NETGEAR FVG318 Reference Manual
  1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Firewall
  5. FVG318 - ProSafe 802.11g Wireless VPN Firewall 8...
  6. Reference manual

NETGEAR FVG318 Reference Manual

Prosafe 802.11g wireless vpn firewall
Hide thumbs Also See for FVG318:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Feature Manual, Reference Manual
ProSafe 802.11g Wireless
VPN Firewall FVG318

Reference Manual

NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
202-10318-01
September 2007

Advertisement

Table of Contents
loading

Related Manuals for NETGEAR FVG318

Summary of Contents for NETGEAR FVG318

  • Page 1: Reference Manual

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10318-01 September 2007...

  • Page 2: Regulatory Compliance Information

    In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
  • Page 3 Hereby, NETGEAR Inc., declares that this Radiolan is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC. Español Por medio de la presente NETGEAR Inc. declara que el Radiolan cumple con los [Spanish] requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE.
  • Page 4 We NETGEAR, Inc., 4500 Great America Parkway, Santa Clara, CA 95054, declare under our sole responsibility that the model FVG318 ProSafe 802.11g Wireless VPN Firewall complies with Part 15 of FCC Rules. Operation is subject to the following two conditions: •...

  • Page 5: Canadian Department Of Communications Radio Interference Regulations

    Tested to Comply with FCC Standards FOR HOME OR OFFICE USE Modifications made to the product, unless expressly approved by NETGEAR, Inc., could void the user's right to operate the equipment. Voluntary Control Council for Interference (VCCI) Statement This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
  • Page 6 Product and Publication Details Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number: FVG318 September 2007 Wireless Router ProSafe 802.11g Wireless VPN Firewall Business English 202-10318-01 v1.0, September 2007...

  • Page 7: Table Of Contents

    Chapter 2 Connecting the Firewall to the Internet Installing Your FVG318 ...2-1 Configuring the FVG318 for Internet Access with Auto Detect ...2-4 Manually Configuring your Internet Connection ...2-7 Configuring Dynamic DNS (If Needed) ...2-9 Configuring Your Time Zone ... 2-11 Troubleshooting Tips ...2-12...
  • Page 8 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Chapter 3 Configuring Wireless Connectivity Observing Performance, Placement, and Range Guidelines ...3-1 Implementing Appropriate Wireless Security ...3-2 Understanding Wireless Settings ...3-3 Security Check List for SSID and WEP Settings ...3-7 Setting Up and Testing Basic Wireless Connectivity ...3-8 Restricting Wireless Access by MAC Address ...3-9...
  • Page 9 Setting Up a Client-to-Gateway VPN Configuration ...5-5 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVG318 ...5-5 Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC ...5-7 Monitoring the Progress and Status of the VPN Client Connection ...5-15 Transferring a Security Policy to Another Client ...5-17...
  • Page 10 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring Static Routes ...8-5 Configuring RIP ...8-6 Static Route Example ...8-7 Enabling Remote Management Access ...8-8 SNMP Administration ...8-10 Enabling Universal Plug and Play (UPnP) ...8-12 Chapter 9 Troubleshooting Basic Functioning ...9-1 Power LED Not On ...9-1...
  • Page 11 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318-to-FVS318v2 Case ... C-7 Configuring the VPN Tunnel ... C-7 Viewing and Editing the VPN Parameters ... C-8 Initiating and Checking the VPN Connections ... C-9 The FVG318-to-FVL328 Case ... C-10 Configuring the VPN Tunnel ...
  • Page 12 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Contents v1.0, September 2007...

  • Page 13: About This Manual

    The NETGEAR ® ProSafe™ 802.11g Wireless VPN Firewall FVG318 Reference Manual describes how to install, configure and troubleshoot the ProSafe 802.11g Wireless VPN Firewall. The information in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Formats, and Scope The conventions, formats, and scope of this manual are described in the following paragraphs: •...

  • Page 14: How To Use This Manual

    • button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters.

  • Page 15: Revision History

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Printing from PDF. Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at http://www.adobe.com.
  • Page 16 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual About This Manual v1.0, September 2007...

  • Page 17: Introduction

    Unlike simple Internet sharing firewalls that rely on Network Address Translation (NAT) for security, the FVG318 uses stateful packet inspection for Denial of Service attack (DoS) protection and intrusion detection. The FVG318 allows Internet access for up to 253 users. The VPN firewall provides you with multiple Web content filtering options, plus browsing activity reporting and instant alerts—both via e-mail.

  • Page 18: 802.11G And 802.11B Wireless Networking

    For WMM to function correctly, wireless clients must also support WMM. A Powerful, True Firewall with Content Filtering Unlike simple Internet sharing NAT firewalls, the FVG318 is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include: •...

  • Page 19: Security

    You can specify forwarding of single ports or ranges of ports. Autosensing Ethernet Connections with Auto Uplink With its internal eight-port 10/100 switch, the FVG318 can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. Both the LAN and WAN interfaces are autosensing and capable of full-duplex or half-duplex operation.

  • Page 20: Easy Installation And Management

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • IP Address Sharing by NAT. The VPN firewall allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, known as NAT, allows the use of an inexpensive single-user ISP account.

  • Page 21: Maintenance And Support

    • Registration and Warranty Card. If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the firewall for repair. The FVG318 Front Panel The front panel of the VPN firewall contains the status LEDs described below.

