Hub and Spoke VPN network using the VPN Prosafe Client
Page 1
...) LAN1toVPN (FVX538 To VPN clients) LAN2toClient (VPN Clients to FVS338 via a single VPN connection to access Remote LANs (Spokes) via FVX538) LAN1 LAN1 Version 1.0 The diagram below shows a typical scenario. The configuration can apply to -box). In particular it describes how to allow VPN clients (Spoke) to a central (Hub) Firewall/Router. Hub and Spoke VPN using the VPN Prosafe Client This...
...) LAN1toVPN (FVX538 To VPN clients) LAN2toClient (VPN Clients to FVS338 via a single VPN connection to access Remote LANs (Spokes) via FVX538) LAN1 LAN1 Version 1.0 The diagram below shows a typical scenario. The configuration can apply to -box). In particular it describes how to allow VPN clients (Spoke) to a central (Hub) Firewall/Router. Hub and Spoke VPN using the VPN Prosafe Client This...
Hub and Spoke VPN network using the VPN Prosafe Client
Page 2
Table of Contents NETWORK SETUP...3 Physical setup...3 Logical setup ...3 Configuration of VPN policies on the Firewall/Routers 4 FVX538 VPN Config (Policy name: BoxtoBox 4 FVS338 VPN Config (Policy name: BoxtoBox 4 FVX538 VPN Config (Policy name: LAN1toVPN 5 FVX538 VPN Config (Policy name: LAN2Client 6 FVS338 VPN Config (Policy name: LAN2Client 6 VPN client configuration 7 Testing the connection ...8 Version 1.0
Table of Contents NETWORK SETUP...3 Physical setup...3 Logical setup ...3 Configuration of VPN policies on the Firewall/Routers 4 FVX538 VPN Config (Policy name: BoxtoBox 4 FVS338 VPN Config (Policy name: BoxtoBox 4 FVX538 VPN Config (Policy name: LAN1toVPN 5 FVX538 VPN Config (Policy name: LAN2Client 6 FVS338 VPN Config (Policy name: LAN2Client 6 VPN client configuration 7 Testing the connection ...8 Version 1.0
Hub and Spoke VPN network using the VPN Prosafe Client
Page 3
... LAN IP: 172.22.102.102/24 DHCP: 172.22.102.0/24 Firmware version: 3.5.0.24 VPN Client Version: 10.8.3 NIC IP: 192.168.0.x/24 VPN configuration The setup will require the creation of multiple VPN policies: FVX538 - 1x Box-to-box policy from the FVX538 to the FVS338 (Policy name: BoxtoBox) - 1x Client-to-Box policy on...
... LAN IP: 172.22.102.102/24 DHCP: 172.22.102.0/24 Firmware version: 3.5.0.24 VPN Client Version: 10.8.3 NIC IP: 192.168.0.x/24 VPN configuration The setup will require the creation of multiple VPN policies: FVX538 - 1x Box-to-box policy from the FVX538 to the FVS338 (Policy name: BoxtoBox) - 1x Client-to-Box policy on...
Hub and Spoke VPN network using the VPN Prosafe Client
Page 4
... pre-shared key. Click on Apply FVS338 VPN Config (Policy name: BoxtoBox) Access the VPN Wizard via the VPN configuration page. Click on Apply Version 1.0 Configure the Connection name (for admin reasons this will match the FVS338 box as the subnet address). Configuration of VPN policies on the Firewall/Routers FVX538 VPN Config (Policy name: BoxtoBox) Access the...
... pre-shared key. Click on Apply FVS338 VPN Config (Policy name: BoxtoBox) Access the VPN Wizard via the VPN configuration page. Click on Apply Version 1.0 Configure the Connection name (for admin reasons this will match the FVS338 box as the subnet address). Configuration of VPN policies on the Firewall/Routers FVX538 VPN Config (Policy name: BoxtoBox) Access the...
