1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Network Router
  5. DG834 - ADSL Firewall Router
  6. Reference manual

NETGEAR DG834 Reference Manual

Adsl firewall router
Hide thumbs Also See for DG834:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Feature Manual, Reference Manual
Reference Manual for the
ADSL Firewall Router
DG834
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
202-10005-05
September 2005

Advertisement

Table of Contents
loading

Related Manuals for NETGEAR DG834

Summary of Contents for NETGEAR DG834

  • Page 1 Reference Manual for the ADSL Firewall Router DG834 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10005-05 September 2005...
  • Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
  • Page 3 Certificate of the Manufacturer/Importer It is hereby certified that the DG834 ADSL Firewall Router has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.
  • Page 4 v2.0, September 2005...

  • Page 5: Table Of Contents

    Contents Reference Manual for the ADSL Firewall Router DG834 Chapter 1 About This Manual Audience, Scope, Conventions, and Formats ..............1-1 How to Use This Manual ....................1-2 How to Print this Manual ....................1-2 Chapter 2 Introduction About the Router ......................2-1 Key Features ........................2-1 A Powerful, True Firewall ..................2-2...
  • Page 6 How to Perform Manual Configuration ..............3-16 ADSL Settings ......................3-20 Chapter 4 Protecting Your Network Protecting Access to Your DG834 ADSL Firewall Router ..........4-1 How to Change the Built-In Password ..............4-1 Changing the Administrator Login Timeout ..............4-2 Configuring Basic Firewall Services ................4-2 Blocking Keywords, Sites, and Services ..............4-3...
  • Page 7 How to Erase the Configuration ................5-2 Upgrading the Router’s Firmware ...................5-2 How to Upgrade the Router Firmware ..............5-3 Network Management Information .................5-4 Viewing Router Status and Usage Statistics ............5-4 Viewing Attached Devices ..................5-9 Viewing, Selecting, and Saving Logged Information ..........5-9 Examples of Log Messages ...................5-12 Enabling Security Event E-mail Notification ..............5-13 Running Diagnostic Utilities and Rebooting the Router ..........5-14...
  • Page 8 How to Set Up a Client-to-Gateway VPN Configuration ..........7-5 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the DG834 ....7-6 Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC ..7-11 How to Set Up a Gateway-to-Gateway VPN Configuration ..........7-20 VPN Tunnel Control ......................7-27...

  • Page 9: About This Manual

    This guide uses the following formats to highlight special messages: This manual is written for the DG834 ADSL router according to these specifications: Note: This format is used to highlight information of importance or special interest. Table 1-2. Manual Scope...

  • Page 10: How To Print This Manual

    Reference Manual for the ADSL Firewall Router DG834 How to Print this Manual To print this manual you can choose one of the following several options, according to your needs. • Printing a Page in the HTML View. Each page in the HTML version of the manual is dedicated to a major topic. Use the Print button on the browser toolbar to print the page contents.

  • Page 11: Introduction

    The DG834 ADSL Firewall Router provides continuous, high-speed 10/100 Ethernet access between your Ethernet devices. The DG834 ADSL router enables your entire network to share an Internet connection through the built-in ADSL modem that otherwise is used by a single computer.

  • Page 12: A Powerful, True Firewall

    Support for Trend Micro Home Network Security These features are discussed below. A Powerful, True Firewall Unlike simple Internet sharing NAT routers, the DG834 is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include: •...

  • Page 13: Protocol Support

    The Ability to Enable or Disable IP Address Sharing by NAT The DG834 allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP).

  • Page 14: Virtual Private Networking (Vpn)

    Virtual Private Networking (VPN) The DG834 ADSL router provides a secure encrypted connection between your local area network (LAN) and remote networks or clients. It includes the following VPN features: •...

  • Page 15: Content Filtering

    Auto Sensing and Auto Uplink™ LAN Ethernet Connections With its internal 4-port 10/100 switch, the DG834 can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. The local LAN ports are autosensing and capable of full-duplex or half-duplex operation.

  • Page 16: What's In The Box

    A Printed Quick Installation Guide • Warranty and Support Information Cards If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair. Introduction...

  • Page 17: The Router's Front Panel

    Reference Manual for the ADSL Firewall Router DG834 The Router’s Front Panel The DG834 ADSL Firewall Router front panel shown below contains status LEDs. Figure 2-1 You can use the LEDs to verify various conditions. Table 2-1 lists and describes each LED on the front panel of the router.

  • Page 18: The Router's Rear Panel

    Reference Manual for the ADSL Firewall Router DG834 The Router’s Rear Panel The rear panel of the DG834 ADSL Firewall Router (Figure 2-2) contains port connections. ADSL Internet Reset Power Reset Power Figure 2-2 Viewed from left to right, the rear panel contains the following elements: 1.

  • Page 19: Connecting The Router To The Internet

    This chapter describes how to set up the router on your Local Area Network (LAN) and connect to the Internet. It describes how to configure your DG834 ADSL Firewall Router for Internet access using the Setup Wizard, or how to manually configure your Internet connection.

  • Page 20: Ethernet Cabling Requirements

    100 Mbps, you must use a Category 5 (CAT5) cable such as the one provided with your router. Computer Hardware Requirements To use the DG834 ADSL router on your network, each computer must have an installed Ethernet adapter and an Ethernet cable, or a 802.11g wireless adapter. LAN Configuration Requirements...

  • Page 21: Internet Configuration Requirements

    For Macintosh computers, open the TCP/IP or Network control panel. • You can also refer to the DG834 Resource CD for the NETGEAR Router ISP Guide which provides Internet connection information for many ISPs. Once you locate your Internet configuration parameters, you may want to record them on the next page.

  • Page 22: Record Your Internet Connection Information

    Print the following page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Multiplexing Method and Virtual Circuit Number: The default settings of your DG834 ADSL Firewall Router will work fine for most ISPs. However, some ISPs use a specific Multiplexing Method or a Virtual Circuit Number for either the Virtual Path Identifier (VPI) or Virtual Channel Identifier (VCI).

  • Page 23: Connecting The Dg834 To Your Lan

    ISP Host Name: _________________________ ISP Domain Name: _______________________ Connecting the DG834 to Your LAN This section provides instructions for connecting the DG834 ADSL router. Note: The Resource CD included with your router contains an animated Installation Assistant to help you through this procedure.
  • Page 24 Two-Line Filter With Splitter Figure 3-3 Note: If you purchased the DG834 in a country where the filter is not included, you must acquire one. b. Two-Line Filter Example. Insert the two-line filter into the phone outlet and connect the...
  • Page 25 Note: Improperly connecting a filter to your DG834 ADSL router will block your ADSL connection. a. Turn off your computer. b. Connect the ADSL port of the DG834 to the ADSL port (B) of the two-line filter: Lin e ADSL Firewall Router DG834...