  • Page 22: The Fvg318 Rear Panel

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual You can use some of the LEDs to verify connections. Viewed from left to right, describes the LEDs on the front panel of the firewall. These LEDs are green when lit. Table 1-1. LED Descriptions...
  • Page 23 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Viewed from left to right, the rear panel contains the following features: • Detachable wireless antenna • Factory default reset push button • Eight Ethernet LAN ports • Internet Ethernet WAN port for connecting the firewall to a cable or DSL modem •...
  • Page 24 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Introduction v1.0, September 2007...

  • Page 25: Connecting The Firewall To The Internet

    For DSL Service: You may need information such as the DSL login name and password in order to complete the VPN firewall router setup. To connect the FVG318: 1. Connect the VPN firewall router to your computer and modem a. Turn off and unplug your cable or DSL modem.
  • Page 26 B in the illustration). Figure 2-2 e. Securely insert one end of the NETGEAR cable that came with your FVG318 into a Local port on the router such as port 4 (point C in the illustration), and the other end into the Ethernet port of your computer (point D in the illustration).
  • Page 27 Internet. a. First, plug in and turn on the cable or DSL modem.Wait about 2 minutes. b. Now, plug in the power cord to your FVG318 and wait about 30 seconds. c. Last, turn on your computer.

  • Page 28: Configuring The Fvg318 For Internet Access With Auto Detect

    Power: The power light should be lit. If after 2 minutes the power light turns solid amber, see the Troubleshooting Tips in this guide. • Test: The test light blinks when the FVG318 is first turned on. If after 2 minutes it is still on, see the Troubleshooting Tips in this guide. •...
  • Page 29 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. When prompted, enter admin for the firewall User Name and password for the firewall Password. Both fields are case-sensitive. (For security reasons, the firewall has its own User Name and Password.) Figure 2-6 3.
  • Page 30 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 4. Select Network Configuration. The WAN ISP Settings screen will display. Click Auto Detect at the bottom of the WAN ISP Settings screen. The router will automatically attempt to detect your connection type. A message will display indicating if the service connection was detected.

  • Page 31: Manually Configuring Your Internet Connection

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: When you enable remote management, we strongly advise that you change your password. See the procedure on how to do this. Manually Configuring your Internet Connection Unless your ISP assigns your configuration automatically via DHCP, you will need the configuration parameters from your ISP.
  • Page 32 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual – Password. Enter the password you use to log in to your ISP. • Enter your ISP Type information: – Austria (PPTP): If your ISP is Austria Telecom or any other ISP that uses PPTP to log in, fill in the following fields: •...

  • Page 33: Configuring Dynamic Dns (If Needed)

    Gateway IP Address: IP address of your ISP’s gateway. This is usually provided by the ISP or your network administrator. 3. Select your Domain Name Servers (DNS). Domain name servers (DNS) convert Internet names such as www.google.com, www.netgear.com, etc. to Internet addresses called IP addresses. –...
  • Page 34 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The gateway contains a client that can connect to a dynamic DNS service provider. To use this feature, you must select a service provider and obtain an account with them. After you have...

  • Page 35: Configuring Your Time Zone

    4. Select an NTP Server. • The Use Default NTP Servers is selected by default. If this is enabled, then the RTC (Real-Time Clock) is updated regularly by contacting a NETGEAR NTP Server on the Internet. Connecting the Firewall to the Internet v1.0, September 2007...

  • Page 36: Troubleshooting Tips

    Be sure to restart your network in the correct sequence. Always follow this sequence: 1) Unplug and turn off the modem, FVG318, and computer; 2) plug in and turn on the modem, wait two minutes; 3) plug in the FVG318 and wait 30 seconds; 4) turn on the computer.
  • Page 37 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Some cable modem ISPs require you to use the MAC address of the computer registered on the account. If so, in the Router MAC Address section of the Basic Settings menu, select, “Use this Computer’s MAC Address.”...
  • Page 38 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 2-2. Accessing the firewall router (continued) Firewall State Access Options Configuration Enter the standard Settings Have Been URL to access the Applied VPN firewall router Enter the IP address of the VPN firewall...

  • Page 39: Configuring Wireless Connectivity

    Observing Performance, Placement, and Range Guidelines In planning your wireless network, you should consider the level of security required. You should also select the physical placement of your FVG318 in order to maximize the network speed. For further information on wireless networking, refer to in Note: Failure to follow these guidelines can result in significant performance degradation or inability to wirelessly connect to the VPN firewall router.

  • Page 40: Implementing Appropriate Wireless Security

    Restrict Access Based on MAC Address. You can allow only trusted PCs to connect so that unknown PCs cannot wirelessly connect to the FVG318. Restricting access by MAC address adds an obstacle against unwanted access to your network, but the data broadcast over the wireless link is fully exposed.

  • Page 41: Understanding Wireless Settings

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Wi-Fi Protected Access (WPA and WPA2). The very strong authentication along with dynamic per frame rekeying of WPA and WPA2 make it virtually impossible to compromise. Because this is a new standard, wireless device driver and software availability may be limited.
  • Page 42 Figure 3-2 Note: The 802.11b and 802.11g wireless networking protocols are configured in exactly the same fashion. The FVG318 will automatically adjust to the 802.11g or 802.11b protocol as the device requires without compromising the speed of the other devices.
  • Page 43 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual – Region. This field identifies the region where the FVG318 can be used. It may not be legal to operate the wireless features of the VPN firewall router in a region other than one of those identified in this field.
  • Page 44 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual – WPA2-PSK: WPA2 is a later version of WPA. Only select this if all clients support WPA2. If selected, you must use AES encryption – WPA-PSK and WPA2-PSK: This selection allows clients to use either WPA (with TKIP encryption) or WPA2 (with AES encryption).

