Client-to-Box VPN using Certificate Authentication
Page 1
Using certificates as authentication method for VPN connections between Netgear ProSafe Routers and the ProSafe VPN Client This document describes how to use certificates as an authentication method when establishing a VPN Client-to-Box connection. Version 2.0
Using certificates as authentication method for VPN connections between Netgear ProSafe Routers and the ProSafe VPN Client This document describes how to use certificates as an authentication method when establishing a VPN Client-to-Box connection. Version 2.0
Client-to-Box VPN using Certificate Authentication
Page 5
Then, click on Request Certificate. Change the whole filename after creating a certificate request instead. 9- Note: Do not change file extension in the screenshot. Version 2.0 For last, input the settings like instructed in client software. Next - generate certificate request using Certificate Manager which is built-in functionality of Netgear's ProSafe VPN Client following these steps: First, click on 'Yes' when you get the filebased request prompt.
Then, click on Request Certificate. Change the whole filename after creating a certificate request instead. 9- Note: Do not change file extension in the screenshot. Version 2.0 For last, input the settings like instructed in client software. Next - generate certificate request using Certificate Manager which is built-in functionality of Netgear's ProSafe VPN Client following these steps: First, click on 'Yes' when you get the filebased request prompt.
Hub and Spoke VPN network using the VPN Prosafe Client
Page 1
... (FVX538 To VPN clients) LAN2toClient (VPN Clients to FVS338 via a single VPN connection to access Remote LANs (Spokes) via FVX538) LAN1 LAN1 Version 1.0 Hub and Spoke VPN using the VPN Prosafe Client This document describes the steps to undertake in configuring a Hub-and-Spoke network over the Internet using VPNs (box-to-box and client-to any of the VPN Firewall/Router from firmware...
... (FVX538 To VPN clients) LAN2toClient (VPN Clients to FVS338 via a single VPN connection to access Remote LANs (Spokes) via FVX538) LAN1 LAN1 Version 1.0 Hub and Spoke VPN using the VPN Prosafe Client This document describes the steps to undertake in configuring a Hub-and-Spoke network over the Internet using VPNs (box-to-box and client-to any of the VPN Firewall/Router from firmware...
Hub and Spoke VPN network using the VPN Prosafe Client
Page 2
Table of Contents NETWORK SETUP...3 Physical setup...3 Logical setup ...3 Configuration of VPN policies on the Firewall/Routers 4 FVX538 VPN Config (Policy name: BoxtoBox 4 FVS338 VPN Config (Policy name: BoxtoBox 4 FVX538 VPN Config (Policy name: LAN1toVPN 5 FVX538 VPN Config (Policy name: LAN2Client 6 FVS338 VPN Config (Policy name: LAN2Client 6 VPN client configuration 7 Testing the connection ...8 Version 1.0
Table of Contents NETWORK SETUP...3 Physical setup...3 Logical setup ...3 Configuration of VPN policies on the Firewall/Routers 4 FVX538 VPN Config (Policy name: BoxtoBox 4 FVS338 VPN Config (Policy name: BoxtoBox 4 FVX538 VPN Config (Policy name: LAN1toVPN 5 FVX538 VPN Config (Policy name: LAN2Client 6 FVS338 VPN Config (Policy name: LAN2Client 6 VPN client configuration 7 Testing the connection ...8 Version 1.0
Hub and Spoke VPN network using the VPN Prosafe Client
Page 3
NETWORK SETUP Physical setup FVX538 connected to the Internet via a modem or modem/router FVS338 connected to the Internet via a modem or modem/router VPN Client PCs connected Wireless/Wired to the Internet (via a LAN allowing IPSEC traffic) Logical setup FVX538 LAN IP: 172.22.101.101/24 DHCP: 172.22.101.0/24 Mode ...
NETWORK SETUP Physical setup FVX538 connected to the Internet via a modem or modem/router FVS338 connected to the Internet via a modem or modem/router VPN Client PCs connected Wireless/Wired to the Internet (via a LAN allowing IPSEC traffic) Logical setup FVX538 LAN IP: 172.22.101.101/24 DHCP: 172.22.101.0/24 Mode ...
Hub and Spoke VPN network using the VPN Prosafe Client
Page 5
FVX538 VPN Config (Policy name: LAN1toVPN) Access the VPN Wizard via the VPN configuration page. Click on Apply Version 1.0 Change the Local IP setting to any and the Remote IP to subnet, modifying the Start IP address to 192.168.0.0 with any pre-shared key) Take note of the Remote and Local identifier whether using the default ones or new ones. Create a new VPN client policy named LAN1toVPN (with subnet mask 255.255.255.0 Click on Apply Edit the LAN1toVPN.
