Netgear D6200 Wifi Dsl Modem Router User Manual
Have a look at the manual Netgear D6200 Wifi Dsl Modem Router User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 126
Advanced Settings 126
D6200 WiFi DSL Modem Router
Universal Plug and Play
Universal Plug and Play (UPnP) helps devices, such as Internet applian\
ces and computers,
to access the network and connect to other devices as needed. UPnP devic\
es can
automatically discover the services from other registered UPnP devices o\
n the network.
Note:
If you use applications such as multiplayer gaming, peer-to-peer
connections, or real-time communications such as instant messaging
or remote assistance (a feature...](http://img.usermanuals.tech/thumb/55/59055/w64_d6200-wifi-dsl-modem-router-user-manual-125.png "Page 126
Advanced Settings 126
D6200 WiFi DSL Modem Router
Universal Plug and Play
Universal Plug and Play (UPnP) helps devices, such as Internet applian\
ces and computers,
to access the network and connect to other devices as needed. UPnP devic\
es can
automatically discover the services from other registered UPnP devices o\
n the network.
Note:
If you use applications such as multiplayer gaming, peer-to-peer
connections, or real-time communications such as instant messaging
or remote assistance (a feature...")
![Page 127
Advanced Settings 127
D6200 WiFi DSL Modem Router
•
Advertisement Time to Live. The time to live for the advertisement is measured in
hops (steps) for each UPnP packet sent. The time to live hop count is the number of
steps a broadcast packet is allowed to propagate for each UPnP advertise\
ment
before it disappears. The number of hops can range from 1 to 255. The default value
for the advertisement time to live is 4 hops, which should be fine for m\
ost home
networks. If you notice that some...](http://img.usermanuals.tech/thumb/55/59055/w64_d6200-wifi-dsl-modem-router-user-manual-126.png "Page 127
Advanced Settings 127
D6200 WiFi DSL Modem Router
•
Advertisement Time to Live. The time to live for the advertisement is measured in
hops (steps) for each UPnP packet sent. The time to live hop count is the number of
steps a broadcast packet is allowed to propagate for each UPnP advertise\
ment
before it disappears. The number of hops can range from 1 to 255. The default value
for the advertisement time to live is 4 hops, which should be fine for m\
ost home
networks. If you notice that some...")
![Page 130
Advanced Settings 130
D6200 WiFi DSL Modem Router
Device Mode
When the WiFi DSL modem router is in Router mode, this screen allows swi\
tching to Modem
mode, where the WiFi DSL modem router acts as a pure bridge or DSL modem\
.
Routing, firewall, wireless support, USB, and the traffic meter are not available in Modem
mode.
A typical application is a small-to-medium business scenario where the W\
iFi DSL
modem router is used for DSL connectivity behind a carrier class router \
or firewall or...](http://img.usermanuals.tech/thumb/55/59055/w64_d6200-wifi-dsl-modem-router-user-manual-129.png "Page 130
Advanced Settings 130
D6200 WiFi DSL Modem Router
Device Mode
When the WiFi DSL modem router is in Router mode, this screen allows swi\
tching to Modem
mode, where the WiFi DSL modem router acts as a pure bridge or DSL modem\
.
Routing, firewall, wireless support, USB, and the traffic meter are not available in Modem
mode.
A typical application is a small-to-medium business scenario where the W\
iFi DSL
modem router is used for DSL connectivity behind a carrier class router \
or firewall or...")
![Page 131
Advanced Settings 131
D6200 WiFi DSL Modem Router
•
The remote VPN endpoint must have a matching SA, or else it refuses the \
connection.
Two types of VPN policies are possible: • Manual.
All settings (including the keys) for the VPN tunnel are input manuall\
y at each
end (both VPN endpoints). No third-party server or organization is inv\
olved.