  • Page 45: Security Check List For Ssid And Wep Settings

    • SSID: The Service Set Identification (SSID) identifies the wireless local area network. Wireless is the default FVG318 SSID. However, you may customize it by using up to 32 alphanumeric characters. Write your customized SSID on the line below. Note: The SSID in the VPN firewall router is the SSID you configure in the wireless adapter card.

  • Page 46: Setting Up And Testing Basic Wireless Connectivity

    4. Choose a suitable descriptive name for the wireless network name (SSID). In the SSID box, enter a value of up to 32 alphanumeric characters. The default SSID is NETGEAR. Note: The characters are case sensitive. An access point always functions in infrastructure mode.

  • Page 47: Restricting Wireless Access By Mac Address

    Program the wireless adapter of your PCs to have the same SSID that you configured in the FVG318. Check that they have a wireless link and are able to obtain an IP address by DHCP from the VPN firewall router.

  • Page 48: Configuring Wep Security Settings

    Now, only devices on this list will be allowed to wirelessly connect to the FVG318. To remove a MAC address from the table, click to select it, then click Delete.
  • Page 49 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-5 3. In the Wireless Security Type section, select the WEP radio box. The WEP fields section will be highlighted. 4. Choose the Authentication Type (Automatic, Open System or Shared Key) and Encryption Strength options.

  • Page 50: Configuring Wpa With Radius

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Manual Entry Mode: Enter ten hexadecimal digits (any combination of 0-9, a-f, or A-F). These hex values are not case sensitive. Select which of the four keys will be used and enter the matching WEP key information for your network in the selected key box.
  • Page 51 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-6 3. Select the WPA radio box and then select RADIUS from the WPA with: pull-down menu in the Wireless Security Type section. The RADIUS settings fields in the Radius Server Settings section will be highlighted.

  • Page 52: Configuring Wpa2 With Radius

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring WPA2 with RADIUS Note: Not all wireless adapters support WPA2. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA2. Nevertheless, the wireless adapter hardware and driver must also support WPA2.

  • Page 53: Configuring Wpa And Wpa2 With Radius

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: The Encryption choice will be AES by default. For WPA2 with RADIUS, AES is used. 4. Enter the Radius Server Settings. • Primary Server Name/IP Address: This field is required. Enter the name or IP address of the primary Radius Server on your LAN.
  • Page 54 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-8 3. Select the WPA and WPA2 radio box and then select RADIUS from the WPA with: pull- down menu in the Wireless Security Type section. The RADIUS settings fields in the Radius Server Settings section will be highlighted.

  • Page 55: Configuring Wpa-Psk

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring WPA-PSK Note: Not all wireless adapters support WPA. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA. Nevertheless, the wireless adapter hardware and driver must also support WPA.

  • Page 56: Configuring Wpa2-Psk

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: The Encryption choice will be TKIP by default. For WPA+PSK, TKIP is used. 4. In the PSK Settings section: • Enter the pre-shared key in the Passphrase field. Enter a word or group of printable characters in the Passphrase box.
  • Page 57 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 3-10 3. Select the WPA2 radio box and then select PSK from the WPA with: pull-down menu in the Wireless Security Type section. The PSK settings fields in the PSK Settings section will be highlighted.

  • Page 58: Configuring Wpa-Psk And Wpa2-Psk

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring WPA-PSK and WPA2-PSK Note: Not all wireless adapters support WPA and WPA2. Furthermore, client software is required on the client. Windows XP and Windows 2000 with Service Pack 3 do include the client software that supports WPA and WPA2. Nevertheless, the wireless adapter hardware and driver must also support WPA and WPA2.
  • Page 59 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: The Encryption choice will be TKIP+AES by default. For WPA and WPA2+PSK, TKIP+AES is used. 4. In the PSK Settings section: • Enter the pre-shared key in the Passphrase field. Enter a word or group of printable characters in the Passphrase box.
  • Page 60 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 3-22 Configuring Wireless Connectivity v1.0, September 2007...

  • Page 61: Firewall Protection And Content Filtering

    The Content Filtering features are described below: Block Sites The FVG318 supports content filtering which allows you to block access to certain Internet sites. Up to 32 words in an Internet sites name (for example, a website URL) can be specified causing the site to be blocked.
  • Page 62 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Certain commonly used web components can also be blocked for increased security. Some of these components can be used by malicious websites to infect computers that access them. For example: • Proxy. A proxy server allows computers to route connections to other computers through the proxy, thus circumventing certain firewall rules.
  • Page 63 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. Check the Yes radio box in the Content Filtering section and click Apply. This will enable content filtering and allow you to specify Web Components to be blocked. 3. Check the radio box for each Web Component you want to enable; then click Apply. The selected Web Component options will be blocked.

  • Page 64: Using Rules To Block Or Allow Specific Kinds Of Traffic

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 1. In the appropriate field add the IP Address or Domain Name. 2. Click Add. The IP Address or Domain Name will appear in the appropriate table. 3. Click Edit adjacent to the entry to modify or change the selected IP Address or Domain Name.
  • Page 65 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of the FVG318 are: • Inbound: Block all access from outside except responses to requests from the LAN side.

  • Page 66: Inbound Rules (Port Forwarding)

    Match — traffic of this type that matches the parameters and action will be logged. Inbound Rules (Port Forwarding) Because the FVG318 uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly address any of your local computers.
  • Page 67 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Inbound Rule Example: A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day.

  • Page 68: Outbound Rules (Service Blocking)

    WAN IP address will fail. Outbound Rules (Service Blocking) The FVG318 allows you to block the use of certain Internet services by PCs on your network. This is called service blocking or port filtering. You can define an outbound rule to block Internet access from a local PC based on: •...

