Home > Netgear > Router > Netgear N600 Wireless Router User Manual

Netgear N600 Wireless Router User Manual

Download as PDF Print this page Share this page

Have a look at the manual Netgear N600 Wireless Router User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

$Page 86 86 7 7. Virtual Private Networking Setting up secure encrypted communications This chapter describes how to use the virtual private networking (VPN)\ features of the wireless modem router. VPN communications paths are called tunnels. VPN tunnels p\ rovide secure, encrypted communications between your local network and a remote network\ or computer. See Appendix B, NETGEAR VPN Configuration. This chapter is organized as follows: • Overview of VPN Configuration • Plan a VPN • VPN Tunnel...$

$Page 87 Virtual Private Networking87 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 Overview of VPN Configuration Two common scenarios for VPN tunnels are between a remote PC and a netwo\ rk gateway, and between two or more network gateways. The N600 Wireless Dual Band Gi\ gabit ADSL2+ Modem Router DGND3700 supports both types. It supports up to five concur\ rent tunnels. Client-to-Gateway VPN Tunnels Client-to-gateway VPN tunnels provide secure access from a remote PC, su\ ch as a telecommuter...$

$Page 88 Virtual Private Networking88 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 A VPN between two or more NETGEAR VPN-enabled routers is a good way to c\ onnect branch or home offices and business partners over the Internet. VPN tunn\ els also enable access to network resources across the Internet. In this case, use gatew\ ays on each end of the tunnel to form the VPN tunnel endpoints. See Set Up a Gateway-to-Gateway VPN Configuration on page 101 for information about how to set up this...$

$Page 89 Virtual Private Networking89 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 • Will either endpoint use fully qualified domain names (FQDNs)? FQDNs s\ upplied by Dynamic DNS providers (see Use a Fully Qualified Domain Name (FQDN) on page 163) can allow a VPN endpoint with a dynamic IP address to initiate or respon\ d to a tunnel request. Otherwise, the side using a dynamic IP address has to always be\ the initiator. • Which method will you use to configure your VPN tunnels?...$

$Page 90 Virtual Private Networking90 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 • When the VPN Wizard and its VPNC defaults (see Table 16 on page 89) are not appropriate for your special circumstances and you have to specify each \ phase of the connection, see Use Manual Policy to Configure VPN Tunnels on page 119. You manually enter all the authentication and key parameters. You have more \ control over the process; however, the process is more complex, and there are more opport\...$

$Page 91 Virtual Private Networking91 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 The following worksheet identifies the parameters used in this procedure\ . For a blank worksheet, see Plan a VPN on page 88. Table 17. VPN tunnel configuration worksheet ParameterValue to Be EnteredField Selection Connection Name RoadWarriorN/A Pre-Shared Key 12345678N/A Secure Association N/AMain ModeManual Keys Perfect Forward secrecy N/AEnabledDisabled Encryption Protocol N/ADES3DES Authentication...$

$Page 92 Virtual Private Networking92 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 2. Click Next to proceed. 3. Fill in the Connection Name and pre-shared key fields. The connection name is for convenience and does not affect how the VPN t\ unnel functions. 4. Select the radio button for the type of target end point, and click Next. 5. Enter the remote IP address, and click Next.$

$Page 93 Virtual Private Networking93 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 The Summary screen displays: Note: To view the VPNC-recommended authentication and encryption settings used by the VPN Wizard, click the here link. 6. Click Done on the Summary screen. The VPN Policies screen displays, showing that t\ he new tunnel is enabled: To view or modify the tunnel settings, select its radio button and click\ Edit. Note: See Use Auto Policy to Configure VPN Tunnels on page 112...$

$Page 94 Virtual Private Networking94 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 The PC has to have the NETGEAR ProSafe VPN Client program installed, whi\ ch supports IPSec. Go to the NETGEAR website (http://www.netgear.com ) for information about how to purchase the NETGEAR ProSafe VPN client. Note: Before installing the NETGEAR ProSafe VPN Client software, be sure to turn off any virus protection or firewall software you might be \ running on your PC. You might need to insert your...$

$Page 95 Virtual Private Networking95 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 c. Rename the new connection so that it matches the Connection Name field in the VPN Settings screen of the wireless modem router on LAN A. Choose connec\ tion names that make sense to the people using and administering the VPN. Note: In this example, the connection name used on the client side of the VPN tunnel is togw_a, and it does not have to match the RoadWarrior connection name used on the gateway...$