  • Page 26: Lin E

    Reference Manual for the ADSL Firewall Router DG834 c. Connect the Ethernet cable (C) from your DG834’s LAN port to the Ethernet adapter in your computer. Lin e ADSL Firewall Router DG834 Figure 3-6 Note: The DG834 ADSL router incorporates Auto Uplink technology.

  • Page 27: Figure

    Reference Manual for the ADSL Firewall Router DG834 Note: Your computer needs to be configured for DHCP. For instructions on configuring for DHCP, please see “Preparing a Computer for Network Access:” in Appendix a. Connect to the router by typing http://192.168.0.1...

  • Page 28: Auto-Detecting Your Internet Connection Type

    Internet. There are two ways you can configure your router to connect to the Internet: a. Let the DG834 auto-detect the type of Internet connection you have and configure it. See “Auto-Detecting Your Internet Connection Type” on page 3-10 for instructions.

  • Page 29: Wizard-Detected Pppoe Login Account Setup

    Reference Manual for the ADSL Firewall Router DG834 Next, the Setup Wizard will report which connection type it has discovered, and then display the appropriate configuration page. If the Setup Wizard finds no connection, you will be prompted to check the physical connection between your router and the ADSL line. When the connection is properly made, the router’s Internet LED should be on.

  • Page 30: Wizard-Detected Pppoa Login Account Setup

    Reference Manual for the ADSL Firewall Router DG834 Wizard-Detected PPPoA Login Account Setup If the Setup Wizard determines that your Internet service account uses a login protocol such as PPP over ATM (PPPoA), you will be directed to the PPPoA page shown in...

  • Page 31: Wizard-Detected Ip Over Atm Account Setup

    DNS server addresses from your ISP and enter them manually here. 3. Click Apply to save the settings. 4. Click the Test button to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 8, “Troubleshooting”.

  • Page 32: Wizard-Detected Fixed Ip (Static) Account Setup

    DNS server addresses from your ISP and enter them manually here. 5. Click Apply to save the settings. 6. Click the Test button to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 8, “Troubleshooting”.

  • Page 33: Testing Your Internet Connection

    After completing the Internet connection configuration, your can test your Internet connection. Log in to the router, then, from the Basic Settings link in the Setup menu, click the Test button. If the NETGEAR Web site does not appear within one minute, refer to Chapter 8, “Troubleshooting”.

  • Page 34: Manually Configuring Your Internet Connection

    Reference Manual for the ADSL Firewall Router DG834 Manually Configuring Your Internet Connection You can manually configure your router using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section.
  • Page 35 LAN. Entering an Idle Timeout value of zero means never log out. 5. When a connection uses PPPoE, the IP address is normally assigned automatically. However, the DG834 allows this address to be set manually. a. Select “Get Automatically from ISP” if your ISP assigns your IP address.
  • Page 36 IP addresses (192.168.0.x) to LAN connected devices. When NAT is disabled, only standard routing is performed by this router. Classical routing lets you directly manage the IP addresses the DG834 uses. Classical routing should be selected only by experienced users.
  • Page 37 NAT automatically assigns private IP addresses (192.168.0.x) to LAN connected devices. When NAT is disabled, only standard routing is performed by this router. Classical routing lets you directly manage the IP addresses the DG834 uses. Classical routing should be selected only by experienced users.

  • Page 38: Adsl Settings

    ISP. Alternatively, select “Use this MAC address” and enter it. 8. Click Apply to save your settings. 9. Click the Test button to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 8, “Troubleshooting”.
  • Page 39 Reference Manual for the ADSL Firewall Router DG834 If your ISP provided you with a specific Multiplexing Method or VPI/VCI number, then fill in the following: 1. Select the ADSL Settings link from the main menu. 2. For the Multiplexing Method, select LLC-based or VC-based.

  • Page 40: Connecting The Router To The Internet

    Reference Manual for the ADSL Firewall Router DG834 3-22 Connecting the Router to the Internet v2.0, September 2005...

  • Page 41: Protecting Your Network

    Chapter 4 Protecting Your Network This chapter describes how to use the basic firewall features of the DG834 ADSL Firewall Router to protect your network. It also describes how to configure Trend Micro Home Network Security. Protecting Access to Your DG834 ADSL Firewall Router For security reasons, the router has its own user name and password.

  • Page 42: Changing The Administrator Login Timeout

    Reference Manual for the ADSL Firewall Router DG834 7. From the Main Menu of the browser interface, under the Maintenance heading, select Set Password to bring up the menu shown in Figure 4-2. Figure 4-2 8. To change the password, first enter the old password, and then enter the new password twice.

  • Page 43: Blocking Keywords, Sites, And Services

    The section below explains how to configure your How to Block Keywords and Sites The DG834 ADSL router allows you to restrict access to Internet content based on functions such as Web addresses and Web address keywords. 1. Log in to the router at its default LAN address of http://192.168.0.1...
  • Page 44 Reference Manual for the ADSL Firewall Router DG834 2. Select the Block Sites link of the Security menu. Figure 4-3 3. To enable keyword blocking, select one of the following: • Per Schedule—to turn on keyword blocking according to the settings on the Schedule page.

  • Page 45: Firewall Rules

    Reference Manual for the ADSL Firewall Router DG834 You can specify one trusted user, which is a computer that will be exempt from blocking and logging. Since the trusted user will be identified by an IP address, you should configure that computer with a fixed IP address.

  • Page 46: Inbound Rules (Port Forwarding)

    Reference Manual for the ADSL Firewall Router DG834 To access the rules configuration of the DG834, click the Firewall Rules link on the main menu, then click Add for either an Outbound or Inbound Service. Figure 4-4 • To edit an existing rule, select its button on the left side of the table and click Edit.
  • Page 47 Reference Manual for the ADSL Firewall Router DG834 Remember that allowing inbound services opens holes in your firewall. Only enable those ports that are necessary for your network. Following are two application examples of inbound rules: Inbound Rule Example: A Local Public Web Server...
  • Page 48 Reference Manual for the ADSL Firewall Router DG834 – Any — all IP addresses are covered by this rule. – Address range — if this option is selected, you must enter the Start and Finish fields. – Single address — enter the required address in the Start field.

