FVL328 Reference Manual
Page 11
... Reading ...E-11 Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to FVL328 Configuration Template F-1 Step-By-Step Configuration of FVS318 or FVM318 Gateway A F-2 Step-By-Step Configuration of FVL328 Gateway B F-5 Test the VPN Connection F-10 Appendix G NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router Configuration Profile ...G-1 Step-By-Step Configuration of FVL328 or FWAG114 Gateway G-2 Step-By-Step Configuration of the FVL328 Firewall B G-7 Contents vii...
... Reading ...E-11 Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to FVL328 Configuration Template F-1 Step-By-Step Configuration of FVS318 or FVM318 Gateway A F-2 Step-By-Step Configuration of FVL328 Gateway B F-5 Test the VPN Connection F-10 Appendix G NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router Configuration Profile ...G-1 Step-By-Step Configuration of FVL328 or FWAG114 Gateway G-2 Step-By-Step Configuration of the FVL328 Firewall B G-7 Contents vii...
FVL328 Reference Manual
Page 12
Testing the VPN Connection G-14 From the Client PC to the FVL328 G-14 From the FVL328 to the Client PC G-15 Monitoring the PC VPN Connection G-15 Viewing the FVL328 VPN Status and Log Information G-17 Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328 Configuration Template H-1 Using DDNS and Fully Qualified Domain Names (FQDN H-2 Step-By-Step Configuration of FVS318 or FVM318 Gateway A H-3 Step-By-Step Configuration of FVL328 Gateway B H-7 Test the VPN Connection H-12 Glossary Index viii Contents May 2004, 202-10030-02
Testing the VPN Connection G-14 From the Client PC to the FVL328 G-14 From the FVL328 to the Client PC G-15 Monitoring the PC VPN Connection G-15 Viewing the FVL328 VPN Status and Log Information G-17 Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328 Configuration Template H-1 Using DDNS and Fully Qualified Domain Names (FQDN H-2 Step-By-Step Configuration of FVS318 or FVM318 Gateway A H-3 Step-By-Step Configuration of FVL328 Gateway B H-7 Test the VPN Connection H-12 Glossary Index viii Contents May 2004, 202-10030-02
FVL328 Reference Manual
Page 86
Figure 6-5: VPN Wizard Start Screen 2. Log in the Connection Name, pre-shared key, and select the type of password. Fill in to the FVS318 on LAN A at its default LAN address of http://192.168.0.1 with its default user name of admin and password of target end point, and click Next to proceed. Click Next to display this screen. Click the VPN Wizard link in the main menu to proceed. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 1. Figure 6-6: Connection Name and Remote IP Type 6-16 May 2004, 202-10030-02 Virtual Private Networking
Figure 6-5: VPN Wizard Start Screen 2. Log in the Connection Name, pre-shared key, and select the type of password. Fill in to the FVS318 on LAN A at its default LAN address of http://192.168.0.1 with its default user name of admin and password of target end point, and click Next to proceed. Click Next to display this screen. Click the VPN Wizard link in the main menu to proceed. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 1. Figure 6-6: Connection Name and Remote IP Type 6-16 May 2004, 202-10030-02 Virtual Private Networking
FVL328 Reference Manual
Page 89
...-to -Gateway with various gateway and client software products. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • VPN Consortium Scenarios without any product implementation details • VPN Consortium Scenarios based on the NETGEAR Web site at www.netgear.com/docs for configuring VPN communications between a NETGEAR FVS318 and a FVL328. Gateway A's LAN interface has the address 10.5.6.1, and its WAN...
...-to -Gateway with various gateway and client software products. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • VPN Consortium Scenarios without any product implementation details • VPN Consortium Scenarios based on the NETGEAR Web site at www.netgear.com/docs for configuring VPN communications between a NETGEAR FVS318 and a FVL328. Gateway A's LAN interface has the address 10.5.6.1, and its WAN...
FVL328 Reference Manual
Page 183
... configuration in this document follows the addressing and configuration mechanics defined by the VPN Consortium. Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to FVL328 This appendix provides a case study on both sides. The configuration options and screens for the FVS318 and FVM318 are no firewall restrictions. Verify whether the firmware is up to be necessary, and all...
... configuration in this document follows the addressing and configuration mechanics defined by the VPN Consortium. Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to FVL328 This appendix provides a case study on both sides. The configuration options and screens for the FVS318 and FVM318 are no firewall restrictions. Verify whether the firmware is up to be necessary, and all...
