Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Set Up Virtual Private Networking With IPSec Connections 349 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 9. Collect the information that you must use to configure the VPN client. You can print the following table to keep track of this information. Use the NETGEAR ProSAFE VPN Client Wizard to Create a Secure Connection to the VPN Firewall Note:In this section, the NETGEAR ProSAFE VPN Client is referred to as the VPN client. The VPN client lets you set up the VPN connection manually (see Manually Create a Secure Connection to the VPN Firewall Using the NETGEAR ProSAFE VPN Client on page 354) or with the integrated Configuration Wizard, which is the easier and preferred method. However, in some situations you might prefer the manual configuration, which provides more control over the configuration process. The Configuration Wizard configures the default settings and provides basic interoperability so that the VPN client can easily communicate with the VPN firewall (or a third-party VPN device). The Configuration Wizard does not let you enter the local and remote IDs, so you must manually enter this information. To use the VPN Configuration Wizard to set up a VPN connection between the VPN client and the VPN firewall: 1. On the computer that has the VPN client installed, right-click the VPN client icon in your Windows system tray and select Configuration Panel. ComponentEnter the information that you collectedExample Pre-shared keyI7!KL39dFG_8 Remote identifier information remote.com Local identifier information local.com Router’s LAN network IPv4 address 192.168.1.0 Router’s WAN IPv4 address 192.168.15.175
Set Up Virtual Private Networking With IPSec Connections 350 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 2. From the main menu, select Configuration > Wizard. 3. Select the A router or a VPN gateway radio button. 4. Click the Next button.
Set Up Virtual Private Networking With IPSec Connections 351 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 5. Specify the following VPN tunnel parameters: •IP or DNS public (external) address of the remote equipment. Enter the remote IP address or DNS name of the VPN firewall. For example, enter 192.168.15.175. •Preshared key. Enter the pre-shared key that you already specified on the VPN firewall. For example, enter I7!KL39dFG_8. •IP private (internal) address of the remote network. Enter the remote private IP address of the VPN firewall. For example, enter 192.168.1.0. This IP address enables communication with the entire 192.168.1.x subnet. 6. Click the Next button. The Configuration Summary screen displays a summary of the new VPN configuration. 7. Click the Finish button. The Configuration Panel screen displays. 8. Specify the local and remote IDs:
Set Up Virtual Private Networking With IPSec Connections 352 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 a.In the tree list pane of the Configuration Panel screen, click Gateway (the default name given to the authentication phase). The Authentication pane displays in the Configuration Panel screen, with the Authentication tab selected by default. b. Click the Advanced tab in the Authentication pane. c. Specify the settings that are described in the following table. SettingDescription Advanced features Aggressive Mode Select this check box to enable aggressive mode as the mode of negotiation with the VPN firewall. NAT-T From the menu, select Automatic. The VPN client and VPN firewall can now negotiate NAT-T.
Set Up Virtual Private Networking With IPSec Connections 353 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 9. Configure the global parameters: a.In the tree list pane of the Configuration Panel screen, click Global Parameters. b. Specify the default lifetimes in seconds: •Authentication (IKE), Default. The default lifetime value is 3600 seconds. Change this setting to 28800 seconds to match the configuration of the VPN firewall. •Encryption (IPSec), Default. The default lifetime value is 1200 seconds. Change this setting to 3600 seconds to match the configuration of the VPN firewall. Local and Remote ID Local ID As the type of ID, select DNS from the Local ID menu because you specified FQDN in the VPN firewall configuration. As the value of the ID, enter remote.com as the local ID for the VPN client. Note:The remote ID on the VPN firewall is the local ID on the VPN client. It might be less confusing to configure an FQDN such as client.com as the remote ID on the VPN firewall and then enter client.com as the local ID on the VPN client. Remote ID As the type of ID, select DNS from the Remote ID menu because you specified an FQDN in the VPN firewall configuration. As the value of the ID, enter local.com as the remote ID for the VPN firewall. Note:The local ID on the VPN firewall is the remote ID on the VPN client. It might be less confusing to configure an FQDN such as router.com as the local ID on the VPN firewall and then enter router.com as the remote ID on the VPN client. SettingDescription
Set Up Virtual Private Networking With IPSec Connections 354 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 10. Click the Save button. Your settings are saved and the VPN client configuration is complete. For information about testing the new VPN tunnel connection, see Test the Connection and View Connection and Status Information on page 360. Manually Create a Secure Connection to the VPN Firewall Using the NETGEAR ProSAFE VPN Client Note:In this section, the NETGEAR ProSAFE VPN Client is referred to as the VPN client. The VPN client lets you set up the VPN connection with the integrated Configuration Wizard (see Use the NETGEAR ProSAFE VPN Client Wizard to Create a Secure Connection to the VPN Firewall on page 349), which is the easier and preferred method, or manually. In some situations you might prefer the manual configuration, which provides more control over the configuration process. Manually configuring a VPN connection between the VPN client and the VPN firewall involves three tasks that are described in the following procedure: 1. Configure the authentication settings (phase 1 settings). 2. Create the IPSec configuration (phase 2 settings). Note:On the VPN firewall, the IPSec configuration (phase 2 settings) is referred to as the IKE settings. 3. Configure the global parameters. To manually set up a VPN connection between the VPN client and the VPN firewall: 1. On the computer that has the VPN client installed, right-click the VPN client icon in your Windows system tray and select Configuration Panel.