  • Page 49: Outbound Rules (Service Blocking)

    WAN IP address will fail. Outbound Rules (Service Blocking) The DG834 allows you to block the use of certain Internet services by computers on your network. This is called service blocking or port filtering. You can define an outbound rule to block Internet access from a local computer based on: •...
  • Page 50 Reference Manual for the ADSL Firewall Router DG834 Outbound Rule Example: Blocking Instant Messenger If you want to block Instant Messenger usage by employees during working hours, you can create an outbound rule to block that application from any internal IP address to any external address according to the schedule that you have created in the Schedule menu.

  • Page 51: Order Of Precedence For Rules

    Reference Manual for the ADSL Firewall Router DG834 – Single address — enter the required address in the Start field. • WAN Users These settings determine which packets are covered by the rule, based on their destination WAN IP address. Select the desired option: –...

  • Page 52: Services

    1024 to 65535 by the authors of the application. Although the DG834 already holds a list of many service port numbers, you are not limited to these choices. Use the procedure below to create your own service definitions.

  • Page 53: Setting Times And Scheduling Firewall Services

    4. Click Apply to save your changes. Setting Times and Scheduling Firewall Services The DG834 ADSL router uses the Network Time Protocol (NTP) to obtain the current time and date from one of several Network Time Servers on the Internet.

  • Page 54: How To Schedule Firewall Services

    Enabling Daylight Savings Time will cause one hour to be added to the standard time. 4. The router has a list of NETGEAR NTP servers. If you would prefer to use a particular NTP server as the primary server, enter its IP address under Use this NTP Server.

  • Page 55: Trend Micro Home Network Security

    To begin using Home Network Security, configure the Security Service and Parental Controls menus on your DG834 ADSL router. Each screen has a GUI button to click that will take you to the Trend Micro Web site to open your Trend Micro account.
  • Page 56 To install Home Network Security, click the Trend Micro banner and then follow the on-screen instructions. For assistance, refer to the Home Network Security Quick Start Guide included on the NETGEAR Resource CD. (You can download this document and the Home Network Security User’s Guide at http://www.trendmicro.com/en/support/tmss/netgear.) •...
  • Page 57 Reference Manual for the ADSL Firewall Router DG834 Note: If your ISP bills by the amount of time or traffic you use, set the update frequency to once a day. • Client Virus Protection Status. Provides information on all computers on your network.
  • Page 58 Reference Manual for the ADSL Firewall Router DG834 To enable Parental Controls: • Click Always to turn on Parental Controls all the time. • Click Never to turn off Parental Controls. • Click Per Schedule to turn on Parental Controls at the times specified on the Schedule page.
  • Page 59 Reference Manual for the ADSL Firewall Router DG834 2. Select the new user’s status. To allow Internet access, click Active. To completely disable this user’s Internet access, click Inactive. 3. Select the access profile that will apply to this user, as follows: •...
  • Page 60 Reference Manual for the ADSL Firewall Router DG834 – Hacking/Proxy Avoidance: Sites providing information on illegal or questionable access to, or use of, communications equipment and software, or that provide information on how to bypass proxy server features or gain unauthorized access to URLs.

  • Page 61: Managing Your Network

    Firewall Router. Backing Up, Restoring, or Erasing Your Settings The configuration settings of the DG834 ADSL router are stored in a configuration file in the router. This file can be backed up to your computer, restored, or reverted to factory default settings.

  • Page 62: How To Restore The Configuration From A File

    2-7. Upgrading the Router’s Firmware The software of the DG834 ADSL router is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from NETGEAR's Web site. If the upgrade file is compressed (.ZIP file), you must first extract the binary (.BIN or .IMG) file before uploading it to the router.

  • Page 63: How To Upgrade The Router Firmware

    Reference Manual for the ADSL Firewall Router DG834 How to Upgrade the Router Firmware Note: NETGEAR recommends that you back up your configuration before doing a firmware upgrade. After the upgrade is complete, you may need to restore your configuration settings.

  • Page 64: Network Management Information

    Reference Manual for the ADSL Firewall Router DG834 Network Management Information The DG834 provides a variety of status and usage information which is discussed below. Viewing Router Status and Usage Statistics From the Main Menu, under Maintenance, select Router Status to view the screen in Figure 5-3.
  • Page 65 Reference Manual for the ADSL Firewall Router DG834 Table 5-1. Menu 3.2 - Router Status Fields Field Description Account Name The Host Name assigned to the router in the Basic Settings menu. Firmware Version This field displays the router firmware version.
  • Page 66 Reference Manual for the ADSL Firewall Router DG834 Click the Show Statistics button to display router usage statistics, as shown in Figure 5-3 below: Figure 5-4 This screen shows the following statistics:. Table 5-1. Router Statistics Fields Field Description WAN, LAN, or The statistics for the WAN (Internet), LAN (local), and Serial ports.
  • Page 67 Reference Manual for the ADSL Firewall Router DG834 Click the Connection Status button to display router connection status, as shown in Figure 5-5 Figure 5-6. Figure 5-5 Clicking the Renew button updates the status information. This screen shows the following statistics: Table 5-1.
  • Page 68 Reference Manual for the ADSL Firewall Router DG834 An alternate view of the Connection Status screen is shown in Figure 5-6 below: Figure 5-6 Clicking the Renew button updates the status information. This screen shows the following statistics: Table 5-1. Connection Status Fields for PPPoA...

  • Page 69: Viewing Attached Devices

    Reference Manual for the ADSL Firewall Router DG834 Viewing Attached Devices The Attached Devices menu contains a table of all IP devices that the router has discovered on the local network. From the Main Menu of the browser interface, under the Maintenance heading,...
  • Page 70 Reference Manual for the ADSL Firewall Router DG834 An example of the logs file is shown below. Figure 5-8 Log entries are described in Table 5-1 below: 5-10 Managing Your Network v2.0, September 2005...
  • Page 71 Reference Manual for the ADSL Firewall Router DG834 Table 5-1. Security Log entry descriptions Field Description Date and Time The date and time the log entry was recorded. Description or The type of event and what action was taken if any.

  • Page 72: Saving Log Files On A Server

    Reference Manual for the ADSL Firewall Router DG834 Saving Log Files on a Server You can choose to write the logs to a computer running a syslog program. To activate this feature, select to Broadcast on Lan or enter the IP address of the server where the Syslog file will be written.