  • Page 69: Order Of Precedence For Rules

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 4-6 Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules table, as shown below: Figure 4-7 For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order shown in the Rules table, beginning at the top and proceeding to the default rules at the bottom.

  • Page 70: Default Dmz Server

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Default DMZ Server Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a response to one of your local computers or a service for which you have configured an inbound rule.

  • Page 71: Attack Checks

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: For security, NETGEAR strongly recommends that you avoid using the Default DMZ Server feature. When a computer is designated as the Default DMZ Server, it loses much of the protection of the firewall, and is exposed to many exploits from the Internet.

  • Page 72: Services

    1024 to 65535 by the authors of the application. Although the FVG318 already holds a list of many service port numbers, you are not limited to these choices. Use the Services menu to add additional services and applications to the list for use in defining firewall rules.

  • Page 73: Using A Schedule To Block Or Allow Specific Traffic

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual b. From the Type pull-down menu, select whether the service uses TCP, UDP or ICMP as its transport protocol. c. Enter the lowest port number used by the service in the Start Port field.

  • Page 74: Getting E-Mail Notifications Of Firewall Logs

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 4-9 To block keywords or Internet domains based on a schedule: 1. Select Security > Schedule from the menu. The Schedule 1 screen will display. 2. In the Scheduled Days section, select the All Days or Specific Days radio box. If you want to limit access completely for the selected days, select All Day.
  • Page 75 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. Enter the Log Identifier in the Log Options sections. Every logged message will contain a prefix for easier identification of the source of the message. The Log Identifier will be prefixed to both e-mail and Syslog messages.
  • Page 76 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 4-10 5. Enable E-Mail Logs. Check the Yes radio box if you wish to receive e-mail logs from the firewall. 6. Enter your E-Mail Address information. If you enabled e-mail notification, these boxes cannot be blank.
  • Page 77 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Enter the Return E-Mail Address to which logs and alerts are sent. This e-mail address will also be used as the Send To E-mail address. If you leave this box blank, log and alert messages will not be sent via e-mail.
  • Page 78 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Log entries are described in Table 4-1 Table 4-1. Log entry descriptions Field Description Date and Time The date and time the log entry was recorded. Description or The type of event and what action was taken if any.

  • Page 79: Basic Virtual Private Networking

    • Appendix C, “VPN Configuration of NETGEAR configure a secure IPSec VPN tunnel from a NETGEAR FVG318 to a FVL328. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html). Basic Virtual Private Networking...

  • Page 80: Overview Of Vpn Configuration

    Two common scenarios for configuring VPN tunnels are between a remote personal computer and a network gateway and between two or more network gateways. The FVG318 supports both of these types of VPN configurations. The VPN firewall supports up to eight concurrent tunnels.

  • Page 81: Planning A Vpn

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual A VPN between two or more NETGEAR VPN-enabled firewalls is a good way to connect branch or home offices and business partners over the Internet. VPN tunnels also enable access to network resources across the Internet.

  • Page 82: Vpn Tunnel Configuration

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 5-1. Parameters recommended by the VPNC and used in the VPN Wizard Parameter Authentication Protocol Diffie-Hellman (DH) Group Key Life IKE Life Time NETBIOS • What level of IPSec VPN encryption will you use? –...

  • Page 83: Setting Up A Client-To-Gateway Vpn Configuration

    “Advanced Virtual Private Follow this procedure to configure a client-to-gateway VPN tunnel using the VPN Wizard. 1. Log in to the FVG318 at its LAN address of http://192.168.0.1 with its default user name of admin and password of password. Basic Virtual Private Networking Table 5-1 on page 5-4.
  • Page 84 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 2. Select VPN > VPN Wizard from the menu. The WPN Wizard screen will display. Figure 5-4 3. Check the VPN Client radio button and enter the Connection Name and the pre-shared key.

  • Page 85: Step 2: Configuring The Netgear Prosafe Vpn Client On The Remote Pc

    Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC This procedure describes how to configure the NETGEAR ProSafe VPN Client. This example assumes the PC running the client has a dynamically assigned IP address. Basic Virtual Private Networking...
  • Page 86 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The PC must have the NETGEAR ProSafe VPN Client program installed that supports IPSec. Go to the NETGEAR Web site (http://www.netgear.com) and select VPN01L_VPN05L in the Product Quick Find drop-down menu for information on how to purchase the NETGEAR ProSafe VPN Client.
  • Page 87 In this example, type 192.168.0.0 in the Subnet field as the network address of the FVG318. c. Enter 255.255.255.0 in the Mask field as the LAN Subnet Mask of the FVG318. d. Select All in the Protocol menu to allow all traffic through the VPN tunnel.
  • Page 88 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Select Domain Name in the ID Type menu below the check box. g. Enter the public WAN IP Domain Name of the FVG318 in the field directly below the ID Type menu. In this example,...
  • Page 89 5. Configure the VPN Client Identity. Provide information about the remote VPN client PC. You will need to provide: – The Pre-Shared Key that you configured in the FVG318. – Either a fixed IP address or a “fixed virtual” IP address of the VPN client PC.
  • Page 90 Figure 5-11 6. Configure the VPN Client Authentication Proposal. Provide the type of encryption (DES or 3DES) to be used for this connection. This selection must match your selection in the FVG318 configuration. a. In the Network Security Policy list on the left side of the Security Policy Editor window, expand the Security Policy heading by double clicking its name or clicking on the “+”...
  • Page 91 In the Key Group menu, select Diffie-Hellman Group 2. 7. Configure the VPN Client Key Exchange Proposal. Provide the type of encryption (DES or 3DES) to be used for this connection. This selection must match your selection in the FVG318 configuration.
  • Page 92 LAN. To check the VPN connection. Initiate a request from the remote PC to the FVG318’s network by using the “Connect” option in the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client will report the results of the attempt to connect. Since the remote PC has a dynamically assigned WAN IP address, it must initiate the request.