• Auto . Some parameters for the VPN tunnel are generated automatically
. This process
requires using the IKE (Internet Key Exchange) protocol to perform...](http://img.usermanuals.tech/thumb/55/59055/w64_d6200-wifi-dsl-modem-router-user-manual-130.png "Page 131
Advanced Settings 131
D6200 WiFi DSL Modem Router
•
The remote VPN endpoint must have a matching SA, or else it refuses the \
connection.
Two types of VPN policies are possible: • Manual.
All settings (including the keys) for the VPN tunnel are input manuall\
y at each
end (both VPN endpoints). No third-party server or organization is inv\
olved.
• Auto . Some parameters for the VPN tunnel are generated automatically
. This process
requires using the IKE (Internet Key Exchange) protocol to perform...")
![Page 135
Advanced Settings 135
D6200 WiFi DSL Modem Router
performance. It is common to use periods over an hour (3600 seconds) f\
or the SA
lifetime. This setting applies to both IKE and IPSec SAs.
- Enable PFS (Perfect Forward Secrecy) . If enabled, security is enhanced by
ensuring that the key is changed at regular intervals.
Also, even if one key is
broken, subsequent keys are no easier to break. (Each key has no relati\
onship to
the previous key.)
This setting applies to both IKE and IPSec SAs. When...](http://img.usermanuals.tech/thumb/55/59055/w64_d6200-wifi-dsl-modem-router-user-manual-134.png "Page 135
Advanced Settings 135
D6200 WiFi DSL Modem Router
performance. It is common to use periods over an hour (3600 seconds) f\
or the SA
lifetime. This setting applies to both IKE and IPSec SAs.
- Enable PFS (Perfect Forward Secrecy) . If enabled, security is enhanced by
ensuring that the key is changed at regular intervals.
Also, even if one key is
broken, subsequent keys are no easier to break. (Each key has no relati\
onship to
the previous key.)
This setting applies to both IKE and IPSec SAs. When...")
Advanced Settings 131 D6200 WiFi DSL Modem Router • The remote VPN endpoint must have a matching SA, or else it refuses the \ connection. Two types of VPN policies are possible: • Manual. All settings (including the keys) for the VPN tunnel are input manuall\ y at each end (both VPN endpoints). No third-party server or organization is inv\ olved. • Auto . Some parameters for the VPN tunnel are generated automatically . This process requires using the IKE (Internet Key Exchange) protocol to perform neg\ otiations between the two VPN endpoints. To manage the VPN policies: 1. Click ADV ANCED > Advanced Setup > VPN Policies. The Policy Table contains the following data: • Enable. Use this check box to enable or disable a policy as required. Click Apply when you are finished. • Name . Each policy has a unique name to identify it. • T ype. The type is Auto or Manual. •Local . IP address or address range on your local LAN. Traffic must be from (or to) the addresses covered by this policy. • Remote. IP address or address range of the remote network. Traffic must be to (or from) the addresses covered by this policy. • ESP . Encapsulating Security Payload. This setting specifies the encryption protocol used for the VPN data. 2. Click the appropriate button to manage a VPN policy: • Edit. Edit (modify) the selected policy . (Select a policy by selecting the radio button.)
Advanced Settings 132 D6200 WiFi DSL Modem Router • Delete. Delete the selected policy. • Apply . Save any changes to the Enable setting for each policy . • Cancel. Discard any unsaved changes to the Enable setting for each policy . • Add Auto Policy. Display the VPN - Auto Policy screen. When the new policy is saved, it appears in the bottom row of the Policy Table. See Add or Edit an Auto VPN Policy on page 132. • Add Manual Policy . Display the VPN - Manual Policy screen. When the new policy is saved, it appears in the bottom row of the Policy Table. See Add or Edit a Manual VPN Policy on page 135. Add or Edit an Auto VPN Policy An Auto VPN policy uses the IKE (Internet Key Protocol) to exchange and n\ egotiate parameters for the IPSec SA (security association). Because of this ne\ gotiation, not all of the settings on this VPN gateway have to match the settings on the remote VP\ N endpoint. Where settings have match, this requirement is indicated. To add or edit an Auto VPN Policy: 1. Click ADV ANCED > Advanced Setup > VPN Policies . 2. Click the Add Auto Policy. 3. Enter or select the following settings: • General. These settings identify this policy and determine its major characterist\ ics. - Policy Name. Enter a unique name to identify this policy .