  • Page 73: Enabling Security Event E-Mail Notification

    Reference Manual for the ADSL Firewall Router DG834 Enabling Security Event E-mail Notification In order to receive logs and alerts by e-mail, you must provide your e-mail information in the E- mail subheading: Figure 5-9 • Turn e-mail notification on. Select this check box if you want to receive e-mail logs and alerts from the router.

  • Page 74: Running Diagnostic Utilities And Rebooting The Router

    In this case, the router overwrites the log and discards its contents. Running Diagnostic Utilities and Rebooting the Router The DG834 ADSL router has a diagnostics feature. You can use the diagnostics menu to perform the following functions from the router: •...

  • Page 75: Enabling Remote Management

    Using the Remote Management page, you can allow a user or users on the Internet to configure, upgrade and check the status of your DG834 ADSL Firewall Router. Note: Be sure to change the router's default password to a very secure password. The ideal password should contain no dictionary words from any language, and should be a mixture of letters (both upper and lower case), numbers, and symbols.
  • Page 76 Reference Manual for the ADSL Firewall Router DG834 When accessing your router from the Internet, you will type your router's WAN IP address in your browser's Address (in IE) or Location (in Netscape) box, followed by a colon (:) and the custom port number.

  • Page 77: Advanced Configuration

    Chapter 6 Advanced Configuration This chapter describes how to configure the advanced features of your DG834 ADSL Firewall Router. Configuring Advanced Security The DG834 ADSL Firewall Router provides a variety of advanced features, such as: • Setting up a Demilitarized Zone (DMZ) Server •...

  • Page 78: Setting Up A Default Dmz Server

    Reference Manual for the ADSL Firewall Router DG834 Setting Up A Default DMZ Server The Default DMZ Server feature is helpful when using some online games and videoconferencing applications that are incompatible with NAT. The router is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well.

  • Page 79: Connect Automatically, As Required

    Reference Manual for the ADSL Firewall Router DG834 2. From the Main Menu, under Advanced, click the WAN Setup link to view the page shown in Figure 6-1: Figure 6-1 3. Select the Default DMZ Server check box. 4. Type the IP address for that server.

  • Page 80: Respond To Ping On Internet Wan Port

    Reference Manual for the ADSL Firewall Router DG834 Respond to Ping on Internet WAN Port If you want the router to respond to a 'ping' from the Internet, select the ‘Respond to Ping on Internet WAN Port’ check box. This should only be used as a diagnostic tool, since it allows your router to be discovered.
  • Page 81 Reference Manual for the ADSL Firewall Router DG834 These addresses are part of the Internet Engineering Task Force (IETF)-designated private address range for use in private networks, and should be suitable in most applications. If your network has a requirement to use a different IP addressing scheme, you can make those changes in this menu.

  • Page 82: Dhcp

    Reference Manual for the ADSL Firewall Router DG834 — RIP-1 is universally supported. RIP-1 is probably adequate for most networks, unless you have an unusual network setup. — RIP-2 carries more information. Both RIP-2B and RIP-2M send the routing data in RIP-2 format.

  • Page 83: How To Configure Lan Tcp/Ip Settings

    Reference Manual for the ADSL Firewall Router DG834 • Primary DNS Server, if you entered a Primary DNS address in the Basic Settings menu; otherwise, the router’s LAN IP address • Secondary DNS Server, if you entered a Secondary DNS address in the Basic Settings menu •...

  • Page 84: Configuring Dynamic Dns

    Reference Manual for the ADSL Firewall Router DG834 2. From the Main Menu, under Advanced, click the LAN IP Setup link to view the menu, shown Figure 6-3: Figure 6-3 3. Enter the TCP/IP, DHCP, or Reserved IP parameters. 4. Click Apply to save your changes.

  • Page 85: How To Configure Dynamic Dns

    Reference Manual for the ADSL Firewall Router DG834 How to Configure Dynamic DNS 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the router.

  • Page 86: Using Static Routes

    Reference Manual for the ADSL Firewall Router DG834 10. Click Apply to save your configuration. Note: If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private addresses will not be routed on the Internet.

  • Page 87: How To Configure Static Routes

    Reference Manual for the ADSL Firewall Router DG834 • A Metric value of 1 will work since the ISDN router is on the LAN. This represents the number of routers between your network and the destination. This is a direct connection so it is set to 1.

  • Page 88: Universal Plug And Play (Upnp)

    Reference Manual for the ADSL Firewall Router DG834 b. Type a route name for this static route in the Route Name box under the table. This is for identification purpose only. c. Select Private if you want to limit access to the LAN only.
  • Page 89 Reference Manual for the ADSL Firewall Router DG834 2. Fill out the UPnP screen: • Turn UPnP On: UPnP can be enabled or disabled for automatic device configuration. The default setting for UPnP is enabled. If disabled, the Router will not allow any device to automatically control the resources, such as port forwarding (mapping), of the Router.
  • Page 90 Reference Manual for the ADSL Firewall Router DG834 6-14 Advanced Configuration v2.0, September 2005...

  • Page 91: Virtual Private Networking (Advanced Feature)

    Chapter 7 Virtual Private Networking (Advanced Feature) This chapter describes how to use the virtual private networking (VPN) features of the DG834 ADSL router. VPN communications paths are called tunnels. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer.

  • Page 92: Client-To-Gateway Vpn Tunnels

    A VPN client access allows a remote PC to connect to your network from any location on the Internet. In this case, the remote PC is one tunnel endpoint, running the VPN client software. The DG834 ADSL router on your network is the other tunnel endpoint. See “How to Set Up a Client- to-Gateway VPN Configuration”...

  • Page 93: Planning A Vpn

    Reference Manual for the ADSL Firewall Router DG834 A VPN between two or more NETGEAR VPN-enabled routers is a good way to connect branch or home offices and business partners over the Internet. VPN tunnels also enable access to network resources across the Internet.
  • Page 94 Reference Manual for the ADSL Firewall Router DG834 This set of configuration information defines a security association (SA) between the two VPN endpoints. When planning your VPN, you must make a few choices first: • Will the local end be any device on the LAN, a portion of the local network (as defined by a subnet or by a range of IP addresses), or a single PC? •...

  • Page 95: Vpn Tunnel Configuration

    DG834 and the corresponding VPN endpoint gateway or client workstation. How to Set Up a Client-to-Gateway VPN Configuration Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a network gateway (see Figure 7-3) involves the following two steps: •...