  • Page 93: Monitoring The Progress And Status Of The Vpn Client Connection

    Once the connection is established, you can open the browser of the PC and enter the LAN IP address of the remote FVG318. After a short wait, you should see the login screen of the VPN Firewall Router (unless another PC already has the FVG318 management interface open).
  • Page 94 2. The Connection Monitor screen for a similar connection is shown below: Figure 5-17 In this example you can see the following: • The FVG318 has a public IP WAN address of 22.23.24.25. • The FVG318 has a LAN IP address of 192.168.3.1. •...

  • Page 95: Transferring A Security Policy To Another Client

    Transferring a Security Policy to Another Client This section explains how to export and import a security policy as an .spd file so that an existing NETGEAR ProSafe VPN Client configuration can be copied to other PCs running the NETGEAR ProSafe VPN Client.
  • Page 96 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To import an existing Security Policy: 1. Invoke the NETGEAR ProSafe VPN Client and select Import Security Policy from the File pull-down menu. Figure 5-20 2. Select the security policy to import.

  • Page 97: Setting Up A Gateway-To-Gateway Vpn Configuration

    In this example, LAN A uses 192.168.0.1 and LAN B uses 192.168.3.1. To configure a gateway-to-gateway VPN tunnel using the VPN Wizard. 1. Log in to the FVG318 on LAN A at its default LAN address of http://192.168.0.1 with its default user name of admin 2.
  • Page 98 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5. In the End Point Information section, enter the Remote WANs IP Address or Internet Name and the Local WAN’s IP Address or Internet Name. Both local and remote ends must be defined as either IP addresses or Internet Names (FQDNs).
  • Page 99 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 5-24 7. Click Apply to complete the configuration procedure. The IKE Policies menu will display the local and remote WAN connection points as shown below. Figure 5-25 8. Click the VPN Policy to display the VPN Policies showing that the new tunnel is enabled.

  • Page 100: Activating A Vpn Tunnel

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To configure a gateway-to-gateway VPN tunnel using the VPN Wizard on LAN B:. 1. Log in to the FVG318 on LAN B at its default LAN address of http://192.168.0.1 with its default user name of admin 2.

  • Page 101: Activating A Vpn Tunnel

    To use the IPSec Connection Status screen to activate a VPN tunnel: 1. Log in to the VPN Firewall Router. 2. Open the FVG318 VPN > Connection Status screen to get the IPSec Connection Status screen (Figure 5-27). 3. Click Connect adjacent to the policy to get the VPN tunnel you want to activate.
  • Page 102 Type ping -t 192.168.3.1 and then click OK. Figure 5-29 This will cause a continuous ping to be sent to the first FVG318. Within two minutes, the ping response should change from “timed out” to “reply.” Note: Use Ctrl-C to stop the pinging.

  • Page 103: Verifying The Status Of A Vpn Tunnel

    Once the connection is established, you can open the browser of the PC and enter the LAN IP address of the remote FVG318. After a short wait, you should see the login screen of the VPN Firewall Router (unless another PC already has the FVG318 management interface open).

  • Page 104: Deactivating A Vpn Tunnel

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To Use the IPSec Connection Status screen to change the status of a VPN connection: 3. Click VPN > Connection Status (Figure 5-27). This page lists the following data for each active VPN Tunnel.

  • Page 105: Deleting A Vpn Tunnel

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 3. Select the checkbox adjacent to the policy you want to disable and click disable. The VPN Policy will be disabled. Figure 5-32 Using the VPN Status Page to Deactivate a VPN Tunnel To use the VPN Connection Status screen to deactivate a VPN tunnel: 1.
  • Page 106 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5-28 Basic Virtual Private Networking v1.0, September 2007...

  • Page 107: Advanced Virtual Private Networking

    FVG318 VPN Firewall Figure 6-1 Using IKE and VPN Policies to Manage VPN Traffic You create policy definitions to manage VPN traffic on the FVG318. There are two kinds of policies: • IKE Policies. Define the authentication scheme and automatically generate the encryption keys.

  • Page 108: Using Automatic Key Management

    VPN policy that does not use an IKE policy but in which you manually enter all the authentication and key parameters. Since VPN policies use IKE policies, you define the IKE policy first. The FVG318 also allows you to manually input the authentication scheme and encryption key values. In the case of manual key management there will not be any IKE policies.

  • Page 109: Vpn Policy Configuration For Auto Key And Manual Negotiation

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The IKE Policy Configuration fields are defined in the following table. Figure 6-2 VPN Policy Configuration for Auto Key and Manual Negotiation Click the Add New VPN Policy link on the Add IKE Policy screen or select VPN > Policies and click the VPN Policies tab to navigate to the VPN Policies configuration screen.
  • Page 110 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 6-3 The VPN Manual and Auto Policy fields are defined in the following table. Table 6-1. VPN Manual and Auto Policy Configuration Fields Field General Description These settings identify this policy and determine its major characteristics.
  • Page 111 2 VPN Endpoints. The IP address or Internet name (FQDN) of the remote gateway or client PC. Conversely, the remote VPN endpoint must have the FVG318 local IP values entered as it’s Remote VPN Endpoint.
  • Page 112 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 6-1. VPN Manual and Auto Policy Configuration Fields (continued) Field Manual Policy Parameters SPI-Incoming; SPI-Outgoing Takes a hexadecimal value between 3 and 8 characters; for example: Encryption Algorithm: Integrity Algorithm: Auto Policy Parameters...