Advanced Settings 133 D6200 WiFi DSL Modem Router This name is not supplied to the remote VPN endpoint. It is used only to help you manage the policies. -Remote VPN Endpoint. If the remote endpoint has a dynamic IP address, select Dynamic IP Address. No address data input is required. Otherwise, select the desired option (IP address or domain name) and enter the address of the remote VPN endpoint you wish to connect to. The remote VPN endpoint must have this VPN gateway’s address entered as its remote VPN endpoint. -IKE Keep Alive. Check this check box if you wish to ensure that a connection is kept open, or, if that is not possible, it is quickly reestablished when disconnected. The ping IP address has to be associated with the remote endpoint. Either the WAN or a LAN address can be used; a LAN address is preferable. This IP address is pinged to generate some traffic for the VPN tunnel. •Local LAN. These settings identify which computers on your LAN are covered by this policy. For each selection, data must be provided as follows: -Single address. Enter an IP address in the Single/Start IP address field. Typically, this setting is used when you wish to make a single server on your LAN available to remote users. -Range address. Enter the starting IP address in the Single/Start IP address field, and the finish IP address in the Finish IP address field. A range must be an address range used on your LAN. -Subnet address. Enter an IP address in the Single/Start IP address field, and the desired network mask in the Subnet Mask field. The remote VPN endpoint must have these IP addresses entered as its remote addresses. •Remote LAN. These settings identify which computers on the remote LAN are covered by this policy. For each selection, data must be provided as follows: -Single PC - no Subnet. Select this option if there is no LAN (only a single computer) at the remote endpoint. If this option is selected, no additional data is required. -Single address. Enter an IP address in the Single/Start IP address field. This value must be an address on the remote LAN. Typically, this setting is used when you wish to access a server on the remote LAN. -Range address. Enter the starting IP address in the Single/Start IP address field, and the finish IP address in the Finish IP address field. This range must be an address range used on the remote LAN.
Advanced Settings 134 D6200 WiFi DSL Modem Router -Subnet address. Enter an IP address in the Single/Start IP address field, and the desired network mask in the Subnet Mask field. The remote VPN endpoint must have these IP addresses entered as its local addresses. •IKE. -Direction/Type. This setting is used to determine if the IKE policy matches the current traffic. Select the desired option. -Responder only. Incoming connections are allowed, but outgoing connections are blocked. -Initiator and Responder. Both incoming and outgoing connections are allowed. -Exchange Mode. Currently, only Main Mode is supported. Ensure that the remote VPN endpoint is set to use Main Mode. -Diffie-Hellman (DH) Group. When the VPN connection keys are exchanged, the Diffie-Hellman algorithm is used. The DH Group setting determines the bit size used in the exchange. This value must match the value used on the remote VPN gateway. -Local Identity Type. Select the desired option to match the Remote Identity Type setting on the remote VPN endpoint. -WAN IP Address. Your Internet IP address. -Fully Qualified Domain Name. Your domain name. -Fully Qualified User Name. Your name, email address, or other ID. -Local Identity Data. Enter the data for the selection. When WAN IP Address is selected, no input is required. -Remote Identity Type. Select the desired option to match the Local Identity Type setting on the remote VPN endpoint. -IP Address. The Internet IP address of the remote VPN endpoint. -Fully Qualified Domain Name. The domain name of the remote VPN endpoint. -Fully Qualified User Name. The name, email address, or other ID of the remote VPN endpoint. -Remote Identity Data. Enter the data for the selection. When IP Address is selected, no input is required. •Parameters. -Encryption Algorithm. The encryption algorithm used for both IKE and IPSec. This setting must match the setting used on the remote VPN gateway. -Authentication Algorithm. The authentication algorithm used for both IKE and IPSec. This setting must match the setting used on the remote VPN gateway. -Pre-shared Key. The key has to be entered both here and on the remote VPN gateway. -SA Life Time. This setting determines the time interval before the SA (security association) expires. (It is automatically reestablished as required.) While using a short time period (or data amount) increases security, it also degrades