  • Page 96: Step 1: Configuring The Client-To-Gateway Vpn Tunnel On The Dg834

    Reference Manual for the ADSL Firewall Router DG834 • “Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC” on page 7-11 configures the NETGEAR ProSafe VPN Client endpoint. VPN Tunnel 22.23.24.25 0.0.0.0 DG834 192.168.3.1 (Running NETGEAR ProSafe VPN Client)
  • Page 97 Reference Manual for the ADSL Firewall Router DG834 Table 7-1. VPN Tunnel Configuration Worksheet Connection Name: RoadWarrior Pre-Shared Key: 12345678 Secure Association -- Main Mode or Manual Keys: Main Perfect Forward Secrecy -- Enabled or Disabled: Disabled NETBIOS -- Enabled or Disabled:...
  • Page 98 Reference Manual for the ADSL Firewall Router DG834 1. Log in to the DG834 at its LAN address of http://192.168.0.1 with its default user name of and password of . Click the VPN Wizard link in the main menu to display...
  • Page 99 Reference Manual for the ADSL Firewall Router DG834 The Summary screen below displays. Figure 7-6 Virtual Private Networking (Advanced Feature) v2.0, September 2005...
  • Page 100 Reference Manual for the ADSL Firewall Router DG834 To view the VPNC recommended authentication and encryption settings used by the VPN Wizard, click the “here” link (see Figure 7-6). Click Back to return to the Summary screen. 1 hour Figure 7-7 3.

  • Page 101: Step 2: Configuring The Netgear Prosafe Vpn Client On The Remote Pc

    This procedure describes how to configure the NETGEAR ProSafe VPN Client. We will assume the PC running the client has a dynamically assigned IP address. The PC must have the NETGEAR ProSafe VPN Client program installed that supports IPSec. Go to the NETGEAR website (http://www.netgear.com) and select VPN01L_VPN05L in the Product Quick Find drop-down menu for information on how to purchase the NETGEAR ProSafe VPN Client.
  • Page 102 Connection” listing appears in the list of policies. Rename the “New Connection” so that it matches the Connection Name you entered in the VPN Settings of the DG834 on LAN A. Note: In this example, the Connection Name used on the client side of the VPN...
  • Page 103 Select the Connect using Secure Gateway Tunnel check box. • Select IP Address in the ID Type menu below the check box. • Enter the public WAN IP Address of the DG834 in the field directly below the ID Type menu. In this example, would be used. 22.23.24.25 •...
  • Page 104 In this step, you will provide information about the remote VPN client PC. You will need to provide: — The Pre-Shared Key that you configured in the DG834. — Either a fixed IP address or a “fixed virtual” IP address of the VPN client PC.
  • Page 105 • Click the Pre-Shared Key button. In the Pre-Shared Key dialog box, click the Enter Key button. Enter the DG834's Pre-Shared Key and click OK. In this example, 12345678 is entered. This field is case sensitive. Figure 7-13...
  • Page 106 5. Configure the VPN Client Authentication Proposal. In this step, you will provide the type of encryption (DES or 3DES) to be used for this connection. This selection must match your selection in the DG834 configuration. • In the Network Security Policy list on the left side of the Security Policy Editor window, expand the Security Policy heading by double clicking its name or clicking on the “+”...
  • Page 107 Check the Encapsulation Protocol (ESP) checkbox. • In the Encrypt Alg menu, select the type of encryption to correspond with what was configured for the Encryption Protocol in the DG834 in Table 7-1 on page -7. In this example, use Triple DES.
  • Page 108 Once the connection is established, you can open the browser of the PC and enter the LAN IP address of the remote DG834. After a short wait, you should see the login screen of the Router (unless another PC already has the DG834 management interface open).
  • Page 109 3. The Connection Monitor screen for this connection is shown below: Figure 7-19 In this example you can see the following: • The DG834 has a public IP WAN address of 22.23.24.25. • The DG834 has a LAN IP address of 192.168.3.1. •...

  • Page 110: How To Set Up A Gateway-To-Gateway Vpn Configuration

    DG834 VPN Firewall 192.168.3.1 192.168.0.1 Figure 7-20 Set the LAN IPs on each DG834 to different subnets and configure each properly for the Internet. The examples below assume the following settings: 7-20 Virtual Private Networking (Advanced Feature) v2.0, September 2005...
  • Page 111 Note: The LAN IP address ranges of each VPN endpoint must be different. The connection will fail if both are using the NETGEAR default address range of 192.168.0.x. Follow this procedure to configure a gateway-to-gateway VPN tunnel using the VPN Wizard.
  • Page 112 Reference Manual for the ADSL Firewall Router DG834 1. Log in to the DG834 on LAN A at its default LAN address of http://192.168.0.1 with its default user name of and password of . Click the VPN Wizard link in the...
  • Page 113 Reference Manual for the ADSL Firewall Router DG834 3. Fill in the IP Address or FQDN for the target VPN endpoint WAN connection and click Next. Enter the WAN IP address of the remote VPN gateway: (e.g., 22.23.24.25) Figure 7-23 4.
  • Page 114 Reference Manual for the ADSL Firewall Router DG834 The Summary screen below displays. Figure 7-25 7-24 Virtual Private Networking (Advanced Feature) v2.0, September 2005...
  • Page 115 Reference Manual for the ADSL Firewall Router DG834 To view the VPNC recommended authentication and encryption settings used by the VPN Wizard, click the “here” link (see Figure 7-25). Click Back to return to the Summary screen. 1 hour Figure 7-26 5.
  • Page 116 Reference Manual for the ADSL Firewall Router DG834 6. Repeat for the DG834 on LAN B and pay special attention to use the following network settings as appropriate. • WAN IP of the remote VPN gateway (e.g., 14.15.16.17) • LAN IP settings of the remote VPN gateway: —...

  • Page 117: Vpn Tunnel Control

    Reference Manual for the ADSL Firewall Router DG834 b. Click on VPN Status (Figure 7-30) to get the Current VPN Tunnels (SAs) screen (Figure 7-29). Click on Connect for the VPN tunnel you want to activate. Figure 7-29 c. Look at the VPN Status/Log screen (Figure 7-28) to verify that the tunnel is connected.
  • Page 118 Reference Manual for the ADSL Firewall Router DG834 2. Open the DG834 management interface and click on VPN Status to get the VPN Status/Log screen (Figure 7-30). Figure 7-30 3. Click on VPN Status (Figure 7-30) to get the Current VPN Tunnels (SAs) screen (Figure 7-31).
  • Page 119 Client-to-Gateway Configuration—to check the VPN Connection, you can initiate a request from the remote PC to the DG834’s network by using the “Connect” option in the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client will report the results of the attempt to connect.