$Page 96 Virtual Private Networking96 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 b. Click the Security Policy subheading to view the Security Policy settings. Figure 44. Security Policy settings, Client-to-Gateway A c. In the Select Phase 1 Negotiation Mode section of the screen, select the\ Main Mode radio button. 4. Configure the VPN client identity. In this step, you provide information about the remote VPN client PC. Yo\ u have to provide the pre-shared key that you configured in...$

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

View all the pages

Add page 91 to Favourites

image text

Enable zoom

							Virtual Private Networking91
 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
The following worksheet identifies the parameters used in this procedure\
. For a blank 
worksheet, see 
Plan a VPN on page  88.
Table 17.  VPN tunnel configuration worksheet  
ParameterValue to Be EnteredField Selection
Connection Name RoadWarriorN/A
Pre-Shared Key 12345678N/A
Secure Association N/AMain ModeManual Keys
Perfect Forward secrecy N/AEnabledDisabled
Encryption Protocol N/ADES3DES
Authentication Protocol N/AMD5SHA-1
Diffie-Hellman (DH) Group N/AGroup 1Group 2
Key Life in seconds 28800 (8 hours)N/A
IKE Life Time in seconds 3600 (1 hour)N/A
VPN Endpoint Local IPSecIDLAN IP AddressSubnet MaskFQDN or Gateway 
IP (WAN IP 
Address)
Client toGatewayN/AN/ADynamic
Gateway toClient192.168.3.1255.255.255.022.23.24.25
To configure a client-to-gateway VPN tunnel using the VPN Wizard: 
1. Log in to the wireless modem router. On the main menu under Advanced - V\
PN, select 
VPN Wizard.

Add page 92 to Favourites

image text

Enable zoom

							Virtual Private Networking92
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 
2. 
Click  Next to proceed. 
3. Fill in the Connection Name and pre-shared key fields.
The connection name is for convenience and does not affect how the VPN t\
unnel 
functions.
4.  Select the radio button for the type of target end point, and click  Next.
5. Enter the remote IP address, and click  Next.

Add page 93 to Favourites

image text

Enable zoom

							Virtual Private Networking93
 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
The Summary screen displays: 
Note:  To view the VPNC-recommended authentication and encryption 
settings used by the VPN Wizard, click the 
here link. 
6.  Click  Done on the Summary screen. The VPN Policies screen displays, showing that t\
he 
new tunnel is enabled:
To view or modify the tunnel settings, select its radio button and click\
  Edit. 
Note:
  See Use Auto Policy to Configure VPN Tunnels on page  112 for 
information about how to enable the IKE keep-alive capability on an exis\
ting 
VPN tunnel.
Step 2: Configure the NETGEAR ProSafe VPN Client
This section describes how to configure the NETGEAR ProSafe VPN client o\
n a remote PC. 
These instructions assume that the PC running the client has a dynamical\
ly assigned IP 
address.

Add page 94 to Favourites

image text

Enable zoom

							Virtual Private Networking94
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 
The PC has to have the NETGEAR ProSafe VPN Client program installed, whi\
ch supports 
IPSec. Go to the NETGEAR website (http://www.netgear.com
) for information about how to 
purchase the NETGEAR ProSafe VPN client.
Note:  Before installing the NETGEAR ProSafe VPN Client software, be 
sure to turn off any virus protection or firewall software you might be \
running on your PC. You might need to insert your Windows CD to 
complete the installation.
To configure the NETGEAR ProSafe VPN client:
1. Install the NETGEAR ProSafe VPN client on the remote PC, and then reboot\
.
a.Install the IPSec component. You might have the option to install either\
 the VPN 
adapter or the IPSec component or both. The VPN adapter is not necessary\
.
If you do not have a modem or dial-up adapter installed in your PC, you \
might see the 
warning message stating, “The NETGEAR ProSafe VPN Component requires \
at least 
one dial-up adapter be installed.” You can disregard this message.
b.  Reboot the remote PC.
The ProSafe icon (
) is in the system tray.
c.  Double-click the ProSafe icon to open the Security Policy Editor.
2.  Add a new connection.
a.Run the NETGEAR ProSafe Security Policy Editor program, and, using Table  17 on 
page   91, create a VPN connection. 
b.  From the Edit menu of the Security Policy Editor, select  Add, and then click 
Connection. 
A New Connection listing appears in the list of policies.