  • Page 113: Using Digital Certificates For Ike Auto-Policy Authentication

    ID, and domain name. Each CA has its own certificate. The certificates of a CA are added to the FVG318 and then can be used to form IKE policies for the user. Once a CA certificate is added to the FVG318 and a certificate is created for a user, the corresponding IKE policy is added to the FVG318.

  • Page 114: Vpn Configuration Scenarios On The Fvg318

    Whenever an IKE policy receives the certificate from a peer, it checks for this certificate in the CRL on the FVG318 obtained from the corresponding CA. If the certificate is not present in the CRL it means that the certificate is not revoked. IKE can then use this certificate for authentication.

  • Page 115: Vpn Consortium Scenario 1: Gateway-To-Gateway With Preshared Secrets

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication. Figure 6-4 Gateway A connects the internal LAN 10.5.6.0/24 to the Internet. Gateway A’s LAN interface has the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17.
  • Page 116 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual FVG318 Gateway A to FVG318 Gateway B (IKE and VPN Policies) Note: This scenario assumes all ports are open on the FVG318. You can verify this by reviewing the security settings as seen in...
  • Page 117 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 6-6 b. Configure the WAN Internet Address according to the settings above and click Apply to save your settings. For more information on configuring the WAN IP settings, please see “Manually Configuring your Internet Connection” on page c.
  • Page 118 LAN TCP/IP Setup Parameters” on page Note: After you click Apply to change the LAN IP address settings, your workstation will be disconnected from the FVG318. You will have to log on with http://10.5.6.1 which is now the address you use to connect to the built-in Web-based configuration manager of the FVG318.
  • Page 119 5. After applying these changes, all traffic from the range of LAN IP addresses specified on FVG318 A and FVG318 B will flow over a secure VPN tunnel. Checking Your VPN Connections You can test connectivity and view VPN status information on the FVG318 (see also VPN Tunnel” on page 5-23).
  • Page 120 To test the Gateway A FVG318 LAN and the Gateway B LAN connection: 1. Using our example, from a PC attached to the FVG318 on LAN A, on a Windows PC click the Start button on the task bar and then click Run.

  • Page 121: Vpn Consortium Scenario 2: Fvg318 Gateway To Gateway With Digital Certificates

    PKIX certificates. Note: Before completing this configuration scenario, make sure the correct Time Zone is set on the FVG318. For instructions on this topic, see Zone” on page 2-11.
  • Page 122 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Hash Algorithm. Select the desired option: MD5 or SHA1. • Signature Algorithm. Select the desired option: DSS or RSA. • Signature Key Length. Select the desired option: 512, 1024, or 2048.
  • Page 123 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual g. Click Generate The FVG318 generates a pending Self Certificate Request as shown below. Click view to display the data. Highlight, copy, and paste this data into a text file. Figure 6-11 4.
  • Page 124 IKE policy called Scenario_2. Now, the traffic from devices within the range of the LAN subnet addresses on FVG318 A and Gateway B will be authenticated using the certificates rather than via a pre-shared key.

  • Page 125: Maintenance

    Chapter 7 Maintenance This chapter describes how to use the maintenance features of your ProSafe 802.11g Wireless VPN Firewall. These features can be found by selecting Monitoring > Router Status from the main menu of the browser interface. Viewing VPN Firewall Router Status Information The Router Status menu provides status and usage information.
  • Page 126 The firewall firmware version. Wireless Configuration The wireless settings of the router SSID: The name of your wireless network. The default is NETGEAR. Mode Security Settings Shows what security has been associated with the wireless configuration. The default is none...
  • Page 127 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Table 7-1. FVG318 Status fields Field Description IP Address The IP address used by the Local (LAN) port of the firewall. The default is 192.168.0.1 IP Subnet Mask The IP Subnet Mask used by the Local (LAN) port of the firewall. The default is 255.255.255.0...

  • Page 128: Upgrading The Firewall Software

    Figure 7-3 To upload new firmware: 1. Download and unzip the new software file from NETGEAR and save it to a location on your local drive. 2. In the Router Upgrade section, click Browse and then browse to the location of the binary (.bin) upgrade file on you local drive.

  • Page 129: Backing Up And Restoring Settings

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 3. Highlight the file and click Upload. Note: When uploading software to the VPN firewall, it is important not to interrupt the Web browser by closing the window, clicking a link, or loading a new page.

  • Page 130: Changing The Administrator Password

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Changing the Administrator Password The default password for the firewall’s Web Configuration Manager is password. NETGEAR recommends that you change this password to a more secure password. Select Administration > Set Password to display the Set Password screen..

  • Page 131: Advanced Configuration

    This chapter describes how to configure the advanced features of your ProSafe 802.11g Wireless VPN Firewall FVG318. Configuring Dynamic DNS If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS). However, if your Internet account uses a dynamically assigned IP address, you will not know in advance what your IP address will be, and the address can change frequently.

  • Page 132: Using The Lan Ip Setup Options

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 8. If your dynamic DNS provider allows the use of wildcards in resolving your URL, you may select the Use wildcards check box to activate this feature. For example, the wildcard feature will cause *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org...

  • Page 133: Using The Firewall As A Dhcp Server

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual These addresses are part of the IETF-designated private address range for use in private networks, and should be suitable in most applications. If your network has a requirement to use a different IP addressing scheme, you can make those changes in this menu.

