Netgear Dgnd3700v2 N600 Wireless Dual Band Gigabit Adsl2 Plus Modem Router User Manual

							Advanced Settings 121
 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700v2
IPv6
You can use this feature to set up an IPv6 Internet connection type if NE\
TGEAR Genie does 
not detect it automatically.
To set up an IPv6 Internet connection type:
1.  Select  Advanced > 
 Advanced Setup > IPv6  to display the following screen:
2. Select the IPv6 connection type from the list. Your Internet service provider (ISP) can 
provide this information.
• If your ISP did not provide details, you can select IPv6 T
 unnel. 
• If you are not sure, select  Auto Detect so that the wireless modem router detects the 
IPv6 type that is in use.
• If your Internet connection does not use PPPoE, DHCP
 , or fixed, but is IPv6, then 
select IPv6 auto config.
3.  Click  Apply so that your changes take ef
 fect.
Traffic Meter
Traffic metering allows you to monitor the volume of Internet traffic passing through your 
wireless modem router’s Internet port. With the traffic meter utility, you can set limits for traffic 
volume, set a monthly limit, and get a live update of traffic usage. 
						

							Advanced Settings 122
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700v2 
To monitor Internet traffic:
1. 
Click  Advanced > 
 Advanced Setup > Traffic Meter to display the following screen:
2. To enable the Traffic Meter, select the  Enable Traffic Meter check box.
3.  If you would like to record and restrict the volume of Internet traf
 fic, select the Traffic 
volume control  by radio button. You can select one of the following options for controlling 
the traffic volume:
• No Limit. No restriction is applied when the traf
 fic limit is reached.
• Download only . 
 The restriction is applied to incoming traffic only.
• Both Directions. 
 The restriction is applied to both incoming and outgoing traffic.
4.  Y
ou can limit the amount of data traffic allowed per month by specifying how many Mbytes 
per month are allowed or by specifying how many hours of traffic are allowed.
5.  Set the traf
 fic counter to begin at a specific time and date.
6.  Set up traf
 fic control to issue a warning message before the monthly limit of Mbyte\
s or hours 
is reached. You can select one of the following to occur when the limit is attained:
• The Internet LED flashes green or red. 
• The Internet connection is disconnected and disabled.
7.  Set up Internet traf
 fic statistics to monitor the data traffic.
8.  Click the  T
 raffic Status button to get a live update on Internet traffic status on your  wireless 
modem router.
9.  Click  Apply  to save your settings. 
						

							Advanced Settings 123
 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700v2
Device Mode
When the wireless modem router is in Router mode, this screen allows swi\
tching to Modem 
mode, where the wireless modem router acts as a pure bridge or DSL modem\
.
Routing, firewall, wireless support, USB, and the traffic meter are not available in Modem 
mode. 

A typical application is a small-to-medium business scenario where the w\
ireless 
modem router is used for DSL connectivity behind a carrier class router \
or firewall or security 
device manager. When the wireless modem router is in Modem mode, this screen allows 
switching back to Router mode with all of the standard features. 
To switch the device mode:
1.  Click  ADV
 ANCED > Advanced Setup > Device Mode  to display the following screen:
2. From the Device Mode list, select Router (Modem + Router) or  Modem (Modem only).
3.  Click  Apply to save your settings.
VPN Policies
Manage your VPN policies from the VPN Policies screen.
•T
raffic covered by a policy is automatically sent through a VPN tunnel.
• Where traf
 fic is covered by two or more policies, the first matching policy is use\
d. In this 
situation, the order of the policies is important. However, if you only have one policy for 
each remote VPN endpoint, then the policy order is not important.
• The VPN tunnel is created according to the parameters in the SA (securi\
ty association).
• The remote VPN endpoint must have a matching SA, or else it refuses the \
connection. 
						

							Advanced Settings 124
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700v2 
There are two types of VPN policies:
• Manual. 
 All settings (including the keys) for the VPN tunnel are input manuall\
y at each 
end (both VPN endpoints). No third-party server or organization is inv\
olved.
• Auto. Some parameters for the VPN tunnel are generated automatically
 . This process 
requires using the IKE (Internet Key Exchange) protocol to perform neg\
otiations between 
the two VPN endpoints. 
To manage the VPN policies:
1.  Click  ADV
 ANCED > Advanced Setup > VPN Policies .
The Policy Table contains the following data:
• Enable. Use this check box to enable or disable a policy as required. Click  Apply 
after you make any changes.
• Name. Each policy has a unique name to identify it.
• T
ype. The type is Auto or Manual.
•Local. 
The IP address or address range on your local LAN. Traffic must be from (or 
to) these addresses to be covered by this policy.
• Remote. 
 The IP address or address range of the remote network. Traffic must be to 
(or from) these addresses to be covered by this policy.
• ESP . Encapsulating Security Payload. 
 This setting specifies the encryption protocol 
used for the VPN data.
2.  Click the appropriate button to manage a VPN policy:
• Edit. Edit (modify) the selected policy
 . (Select a policy by selecting the radio button.)
• Delete. Delete the selected policy
 . 
						