Add page 95 to Favourites

image text

Enable zoom

							Virtual Private Networking95
 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
c. 
Rename the new connection so that it matches the  Connection Name field in the 
VPN Settings screen of the wireless modem router on LAN A. Choose connec\
tion 
names that make sense to the people using and administering the VPN.
Note:   In this example, the connection name used on the client side of the 
VPN tunnel is togw_a, and it does not have to match the 
RoadWarrior connection name used on the gateway side of the VPN 
tunnel because connection names are irrelevant to how the VPN 
tunnel functions.
d.  Enter the following settings:
•     Connection Security . Select Secure.
•     ID Type . Select IP Subnet. 
•      Subnet. In this example, type 192.168.3.1 as the network address of the wireless 
modem router.
•     Mask . Enter 255.255.255.0 as the LAN subnet mask of the wireless modem 
router.
•     Protocol. Select All  to allow all traffic through the VPN tunnel. 
e.  Select the Connect using Secure Gateway Tunnel  check box. 
f.  In the  ID Type  drop-down list, select  IP Address. 
g.  Enter the public WAN IP address of the wireless modem router in the fiel\
d directly 
below the ID Type drop-down list. In this example, 22.23.24.25  is used.
The resulting connection settings are shown in the figure that follows.
3.  Configure the security policy in the NETGEAR ProSafe VPN Client software\
:
a. In the Network Security Policy list, expand the new connection by double\
-clicking its 
name or clicking the + symbol. My Identity and Security Policy subheadings appear 
below the connection name.

Add page 96 to Favourites

image text

Enable zoom

							Virtual Private Networking96
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 
b. 
Click the Security Policy subheading to view the Security Policy settings.
Figure 44.  Security Policy settings, Client-to-Gateway A
c. In the Select Phase 1 Negotiation Mode section of the screen, select the\
  Main Mode 
radio button. 
4.  Configure the VPN client identity.
In this step, you provide information about the remote VPN client PC. Yo\
u have to provide 
the pre-shared key that you configured in the wireless modem router and \
either a fixed IP 
address or a fixed virtual IP address of the VPN client PC.
a.In the Network Security Policy list on the left side of the Security Pol\
icy Editor window, 
click My Identity . 
b. In the Select Certificate drop-down list, select  None.

Add page 97 to Favourites

image text

Enable zoom

							Virtual Private Networking97
 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
c. 
In the  ID Type  drop-down list, select  IP Address. If you are using a virtual fixed IP 
address, enter this address in the  Internal Network IP Address field. Otherwise, 
leave this field empty. 
d.  In the Internet Interface section of the screen, select the adapter that\
 you use to 
access the Internet. If you have a dial-up Internet account, in the  Name list, select 
PPP Adapter . If you have a dedicated cable or ADSL line, select your Ethernet 
adapter. If you will be switching between adapters or if you have only o\
ne adapter, 
select  Any. 
e.  In the My Identity section of the screen, click the  Pre-Shared Key button. The 
Pre-Shared Key screen displays:
f.  Click  Enter Key. Enter the wireless modem router pre-shared key, and then click 
OK. In this example, 12345678  is entered, though asterisks are displayed in the 
field. This field is case-sensitive.
5.  Configure the VPN client authentication proposal. 
In this step, you provide the type of encryption (DES or 3DES) to be u\
sed for this 
connection. This selection has to match your selection in the wireless m\
odem router 
configuration.
a.In the Network Security Policy list on the left side of the Security Pol\
icy Editor window, 
expand the Security Policy heading by double-clicking its name or clicki\
ng the + 
symbol.
b.  Expand the Authentication subheading by double-clicking its name or clic\
king the  + 
symbol. Then select Proposal 1 below Authentication. 
c.  In the  Authentication Method drop-down list, select Pre-Shared key .