  • Page 134: Using Address Reservation

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Primary DNS server (if you entered a primary DNS address in the WAN Settings menu; otherwise, the firewall’s LAN IP address) • Secondary DNS server (if you entered a secondary DNS address in the WAN Settings menu...

  • Page 135: Configuring Static Routes

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Configuring Static Routes Static Routes provide additional routing information to your firewall. Under normal circumstances, the firewall has adequate routing information after it has been configured for Internet access, and you do not need to configure additional static routes. You must configure static routes only for unusual cases such as multiple firewalls or multiple IP subnets located on your network.

  • Page 136: Configuring Rip

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual 5. Type the Destination IP Address of the final destination. 6. Type the IP Subnet Mask for this destination. If the destination is a single host, type 255.255.255.255. 7. Type the Gateway IP Address, which must be a firewall on the same LAN segment as the firewall.

  • Page 137: Static Route Example

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual – When set to Both or In Only, it incorporates the RIP information that it receives. – When set to None, it will not send any RIP packets and ignores any RIP packets received.

  • Page 138: Enabling Remote Management Access

    Using the Remote Management page, you can allow a user or users on the Internet to configure, upgrade and check the status of your FVG318 VPN firewall. Note: Be sure to change the firewall’s default configuration password to a very secure password.
  • Page 139 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure 8-6 2. Select the Yes radio box for Allow Remote Management. • Specify what external addresses will be allowed to access the firewall’s remote management. Note: For enhanced security, restrict access to as few external IP addresses as practical.

  • Page 140: Snmp Administration

    IP address of your FVG318 by running menu Run option. For example, type tracert yourFVG318.mynetgear.net and you will see the IP address your ISP assigned to the FVG318. SNMP Administration Simple Network Management Protocol (SNMP) lets you monitor and manage your router from an SNMP Manager.
  • Page 141 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual To create a new SNMP configuration entry: 1. Enter the IP address of an SNMP trap agent. 2. Enter the Subnet Mask. The network mask used to determine the list of allowed SNMP managers.

  • Page 142: Enabling Universal Plug And Play (Upnp)

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Enabling Universal Plug and Play (UPnP) UPnP (Universal Plug and Play) allows for automatic discovery of devices that can communicate with this router. This feature should be used with caution as it breaches firewall security. Select Security >...

  • Page 143: Troubleshooting

    • Check that you are using the 12 V DC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.

  • Page 144: Leds Never Turn Off

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual LEDs Never Turn Off When the firewall is turned on, the LEDs turn on briefly and then turn off. If all the LEDs stay on, there is a fault within the firewall.

  • Page 145: Troubleshooting The Isp Connection

    Web Configuration Manager. To check the WAN IP address: 1. Launch your browser and select an external site such as http://www.netgear.com 2. Access the main menu of the firewall’s configuration at http://192.168.0.1 3. Under the Maintenance heading, select Router Status 4.
  • Page 146 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual If your firewall is unable to obtain an IP address from the ISP, you may need to force your cable or DSL modem to recognize your new firewall by performing the following procedure: 1.

  • Page 147: Troubleshooting A Tcp/Ip Network Using A Ping Utility

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Troubleshooting a TCP/IP Network Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility that sends an echo request packet to the designated device. The device then responds with an echo reply. Troubleshooting a TCP/IP network is made very easy by using the ping utility in your PC or workstation.

  • Page 148: Testing The Path From Your Pc To A Remote Device

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual – Verify that the IP address for your firewall and your workstation are correct and that the addresses are on the same subnet. Testing the Path from Your PC to a Remote Device After verifying that the LAN path works correctly, test the path from your PC to a remote device.

  • Page 149: Problems With Date And Time

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Use the Reset button on the rear panel of the firewall. Use this method for cases when the administration password or IP address are not known. a. Press and hold the Reset button until the Test LED turns on and begins blinking (about 10 seconds).
  • Page 150 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Troubleshooting v1.0, September 2007...

  • Page 151: Default Settings And Technical Specifications

    TEST LED blinks rapidly). Your device will return to the factory configuration settings shown in below. (The Factory Default Restore button on the rear panel is shown in the illustration “The FVG318 Rear Panel” on page • Pressing the reset button for a shorter period of time will simply cause your device to reboot.
  • Page 152 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Feature DHCP Starting IP Address DHCP Ending IP Address Time Zone Time Zone Adjusted for Daylight Saving Time SNMP Firewall Inbound (communications coming in from the Internet) Outbound (communications going out to...

  • Page 153: Technical Specifications

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Technical Specifications This appendix provides technical specifications for the ProSafe 802.11g Wireless VPN Firewall. Network Protocol and Standards Compatibility Data and Routing Protocols: Power Adapter North America: United Kingdom, Australia: Europe: Japan:...
  • Page 154 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Default Settings and Technical Specifications v1.0, September 2007...

  • Page 155: Appendix B Related Documents

    This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Windows XP and Vista Wireless Configuration Utilities Internet Networking and TCP/IP Addressing Wireless Communications Preparing a Computer for...
  • Page 156 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Related Documents v1.0, September 2007...

  • Page 157: Vpn Configuration Of Netgear Fvg318

    VPN Configuration of NETGEAR FVG318 This is a case study on how to configure a secure IPSec VPN tunnel on a NETGEAR FVS318v3. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html). This study covers the following situations: •...

  • Page 158: Configuring The Gateways

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure C-1 Configuring the Gateways Configure each gateway: 1. Configure Gate A. a. Log in to the router at Gateway A. b. Use the VPN Wizard to configure this router. Enter the requested information as prompted by the VPN Wizard: •...