  • Page 120: Verifying The Status Of A Vpn Tunnel

    Once the connection is established, you can open the browser of the PC and enter the LAN IP address of the remote DG834. After a short wait, you should see the login screen of the Router (unless another PC already has the DG834 management interface open).
  • Page 121 Reference Manual for the ADSL Firewall Router DG834 Log—this log shows the details of recent VPN activity, including the building of the VPN tunnel. If there is a problem with the VPN tunnel, refer to the log for information about what might be the cause of the problem.

  • Page 122: Deactivating A Vpn Tunnel

    Reference Manual for the ADSL Firewall Router DG834 • HLifeTime (Secs)—the remaining Hard Lifetime for this SA in seconds. When the Hard Lifetime becomes zero, the SA (Security Association) will be terminated. (It will be re- established if required.) Figure 7-36 Deactivating a VPN Tunnel Sometimes a VPN tunnel must be deactivated for testing purposes.
  • Page 123 Reference Manual for the ADSL Firewall Router DG834 2. Open the DG834 management interface and click on VPN Policies to get the VPN Policies screen (Figure 7-38). Figure 7-37 3. Clear the Enable check box for the VPN tunnel you want to deactivate and click Apply. (To reactivate the tunnel, check the Enable box and click Apply.)
  • Page 124 Reference Manual for the ADSL Firewall Router DG834 2. Open the DG834 management interface and click on VPN Status to get the VPN Status/Log screen (Figure 7-38). Figure 7-38 3. Click VPN Status (Figure 7-38) to get the Current VPN Tunnels (SAs) screen (Figure 7-39).

  • Page 125: Deleting A Vpn Tunnel

    Deleting a VPN Tunnel To delete a VPN tunnel: 1. Log in to the Router. 2. Open the DG834 management interface and click VPN Policies to display the VPN Policies screen (Figure 7-40). Select the radio button for the VPN tunnel to be deleted and click the Delete button.

  • Page 126: Using Auto Policy To Configure Vpn Tunnels

    Auto Policy. Configuring VPN Network Connection Parameters All VPN tunnels on the DG834 ADSL router require configuring several network parameters. This section describes those parameters and how to access them. The most common configuration scenarios will use IKE to manage the authentication and encryption keys.
  • Page 127 Reference Manual for the ADSL Firewall Router DG834 Figure 7-41 Virtual Private Networking (Advanced Feature) 7-37 v2.0, September 2005...
  • Page 128 Reference Manual for the ADSL Firewall Router DG834 The DG834 VPN tunnel network connection fields are defined as follows: General. These settings identify this policy and determine its major characteristics. • Policy Name—Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint.
  • Page 129 Reference Manual for the ADSL Firewall Router DG834 Remote LAN. This identifies which PCs on the remote LAN are covered by this policy. For each selection, data must be provided as follows: — • Single PC - no Subnet select this option if there is no LAN (only a single PC) at the remote endpoint.
  • Page 130 Reference Manual for the ADSL Firewall Router DG834 — • IP Address the Internet IP address of the remote VPN endpoint. — • Fully Qualified Domain Name the Domain name of the remote VPN endpoint. — • Fully Qualified User Name the name, E-mail address, or other ID of the remote VPN endpoint.
  • Page 131 DG834 VPN Firewall 192.168.3.1 192.168.0.1 Figure 7-42 1. Set the LAN IPs on each DG834 to different subnets and configure each properly for the Internet. The following settings are assumed for this example: Table 7-1. VPN Tunnel Configuration Worksheet Connection Name:...
  • Page 132 Reference Manual for the ADSL Firewall Router DG834 2. Open the DG834 on LAN A management interface and click on VPN Policies. Figure 7-43 3. Click Add Auto Policy. 4. Enter policy settings (see Figure 7-44). • General — Policy Name = GtoG —...
  • Page 133 Reference Manual for the ADSL Firewall Router DG834 • Parameters — Encryption Algorithm = 3DES — Authentication Algorithm = MD5 — Pre-shared Key = 12345678 Virtual Private Networking (Advanced Feature) 7-43 v2.0, September 2005...
  • Page 134 Reference Manual for the ADSL Firewall Router DG834 Figure 7-44 7-44 Virtual Private Networking (Advanced Feature) v2.0, September 2005...
  • Page 135 Reference Manual for the ADSL Firewall Router DG834 5. Click Apply. The Get VPN Policies web page is displayed. Figure 7-45 6. Repeat for the DG834 on LAN B and pay special attention to use the following network settings as appropriate. •...
  • Page 136 Reference Manual for the ADSL Firewall Router DG834 a. Open the DG834 management interface and click on VPN Status to display the VPN Status/Log screen (Figure 7-46). Figure 7-46 b. Click VPN Status (Figure 7-46) to display the Current VPN Tunnels (SAs) screen (Figure 7-47).

  • Page 137: Using Manual Policy To Configure Vpn Tunnels

    Figure 7-48. Figure 7-48 General. The DG834 VPN tunnel network connection fields are defined as follows: • Policy Name—enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. It is used only to help you manage the policies.
  • Page 138 Reference Manual for the ADSL Firewall Router DG834 • Remote VPN Endpoint—select the desired option (IP address or Fully Qualified Domain Name) and enter the address of the remote VPN endpoint to which you wish to connect. Note: The remote VPN endpoint must have this VPN Gateway's address entered as its "Remote VPN Endpoint".
  • Page 139 Reference Manual for the ADSL Firewall Router DG834 SPI—enter the required security policy indexes (SPIs). Each policy must have unique SPIs. These settings must match the remote VPN endpoint. The "in" setting here must match the "out" setting on the remote VPN endpoint, and the "out" setting here must match the "in" setting on the remote VPN endpoint.
  • Page 140 Reference Manual for the ADSL Firewall Router DG834 7-50 Virtual Private Networking (Advanced Feature) v2.0, September 2005...

  • Page 141: Troubleshooting

    Chapter 8 Troubleshooting This chapter gives information about troubleshooting your DG834 ADSL Firewall Router. After each problem description, instructions are provided to help you diagnose and solve the problem. For the common problems listed, go to the section indicated. •...

  • Page 142: Power Led Not On

    • Check that you are using the 12 V DC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.