Add page 98 to Favourites

image text

Enable zoom

Virtual Private Networking98
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
d.
In the Encrypt Alg drop-down list, select the type of encryption that is configured for
the encryption protocol in the wireless modem router, as listed in Table 15 on
page
88. This example uses Triple DES.
e. In the Hash Alg drop-down list, select SHA-1.
f. In the SA Life drop-down list, select Unspecified.
g. In the Key Group drop-down list, select Diffie-Hellman Group 2.
6. Configure the VPN client key exchange proposal.
In this step, you provide the type of encryption (DES or 3DES) to be u\
sed for this
connection. This selection has to match your selection in the wireless m\
odem router
configuration.
a.Expand the Key Exchange subheading by double-clicking its name or clicki\
ng the +
symbol. Then select Proposal 1 below Key Exchange.
b. In the SA Life drop-down list, select Unspecified.
c. In the Compression drop-down list, select None.
d. Select the Encapsulation Protocol (ESP) check box.
e. In the Encrypt Alg drop-down list, select the type of encryption that is configured for
the encryption protocol in the wireless modem router, as listed in Table 15 on
page 88. This example uses Triple DES.
f. In the Hash Alg drop-down list, select SHA-1.
g. In the Encapsulation drop-down list, select Tunnel.
h. Leave the Authentication Protocol (AH) check box cleared.
7. Save the VPN client settings.
In the Security Policy Editor window, select File > Save .
After you have configured and saved the VPN client information, your PC \
automatically opens the VPN connection when you attempt to access any IP addresses in \
the range of
the remote VPN router’s LAN.
8. Check the VPN connection.

Add page 99 to Favourites

image text

Enable zoom

							Virtual Private Networking99
 N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
To check the VPN connection, you can initiate a request from the remote \
PC to the 
wireless modem router’s network by using the Connect option in the NE\
TGEAR ProSafe 
menu bar. The NETGEAR ProSafe client reports the results of the attempt \
to connect. 
Since the remote PC has a dynamically assigned WAN IP address, it has to\
 initiate the 
request. 
To perform a ping test using our example, start from the remote PC:
a.
Establish an Internet connection from the PC.
b.  On the Windows taskbar, click the  Start button, and then select Run.
c.  Type   ping -t 192.168.3.1 , and then click OK.
This causes a continuous ping to be sent to the first wireless modem rou\
ter. After 
between several seconds and 2 minutes, the ping response should change f\
rom 
timed out to reply .
Once the connection is established, you can open a browser on the PC and\
 enter the 
LAN IP address of the remote gateway. After a short wait, you should see\
 the login 
screen of the wireless modem router (unless another PC is already logge\
d in to the 
wireless modem router).
You can view information about the progress and status of the VPN client\
 connection by 
opening the NETGEAR ProSafe Log Viewer.

Add page 100 to Favourites

image text

Enable zoom

							Virtual Private Networking100
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 
To launch this function, click the Windows
 Start button, then select Programs > 
NETGEAR ProSafe VPN Client > Log Viewer . The VPN Status/Log screen for a 
successful connection is shown in the following figure:
Note:  Use the active VPN tunnel information and pings to determine 
whether a failed connection is due to the VPN tunnel or some reason 
outside the VPN tunnel.
The Connection Monitor screen for this connection is shown in the follow\
ing figure:
In this example you can see these settings:
•     The wireless modem router has a GW address (public IP WAN address) of \
22.23.24.25.
•     The wireless modem router has a remote address (LAN IP address) of 192\
.168.3.1.
•     The VPN client PC has a local address (dynamically assigned address) o\
f 192.168.2.2.
While the connection is being established, the  Connection Name field in this screen displays 
SA before the name of the connection. When the connection is successful, t\
he SA changes 
to the yellow key symbol shown in the previous figure.

All Netgear manuals Comments (0)

Related Manuals for Netgear N600 Wireless Router User Manual

Netgear Cm1000 Ultra High Speed Cable Modem Docsis 3 1 Ready User Manual
25 pages | Netgear Router
Netgear Centria Wndr4700 Wndr4720 Media Storage Router User Manual
140 pages | Netgear Router
Netgear C7100v High Speed Cable Modem Router User Manual
124 pages | Netgear Router
Netgear C7000 Nighthawk Ac1900 Wifi Cable Modem Router User Manual
110 pages | Netgear Router
Netgear C6900 High Speed Cable Modem Router User Manual
91 pages | Netgear Router
Netgear C6300 Ac1750 Wifi Cable Modem Router User Manual
102 pages | Netgear Router
Netgear C6250 Ac1600 Wifi Cable Modem Router User Manual
198 pages | Netgear Router
Netgear C6220 Docsis 3 0 High Speed Wifi Cable Modem Router User Manual
103 pages | Netgear Router
Netgear C3700 N600 Wifi Cable Modem Router User Manual
101 pages | Netgear Router
Netgear C3000 N300 Wifi Cable Modem Router User Manual
103 pages | Netgear Router
Netgear Ac1450 802 11ac Dual Band Gigabit Smart Wifi Router User Manual
128 pages | Netgear Router