  • Page 159: Activating The Vpn Tunnel

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Note: The default log in address for the FVG318 router is http://192.168.0.1 with the default user name of admin and default password of password. The login address will change to the local LAN IP subnet address after you configure the router. The user name and password will also change to the ones you have chosen to use in your installation.

  • Page 160: Configuring The Vpn Tunnel

    Note: Based on the network addresses used in this example, you would log in to the LAN IP address of http://10.5.6.1 at Gateway A. 2. Use the VPN Wizard to configure the FVG318 at Gateway A. • Connection Name: Scenario_1 (in this example) •...

  • Page 161: Viewing And Editing The Vpn Parameters

    – Subnet Mask: 255.255.255.0 (in this example) All traffic from the range of LAN IP addresses specified on FVG318 A and FVG318 B will now flow over a secure VPN tunnel once the VPN tunnel is initiated (see VPN Connections” on page C-6).

  • Page 162: Initiating And Checking The Vpn Connections

    1. Test 1: Ping Remote LAN IP Address: To establish the connection between the FVG318 Gateway A and Gateway B tunnel endpoints, perform these steps at Gateway A: a. From a Windows PC attached to the FVG318 on LAN A, click the Start button on the task bar and then click Run.

  • Page 163: The Fvg318-To-Fvs318V2 Case

    Use this scenario illustration and configuration screens as a model to build your configuration. 1. Log in to the FVG318 labeled Gateway A as in the illustration Log in at the default address of http://192.168.0.1 with the default user name of admin and default password of password (or using whatever password and LAN address you have chosen).

  • Page 164: Viewing And Editing The Vpn Parameters

    – Subnet Mask: 255.255.255.0 (in this example) All traffic from the range of LAN IP addresses specified on FVG318 A and FVG318 B will now flow over a secure VPN tunnel once the VPN tunnel is initiated (see VPN Connections” on page C-9).

  • Page 165: Initiating And Checking The Vpn Connections

    1. Test 1: Ping Remote LAN IP Address: To establish the connection between the FVG318 Gateway A and FVS318v2 Gateway B tunnel endpoints, perform these steps at Gateway A: a. From a Windows PC attached to the FVG318 on LAN A, click the Start button on the task bar and then click Run.

  • Page 166: The Fvg318-To-Fvl328 Case

    Static IP address NETGEAR-Gateway B Static IP address Configuring the VPN Tunnel This scenario assumes all ports are open on the FVG318 and FVL328. FVG318 Figure C-5 Use this scenario illustration and configuration screens as a model to build your configuration.

  • Page 167: Viewing And Editing The Vpn Parameters

    – Subnet Mask: 255.255.255.0 (in this example) All traffic from the range of LAN IP addresses specified on FVG318 A and FVL328 B will now flow over a secure VPN tunnel once the VPN tunnel is initiated (see VPN Connections” on page C-12).

  • Page 168: Initiating And Checking The Vpn Connections

    1. Test 1: Ping Remote LAN IP Address: To establish the connection between the FVG318 Gateway A and FVL328 Gateway B tunnel endpoints, perform these steps at Gateway A: a. From a Windows PC attached to the FVG318 on LAN A, click the Start button on the task bar and then click Run.

  • Page 169: The Fvg318-To-Vpn Client Case

    ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual The FVG318-to-VPN Client Case Table C-4. Policy Summary VPN Consortium Scenario: Type of VPN Security Scheme: Date Tested: IP Addressing: NETGEAR-Gateway A NETGEAR-Client B Client-to-Gateway VPN Tunnel Overview The operational differences between gateway-to-gateway and client-to-gateway VPN tunnels are summarized as follows: Table C-5.

  • Page 170: Configuring The Vpn Tunnel

    Connection Type: A Remote VPN Client 3. Set up the VPN Client at Gateway B. a. Right-mouse-click the ProSafe icon ( Editor. If you need to install the NETGEAR ProSafe VPN Client on your PC, consult the documentation that came with your software. C-14...
  • Page 171 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual b. Add a new connection using the Edit/Add/Connection menu and rename it Scenario_1. (Scenario_1 is used in this example to reflect the fact that the connection uses the Pre- Shared Key security scheme and encryption parameters proposed by the VPN Consortium, but you may want to choose a name for your connection that is meaningful to your specific installation.
  • Page 172 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual Figure C-8 d. Select Security Policy on the left hierarchy menu and then select Aggressive Mode under Select Phase 1 Negotiation Mode (see Mode choice must match the Exchange Mode setting for the General IKE Policy...
  • Page 173 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual • Under My Identity, select Domain Name for the ID Type and then enter fvs_remote. (Domain Name must match the Remote Identity Data parameter of the IKE Policy Configuration screen shown in...

  • Page 174: V1.0, September

    IP address until the client initiates the traffic. Initiating and Checking the VPN Connections You can test connectivity and view VPN status information on the FVG318 and VPN Client according to the testing flowchart shown in A LAN, do the following: 1.
  • Page 175 At this point the gateway-to-gateway connection is verified. 3. Test 3: View VPN Tunnel Status: To view the FVG318 event log and status of Security Associations, go to the FVG318 main menu VPN section and click the VPN Status link. For the For the VPN Client, click VPN Status on the VPN Status/Log screen.
  • Page 176 ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual C-20 VPN Configuration of NETGEAR FVG318 v1.0, September 2007...

This manual is also suitable for:

Fvg318naFvg318v1 - prosafe 802.11g wireless vpn firewall switchFvg318v2 - prosafe 802.11g wireless vpn firewall switch

Table of Contents