FVX538 VPN Config (Policy name: LAN1toVPN) Access the VPN Wizard via the VPN configuration page. Click on Apply Version 1.0 Change the Local IP setting to any and the Remote IP to subnet, modifying the Start IP address to 192.168.0.0 with any pre-shared key) Take note of the Remote and Local identifier whether using the default ones or new ones. Create a new VPN client policy named LAN1toVPN (with subnet mask 255.255.255.0 Click on Apply Edit the LAN1toVPN.
Hub and Spoke VPN network using the VPN Prosafe Client
Page 6
... FVX538 Specify the Local IP subnet to be the one of the FVS338 172.22.102.0/24 and the Remote IP subnet to be the VPN clients one of the FVS338 as 172.22.102.0/24 Ensure that the Select IKE Policy is set to BoxtoBox Click on Apply Version 1.0 In the... Specify the Remote Endpoint IP address to be the Public address of the FVS338 Specify the Local IP subnet to be the LAN of the VPN clients as 192.168.0.0/24 and the Remote IP subnet to be the one 192.168.0.0/24 Ensure that the Select IKE Policy is set to...
... FVX538 Specify the Local IP subnet to be the one of the FVS338 172.22.102.0/24 and the Remote IP subnet to be the VPN clients one of the FVS338 as 172.22.102.0/24 Ensure that the Select IKE Policy is set to BoxtoBox Click on Apply Version 1.0 In the... Specify the Remote Endpoint IP address to be the Public address of the FVS338 Specify the Local IP subnet to be the LAN of the VPN clients as 192.168.0.0/24 and the Remote IP subnet to be the one 192.168.0.0/24 Ensure that the Select IKE Policy is set to...
Hub and Spoke VPN network using the VPN Prosafe Client
Page 7
... Required as specify a unique value for the Internal network IP address (this will be presentable as one subnet or one address range. Create a new VPN client policy Specify the Remote Party ID type as IP Subnet and the subnet and mask as 172.22.0.0 255.255.255.0 (this will address both... Local Area Network #1 and Local Area Network #2 in the same client policy profile, therefore, the two networks must be different on each PC running the VPN client In the Security policy section ensure the Phase 1 negotiation mode is set to address both LAN1 and LAN2...
... Required as specify a unique value for the Internal network IP address (this will be presentable as one subnet or one address range. Create a new VPN client policy Specify the Remote Party ID type as IP Subnet and the subnet and mask as 172.22.0.0 255.255.255.0 (this will address both... Local Area Network #1 and Local Area Network #2 in the same client policy profile, therefore, the two networks must be different on each PC running the VPN client In the Security policy section ensure the Phase 1 negotiation mode is set to address both LAN1 and LAN2...
Hub and Spoke VPN network using the VPN Prosafe Client
Page 8
Testing the connection VPN Client From the VPN client run ipconfig to confirm once the VPN is established that the Virtual adapter interface is assigned with the IP address specified in the policy (in this case 192.168.0.1 ) Test the VPN connection to both the FVX538 and FVS338 by pinging each box LAN IP address FVS338 From Monitoring, Diagnostic on the FVS338 ping the VPN client IP address 1902.168.0.1 Version 1.0
Testing the connection VPN Client From the VPN client run ipconfig to confirm once the VPN is established that the Virtual adapter interface is assigned with the IP address specified in the policy (in this case 192.168.0.1 ) Test the VPN connection to both the FVX538 and FVS338 by pinging each box LAN IP address FVS338 From Monitoring, Diagnostic on the FVS338 ping the VPN client IP address 1902.168.0.1 Version 1.0
VPN configuration with ProSafe Client
Page 1
NOTE: This document assumes that your ProSafe Netgear Router, as well as how to configure the VPN Pro-Safe VPN client in order to be established over the internet. Version 1.1 VPN Configuration of ProSafe Client and Netgear ProSafe Router: This document will guide you on how to create IKE and auto-VPN policies for your router is either receiving a public IP address on the WAN...
NOTE: This document assumes that your ProSafe Netgear Router, as well as how to configure the VPN Pro-Safe VPN client in order to be established over the internet. Version 1.1 VPN Configuration of ProSafe Client and Netgear ProSafe Router: This document will guide you on how to create IKE and auto-VPN policies for your router is either receiving a public IP address on the WAN...
