Assigning Ip Addresses To Remote Users (Modeconfig); Mode Config Operation - NETGEAR FVX538v2 - ProSafe VPN Firewall Dual WAN Reference Manual

ProSafe VPN Firewall 200 FVX538 Reference Manual
8. Set the Time Out Period, in seconds, that the VPN firewall should wait for a response from
the RADIUS server.
9. Set the Maximum Retry Count. This is the number of attempts that the VPN firewall will
make to contact the RADIUS server before giving up.
10. Click Reset to cancel any changes and revert to the previous settings or click Apply to save
the settings.
Note: Selection of the Authentication Protocol, usually PAP or CHAP, is configured
on the individual IKE policy screens.

Assigning IP Addresses to Remote Users (ModeConfig)

To simply the process of connecting remote VPN clients to the VPN firewall, you can use the
ModeConfig screen to assign IP addresses to remote users, including a network access IP address,
subnet mask, and name server addresses from the VPN firewall. Remote users are given IP
addresses available in secured network space so that remote users appear as seamless extensions of
the network.
In the following example, we configured the VPN firewall using ModeConfig, and then
configured a PC running ProSafe VPN Client software using these IP addresses.
• NETGEAR ProSafe VPN Firewall 200
– WAN IP address: 172.21.4.1
– LAN IP address/subnet: 192.168.2.1/255.255.255.0
• NETGEAR ProSafe VPN Client software IP address: 192.168.1.2

Mode Config Operation

After the IKE Phase 1 negotiation is complete, the VPN connection initiator (which is the remote
user with a VPN client) requests the IP configuration settings such as the IP address, subnet mask
and name server addresses. The Mode Config feature will allocate an IP address from the
configured IP address pool and will activate a temporary IPsec policy using the template security
proposal information configured in the Mode Config record. The Mode Config feature allocates an
5-32
v1.0, January 2010
Virtual Private Networking