NETGEAR FVL328 Configuration Manual
Netgear vpn client to netgear vpn router
Hide thumbs
Also See for FVL328:
- Reference manual (240 pages) ,
- Faq (9 pages) ,
- Quick installation manual (2 pages)
Table of Contents
Advertisement
Quick Links
Download this manual
See also:
Reference Manual
to NETGEAR FVL328 or FWAG114 VPN Router
Follow these procedures to configure a VPN tunnel from a NETGEAR ProSafe VPN Client to an
FVL328. This case study follows the VPN Consortium interoperability profile guidelines. The
configuration options for the FVS328 and FWAG114 are the same.
Configuration Profile
The configuration in this document follows the addressing and configuration mechanics defined
by the VPN Consortium. Gather all the necessary information before you begin the configuration
process. Verify whether the firmware is up to date, all of the addresses that will be necessary, and
all of the parameters that need to be set on both sides. Check that there are no firewall restrictions.
Table D-1.
Summary
VPN Consortium Scenario:
Type of VPN
Security Scheme:
Date Tested:
Model/Firmware Tested:
Gateway
Client
IP Addressing:
Gateway
Client
NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
Scenario 1
PC/Client-to-Gateway
IKE with Preshared Secret/Key (not Certificate-based)
November 2003
NETGEAR FVL328 firmware v 1.4 or FWAG114 firmware v 2.1
NETGEAR ProSafe VPN Client v10.1
Static IP address
Dynamic
202-10015-01
NETGEAR VPN Client
D-1
Advertisement
Table of Contents
Related Manuals for NETGEAR FVL328
Summary of Contents for NETGEAR FVL328
-
Page 1: Configuration Profile
NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router Follow these procedures to configure a VPN tunnel from a NETGEAR ProSafe VPN Client to an FVL328. This case study follows the VPN Consortium interoperability profile guidelines. The configuration options for the FVS328 and FWAG114 are the same. -
Page 2: Network Addresses
VPNC Interoperability guidelines can be found at http://www.vpnc.org/InteropProfiles/Interop-01.html. Step-By-Step Configuration of FVL328 or FWAG114 Gateway Log in to the FVL328 gateway as in the illustration. Out of the box, the FVL328 is set for its default LAN address of http://192.168.0.1 with its admin... - Page 3 – From the Local Identity drop-down box, select Fully Qualified Domain Name (the actual WAN IP address of the FVL328 will also be used in the Connection ID Type fields of the NETGEAR ProSafe VPN Client as seen in “Security Policy Editor New Connection“ on page D-9).
- Page 4 In the Pre-Shared Key field, type hr5xb84l6aa9r6. You must make sure the key is the same for both the FVL328 and the NETGEAR VPN Client. This will also be selected in the NETGEAR ProSafe VPN Client Security Policy Authentication Phase 1 Proposal 1 Encrypt Alg field, as seen in “Connection Identity Pre-Shared Key“...
- Page 5 Type 0.0.0.0 as the Address Data of the client because we are assuming the remote PC will have a dynamically assigned IP address. This will also be entered in the NETGEAR ProSafe VPN Client Internal Network IP Address field, as seen in “My Identity“...
- Page 6 D-9. – Type the starting LAN IP Address of the FVL328 in the Local IP Start IP Address field. For this example, we used 192.168.0.0 which is the default LAN IP address of the FVL328. This will also be entered in the NETGEAR ProSafe VPN Client Connection Remote Party Identity and Addressing Subnet field, as seen in “Security Policy Editor...
- Page 7 Figure D-6: NETGEAR FVL328 VPN – Auto Policy ESP Configuration – Select Enable Encryption in the ESP Configuration Enable Encryption checkbox. This will also be entered in the NETGEAR ProSafe VPN Client Security Policy Key Exchange (Phase 2) Encapsulation Protocol (ESP) checkbox, as seen in “Connection Security Policy Key Exchange (Phase 2)“...
- Page 8 This procedure describes linking a remote PC and a LAN. The LAN will connect to the Internet using an FVL328 with a static IP address. The PC can be directly connected to the Internet through dialup, cable or DSL modem, or other means, and we will assume it has a dynamically assigned IP address.
- Page 9 From the Edit menu of the Security Policy Editor, click Add, then Connection. A “New Connection” listing appears. Rename the “New Connection” to FVL328. Assure that the following settings are configured: – In the Connection Security box, Secure is selected NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router 202-10015-01...
- Page 10 In this example, select IP Subnet as the ID Type, 192.168.0.0 in the Subnet field (the Subnet address is the LAN IP Address of the FVL328 with 0 as the last number), and 255.255.255.0 in the Mask field, which is the LAN Subnet Mask of the FVL328 In the ID Type menus, select Domain Name and Gateway IP Address.
- Page 11 Figure D-11: Connection Identity Pre-Shared Key Enter hr5xb84l6aa9r6 which is the same Pre-Shared Key entered in the FVL328. Click OK. Configure the Connection Identity Settings. In the Network Security Policy list, click the Security Policy subheading.
- Page 12 In the Encrypt Alg menu, select Triple DES. – In the Hash Alg, select SHA-1. – In the SA Life, select Unspecified. – In the Key Group menu, select Diffie-Hellman Group 2. D-12 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router 202-10015-01...
- Page 13 Check the Encapsulation Protocol (ESP) checkbox. – In the Encrypt Alg menu, select Triple DES. – In the Hash Alg, select SHA-1. – In the Encapsulation menu, select Tunnel. NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router D-13 202-10015-01...
- Page 14 Note: Whenever you make changes to a Security Policy, save them first, then deactivate the security policy, reload the security policy, and finally activate the security policy. This assures that your new settings will take effect. D-14 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router 202-10015-01...
-
Page 15: Testing The Vpn Connection
Note: Virus protection or firewall software can interfere with VPN communications. Be sure such software is not running on the remote PC with the NETGEAR VPN Client and that the firewall features of the FVL328 is not set in such a way as to prevent VPN communications. -
Page 16: From The Fvl328 To The Client Pc
, and then click OK. ping -t 192.168.0.1 This will cause a continuous ping to be sent to the first FVL328. After a period of up to two minutes, the ping response should change from “timed out” to “reply.” To test the connection to a computer connected to the FVL328, simply ping the IP address of that computer. -
Page 17: Monitoring The Pc Vpn Connection
Information on the progress and status of the VPN client connection can be viewed by opening the NETGEAR VPN Client Connection Monitor or Log Viewer. To launch these functions, click on the Windows Start button, then select Programs, then NETGEAR ProSafe VPN Client, then either the Connection Monitor or Log Viewer. - Page 18 A sample Connection Monitor screen for a different connection is shown below: Figure D-18: Connection Monitor screen In this example you can see the following: • The FVL328 has a public IP WAN address of 66.120.188.153 • The FVL328 has a LAN IP address of 192.168.0.1 •...
-
Page 19: Viewing The Fvl328 Vpn Status And Log Information
The FVL328 VPN Status screen for a successful connection is shown below: Figure D-19: FVL328 VPN Status screen To view the FVL328 VPN log, click on the VPN Status link on the left side of the main menu. The log information should be similar to the example below:... - Page 20 Reference Manual for the NETGEAR ProSafe VPN Client D-20 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router 202-10015-01...