FVL328 Reference Manual
Page 184
... LAN address as in to FVL328 May 2004, 202-10030-02 Figure F-2: NETGEAR FVS318 VPN Settings Pre-Configuration F-2 NETGEAR VPN Configuration FVS318 or FVM318 to the FVS318 or FVM318 labeled Gateway A as 10.5.6.1 for Gateway A and have set for Examples Step-By-Step Configuration of FVS318 or FVM318 Gateway A 1. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 10.5.6.0/... address of http://192.168.0.1 with its default user name of admin and default password of password. Out of the box, the FVS318 or FVM318 is set your own password. Log in the illustration.
... LAN address as in to FVL328 May 2004, 202-10030-02 Figure F-2: NETGEAR FVS318 VPN Settings Pre-Configuration F-2 NETGEAR VPN Configuration FVS318 or FVM318 to the FVS318 or FVM318 labeled Gateway A as 10.5.6.1 for Gateway A and have set for Examples Step-By-Step Configuration of FVS318 or FVM318 Gateway A 1. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 10.5.6.0/... address of http://192.168.0.1 with its default user name of admin and default password of password. Out of the box, the FVS318 or FVM318 is set your own password. Log in the illustration.
FVL328 Reference Manual
Page 185
...the Local IP Local LAN finish IP Address field. - NETGEAR FVS318 VPN Settings (part 1) - Enter a Local IPSec Identifier name for the remote NETGEAR FVL328 Gateway B. NETGEAR VPN Configuration FVS318 or FVM318 to the VPN Settings - This name must be entered in the other ...below. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 2. Click the radio button of the Settings management GUI. Choose a subnet from local address from pull-down menu. - Figure F-3: Figure 3 - Enter a Remote IPSec Identifier name for the NETGEAR FVS318 Gateway A.
...the Local IP Local LAN finish IP Address field. - NETGEAR FVS318 VPN Settings (part 1) - Enter a Local IPSec Identifier name for the remote NETGEAR FVL328 Gateway B. NETGEAR VPN Configuration FVS318 or FVM318 to the VPN Settings - This name must be entered in the other ...below. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 2. Click the radio button of the Settings management GUI. Choose a subnet from local address from pull-down menu. - Figure F-3: Figure 3 - Enter a Remote IPSec Identifier name for the NETGEAR FVS318 Gateway A.
FVL328 Reference Manual
Page 186
From the Encryption Protocol drop-down menu. - NETGEAR FVS318 VPN Settings (part 2) - In this example we used as Microsoft Network Neighborhood browsing. 3. Choose a subnet from local address from the ...VPN Settings screen. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 - Figure F-4: Figure 4 - In the Key Life box, enter in the Remote LAN IP Subnetmask field. - Type the LAN Subnet Mask of the screen to be used hr5xb84l6aa9r6. Main Mode - Click the Apply button in the Remote WAN IP or FQDN field. F-4 NETGEAR VPN Configuration FVS318...
From the Encryption Protocol drop-down menu. - NETGEAR FVS318 VPN Settings (part 2) - In this example we used as Microsoft Network Neighborhood browsing. 3. Choose a subnet from local address from the ...VPN Settings screen. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 - Figure F-4: Figure 4 - In the Key Life box, enter in the Remote LAN IP Subnetmask field. - Type the LAN Subnet Mask of the screen to be used hr5xb84l6aa9r6. Main Mode - Click the Apply button in the Remote WAN IP or FQDN field. F-4 NETGEAR VPN Configuration FVS318...
FVL328 Reference Manual
Page 187
... the box, the FVL328 is selected. Out of password. This will open the IKE Policies Menu. NETGEAR VPN Configuration FVS318 or FVM318 to FVL328 F-5 May 2004, 202-10030-02 Click the IKE Policies link under the VPN category link on the left side of FVL328 Gateway B 1. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure F-5: NETGEAR FVS318 VPN Settings After Inputting Configuration...
... the box, the FVL328 is selected. Out of password. This will open the IKE Policies Menu. NETGEAR VPN Configuration FVS318 or FVM318 to FVL328 F-5 May 2004, 202-10030-02 Click the IKE Policies link under the VPN category link on the left side of FVL328 Gateway B 1. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure F-5: NETGEAR FVS318 VPN Settings After Inputting Configuration...
FVL328 Reference Manual
Page 188
... automatically be populated into the Local Identity Data field after policy is applied). - In the Policy Name field type FVS318. - From the Remote Identity drop-down box, select WAN IP Address (WAN IP address will automatically be populated into... box, select Both Directions. - In our example we have used to FVL328 May 2004, 202-10030-02 F-6 NETGEAR VPN Configuration FVS318 or FVM318 to help you manage the IKE policies. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure F-6: NETGEAR FVL328 IKE Policy Configuration - This name is used...