							Advanced Settings 125
 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700v2
•
Apply . Save any changes to the Enable setting for each policy.
• Cancel. Discard any unsaved changes to the Enable setting for each policy
 .
• Add Auto 
 Policy. Change to the input screen for an Auto policy. When the new policy 
is saved, it appears in the bottom row of the Policy Table. See Add or Edit an Auto 
VPN Policy  on page
  125.
• Add Manual Policy . Change to the input screen for a Manual policy
 . When the new 
policy is saved, it appears in the bottom row of the Policy Table. See  Add or Edit a 
Manual VPN Policy  on page
  128.
Add or Edit an Auto VPN Policy
An Auto VPN policy uses the IKE (Internet Key Protocol) to exchange and n\
egotiate 
parameters for the IPsec SA (security association). Because of this ne\
gotiation, not all of the 
settings on this VPN gateway have to match the settings on the remote VP\
N endpoint. 
Where settings have match, this requirement is indicated.
To add or edit an Auto VPN Policy:
1.  Click  ADV
 ANCED > Advanced Setup > VPN Policies.
2.  Click the  Add Auto 
 Policy button.
3. Enter or select the following parameters:
• General. 
 These settings identify this policy and determine its major characterist\
ics.
- Policy Name. Enter a unique name to identify this policy
 . This name is not 
supplied to the remote VPN endpoint. It is used only to help you manage \
the 
policies. 
						

							Advanced Settings 
126 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700v2 
-Remote VPN Endpoint. If the remote endpoint has a dynamic IP address, select 
Dynamic IP Address. No address data input is required.
Otherwise, select the desired option (IP address or domain name) and enter the 
address of the remote VPN endpoint you wish to connect to.
The remote VPN endpoint must have this VPN gateway’s address entered as its 
remote VPN endpoint.
-IKE Keep Alive. Check this check box if you wish to ensure that a connection is 
kept open, or, if that is not possible, it is quickly reestablished when disconnected.
The ping IP address has to be associated with the remote endpoint. Either the 
WAN or a LAN address can be used; a LAN address is preferable. This IP 
address is pinged to generate some traffic for the VPN tunnel.
•Local LAN. These settings identify which computers on your LAN are covered by this 
policy. For each selection, data must be provided as follows:
-Single address. Enter an IP address in the Single/Start IP address field. 
Typically, this setting is used when you wish to make a single server on your LAN 
available to remote users.
-Range address. Enter the starting IP address in the Single/Start IP address field, 
and the finish IP address in the Finish IP address field. This range must be an 
address range used on your LAN.
-Subnet address. Enter an IP address in the Single/Start IP address field, and the 
desired network mask in the Subnet Mask field.
The remote VPN endpoint must have these IP addresses entered as its remote 
addresses.
•Remote LAN. These settings identify which computers on the remote LAN are 
covered by this policy. For each selection, data must be provided as follows:
-Single PC - no Subnet. Select this option if there is no LAN (only a single 
computer) at the remote endpoint. If this option is selected, no additional data is 
required.
-Single address. Enter an IP address in the Single/Start IP address field. This 
value must be an address on the remote LAN. Typically, this setting is used when 
you wish to access a server on the remote LAN.
-Range address. Enter the starting IP address in the Single/Start IP address field, 
and the finish IP address in the Finish IP address field. This range must be an 
address range used on the remote LAN.
-Subnet address. Enter an IP address in the Single/Start IP address field, and the 
desired network mask in the Subnet Mask field.
The remote VPN endpoint must have these IP addresses entered as its local 
addresses.
•IKE.  
						

							Advanced Settings 
127  N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700v2
-Direction/Type. This setting is used when determining if the IKE policy matches 
the current traffic. Select the desired option.
-Responder only. Incoming connections are allowed, but outgoing connections 
are blocked.
-Initiator and Responder. Both incoming and outgoing connections are allowed.
-Exchange Mode. Currently, only Main Mode is supported. Ensure that the remote 
VPN endpoint is set to use Main Mode.
-Diffie-Hellman (DH) Group. The Diffie-Hellman algorithm is used when the 
connection exchanges keys. The DH Group setting determines the bit size used 
in the exchange. This value must match the value used on the remote VPN 
gateway.
-Local Identity Type. Select the desired option to match the Remote Identity Type 
setting on the remote VPN endpoint.
-WAN IP Address. Your Internet IP address.
-Fully Qualified Domain Name. Your domain name.
-Fully Qualified User Name. Your name, email address, or other ID.
-Local Identity Data. Enter the data for the selection. If WAN IP Address is 
selected, no input is required.
-Remote Identity Type. Select the desired option to match the Local Identity Type 
setting on the remote VPN endpoint.
-IP Address. The Internet IP address of the remote VPN endpoint.
-Fully Qualified Domain Name. The domain name of the remote VPN endpoint.
-Fully Qualified User Name. The name, email address, or other ID of the remote 
VPN endpoint.
-Remote Identity Data. Enter the data for the selection. If IP Address is selected, 
no input is required.
•Parameters. 
-Encryption Algorithm. The encryption algorithm used for both IKE and IPSec. 
This setting must match the setting used on the remote VPN gateway.
-Authentication Algorithm. The authentication algorithm used for both IKE and 
IPSec. This setting must match the setting used on the remote VPN gateway.
-Pre-shared Key. The key has to be entered both here and on the remote VPN 
gateway.
-SA Life Time. This setting determines the time interval before the SA (security 
association) expires. (It is automatically reestablished as required.) While using a 
short time period (or data amount) increases security, it also degrades 
performance. It is common to use periods over an hour (3600 seconds) for the SA 
lifetime. This setting applies to both IKE and IPSec SAs.
-Enable PFS (Perfect Forward Secrecy). If enabled, security is enhanced by 
ensuring that the key is changed at regular intervals. Also, even if one key is 
broken, subsequent keys are no easier to break. (Each key has no relationship to 
the previous key.) 
						