Advanced Settings 135 D6200 WiFi DSL Modem Router performance. It is common to use periods over an hour (3600 seconds) f\ or the SA lifetime. This setting applies to both IKE and IPSec SAs. - Enable PFS (Perfect Forward Secrecy) . If enabled, security is enhanced by ensuring that the key is changed at regular intervals. Also, even if one key is broken, subsequent keys are no easier to break. (Each key has no relati\ onship to the previous key.) This setting applies to both IKE and IPSec SAs. When configuring the rem\ ote endpoint to match this setting, you might need to specify the key group \ used. For this device, the key group is the same as the DH Group setting in the IK\ E section. 4. Click Apply . Add or Edit a Manual VPN Policy A Manual VPN policy requires all settings (including the keys) for the\ VPN tunnel to be manually input at each end (both VPN endpoints). No third-party server\ or organization is involved. To add or edit a Manual VPN policy: 1. Select ADV ANCED > Advanced Setup > VPN Policies . 2. Click the Add Manual Policy . 3. Enter or select the following parameters: • General. These settings identify this policy and determine its major characterist\ ics. - Policy Name. Enter a unique name to identify this policy . This name is not supplied to the remote VPN endpoint. It is used only to help you manage \ the policies.
Advanced Settings 136 D6200 WiFi DSL Modem Router -Remote VPN Endpoint. Select the desired option (IP address or domain name) and enter the address or domain name of the remote VPN endpoint you wish to connect to. The remote VPN endpoint must have this VPN gateway’s address entered as its remote VPN endpoint. •Local LAN. These settings identify which computers on your LAN are covered by this policy. For each selection, data must be provided as follows: -Single address. Enter an IP address in the Single/Start IP address field. Typically, this setting is used when you wish to make a single server on your LAN available to remote users. -Range address. Enter the starting IP address in the Single/Start IP address field, and the finish IP address in the Finish IP address field. This setting must be an address range used on your LAN. -Subnet address. Enter an IP address in the Single/Start IP address field, and the desired network mask in the Subnet Mask field. The remote VPN endpoint must have these IP addresses entered as its remote addresses. •Remote LAN. These identify which computers on the remote LAN are covered by this policy. For each selection, data must be provided as follows: -Single PC - dynamic IP. Select this option if there is no LAN (only a single computer) at the remote endpoint. If this option is selected, no additional data is required. -Single address. Enter an IP address in the Single/Start IP address field. This setting must be an address on the remote LAN. Typically, this setting is used when you wish to access a server on the remote LAN. -Range address. Enter the starting IP address in the Single/Start IP address field, and the finish IP address in the Finish IP address field. This range must be an address range used on the remote LAN. -Subnet address. Enter an IP address in the Single/Start IP address field, and the desired network mask in the Subnet Mask field. The remote VPN endpoint must have these IP addresses entered as its local addresses. •ESP Configuration. ESP (encapsulating security payload) provides security for the payload (data) sent through the VPN tunnel. -SPI. Enter the required SPIs. Each policy must have unique SPIs. These settings must match those for the remote VPN endpoint. The Incoming setting here must match the Outgoing setting on the remote VPN endpoint, and the Outgoing setting here must match the Incoming setting on the remote VPN endpoint. -Encryption. Select the desired encryption algorithm, and enter the key in the field provided. For 3DES, the keys should be 24 ASCII characters (48 hex characters).
Advanced Settings 137 D6200 WiFi DSL Modem Router -Authentication. Select the desired authentication algorithm, and enter the key in the field provided. For MD5, the keys should be 16 ASCII characters (32 hex characters). For SHA-1, the keys should be 20 ASCII (40 hex characters). 4. Click Apply.
