	33
Manually Configuring Your Internet Connection	33
Programming the Traffic Meter (if Desired)	35
Configuring the WAN Mode (Required for Dual WAN)	38
Setting Up Auto-Rollover Mode	39
Setting Up Load Balancing	41
Configuring Dynamic DNS (If Needed)	43
Configuring the Advanced WAN Options (If Needed)	46
Chapter 3 LAN Configuration	49
Using the Firewall as a DHCP server	49
Configuring the LAN Setup Options	50
Configuring Multi Home LAN IPs	52
Managing Groups and Hosts (LAN Groups)	54
Creating the Network Database	54
Setting Up Address Reservation	57
Configuring and Enabling the DMZ Port	58
Static Routes	60
Configuring Static Routes	60
Routing Information Protocol (RIP)	61
Static Route Example	63
Enabling Trend Micro Antivirus Enforcement	63
Chapter 4 Firewall Protection and Content Filtering	67
Using Rules to Block or Allow Specific Kinds of Traffic	67
Services-Based Rules	68
Order of Precedence for Rules	73
Setting LAN WAN Rules	73
Setting DMZ WAN Rules	76
Setting LAN DMZ Rules	78
Attack Checks	80
Inbound Rules Examples	82
Outbound Rules Example	86
Adding Customized Services	87
Setting Quality of Service (QoS) Priorities	89
Setting a Schedule to Block or Allow Specific Traffic	90
Setting Block Sites (Content Filtering)	91
Enabling Source MAC Filtering	93
Port Triggering	94
E-Mail Notifications of Event Logs and Alerts	97
Administrator Tips	101
Chapter 5 Virtual Private Networking	103
Dual WAN Port Systems	103
Setting up a VPN Connection using the VPN Wizard	105
Creating a VPN Tunnel to a Gateway	106
Creating a VPN Tunnel Connection to a VPN Client	109
VPN Tunnel Policies	112
IKE Policy	112
VPN Policy	114
VPN Tunnel Connection Status	115
Creating a VPN Gateway Connection: Between FVX538 and FVS338	116
Configuring the FVX538	116
Configuring the FVS338	121
Testing the Connection	122
Creating a VPN Client Connection: VPN Client to FVX538	122
Configuring the FVX538	122
Configuring the VPN Client	124
Testing the Connection	128
Certificate Authorities	129
Generating a Self Certificate Request	130
Uploading a Trusted Certificate	132
Managing your Certificate Revocation List (CRL)	132
Extended Authentication (XAUTH) Configuration	133
Configuring XAUTH for VPN Clients	134
User Database Configuration	136
RADIUS Client Configuration	137
Manually Assigning IP Addresses to Remote Users (ModeConfig)	139
Mode Config Operation	139
Configuring the VPN Firewall	140
Configuring the ProSafe VPN Client for ModeConfig	143
Chapter 6 Router and Network Management	149
Performance Management	149
Bandwidth Capacity	149
VPN Firewall Features That Reduce Traffic	150
VPN Firewall Features That Increase Traffic	153
Using QoS to Shift the Traffic Mix	155
Tools for Traffic Management	156
Administration	156
Changing Passwords and Settings	156
Enabling Remote Management Access	158
Using a SNMP Manager	159
Settings Backup and Firmware Upgrade	161
Setting the Time Zone	164
Monitoring the Router	165
Enabling the Traffic Meter	165
Setting Login Failures and Attacks Notification	167
Monitoring Attached Devices	168
Viewing Port Triggering Status	170
Viewing Router Configuration and System Status	171
Monitoring WAN Ports Status	172
Monitoring VPN Tunnel Connection Status	173
VPN Logs	174
DHCP Log	175
Performing Diagnostics	175
Chapter 7 Troubleshooting	179
Basic Functions	179
Power LED Not On	179
LEDs Never Turn Off	180
LAN or Internet Port LEDs Not On	180
Troubleshooting the Web Configuration Interface	180
Troubleshooting the ISP Connection	182
Troubleshooting a TCP/IP Network Using a Ping Utility	183
Testing the LAN Path to Your Firewall	183
Testing the Path from Your PC to a Remote Device	184
Restoring the Default Configuration and Password	185
Problems with Date and Time	185
Appendix A Default Settings and Technical Specifications	187
Appendix B Related Documents	191
Appendix C Network Planning for Dual WAN Ports	193
What You Will Need to Do Before You Begin	193
Cabling and Computer Hardware Requirements	195
Computer Network Configuration Requirements	195
Internet Configuration Requirements	195
Where Do I Get the Internet Configuration Parameters?	196
Internet Connection Information Form	197
Overview of the Planning Process	198
Inbound Traffic	198
Virtual Private Networks (VPNs)	198
The Roll-over Case for Firewalls With Dual WAN Ports	199
The Load Balancing Case for Firewalls With Dual WAN Ports	199
Inbound Traffic	200
Inbound Traffic to Single WAN Port (Reference Case)	200
Inbound Traffic to Dual WAN Port Systems	200
Virtual Private Networks (VPNs)	202
VPN Road Warrior (Client-to-Gateway)	203
VPN Gateway-to-Gateway	206
VPN Telecommuter (Client-to-Gateway Through a NAT Router)	209