Hub and Spoke VPN network using the VPN Prosafe Client
Page 5
FVX538 VPN Config (Policy name: LAN1toVPN) Access the VPN Wizard via the VPN configuration page. Change the Local IP setting to any and the Remote IP to subnet, modifying the Start IP address to 192.168.0.0 with any pre-shared key) Take note of the Remote and Local identifier whether using the default ones or new ones. Create a new VPN client policy named LAN1toVPN (with subnet mask 255.255.255.0 Click on Apply Edit the LAN1toVPN. Click on Apply Version 1.0
FVX538 VPN Config (Policy name: LAN1toVPN) Access the VPN Wizard via the VPN configuration page. Change the Local IP setting to any and the Remote IP to subnet, modifying the Start IP address to 192.168.0.0 with any pre-shared key) Take note of the Remote and Local identifier whether using the default ones or new ones. Create a new VPN client policy named LAN1toVPN (with subnet mask 255.255.255.0 Click on Apply Edit the LAN1toVPN. Click on Apply Version 1.0
Hub and Spoke VPN network using the VPN Prosafe Client
Page 6
...Select IKE Policy is set to BoxtoBox Click on Apply Version 1.0 In the VPN Policy section click on Add (this will create a new manual VPN policy which will use an existing IKE policy) Create a new VPN client policy named LAN2toClient Specify the Remote Endpoint IP ...FVX538 Specify the Local IP subnet to be the one 192.168.0.0/24 Ensure that the Select IKE Policy is set to BoxtoBox Click on Apply FVS338 VPN Config (Policy name: LAN2Client) Access the VPN Wizard via the VPN configuration page. FVX538 VPN Config (Policy name: LAN2Client) Access the VPN Wizard via the VPN...
...Select IKE Policy is set to BoxtoBox Click on Apply Version 1.0 In the VPN Policy section click on Add (this will create a new manual VPN policy which will use an existing IKE policy) Create a new VPN client policy named LAN2toClient Specify the Remote Endpoint IP ...FVX538 Specify the Local IP subnet to be the one 192.168.0.0/24 Ensure that the Select IKE Policy is set to BoxtoBox Click on Apply FVS338 VPN Config (Policy name: LAN2Client) Access the VPN Wizard via the VPN configuration page. FVX538 VPN Config (Policy name: LAN2Client) Access the VPN Wizard via the VPN...
Hub and Spoke VPN network using the VPN Prosafe Client
Page 7
... LAN2) The gateway IP address will be specified at the WAN address of the FVX538 in our case In My identity change the pre-shared key to aggressive , PFS is enabled and Enable Replay Detection is ticked Version 1.0 VPN client configuration This configuration requires advanced IP address planning. This..., therefore, the two networks must be different on each PC running the VPN client In the Security policy section ensure the Phase 1 negotiation mode is set to match the VPN policy LAN1toVPN created on the FVX538 (12345678) Set the Virtual adapter as Required as specify a unique value ...
... LAN2) The gateway IP address will be specified at the WAN address of the FVX538 in our case In My identity change the pre-shared key to aggressive , PFS is enabled and Enable Replay Detection is ticked Version 1.0 VPN client configuration This configuration requires advanced IP address planning. This..., therefore, the two networks must be different on each PC running the VPN client In the Security policy section ensure the Phase 1 negotiation mode is set to match the VPN policy LAN1toVPN created on the FVX538 (12345678) Set the Virtual adapter as Required as specify a unique value ...
Hub and Spoke VPN network using the VPN Prosafe Client
Page 8
Testing the connection VPN Client From the VPN client run ipconfig to confirm once the VPN is established that the Virtual adapter interface is assigned with the IP address specified in the policy (in this case 192.168.0.1 ) Test the VPN connection to both the FVX538 and FVS338 by pinging each box LAN IP address FVS338 From Monitoring, Diagnostic on the FVS338 ping the VPN client IP address 1902.168.0.1 Version 1.0
Testing the connection VPN Client From the VPN client run ipconfig to confirm once the VPN is established that the Virtual adapter interface is assigned with the IP address specified in the policy (in this case 192.168.0.1 ) Test the VPN connection to both the FVX538 and FVS338 by pinging each box LAN IP address FVS338 From Monitoring, Diagnostic on the FVS338 ping the VPN client IP address 1902.168.0.1 Version 1.0
Configuring a Hub-and-Spoke VPN Using the NETGEAR VPN Client
Page 1
... instructions on configuration that does not use the VPN Client. Procedure This procedure was developed and tested using: • NETGEAR FVX538 ProSafe VPN Firewall with the FVX538 router, firmware version 2.x and NETGEAR ProSafe® VPN client, version 10.7.2 (Build 12). In this configuration, there is the NETGEAR VPN client. By establishing a VPN connection to the FVX538#1, the software VPN client gains access to -gateway VPN tunnel between FVX538 #1 and FVX538 #2.