VPN configuration with ProSafe Client
Page 3
...can be any alphanumeric string. It is a name that identifies the remote peer in the VPN Connection (Router). Version 1.1 It is a name that identifies the local peer in the VPN Connection ➊ (Client). You can leave the default or create your own identifier. ➋➌ ➌ .... ➊ Pre-Shared Key: The name can be prompted to select which interface to use for VPN Client. . Creation of the VPN Policy on the ProSafe Router: • From the Router's GUI, go to the VPN section and then select the VPN wizard. • There, select the option for the...
...can be any alphanumeric string. It is a name that identifies the remote peer in the VPN Connection (Router). Version 1.1 It is a name that identifies the local peer in the VPN Connection ➊ (Client). You can leave the default or create your own identifier. ➋➌ ➌ .... ➊ Pre-Shared Key: The name can be prompted to select which interface to use for VPN Client. . Creation of the VPN Policy on the ProSafe Router: • From the Router's GUI, go to the VPN section and then select the VPN wizard. • There, select the option for the...
VPN configuration with ProSafe Client
Page 4
...: The values you will be referenced them with the same circled numbers while configuring the ProSafe VPN Client software. but may change depending on the setup of your router. Version 1.1 but may change depending on the setup of your router. ➎ Router's LAN Network IP Mask: The second segment in the "Local" box. Once you apply...
...: The values you will be referenced them with the same circled numbers while configuring the ProSafe VPN Client software. but may change depending on the setup of your router. Version 1.1 but may change depending on the setup of your router. ➎ Router's LAN Network IP Mask: The second segment in the "Local" box. Once you apply...
VPN configuration with ProSafe Client
Page 5
...VPN Router, but it is advised you use the same to facilitate identification of the VPN Policy on "My Connections" and add a new connection. Version 1.1 In this information. • After installing the VPN Client Software, right click in the tray icon for the VPN Client and select the option Security Policy Editor. • Right click on the ProSafe Client...: Before you start configuring the VPN Client, go through...
...VPN Router, but it is advised you use the same to facilitate identification of the VPN Policy on "My Connections" and add a new connection. Version 1.1 In this information. • After installing the VPN Client Software, right click in the tray icon for the VPN Client and select the option Security Policy Editor. • Right click on the ProSafe Client...: Before you start configuring the VPN Client, go through...
VPN configuration with ProSafe Client
Page 10
If your mouse, select connect and select the connection you 'll receive a message confirming the connection. Version 1.1 Connecting: To connect, right click on the tray icon of the Netgear VPN client with your settings are correct you just created.
If your mouse, select connect and select the connection you 'll receive a message confirming the connection. Version 1.1 Connecting: To connect, right click on the tray icon of the Netgear VPN client with your settings are correct you just created.
DGFV338 Product datasheet
Page 1
...wireless communication with 10/100 NIC (FA311) Internet ProSafe VPN Client Software VPN01L/05L Comprehensive controls block or filter unwanted addresses, services, protocols, and URLs, fortifying your small to mid-sized business needs. 24/7 TECHNICAL S U P P O R T* 1-888-NETGEAR (638-4327) Email: info@NETGEAR....com Notebook PC with Dual 108 Mbps Wireless Adapter PC Card (WAG511) Notebook PC with Dual 108 Mbps Wireless Adapter PC Card (WAG511) ProSafe™ Wireless ADSL Modem VPN Firewall Router (DGFV338) Desktop PC with 10/100 ...
...wireless communication with 10/100 NIC (FA311) Internet ProSafe VPN Client Software VPN01L/05L Comprehensive controls block or filter unwanted addresses, services, protocols, and URLs, fortifying your small to mid-sized business needs. 24/7 TECHNICAL S U P P O R T* 1-888-NETGEAR (638-4327) Email: info@NETGEAR....com Notebook PC with Dual 108 Mbps Wireless Adapter PC Card (WAG511) Notebook PC with Dual 108 Mbps Wireless Adapter PC Card (WAG511) ProSafe™ Wireless ADSL Modem VPN Firewall Router (DGFV338) Desktop PC with 10/100 ...