138 10 10. Troubleshooting Diagnose and solve problems This chapter provides information to help you diagnose and solve problems you might have with your WiFi DSL modem router. If you do not find the solution here, check the NETGEAR support site at http://support.netgear.com/general/contact/default.aspx for product and contact information. This chapter contains the following sections: •Quick Tips •Troubleshoot with the LEDs •Cannot Log In to the Router •Cannot Access the Internet •Changes Not Saved •Incorrect Date or Time •Wireless Connectivity •Restore the Factory Settings and Password •Troubleshoot Your Network Using the Ping Utility
Troubleshooting 139 D6200 WiFi DSL Modem Router Quick Tips This section describes tips for troubleshooting some common problems. Sequence to Restart Your Network Be sure to restart your network in this sequence: 1. Turn off and unplug the modem. 2. Turn off the WiFi DSL modem router and computers. 3. Plug in the modem and turn it on. Wait 2 minutes. 4. Turn on the WiFi DSL modem router. Wait 2 minutes. 5. Turn on the computers. Check Ethernet Cable Connections Make sure that the Ethernet cables are securely plugged in: •The Internet status LED on the WiFi DSL modem router is lit if the Ethernet cable connecting the WiFi DSL modem router and the modem is plugged in securely and the modem and WiFi DSL modem router are turned on. •For each powered-on computer connected to the WiFi DSL modem router by an Ethernet cable, the corresponding numbered router LAN port LED on the back of the WiFi DSL modem router is lit. Wireless Settings Make sure that the wireless settings in the computer and WiFi DSL modem router match exactly. •For a wirelessly connected computer, the wireless network name (SSID) and wireless security settings of the WiFi DSL modem router and wireless computer need to match exactly. •If you set up an access list in the Advanced Wireless Settings screen, you have to add each wireless computer’s MAC address to the WiFi DSL modem router’s access list. Network Settings Make sure that the network settings of the computer are correct: •Wired and wirelessly connected computers need to have network (IP) addresses on the same network as the WiFi DSL modem router. The simplest way to achieve this address commonality is to configure each computer to obtain an IP address automatically using DHCP.
Troubleshooting 140 D6200 WiFi DSL Modem Router •Some cable modem service providers require you to use the MAC address of the computer initially registered on the account. You can view the MAC address in the Attached Devices screen. Troubleshoot with the LEDs After you turn on power to the WiFi DSL modem router, the following sequence of events should occur: 1. When power is first applied, verify that the Power LED is lit. 2. Verify that the Power LED turns red within a few seconds, indicating that the self-test is running. 3. After approximately 30 seconds, verify the following: •The Power LED is solid green. •The Internet LED is lit. •The Ethernet LED is lit for any local port that is connected to a computer. This LED indicates that a link has been established to the connected device. The LEDs on the front panel of the WiFi DSL modem router can be used for troubleshooting. Power LED Is Off or Blinking •Make sure that the power cord is securely connected to your WiFi DSL modem router and that the power adapter is securely connected to a functioning power outlet. •Make sure that you are using the power adapter that NETGEAR supplied for this product. •If the Power LED blinks slowly and continuously, the WiFi DSL modem router firmware is corrupted. This situation can happen if a firmware upgrade is interrupted, or if the WiFi DSL modem router detects a problem with the firmware. If the error persists, you have a hardware problem. For recovery instructions or help with a hardware problem, contact technical support at http://support.netgear.com/general/contact/default.aspx. Power LED Stays Red When the WiFi DSL modem router is turned on, the Power LED turns red for about 20 seconds and then turns green. If the LED does not turn green, the WiFi DSL modem router has a problem. If the Power LED is still red 1 minute after you turn on power to the WiFi DSL modem router: 1. Turn off the power and back on to see if the WiFi DSL modem router recovers. 2. Press and hold the Reset button to return the WiFi DSL modem router to its factory settings. See Factory Settings on page 150. If the error persists, you might have a hardware problem and should contact technical support at www.netgear.com/support.