... instructions on configuration that does not use the VPN Client. Procedure This procedure was developed and tested using: • NETGEAR FVX538 ProSafe VPN Firewall with the FVX538 router, firmware version 2.x and NETGEAR ProSafe® VPN client, version 10.7.2 (Build 12). In this configuration, there is the NETGEAR VPN client. By establishing a VPN connection to the FVX538#1, the software VPN client gains access to -gateway VPN tunnel between FVX538 #1 and FVX538 #2.
Configuring a Hub-and-Spoke VPN Using the NETGEAR VPN Client
Page 2
.... The local IP subnet is the LAN subnet behind FVX538 #1. Note: You can also create the IKE and VPN policies manually. Configuring the Hub-and-Spoke VPN To configure the FVX538 #1 (the Hub): 1. Create an IKE policy for VPN to address both Local Area Network #1 and Local Area... or one address range. Create a VPN policy using the VPN wizard, and then modify them. The VPN client policy needs to FVX538 #2. 2. The remote IP subnet is the LAN subnet behind FVX 538 #2. o WAN2 IP address subnet: 255.255.255.0 • NETGEAR ProSafe VPN client, version 10.7.2 (Build 12) o IP ...
.... The local IP subnet is the LAN subnet behind FVX538 #1. Note: You can also create the IKE and VPN policies manually. Configuring the Hub-and-Spoke VPN To configure the FVX538 #1 (the Hub): 1. Create an IKE policy for VPN to address both Local Area Network #1 and Local Area... or one address range. Create a VPN policy using the VPN wizard, and then modify them. The VPN client policy needs to FVX538 #2. 2. The remote IP subnet is the LAN subnet behind FVX 538 #2. o WAN2 IP address subnet: 255.255.255.0 • NETGEAR ProSafe VPN client, version 10.7.2 (Build 12) o IP ...
FVX538v2 Product datasheet
Page 1
... Featuring eight auto-sensing 10/100 Mbps LAN ports, one Gigabit LAN port and two 10/100 WAN ports, the ProSafe VPN Firewall FVX538 lets multiple computers in mind, the Trend Micro CS and CSM combine workstation and server virus protection (... networks and recommends a VPN solution with NETGEAR ProSafe VPN Client Software VPN01L FVX538 ProSafe VPN firewall 200 GSM7348 ProSafe 48-port Gigabit L3 Managed Switch 270-10263-01 WAG302 ProSafe Dual Band Wireless Access Point Everybody 's connecting.™ NMS100 ProSafe Network Management System Software CD Version 1.0 Instructions: This CD...
... Featuring eight auto-sensing 10/100 Mbps LAN ports, one Gigabit LAN port and two 10/100 WAN ports, the ProSafe VPN Firewall FVX538 lets multiple computers in mind, the Trend Micro CS and CSM combine workstation and server virus protection (... networks and recommends a VPN solution with NETGEAR ProSafe VPN Client Software VPN01L FVX538 ProSafe VPN firewall 200 GSM7348 ProSafe 48-port Gigabit L3 Managed Switch 270-10263-01 WAG302 ProSafe Dual Band Wireless Access Point Everybody 's connecting.™ NMS100 ProSafe Network Management System Software CD Version 1.0 Instructions: This CD...
FVX538v2 Reference Manual
Page 5
... OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Permission is granted to anyone to the following restrictions: 1. Altered source versions must be used by the zlib library is ," without specific prior written permission. The name of this software. you must... Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number FVX538 January 2010 VPN Firewall ProSafe VPN Firewall 200 Business English 202-10062-10 1.0 v v1.0, January 2010 This software is not required. 2. This notice may...
... OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Permission is granted to anyone to the following restrictions: 1. Altered source versions must be used by the zlib library is ," without specific prior written permission. The name of this software. you must... Model Number: Publication Date: Product Family: Product Name: Home or Business Product: Language: Publication Part Number: Publication Version Number FVX538 January 2010 VPN Firewall ProSafe VPN Firewall 200 Business English 202-10062-10 1.0 v v1.0, January 2010 This software is not required. 2. This notice may...
FVX538v2 Reference Manual
Page 14
... save paper and printer ink by selecting this manual, your printer supports printing two pages on the NETGEAR, Inc. website at http://www.adobe.com. ProSafe VPN Firewall 200 FVX538 Reference Manual • Scope. Revision History Part Number Version Number Date Description 202-10062-04 1.0 202-10062-05 1.0 202-10062-06 1.0 202-10062-06 1.1 202-10062...
... save paper and printer ink by selecting this manual, your printer supports printing two pages on the NETGEAR, Inc. website at http://www.adobe.com. ProSafe VPN Firewall 200 FVX538 Reference Manual • Scope. Revision History Part Number Version Number Date Description 202-10062-04 1.0 202-10062-05 1.0 202-10062-06 1.0 202-10062-06 1.1 202-10062...
FVX538v2 Reference Manual
Page 61
... RIP packets. This effectively disables RIP. • Both. A class-based routing that does not include subnet information. ProSafe VPN Firewall 200 FVX538 Reference Manual 2. From the RIP Direction pull-down menu, select the version: • Disabled. The VPN firewall broadcasts its route table nor does it accept any RIP packets from other routers. Figure 3-8 3. From the RIP...
... RIP packets. This effectively disables RIP. • Both. A class-based routing that does not include subnet information. ProSafe VPN Firewall 200 FVX538 Reference Manual 2. From the RIP Direction pull-down menu, select the version: • Disabled. The VPN firewall broadcasts its route table nor does it accept any RIP packets from other routers. Figure 3-8 3. From the RIP...
FVX538v2 Reference Manual
Page 164
... to a file on your hard disk to use a different firmware version. 6-18 VPN Firewall and Network Management v1.0, January 2010 This file can edit the system contact, system location, and system name. 3. ProSafe VPN Firewall 200 FVX538 Reference Manual When you click on the SNMP System Info link on ...the SNMP screen. Once you have installed the VPN firewall and have it working properly, you to: • Back up file. ...
... to a file on your hard disk to use a different firmware version. 6-18 VPN Firewall and Network Management v1.0, January 2010 This file can edit the system contact, system location, and system name. 3. ProSafe VPN Firewall 200 FVX538 Reference Manual When you click on the SNMP System Info link on ...the SNMP screen. Once you have installed the VPN firewall and have it working properly, you to: • Back up file. ...
FVX538v2 Reference Manual
Page 166
... the firmware version. All firewall rules, VPN policies, LAN/WAN settings and other settings will act as a DHCP server on using them before continuing. 4. From the Product Selection pull-down menu, choose the FVX538. 3. Select Administration from the main menu and Settings Backup & Upgrade from the Settings Backup and Firmware Upgrade screen. ProSafe VPN Firewall 200 FVX538 Reference Manual...
... the firmware version. All firewall rules, VPN policies, LAN/WAN settings and other settings will act as a DHCP server on using them before continuing. 4. From the Product Selection pull-down menu, choose the FVX538. 3. Select Administration from the main menu and Settings Backup & Upgrade from the Settings Backup and Firmware Upgrade screen. ProSafe VPN Firewall 200 FVX538 Reference Manual...
FVX538v2 Reference Manual
Page 167
...date, and NTP servers: 1. ProSafe VPN Firewall 200 FVX538 Reference Manual 6. This will start the software upgrade to your VPN firewall after upgrading it. Configuring Date and Time Service Date, time and NTP server designations can be necessary to the VPN firewall until the VPN firewall finishes the upgrade! The Time ... may be configured on page 6-22). At the conclusion of computers. After the VPN firewall has rebooted, select Monitoring to display the Router Status screen, and confirm the new firmware version to verify that is used to find out if this is a protocol that your...
