NETGEAR DGFV338 - ProSafe Wireless ADSL Modem VPN Firewall Router Network Setup Manual
Hub and spoke vpn using the vpn prosafe client
Hide thumbs
Also See for DGFV338 - ProSafe Wireless ADSL Modem VPN Firewall Router:
- Reference manual (227 pages) ,
- Configuration (10 pages) ,
- Use manual (9 pages)
Table of Contents
Advertisement
Quick Links
Hub and Spoke VPN using the VPN Prosafe Client
This document describes the steps to undertake in configuring a Hub-and-Spoke network over
the Internet using VPNs (box-to-box and client-to-box).
In particular it describes how to allow VPN clients (Spoke) to access Remote LANs (Spokes) via
a single VPN connection to a central (Hub) Firewall/Router.
The configuration can apply to any of the VPN Firewall/Router from firmware version 3.5.0.24 and
above, and VPN clients from version 10.8.3 and above.
The diagram below shows a typical scenario.
FVS338 (Spoke 1)
Public IP: 83.71.251.20
LAN IP : 172.22.102.102
VPN Information:
BoxToBox (To FVX538)
LAN2toClient (FVS338 To VPN clients via FVX538)
LAN2
FVX538
Public IP: 83.71.251.19
LAN IP: 172.22.101.101
VPN Information:
BoxToBox (To FVS338)
LAN1toVPN (FVX538 To VPN clients)
LAN2toClient (VPN Clients to FVS338 via FVX538)
Internet
Spoke 2
192.168.0.x/24
LAN1
LAN1
Version 1.0
Advertisement
Table of Contents
Related Manuals for NETGEAR DGFV338 - ProSafe Wireless ADSL Modem VPN Firewall Router
Summary of Contents for NETGEAR DGFV338 - ProSafe Wireless ADSL Modem VPN Firewall Router
- Page 1 Hub and Spoke VPN using the VPN Prosafe Client This document describes the steps to undertake in configuring a Hub-and-Spoke network over the Internet using VPNs (box-to-box and client-to-box). In particular it describes how to allow VPN clients (Spoke) to access Remote LANs (Spokes) via a single VPN connection to a central (Hub) Firewall/Router.
-
Page 2: Table Of Contents
Table of Contents NETWORK SETUP ......................3 Physical setup ....................... 3 Logical setup ......................... 3 Configuration of VPN policies on the Firewall/Routers ..........4 FVX538 VPN Config (Policy name: BoxtoBox) ............4 FVS338 VPN Config (Policy name: BoxtoBox) ............4 FVX538 VPN Config (Policy name: LAN1toVPN) ........... -
Page 3: Network Setup
NETWORK SETUP Physical setup FVX538 connected to the Internet via a modem or modem/router FVS338 connected to the Internet via a modem or modem/router VPN Client PCs connected Wireless/Wired to the Internet (via a LAN allowing IPSEC traffic) Logical setup FVX538 LAN IP: 172.22.101.101/24 DHCP: 172.22.101.0/24... -
Page 4: Configuration Of Vpn Policies On The Firewall/Routers
Configuration of VPN policies on the Firewall/Routers FVX538 VPN Config (Policy name: BoxtoBox) Access the VPN Wizard via the VPN configuration page. Configure the Connection name (for admin reasons this will match the FVS338 box as BoxtoBox). ❶ Input the pre-shared key. ❶... -
Page 5: Fvx538 Vpn Config (Policy Name: Lan1Tovpn)
FVX538 VPN Config (Policy name: LAN1toVPN) Access the VPN Wizard via the VPN configuration page. Create a new VPN client policy named LAN1toVPN (with any pre-shared key) Take note of the Remote and Local identifier whether using the default ones or new ones. -
Page 6: Fvx538 Vpn Config (Policy Name: Lan2Client)
FVX538 VPN Config (Policy name: LAN2Client) Access the VPN Wizard via the VPN configuration page. In the VPN Policy section click on Add (this will create a new manual VPN policy which will use an existing IKE policy) Create a new VPN client policy named LAN2toClient Specify the Remote Endpoint IP address to be the Public address of the FVS338... -
Page 7: Vpn Client Configuration
VPN client configuration This configuration requires advanced IP address planning. The VPN client policy needs to be able to address both Local Area Network #1 and Local Area Network #2 in the same client policy profile, therefore, the two networks must be presentable as one subnet or one address range. This has been considered in our scenario. -
Page 8: Testing The Connection
Testing the connection VPN Client From the VPN client run ipconfig to confirm once the VPN is established that the Virtual adapter interface is assigned with the IP address specified in the policy (in this case 192.168.0.1 ) Test the VPN connection to both the FVX538 and FVS338 by pinging each box LAN IP address FVS338...