... automatically be populated into the Local Identity Data field after policy is applied). - In the Policy Name field type FVS318. - From the Remote Identity drop-down box, select WAN IP Address (WAN IP address will automatically be populated into... box, select Both Directions. - In our example we have used to FVL328 May 2004, 202-10030-02 F-6 NETGEAR VPN Configuration FVS318 or FVM318 to help you manage the IKE policies. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure F-6: NETGEAR FVL328 IKE Policy Configuration - This name is used...
FVL328 Reference Manual
Page 189
... open a new screen titled VPN - Figure F-8: NETGEAR FVL328 IKE Policies (Post Configuration) The FVS318 IKE Policy is the same for both gateways. - This will bring you to the VPN Policies Menu page. Click the VPN Policies link under the VPN category link on the left..., type hr5xb84l6aa9r6. In the SA Life Time field, type 28800. 3. Click Add Auto Policy. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure F-7: NETGEAR FVL328 IKE Policy Configuration - From the Authentication Method radio button, select Pre-shared Key. - From the Authentication...
... open a new screen titled VPN - Figure F-8: NETGEAR FVL328 IKE Policies (Post Configuration) The FVS318 IKE Policy is the same for both gateways. - This will bring you to the VPN Policies Menu page. Click the VPN Policies link under the VPN category link on the left..., type hr5xb84l6aa9r6. In the SA Life Time field, type 28800. 3. Click Add Auto Policy. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure F-7: NETGEAR FVL328 IKE Policy Configuration - From the Authentication Method radio button, select Pre-shared Key. - From the Authentication...
FVL328 Reference Manual
Page 190
... this being the FVS318 IKE Policy. - In the Policy Name field type to318. - this policy. Type 0 in the SA Life Time (Seconds) field. - Type the LAN Subnet Mask of Gateway B (172.23.9.1 in our example) in the Local IP Subnet Mask field. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure F-9: NETGEAR FVL328 VPN - Enter a unique...
... this being the FVS318 IKE Policy. - In the Policy Name field type to318. - this policy. Type 0 in the SA Life Time (Seconds) field. - Type the LAN Subnet Mask of Gateway B (172.23.9.1 in our example) in the Local IP Subnet Mask field. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure F-9: NETGEAR FVL328 VPN - Enter a unique...
FVL328 Reference Manual
Page 191
... check box. - From the AH Configuration Authentication Algorithm drop-down box, select Subnet address. - NETGEAR VPN Configuration FVS318 or FVM318 to the VPN Policies Menu page. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure F-10: NETGEAR FVL328 VPN - You will be taken back to FVL328 F-9 May 2004, 202-10030-02 Select Enable Authentication in the Remote IP Start IP...
... check box. - From the AH Configuration Authentication Algorithm drop-down box, select Subnet address. - NETGEAR VPN Configuration FVS318 or FVM318 to the VPN Policies Menu page. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure F-10: NETGEAR FVL328 VPN - You will be taken back to FVL328 F-9 May 2004, 202-10030-02 Select Enable Authentication in the Remote IP Start IP...
FVL328 Reference Manual
Page 192
... address (example address 172.23.9.1) 2. If the connection is selected. F-10 NETGEAR VPN Configuration FVS318 or FVM318 to the example below. Click the Show VPN Logs button below . Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure F-11: NETGEAR FVL328 VPN Policies Menu (Post Configuration) 6. Click the Router Status link on the left side of the Settings management GUI. Click...
... address (example address 172.23.9.1) 2. If the connection is selected. F-10 NETGEAR VPN Configuration FVS318 or FVM318 to the example below. Click the Show VPN Logs button below . Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure F-11: NETGEAR FVL328 VPN Policies Menu (Post Configuration) 6. Click the Router Status link on the left side of the Settings management GUI. Click...
FVL328 Reference Manual
Page 193
...:inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1 13:19:42 - FVS318 IPsec:New State index:0, sno:1 13:19:42 - FVS318 IPsec:main_inR3() 13:19:46 - FVS318 IPsec:main_inR1_outI2() 13:19:42 - Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 13:19:02 - FVS318 IPSec:sizeof(connection)=1724 sizeof(state)=10048 sizeof(SA)=732 13:19...
...:inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1 13:19:42 - FVS318 IPsec:New State index:0, sno:1 13:19:42 - FVS318 IPsec:main_inR3() 13:19:46 - FVS318 IPsec:main_inR1_outI2() 13:19:42 - Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 13:19:02 - FVS318 IPSec:sizeof(connection)=1724 sizeof(state)=10048 sizeof(SA)=732 13:19...
