Assigning Ip Addresses To Remote Users (Modeconfig); Mode Config Operation - NETGEAR ProSafe FVS336Gv2 Reference Manual

Prosafe dual wan gigabit firewall with ssl & ipsec vpn

Hide thumbs Also See for ProSafe FVS336Gv2:

Installation manual (2 pages)

Datasheet (3 pages)

Reference manual (691 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

Table of Contents

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual

Note:

Selection of the Authentication Protocol, usually PAP or CHAP, is

configured on the individual IKE policy screens.

Assigning IP Addresses to Remote Users

(ModeConfig)

To simply the process of connecting remote VPN clients to the VPN firewall, you can use the

ModeConfig screen to assign IP addresses to remote users, including a network access IP

address, subnet mask, and name server addresses from the VPN firewall. Remote users are

given IP addresses available in secured network space so that remote users appear as

seamless extensions of the network.

In the following example, we configured the VPN firewall using ModeConfig, and then

configured a PC running ProSafe VPN Client software using these IP addresses.

•

VPN firewall FVS336Gv2

WAN IP address: 172.21.4.1

LAN IP address/subnet: 192.168.2.1/255.255.255.0

•

ProSafe VPN Client software IP address: 192.168.1.2

Mode Config Operation

After the IKE Phase 1 negotiation is complete, the VPN connection initiator (which is the

remote user with a VPN client) requests the IP configuration settings such as the IP address,

subnet mask and name server addresses. The Mode Config feature will allocate an IP

address from the configured IP address pool and will activate a temporary IPsec policy using

the template security proposal information configured in the Mode Config record. The Mode

Config feature allocates an IP address from the configured IP address pool and activates a

temporary IPsec policy, using the information that is specified in the Traffic Tunnel Security

Level section of the Mode Config record (on the Add Mode Config Record screen that is

shown in ).

After configuring a Mode Config record, you must manually configure an IKE policy and

select the newly-created Mode Config record from the Select Mode Config Record

drop-down list (see

You do not need to make changes to any VPN policy.

Note:

An IP address that is allocated to a VPN client is released only after

the VPN client has gracefully disconnected or after the SA liftetime

for the connection has timed out.

90 |

Chapter 5: Virtual Private Networking Using IPsec

"Configuring Mode Config Operation on the VPN Firewall"

on page 91."

Table of Contents

Assigning Ip Addresses To Remote Users (Modeconfig); Mode Config Operation - NETGEAR ProSafe FVS336Gv2 Reference Manual

Mode Config Operation

Troubleshooting

Related Manuals for NETGEAR ProSafe FVS336Gv2

Related Content for NETGEAR ProSafe FVS336Gv2

Table of Contents