...date, and NTP servers: 1. ProSafe VPN Firewall 200 FVX538 Reference Manual 6. This will start the software upgrade to your VPN firewall after upgrading it. Configuring Date and Time Service Date, time and NTP server designations can be necessary to the VPN firewall until the VPN firewall finishes the upgrade! The Time ... may be configured on page 6-22). At the conclusion of computers. After the VPN firewall has rebooted, select Monitoring to display the Router Status screen, and confirm the new firmware version to verify that is used to find out if this is a protocol that your...
FVX538v2 Reference Manual
Page 176
... This will display (see Figure 613 on page 6-29). DHCP can be made on the WAN ISP Settings screen. ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing the VPN Firewall Configuration and System Status The Router Status screen provides status and usage information. Because this information ... or Disabled. 6-30 VPN Firewall and Network Management v1.0, January 2010 Select Monitoring from the main menu and Router Status from the submenu. Displays the current settings for your VPN firewall. Router Status Fields Item System Name Firmware Version LAN Port Description This is...
... This will display (see Figure 613 on page 6-29). DHCP can be made on the WAN ISP Settings screen. ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing the VPN Firewall Configuration and System Status The Router Status screen provides status and usage information. Because this information ... or Disabled. 6-30 VPN Firewall and Network Management v1.0, January 2010 Select Monitoring from the main menu and Router Status from the submenu. Displays the current settings for your VPN firewall. Router Status Fields Item System Name Firmware Version LAN Port Description This is...
FVX538v2 Reference Manual
Page 187
... locate the VPN firewall's LAN interface address. • Make sure your VPN firewall's IP address has been changed and you do not want to revert to the factory default settings and lose your PC's IP address is shown as 169.254.x.x: Recent versions of 192....computer cannot reach a DHCP server. Troubleshooting 7-3 v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual Troubleshooting the Web Configuration Interface If you are unable to access the VPN firewall's Web Configuration interface from the PC to the VPN firewall and reboot your PC. • If your browser has Java...
... locate the VPN firewall's LAN interface address. • Make sure your VPN firewall's IP address has been changed and you do not want to revert to the factory default settings and lose your PC's IP address is shown as 169.254.x.x: Recent versions of 192....computer cannot reach a DHCP server. Troubleshooting 7-3 v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual Troubleshooting the Web Configuration Interface If you are unable to access the VPN firewall's Web Configuration interface from the PC to the VPN firewall and reboot your PC. • If your browser has Java...
FVX538v2 Reference Manual
Page 247
... 1-8 ProSafe VPN Firewall 200 FVX538 Reference Manual rack mounting hardware 1-8 RADIUS description 6-11 WiKID 6-11 RADIUS Server about 5-30 configuring 5-30 Edge Device 5-26 RADIUS-CHAP 5-26, 5-29 AUTH, using with 5-27 RADIUS-PAP 5-26, 5-29 XAUTH, using with 3-15 versions of ...16 about 3-16 configuring parameters 3-16 static routes, use 4-37 port triggering 6-6 status 6-36 Port Triggering screen 4-38, 6-36 ports explanation of WAN and LAN 1-6 PPP over Ethernet. PPPoE 1-4, 2-4, 2-6 Account Name 2-6 Domain Name 2-6 Internet connection 2-6 PPPoP Idle Timeout 2-6 PPTP 2-4, 2-6 Account...
... 1-8 ProSafe VPN Firewall 200 FVX538 Reference Manual rack mounting hardware 1-8 RADIUS description 6-11 WiKID 6-11 RADIUS Server about 5-30 configuring 5-30 Edge Device 5-26 RADIUS-CHAP 5-26, 5-29 AUTH, using with 5-27 RADIUS-PAP 5-26, 5-29 XAUTH, using with 3-15 versions of ...16 about 3-16 configuring parameters 3-16 static routes, use 4-37 port triggering 6-6 status 6-36 Port Triggering screen 4-38, 6-36 ports explanation of WAN and LAN 1-6 PPP over Ethernet. PPPoE 1-4, 2-4, 2-6 Account Name 2-6 Domain Name 2-6 Internet connection 2-6 PPPoP Idle Timeout 2-6 PPTP 2-4, 2-6 Account...