DGFV338 Product datasheet
Page 2
... are trademarks of operation: One-to-one/ many-to 20 Mbps for each PC - ProSafe™ Wireless ADSL Modem VPN Firewall Router DGFV338 Technical Specifications • Wireless - IP Addressing: DHCP (client and server) - LAN: Up to 20 users • Hardware - Memory: 8 MB...DGFV338 - 100AUS 4500 Great America Parkway Santa Clara, CA 95054 USA 1-888-NETGEAR (638-4327) E-mail: info@NETGEAR.com www.NETGEAR.com ©2007 NETGEAR, Inc., the NETGEAR logo, Connect with X.509 v.3 certificate support, remote access VPN (client-to-site), site-to simplify configuration of the VPN...
... are trademarks of operation: One-to-one/ many-to 20 Mbps for each PC - ProSafe™ Wireless ADSL Modem VPN Firewall Router DGFV338 Technical Specifications • Wireless - IP Addressing: DHCP (client and server) - LAN: Up to 20 users • Hardware - Memory: 8 MB...DGFV338 - 100AUS 4500 Great America Parkway Santa Clara, CA 95054 USA 1-888-NETGEAR (638-4327) E-mail: info@NETGEAR.com www.NETGEAR.com ©2007 NETGEAR, Inc., the NETGEAR logo, Connect with X.509 v.3 certificate support, remote access VPN (client-to-site), site-to simplify configuration of the VPN...
DGFV338 Reference Manual
Page 13
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Setting up Port Triggering 4-28 Setting a Schedule to Block or Allow Specific Traffic 4-31 Event Logs and Alerts 4-32 Security and Administrator Management 4-35 Chapter 5 Virtual Private Networking Dual WAN Port Systems 5-1 Setting up a VPN Connection using the VPN Wizard 5-2 VPN Tunnel Policies ...5-5 IKE Policy ...5-5 VPN Policy ...5-7 VPN Tunnel Connection Status 5-8 Creating a VPN Connection: Between...
DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Setting up Port Triggering 4-28 Setting a Schedule to Block or Allow Specific Traffic 4-31 Event Logs and Alerts 4-32 Security and Administrator Management 4-35 Chapter 5 Virtual Private Networking Dual WAN Port Systems 5-1 Setting up a VPN Connection using the VPN Wizard 5-2 VPN Tunnel Policies ...5-5 IKE Policy ...5-5 VPN Policy ...5-7 VPN Tunnel Connection Status 5-8 Creating a VPN Connection: Between...
DGFV338 Reference Manual
Page 26
... hardware functions of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Router Front Panel The ProSafe Wireless ADSL Modem VPN Firewall Router front panel shown below contains the power and test LEDs, Internet status LEDs, and the LAN status LEDs. 1-6 Introduction v1.0, April 2007 DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • A Web browser for configuration such as Mozilla Firefox, Microsoft...
... hardware functions of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Router Front Panel The ProSafe Wireless ADSL Modem VPN Firewall Router front panel shown below contains the power and test LEDs, Internet status LEDs, and the LAN status LEDs. 1-6 Introduction v1.0, April 2007 DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • A Web browser for configuration such as Mozilla Firefox, Microsoft...
DGFV338 Reference Manual
Page 92
...DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Minimize-Delay: Used when the time required for connectivity problems. It is recommended that you to specify if the router should be protected against common attacks from a single computer on the LAN. • VPN Pass through: IPSec, PPTP or L2TP: Typically, this option is enabled, the router will override this router... Checks: - When the router is used as a VPN Client or Gateway that connects to other VPN Gateways. Select the appropriate radio boxes to the Remote VPN Gateway are first filtered through...
...DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual • Minimize-Delay: Used when the time required for connectivity problems. It is recommended that you to specify if the router should be protected against common attacks from a single computer on the LAN. • VPN Pass through: IPSec, PPTP or L2TP: Typically, this option is enabled, the router will override this router... Checks: - When the router is used as a VPN Client or Gateway that connects to other VPN Gateways. Select the appropriate radio boxes to the Remote VPN Gateway are first filtered through...
DGFV338 Reference Manual
Page 110
... v1.0, April 2007 Enter a Pre-shared Key. Check the radio box for a remote client/PC to establish a secure connection to . • Both the remote WAN address and your FQDN; The Internet name is not permissible. 6. DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Setting up a VPN Connection using a CA (Certificate Authority). 4. This method does not require using the...
... v1.0, April 2007 Enter a Pre-shared Key. Check the radio box for a remote client/PC to establish a secure connection to . • Both the remote WAN address and your FQDN; The Internet name is not permissible. 6. DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Setting up a VPN Connection using a CA (Certificate Authority). 4. This method does not require using the...