Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Here you can view all the pages of manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual. The Netgear manuals for Router are available online for free. You can easily download all the documents as PDF.
Page 391
Set Up Virtual Private Networking With IPSec Connections 389 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Extended Authentication Overview When many VPN clients connect to a VPN firewall, you might want to use a unique user authentication method beyond relying on a single common pre-shared key for all clients. Although you could configure a unique VPN policy for each user, it is more efficient to authenticate users from a stored list of user accounts. Extended authentication (XAUTH)...
Page 392
Set Up Virtual Private Networking With IPSec Connections 390 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. If the IKE policy for which you want to configure XAUTH is associated with a VPN policy, first disable the VPN...
Page 393
Set Up Virtual Private Networking With IPSec Connections 391 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 10. Locate the Extended Authentication section. 11. Enter the settings as described in the following table. 12. Click the Apply button. Your settings are saved. 13. If you disabled the VPN policy with which the IKE policy for which you configured XAUTH is associated, reenable the VPN policy: a.Select VPN > IPSec VPN > VPN Policies. The VPN Policies screen displays the IPv4 settings. b....
Page 394
Set Up Virtual Private Networking With IPSec Connections 392 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 d. Click the Enable button. The VPN policy is reenabled. The gray circle to the left of the VPN policy turns green. RADIUS Remote Authentication Dial In User Service (RADIUS, RFC 2865) is a protocol for managing authentication, authorization, and accounting (AAA) of multiple users in a network. A RADIUS server stores a database of user information and can validate a user at the request...
Page 395
Set Up Virtual Private Networking With IPSec Connections 393 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 5. Click the Login button. The Router Status screen displays. 6. Select VPN > IPSec VPN > RADIUS Client. The RADIUS Client screen displays. 7. Enter the settings as described in the following table. SettingDescription Primary RADIUS Server To enable and configure the primary RADIUS server, select the Ye s radio button and enter the settings for the three fields to the right. By default,...
Page 396
Set Up Virtual Private Networking With IPSec Connections 394 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Click the Apply button. Your settings are saved. Assign IPv4 Addresses to Remote Users The following sections provide information about how to configure Mode Config: •Mode Config Overview •Configure Mode Config Operation on the VPN Firewall •Configure the NETGEAR ProSAFE VPN Client for Mode Config Operation •Test the Mode Config Connection •Change a Mode Config Record •Remove One or...
Page 397
Set Up Virtual Private Networking With IPSec Connections 395 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 to remote users IP addresses from a secured network space so that the remote users appear as seamless extensions of the network. You can use the Mode Config feature in combination with an IPv6 IKE policy to assign IPv4 addresses to clients but you cannot assign IPv6 addresses to clients. During the establishment of a VPN tunnel, after the IKE Phase 1 negotiation is complete, the VPN...
Page 398
Set Up Virtual Private Networking With IPSec Connections 396 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The Mode Config screen displays. As an example, the screen shows two existing Mode Config records with the names EMEA Sales and Americas Sales: •For EMEA Sales, a first pool (172.16.100.1 through 172.16.100.99) and second pool (172.16.200.1 through 172.16.200.99) are shown. •For Americas Sales, a first pool (172.25.100.50 through 172.25.100.99), a second pool (172.25.210.1 through...
Page 399
Set Up Virtual Private Networking With IPSec Connections 397 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Enter the settings as described in the following table. SettingDescription Client Pool Record Name A descriptive name of the Mode Config record for identification and management purposes. First Pool Assign at least one range of IP pool addresses in the First Pool fields to enable the VPN firewall to allocate these to remote VPN clients. The Second Pool and Third Pool fields are...
Page 400
Set Up Virtual Private Networking With IPSec Connections 398 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 9. Click the Apply button. Your settings are saved. The new Mode Config record is added to the List of Mode Config Records table. Continue the Mode Config configuration procedure by configuring an IKE policy. (You can also change an existing IKE policy.) 10. Select VPN > IPSec VPN. The IPSec VPN submenu tabs display with the IKE Policies screen for IPv4 in view. 11. To add an IKE...