FVL328 Reference Manual
Page 194
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 F-12 NETGEAR VPN Configuration FVS318 or FVM318 to FVL328 May 2004, 202-10030-02
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 F-12 NETGEAR VPN Configuration FVS318 or FVM318 to FVL328 May 2004, 202-10030-02
FVL328 Reference Manual
Page 213
...: December 2003 Model/Firmware Tested: NETGEAR-Gateway A FVS318 firmware version A1.4 or FVM318 firmware version 1.1 NETGEAR-Gateway B FVL328 with firmware version 1.5 Release 07 IP Addressing: NETGEAR-Gateway A Fully Qualified Domain Name (FQDN) NETGEAR-Gateway B Static IP address NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328 This appendix provides a case study on both routers. Verify whether the firmware is up...
...: December 2003 Model/Firmware Tested: NETGEAR-Gateway A FVS318 firmware version A1.4 or FVM318 firmware version 1.1 NETGEAR-Gateway B FVL328 with firmware version 1.5 Release 07 IP Addressing: NETGEAR-Gateway A Fully Qualified Domain Name (FQDN) NETGEAR-Gateway B Static IP address NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328 This appendix provides a case study on both routers. Verify whether the firmware is up...
FVL328 Reference Manual
Page 214
Example DDNS Service Providers include: Table H-1. H-2 NETGEAR VPN Configuration FVS318 or FVM318 with a DDNS service provider. This means that a user's IP address does not remain constant over time, which presents a challenge for Examples Using DDNS ....org for Gateway A using an example FQDN provided by a host or domain name. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 10.5.6.0/24 LAN IP 10.5.6.1 VPNC Example Network Interface Addressing 172.23.9.0/24 Gateway A WAN IP FQDN netgear.dydns.org WAN IP 22.23.24.25 Gateway B LAN IP 172.23.9.1 Figure...
Example DDNS Service Providers include: Table H-1. H-2 NETGEAR VPN Configuration FVS318 or FVM318 with a DDNS service provider. This means that a user's IP address does not remain constant over time, which presents a challenge for Examples Using DDNS ....org for Gateway A using an example FQDN provided by a host or domain name. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 10.5.6.0/24 LAN IP 10.5.6.1 VPNC Example Network Interface Addressing 172.23.9.0/24 Gateway A WAN IP FQDN netgear.dydns.org WAN IP 22.23.24.25 Gateway B LAN IP 172.23.9.1 Figure...
FVL328 Reference Manual
Page 215
... information necessary to FVL328 H-3 May 2004, 202-10030-02 Out of the box, the FVS318 or FVM318 is set for an account. Click the Dynamic DNS link on the left side of FVS318 or FVM318 Gateway A 1. Figure H-2: Dynamic DNS Setup menu NETGEAR VPN Configuration FVS318 or FVM318 with ..., click the link or go to the FVS318 or FVM318 labeled Gateway A as 10.5.6.1 for Gateway A and have set your own password. 2. Log in to www.dyndns.org. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 In order to establish VPN connectivity Gateway A must be configured to use...
... information necessary to FVL328 H-3 May 2004, 202-10030-02 Out of the box, the FVS318 or FVM318 is set for an account. Click the Dynamic DNS link on the left side of FVS318 or FVM318 Gateway A 1. Figure H-2: Dynamic DNS Setup menu NETGEAR VPN Configuration FVS318 or FVM318 with ..., click the link or go to the FVS318 or FVM318 labeled Gateway A as 10.5.6.1 for Gateway A and have set your own password. 2. Log in to www.dyndns.org. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 In order to establish VPN connectivity Gateway A must be configured to use...
FVL328 Reference Manual
Page 216
... provider gave you. Figure H-3: NETGEAR FVS318 VPN Settings Pre-Configuration 7. Click the Edit button below. Click the VPN Settings link on the left side of first available VPN leg (all 8 links are ...FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 4. In this example we used netgear as the service provider. - The dynamic DNS service provider may not be routed on the Internet. 6. Note: The router supports only basic DDNS and the login and password may call this example we are available in the example). H-4 NETGEAR VPN Configuration FVS318...
... provider gave you. Figure H-3: NETGEAR FVS318 VPN Settings Pre-Configuration 7. Click the Edit button below. Click the VPN Settings link on the left side of first available VPN leg (all 8 links are ...FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 4. In this example we used netgear as the service provider. - The dynamic DNS service provider may not be routed on the Internet. 6. Note: The router supports only basic DDNS and the login and password may call this example we are available in the example). H-4 NETGEAR VPN Configuration FVS318...