  • Page 143: Troubleshooting The Web Configuration Interface

    Reference Manual for the ADSL Firewall Router DG834 — When connecting the router’s WAN ADSL port, use the cable that was supplied with the DG834. Troubleshooting the Web Configuration Interface If you are unable to access the router’s Web Configuration interface from a computer on your local network, check the following: •...

  • Page 144: Troubleshooting The Isp Connection

    Reference Manual for the ADSL Firewall Router DG834 • Click the Refresh or Reload button in the Web browser. The changes may have occurred, but the Web browser may be caching the old configuration. Troubleshooting the ISP Connection If your router is unable to access the Internet, you should check the ADSL connection, then the WAN TCP/IP connection.

  • Page 145: Obtaining A Wan Ip Address

    ADSL service. It may be necessary to use a swapper if you ADSL signal is on pins 1 and 4 or the RJ-11 jack. The DG834 ADSL router uses pins 2 and 3.

  • Page 146: Troubleshooting Pppoe Or Pppoa

    Reference Manual for the ADSL Firewall Router DG834 Configure your router to spoof your computer’s MAC address. This can be done in the Basic Settings menu. Refer to “Manually Configuring Your Internet Connection” on page 3-16. Troubleshooting PPPoE or PPPoA The PPPoA or PPPoA connection can be debugged as follows: 1.

  • Page 147: Troubleshooting A Tcp/Ip Network Using The Ping Utility

    Reference Manual for the ADSL Firewall Router DG834 Troubleshooting a TCP/IP Network Using the Ping Utility Most TCP/IP terminal devices and routers contain a ping utility that sends an echo request packet to the designated device. The device then responds with an echo reply. Troubleshooting a TCP/IP network is made very easy by using the ping utility in your computer.

  • Page 148: Testing The Path From Your Computer To A Remote Device

    Reference Manual for the ADSL Firewall Router DG834 Testing the Path from Your Computer to a Remote Device After verifying that the LAN path works correctly, test the path from your PC to a remote device. From the Windows run menu, type: PING -n 10 <IP address>...

  • Page 149: Using The Reset Button

    The E-mail menu in the Content Filtering section displays the current date and time of day. The DG834 ADSL router uses the Network Time Protocol (NTP) to obtain the current time from one of several Network Time Servers on the Internet. Each entry in the log is stamped with the date and time of day.
  • Page 150 Reference Manual for the ADSL Firewall Router DG834 8-10 Troubleshooting v2.0, September 2005...
  • Page 151 Reference Manual for the ADSL Firewall Router DG834 Troubleshooting 8-11 v2.0, September 2005...
  • Page 152 Reference Manual for the ADSL Firewall Router DG834 8-12 Troubleshooting v2.0, September 2005...
  • Page 153 Reference Manual for the ADSL Firewall Router DG834 Troubleshooting 8-13 v2.0, September 2005...
  • Page 154 Reference Manual for the ADSL Firewall Router DG834 8-14 Troubleshooting v2.0, September 2005...
  • Page 155 Reference Manual for the ADSL Firewall Router DG834 Troubleshooting 8-15 v2.0, September 2005...
  • Page 156 Reference Manual for the ADSL Firewall Router DG834 8-16 Troubleshooting v2.0, September 2005...
  • Page 157 Reference Manual for the ADSL Firewall Router DG834 Troubleshooting 8-17 v2.0, September 2005...
  • Page 158 Reference Manual for the ADSL Firewall Router DG834 8-18 Troubleshooting v2.0, September 2005...
  • Page 159 Reference Manual for the ADSL Firewall Router DG834 Troubleshooting 8-19 v2.0, September 2005...
  • Page 160 Reference Manual for the ADSL Firewall Router DG834 8-20 Troubleshooting v2.0, September 2005...
  • Page 161 Reference Manual for the ADSL Firewall Router DG834 Troubleshooting 8-21 v2.0, September 2005...
  • Page 162 Reference Manual for the ADSL Firewall Router DG834 8-22 Troubleshooting v2.0, September 2005...

  • Page 163: Technical Specifications

    Appendix A Technical Specifications This appendix provides technical specifications for the DG834 ADSL Firewall Router. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP, PPP over Ethernet (PPPoE) or PPP over ATM (PPPoA), RFC 1483 Bridged or Routed Ethernet, and...
  • Page 164 Reference Manual for the ADSL Firewall Router DG834 Technical Specifications v2.0, September 2005...