							Advanced Settings 128
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700v2 
This setting applies to both IKE and IPSec SAs. When configuring the rem\
ote 
endpoint to match this setting, you might need to specify the key group \
used. For 
this device, the key group is the same as the DH Group setting in the IK\
E section.
4.  Click the  Apply button when done.
Add or Edit a Manual VPN Policy
A Manual VPN policy requires all settings (including the keys) for the\
 VPN tunnel to be 
manually input at each end (both VPN endpoints). No third-party server\
 or organization is 
involved.
To add or edit a Manual VPN policy:
1.  Click  ADV
 ANCED > Advanced Setup > VPN Policies .
2.  Click the  Add Manual Policy button.
3. Enter or select the following parameters:
• General. 
 These settings identify this policy and determine its major characterist\
ics.
- Policy Name. Enter a unique name to identify this policy
 . This name is not 
supplied to the remote VPN endpoint. It is used only to help you manage \
the 
policies.
- Remote VPN Endpoint. Select the desired option (IP address or domain name) 
and enter the address or domain name of the remote VPN endpoint you wish\
 to 
connect to.
The remote VPN endpoint must have this VPN gateway’s address entered as its  remote VPN endpoint. 
						

							Advanced Settings 
129  N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700v2
•Local LAN. These settings identify which computers on your LAN are covered by this 
policy. For each selection, data must be provided as follows:
-Single address. Enter an IP address in the Single/Start IP address field. 
Typically, this setting is used when you wish to make a single server on your LAN 
available to remote users.
-Range address. Enter the starting IP address in the Single/Start IP address field, 
and the finish IP address in the Finish IP address field. This setting must be an 
address range used on your LAN.
-Subnet address. Enter an IP address in the Single/Start IP address field, and the 
desired network mask in the Subnet Mask field.
The remote VPN endpoint must have these IP addresses entered as its remote 
addresses.
•Remote LAN. These identify which computers on the remote LAN are covered by this 
policy. For each selection, data must be provided as follows:
-Single PC - dynamic IP. Select this option if there is no LAN (only a single 
computer) at the remote endpoint. If this option is selected, no additional data is 
required.
-Single address. Enter an IP address in the Single/Start IP address field. This 
setting must be an address on the remote LAN. Typically, this setting is used 
when you wish to access a server on the remote LAN.
-Range address. Enter the starting IP address in the Single/Start IP address field, 
and the finish IP address in the Finish IP address field. This range must be an 
address range used on the remote LAN.
-Subnet address. Enter an IP address in the Single/Start IP address field, and the 
desired network mask in the Subnet Mask field.
The remote VPN endpoint must have these IP addresses entered as its local 
addresses.
•ESP Configuration. ESP (Encapsulating Security Payload) provides security for the 
payload (data) sent through the VPN tunnel.
-SPI. Enter the required SPIs. Each policy must have unique SPIs. These settings 
must match the remote VPN endpoint. The Incoming setting here must match the 
Outgoing setting on the remote VPN endpoint, and the Outgoing setting here 
must match the Incoming setting on the remote VPN endpoint.
-Encryption. Select the desired encryption algorithm, and enter the key in the field 
provided. For 3DES, the keys should be 24 ASCII characters (48-hex characters).
-Authentication. Select the desired authentication algorithm, and enter the key in 
the field provided. For MD5, the keys should be 16 ASCII characters (32-hex 
characters). For SHA-1, the keys should be 20 ASCII (40-hex characters).
4. Click the Apply button when done. 
						

							130
10
10.   Troubleshooting
Diagnose and solve problems
This chapter provides information to help you diagnose and solve problems you might have with 
your wireless modem router. If you do not find the solution here, check the NETGEAR support 
site at http://support.netgear.com for product and contact information.
This chapter contains the following sections:
•Quick Tips 
•Troubleshoot with the LEDs 
•Cannot Log In to the Router 
•Cannot Access the Internet 
•Changes Not Saved 
•Incorrect Date or Time 
•Wireless Connectivity 
•Restore the Factory Settings and Password 
•Troubleshoot Your Network Using the Ping Utility