NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router Follow these procedures to configure a VPN tunnel from a NETGEAR ProSafe VPN Client to an FVL328. This case study follows the VPN Consortium interoperability profile guidelines. The configuration options for the FVS328 and FWAG114 are the same.
VPNC Interoperability guidelines can be found at http://www.vpnc.org/InteropProfiles/Interop-01.html. Step-By-Step Configuration of FVL328 or FWAG114 Gateway Log in to the FVL328 gateway as in the illustration. Out of the box, the FVL328 is set for its default LAN address of http://192.168.0.1 with its admin...
Page 3
– From the Local Identity drop-down box, select Fully Qualified Domain Name (the actual WAN IP address of the FVL328 will also be used in the Connection ID Type fields of the NETGEAR ProSafe VPN Client as seen in “Security Policy Editor New Connection“ on page D-9).
Page 4
In the Pre-Shared Key field, type hr5xb84l6aa9r6. You must make sure the key is the same for both the FVL328 and the NETGEAR VPN Client. This will also be selected in the NETGEAR ProSafe VPN Client Security Policy Authentication Phase 1 Proposal 1 Encrypt Alg field, as seen in “Connection Identity Pre-Shared Key“...
Page 5
Type 0.0.0.0 as the Address Data of the client because we are assuming the remote PC will have a dynamically assigned IP address. This will also be entered in the NETGEAR ProSafe VPN Client Internal Network IP Address field, as seen in “My Identity“...
Page 6
D-9. – Type the starting LAN IP Address of the FVL328 in the Local IP Start IP Address field. For this example, we used 192.168.0.0 which is the default LAN IP address of the FVL328. This will also be entered in the NETGEAR ProSafe VPN Client Connection Remote Party Identity and Addressing Subnet field, as seen in “Security Policy Editor...
Page 7
Figure D-6: NETGEAR FVL328 VPN – Auto Policy ESP Configuration – Select Enable Encryption in the ESP Configuration Enable Encryption checkbox. This will also be entered in the NETGEAR ProSafe VPN Client Security Policy Key Exchange (Phase 2) Encapsulation Protocol (ESP) checkbox, as seen in “Connection Security Policy Key Exchange (Phase 2)“...
Page 8
This procedure describes linking a remote PC and a LAN. The LAN will connect to the Internet using an FVL328 with a static IP address. The PC can be directly connected to the Internet through dialup, cable or DSL modem, or other means, and we will assume it has a dynamically assigned IP address.
Page 9
From the Edit menu of the Security Policy Editor, click Add, then Connection. A “New Connection” listing appears. Rename the “New Connection” to FVL328. Assure that the following settings are configured: – In the Connection Security box, Secure is selected NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router 202-10015-01...
Page 10
In this example, select IP Subnet as the ID Type, 192.168.0.0 in the Subnet field (the Subnet address is the LAN IP Address of the FVL328 with 0 as the last number), and 255.255.255.0 in the Mask field, which is the LAN Subnet Mask of the FVL328 In the ID Type menus, select Domain Name and Gateway IP Address.
Page 11
Figure D-11: Connection Identity Pre-Shared Key Enter hr5xb84l6aa9r6 which is the same Pre-Shared Key entered in the FVL328. Click OK. Configure the Connection Identity Settings. In the Network Security Policy list, click the Security Policy subheading.
Page 12
In the Encrypt Alg menu, select Triple DES. – In the Hash Alg, select SHA-1. – In the SA Life, select Unspecified. – In the Key Group menu, select Diffie-Hellman Group 2. D-12 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router 202-10015-01...
Page 13
Check the Encapsulation Protocol (ESP) checkbox. – In the Encrypt Alg menu, select Triple DES. – In the Hash Alg, select SHA-1. – In the Encapsulation menu, select Tunnel. NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router D-13 202-10015-01...
Page 14
Note: Whenever you make changes to a Security Policy, save them first, then deactivate the security policy, reload the security policy, and finally activate the security policy. This assures that your new settings will take effect. D-14 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router 202-10015-01...
Note: Virus protection or firewall software can interfere with VPN communications. Be sure such software is not running on the remote PC with the NETGEAR VPN Client and that the firewall features of the FVL328 is not set in such a way as to prevent VPN communications.
, and then click OK. ping -t 192.168.0.1 This will cause a continuous ping to be sent to the first FVL328. After a period of up to two minutes, the ping response should change from “timed out” to “reply.” To test the connection to a computer connected to the FVL328, simply ping the IP address of that computer.
Information on the progress and status of the VPN client connection can be viewed by opening the NETGEAR VPN Client Connection Monitor or Log Viewer. To launch these functions, click on the Windows Start button, then select Programs, then NETGEAR ProSafe VPN Client, then either the Connection Monitor or Log Viewer.
Page 18
A sample Connection Monitor screen for a different connection is shown below: Figure D-18: Connection Monitor screen In this example you can see the following: • The FVL328 has a public IP WAN address of 66.120.188.153 • The FVL328 has a LAN IP address of 192.168.0.1 •...
The FVL328 VPN Status screen for a successful connection is shown below: Figure D-19: FVL328 VPN Status screen To view the FVL328 VPN log, click on the VPN Status link on the left side of the main menu. The log information should be similar to the example below:...
Page 20
Reference Manual for the NETGEAR ProSafe VPN Client D-20 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router 202-10015-01...