  • Page 165: Configuration Profile

    NETGEAR VPN Configuration DG834 to FVL328 This appendix is a case study on how to configure a secure IPSec VPN tunnel from a NETGEAR DG834 to a FVL328. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html).
  • Page 166 Note: Product updates are available on the NETGEAR, Inc. web site at http://kbserver.netgear.com/DG834.asp. Step-By-Step Configuration Configure the DG834 as in the Gateway-to-Gateway procedures using the VPN Wizard (see “How to Set Up a Gateway-to-Gateway VPN Configuration“ on page -20), being certain to use appropriate network addresses for the environment.
  • Page 167 Reference Manual for the ADSL Firewall Router DG834 Click VPN Policies under Advanced - VPN to invoke this screen 10.5.6.1 172.23.9.1 toFVL328 toFVL328 22.23.24.25 10 10 Figure B-2: Viewing and editing the VPN parameters of the DG834 at gateway A 202-10005-05, June 2005...
  • Page 168 Reference Manual for the ADSL Firewall Router DG834 Configure the FVL328 as in the Gateway-to-Gateway procedures for the VPN Wizard (see “How to Set Up a Gateway-to-Gateway VPN Configuration“ on page -20), being certain to use appropriate network addresses for the environment.
  • Page 169 Reference Manual for the ADSL Firewall Router DG834 toDG834 toDG834 22.23.24.25 14.15.16.17 Click IKE Policies under 22.23.24.25 VPN to invoke this screen 14.15.16.17 toDG834 172.23.9.1 10.5.6.1 Click VPN Policies under VPN to invoke this screen toDG834 toDG834 14.15.16.17 Figure B-3: Viewing and editing the VPN parameters of the FVL328 at gateway B...
  • Page 170 DG834 with FQDN to FVL328 This appendix is a case study on how to configure a VPN tunnel from a NETGEAR DG834 to a FVL328 using a Fully Qualified Domain Name (FQDN) to resolve the public address of one or both routers.
  • Page 171 DG834 FVL328 Figure B-5: Addressing and Subnet Used for Examples Note: Product updates are available on the NETGEAR, Inc. web site at http://kbserver.netgear.com/DG834.asp. The Use of a Fully Qualified Domain Name (FQDN) Many ISPs (Internet Service Providers) provide connectivity to their customers using dynamic instead of static IP addressing.
  • Page 172 In this example, Gateway A is configured using an example FQDN provided by a DDNS Service provider. In this case we established the hostname dg834.dyndns.org for gateway A using the DynDNS service. Gateway B will use the DDNS Service Provider when establishing a VPN tunnel.
  • Page 173 Reference Manual for the ADSL Firewall Router DG834 On the DG834, configure the Dynamic DNS settings. Browse to the Dynamic DNS Setup Screen (see Figure B-6) in the Advanced menu. Figure B-6: Dynamic DNS Setup Screen Configure this screen with appropriate account and hostname settings and then click Apply.
  • Page 174 Reference Manual for the ADSL Firewall Router DG834 On the FVL328, configure the Dynamic DNS settings. Assume a properly configured DynDNS account. Browse to the Dynamic DNS Setup Screen (see Figure B-8) in the Advanced menu. Figure B-8: Dynamic DNS Setup Screen Select the DynDNS.org radio button (see...
  • Page 175 Reference Manual for the ADSL Firewall Router DG834 Figure B-9: Dynamic DNS Setup Screen 202-10005-05, June 2005...
  • Page 176 Figure B-10). Figure B-10: Status Screen Configure the DG834 as in the Gateway-to-Gateway procedures using the VPN Wizard (see “How to Set Up a Gateway-to-Gateway VPN Configuration“ on page -20), being certain to use appropriate network addresses for the environment.
  • Page 177 IP Address = 10.5.6.1 • Subnet Mask = 255.255.255.0 Test the VPN tunnel by pinging the remote network from a PC attached to the DG834. Open the command prompt (Start -> Run -> cmd) ping 172.23.9.1 Figure B-11: ping 172.23.9.1 Note: The pings may fail the first time.
  • Page 178 Figure B-12: Addressing and subnet used for telecommuter example Setting Up the Client-to-Gateway VPN Configuration (Telecommuter Example) Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a network gateway involves the following two steps: •...
  • Page 179 Reference Manual for the ADSL Firewall Router DG834 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the VPN Router at the Employer’s Main Office Follow this procedure to configure a client-to-gateway VPN tunnel by filling out the VPN Auto Policy screen.
  • Page 180 Reference Manual for the ADSL Firewall Router DG834 fromDG834G (in the example) Dynamic IP address IKE Keep Alive is optional; must match Remote LAN IP Address when enabled (remote PC must respond to pings) Subnet address 192.168.0.1 (in this example) 255.255.255.0...
  • Page 181 Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter’s Home Office This procedure describes how to configure the DG834 ADSL Firewall Router. We will assume the PC running the client has a dynamically assigned IP address.
  • Page 182 From the Edit menu of the Security Policy Editor, click Add, then Connection. A New Connection listing appears in the list of policies. Rename the New Connection so that it matches the Connection Name you entered in the VPN Settings of the DG834 on Gateway A.
  • Page 183 Select Secure in the Connection Security check box. Select IP Subnet in the ID Type menu. In this example, type 192.168.0.1 in the Subnet field as the network address of the DG834. Enter 255.255.255.0 in the Mask field as the LAN Subnet Mask of the DG834.
  • Page 184 In this step, you will provide information about the remote VPN client PC. You will need to provide: — The Pre-Shared Key that you configured in the DG834. — Either a fixed IP address or a “fixed virtual” IP address of the VPN client PC.
  • Page 185 Reference Manual for the ADSL Firewall Router DG834 In the Network Security Policy list on the left side of the Security Policy Editor window, click My Identity. Figure B-18: Security Policy Editor my identity Choose None in the Select Certificate menu.
  • Page 186 Reference Manual for the ADSL Firewall Router DG834 Click the Pre-Shared Key button. In the Pre-Shared Key dialog box, click the Enter Key button. Enter the DG834's Pre-Shared Key and click OK. In this example, 12345678 is entered. This field is case sensitive.
  • Page 187 Reference Manual for the ADSL Firewall Router DG834 Expand the Authentication subheading by double clicking its name or clicking on the “+” symbol. Then select Proposal 1 below Authentication. Figure B-20: Security Policy Editor authentication In the Authentication Method menu, select Pre-Shared key.
  • Page 188 Reference Manual for the ADSL Firewall Router DG834 Expand the Key Exchange subheading by double clicking its name or clicking on the “+” symbol. Then select Proposal 1 below Key Exchange. Figure B-21: Security Policy Editor key exchange In the SA Life menu, select Unspecified.
  • Page 189 Select Connect to open the My Connections list. Choose toDG834G. The DG834 ADSL Firewall Router will report the results of the attempt to connect. Once the connection is established, you can access resources of the network connected to the VPN router.
  • Page 190 Monitoring the VPN Tunnel (Telecommuter Example) Viewing the PC Client’s Connection Monitor and Log Viewer To view information on the progress and status of the VPN client connection, open the DG834 ADSL Firewall Router Log Viewer. To launch this function, click on the Windows Start button, then select Programs, then DG834 ADSL Firewall Router, then Log Viewer.
  • Page 191 Reference Manual for the ADSL Firewall Router DG834 Note: Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel. The Connection Monitor screen is shown below:...
  • Page 192 Reference Manual for the ADSL Firewall Router DG834 Viewing the VPN Router’s VPN Status and Log Information To view information on the status of the VPN client connection, open the VPN router’s VPN Status screen by following the steps below: To view this screen, click the Router Status link of the VPN router’s main menu, then click...
  • Page 193 Reference Manual for the ADSL Firewall Router DG834 To view the VPN tunnels status, click the VPN Status link on the right side of the main menu. Current VPN Tunnels (SAs) screen 202-10005-05, June 2005...
  • Page 194 Reference Manual for the ADSL Firewall Router DG834 202-10005-05, June 2005...

  • Page 195: Appendix C Related Documents

    Appendix C Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and TCP/IP http://documentation.netgear.com/reference/enu/tcpip/index.htm Addressing: Wireless Communications: http://documentation.netgear.com/reference/enu/wireless/index.htm Preparing a Computer for http://documentation.netgear.com/reference/enu/wsdhcp/index.htm...
  • Page 196 Reference Manual for the ADSL Firewall Router DG834 Related Documents v2.0, September 2005...

Table of Contents