Set Up Virtual Private Networking With IPSec Connections 355 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 2. In the tree list pane of the Configuration Panel screen, right-click VPN Configuration, and select New Phase 1. 3. Change the name of the authentication phase (the default name is Gateway): a.Right-click the authentication phase name. b. Select Rename. c. Type vpn_client. d. Click anywhere in the tree list pane. Note:This is the name for the authentication phase that is used only for the VPN client, not during IKE negotiation. You can view and change this name in the tree list pane. This name must be a unique name. The Authentication pane displays in the Configuration Panel screen, with the Authentication tab selected by default.
Set Up Virtual Private Networking With IPSec Connections 356 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 4. Specify the settings that are described in the following table. 5. Click the Save button. Your settings are saved. 6. Click the Advanced tab in the Authentication pane. SettingDescription Interface From the menu, select Any. Remote Gateway Enter the remote IP address or DNS name of the VPN firewall. For example, enter 192.168.15.175. Preshared Key Select the Preshared Key radio button and configure the following settings: 1.Enter the pre-shared key that you already specified on the VPN firewall. For example, enter I7!KL39dFG_8. 2.In the Confirm field, enter the pre-shared key again. Encryption From the menu, select the 3DES encryption algorithm. Authentication From the menu, select the SHA1 authentication algorithm. Key Group From the menu, select the DH2 (1024) key group. Note:On the VPN firewall, this key group is referred to as Diffie-Hellman Group 2 (1024 bit).
Set Up Virtual Private Networking With IPSec Connections 357 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 7. Specify the settings that are described in the following table. 8. Click the Save button. SettingDescription Advanced features Aggressive Mode Select this check box to enable aggressive mode as the mode of negotiation with the VPN firewall. NAT-T From the menu, select Automatic. The VPN client and VPN firewall can now negotiate NAT-T. Local and Remote ID Local ID As the type of ID, select DNS from the Local ID menu because you specified FQDN in the VPN firewall configuration. As the value of the ID, enter remote.com as the local ID for the VPN client. Note:The remote ID on the VPN firewall is the local ID on the VPN client. It might be less confusing to configure an FQDN such as client.com as the remote ID on the VPN firewall and then enter client.com as the local ID on the VPN client. Remote ID As the type of ID, select DNS from the Remote ID menu because you specified an FQDN in the VPN firewall configuration. As the value of the ID, enter local.com as the remote ID for the VPN firewall. Note:The local ID on the VPN firewall is the remote ID on the VPN client. It might be less confusing to configure an FQDN such as router.com as the local ID on the VPN firewall and then enter router.com as the remote ID on the VPN client.
Set Up Virtual Private Networking With IPSec Connections 358 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Your settings are saved. Continue the manual configuration of the VPN client with the IPSec configuration. 9. In the tree list pane of the Configuration Panel screen, right-click the vpn_client authentication phase name and select New Phase 2. 10. Change the name of the IPSec configuration (the default name is Tunnel): a.Right-click the IPSec configuration name. b. Select Rename. c. Type netgear_platform. d. Click anywhere in the tree list pane. Note:This is the name for the IPSec configuration that is used only for the VPN client, not during IPSec negotiation. You can view and change this name in the tree list pane. This name must be a unique name. The IPSec pane displays in the Configuration Panel screen, with the IPSec tab selected by default: