Client-to-Box VPN using Certificate Authentication
Page 1
Using certificates as authentication method for VPN connections between Netgear ProSafe Routers and the ProSafe VPN Client This document describes how to use certificates as an authentication method when establishing a VPN Client-to-Box connection. Version 2.0
Using certificates as authentication method for VPN connections between Netgear ProSafe Routers and the ProSafe VPN Client This document describes how to use certificates as an authentication method when establishing a VPN Client-to-Box connection. Version 2.0
Client-to-Box VPN using Certificate Authentication
Page 3
... handled by the router. 4- Signature Algorithm: RSA 5- Click on : "View" for generated certificate request to check its values: Copy all the commands up to the text file router1.csr Version 2.0 Creating your own CA. Signature Key Length: 1024 6- In first step you need to avoid using this parameter. 3- Netgear doesn't support ST...
... handled by the router. 4- Signature Algorithm: RSA 5- Click on : "View" for generated certificate request to check its values: Copy all the commands up to the text file router1.csr Version 2.0 Creating your own CA. Signature Key Length: 1024 6- In first step you need to avoid using this parameter. 3- Netgear doesn't support ST...
Client-to-Box VPN using Certificate Authentication
Page 4
CA keys, router1.crt - Reboot your device. CA certification, cakey.pem - Load CA certificate: "cacert.crt" and your signed certificate: "router1.crt" on your router. Version 2.0 generated self certificate request (router), cacert.crt - They now should display like this: 8- Sign your certificate request using your newly created CA: Openssl x509 -req -days 365 -in router1.csr -CA cacert.crt -CAkey cakey.pem -CAcreateserial out router1.crt router1.csr - 6- signed certificate (router). 7-
CA keys, router1.crt - Reboot your device. CA certification, cakey.pem - Load CA certificate: "cacert.crt" and your signed certificate: "router1.crt" on your router. Version 2.0 generated self certificate request (router), cacert.crt - They now should display like this: 8- Sign your certificate request using your newly created CA: Openssl x509 -req -days 365 -in router1.csr -CA cacert.crt -CAkey cakey.pem -CAcreateserial out router1.crt router1.csr - 6- signed certificate (router). 7-
Client-to-Box VPN using Certificate Authentication
Page 9
1. Create IKE and VPN policies on your IKE Policy according to the following way: Note: IP address ranges defined in: First, Second and Third Pool should be different then router's own LAN IP address range. 4. Delete the VPN Policy, leaving the IKE policy. 3. Modify your router using VPN Wizard. 2. Create new record for Mode Config in the following settings: Version 2.0
1. Create IKE and VPN policies on your IKE Policy according to the following way: Note: IP address ranges defined in: First, Second and Third Pool should be different then router's own LAN IP address range. 4. Delete the VPN Policy, leaving the IKE policy. 3. Modify your router using VPN Wizard. 2. Create new record for Mode Config in the following settings: Version 2.0
Hub and Spoke VPN network using the VPN Prosafe Client
Page 1
... diagram below shows a typical scenario. Hub and Spoke VPN using the VPN Prosafe Client This document describes the steps to undertake in configuring a Hub-and-Spoke network over the Internet using VPNs (box-to-box and client-to any of the VPN Firewall/Router from firmware version 3.5.0.24 and above, and VPN clients from version 10.8.3 and above.
... diagram below shows a typical scenario. Hub and Spoke VPN using the VPN Prosafe Client This document describes the steps to undertake in configuring a Hub-and-Spoke network over the Internet using VPNs (box-to-box and client-to any of the VPN Firewall/Router from firmware version 3.5.0.24 and above, and VPN clients from version 10.8.3 and above.
Hub and Spoke VPN network using the VPN Prosafe Client
Page 2
Table of Contents NETWORK SETUP...3 Physical setup...3 Logical setup ...3 Configuration of VPN policies on the Firewall/Routers 4 FVX538 VPN Config (Policy name: BoxtoBox 4 FVS338 VPN Config (Policy name: BoxtoBox 4 FVX538 VPN Config (Policy name: LAN1toVPN 5 FVX538 VPN Config (Policy name: LAN2Client 6 FVS338 VPN Config (Policy name: LAN2Client 6 VPN client configuration 7 Testing the connection ...8 Version 1.0
Table of Contents NETWORK SETUP...3 Physical setup...3 Logical setup ...3 Configuration of VPN policies on the Firewall/Routers 4 FVX538 VPN Config (Policy name: BoxtoBox 4 FVS338 VPN Config (Policy name: BoxtoBox 4 FVX538 VPN Config (Policy name: LAN1toVPN 5 FVX538 VPN Config (Policy name: LAN2Client 6 FVS338 VPN Config (Policy name: LAN2Client 6 VPN client configuration 7 Testing the connection ...8 Version 1.0
Hub and Spoke VPN network using the VPN Prosafe Client
Page 3
NETWORK SETUP Physical setup FVX538 connected to the Internet via a modem or modem/router FVS338 connected to the Internet via a modem or modem/router VPN Client PCs connected Wireless/Wired to the Internet (via a LAN allowing IPSEC traffic) Logical setup FVX538 LAN IP: 172.22.101.101/24 DHCP: 172.22.101.0/24 Mode... Config DHCP: 192.168.0.0/24 Firmware version: 3.5.0.24 FVS338 LAN IP: 172.22.102.102/24 DHCP: 172.22.102.0/24 Firmware version: 3.5.0.24 VPN...
NETWORK SETUP Physical setup FVX538 connected to the Internet via a modem or modem/router FVS338 connected to the Internet via a modem or modem/router VPN Client PCs connected Wireless/Wired to the Internet (via a LAN allowing IPSEC traffic) Logical setup FVX538 LAN IP: 172.22.101.101/24 DHCP: 172.22.101.0/24 Mode... Config DHCP: 192.168.0.0/24 Firmware version: 3.5.0.24 FVS338 LAN IP: 172.22.102.102/24 DHCP: 172.22.102.0/24 Firmware version: 3.5.0.24 VPN...
Hub and Spoke VPN network using the VPN Prosafe Client
Page 4
... the LAN details (the Remote LAN IP address is intended as the subnet address). Configuration of VPN policies on Apply Version 1.0 Click on the Firewall/Routers FVX538 VPN Config (Policy name: BoxtoBox) Access the VPN Wizard via the VPN configuration page. Configure the Connection name (for admin reasons this will match the FVS338 box as BoxtoBox...
... the LAN details (the Remote LAN IP address is intended as the subnet address). Configuration of VPN policies on Apply Version 1.0 Click on the Firewall/Routers FVX538 VPN Config (Policy name: BoxtoBox) Access the VPN Wizard via the VPN configuration page. Configure the Connection name (for admin reasons this will match the FVS338 box as BoxtoBox...
VPN configuration with ProSafe Client
Page 1
... the correct port forwarding or DMZ configured so that your ProSafe Netgear Router, as well as how to configure the VPN Pro-Safe VPN client in order to allow VPN passthrough. NOTE: This document assumes that port 500 UDP is open for your router is either receiving a public IP address on how to ...create IKE and auto-VPN policies for the router, these gateway devices must also...
... the correct port forwarding or DMZ configured so that your ProSafe Netgear Router, as well as how to configure the VPN Pro-Safe VPN client in order to allow VPN passthrough. NOTE: This document assumes that port 500 UDP is open for your router is either receiving a public IP address on how to ...create IKE and auto-VPN policies for the router, these gateway devices must also...
VPN configuration with ProSafe Client
Page 2
Router Settings: As we configure the Netgear VPN Router, there will be information we'll add which will be used in the configuration of this form to help keep track of the ProSafe Client Software. This information will later be marked with red numbered circles. You can print this information. ➊ Pre-Shared Key Remote Identifier Information Local Identifier Information Router's LAN Network IP Address Router's LAN Network IP Mask Router's WAN IP Address Version 1.1
Router Settings: As we configure the Netgear VPN Router, there will be information we'll add which will be used in the configuration of this form to help keep track of the ProSafe Client Software. This information will later be marked with red numbered circles. You can print this information. ➊ Pre-Shared Key Remote Identifier Information Local Identifier Information Router's LAN Network IP Address Router's LAN Network IP Mask Router's WAN IP Address Version 1.1
VPN configuration with ProSafe Client
Page 3
... ➊ (Client). Now you 'll be any alphanumeric string. Creation of the VPN Policy on the ProSafe Router: • From the Router's GUI, go to use for VPN Client. . It is a name that identifies the remote peer in the VPN Connection (Router). You can leave the default or create your own identifier. • WAN Interface: If your...
... ➊ (Client). Now you 'll be any alphanumeric string. Creation of the VPN Policy on the ProSafe Router: • From the Router's GUI, go to use for VPN Client. . It is a name that identifies the remote peer in the VPN Connection (Router). You can leave the default or create your own identifier. • WAN Interface: If your...
VPN configuration with ProSafe Client
Page 4
... Network IP Address: The firsts segment in the "Local" box. Make note of your router. Version 1.1 but may change depending on the setup of VPN Policies. In our screenshot described as 192.168.1.0 - NOTE: The values you will be referenced them with red circles will see ...policy we created in the list of your router. ➎ Router's LAN Network IP Mask: The second segment in the "Local" box. In our screenshot described as 255.255.255.0 - Once you apply, you used for the fields marked with the same circled numbers while configuring the ProSafe VPN Client software.
... Network IP Address: The firsts segment in the "Local" box. Make note of your router. Version 1.1 but may change depending on the setup of VPN Policies. In our screenshot described as 192.168.1.0 - NOTE: The values you will be referenced them with red circles will see ...policy we created in the list of your router. ➎ Router's LAN Network IP Mask: The second segment in the "Local" box. In our screenshot described as 255.255.255.0 - Once you apply, you used for the fields marked with the same circled numbers while configuring the ProSafe VPN Client software.
VPN configuration with ProSafe Client
Page 5
...Version 1.1 In this information. • After installing the VPN Client Software, right click in your VPN Router, but it is advised you use the same to facilitate identification of the VPN Policy on the ProSafe Client: Before you start configuring the VPN Client, go through the following checklist and make sure you... have to be "VPN". The name does not ...
...Version 1.1 In this information. • After installing the VPN Client Software, right click in your VPN Router, but it is advised you use the same to facilitate identification of the VPN Policy on the ProSafe Client: Before you start configuring the VPN Client, go through the following checklist and make sure you... have to be "VPN". The name does not ...
VPN configuration with ProSafe Client
Page 6
Version 1.1 • Click on the name of your new created policy and change the ID Type field to IP Subnet ➎➏ ➎ The Subnet field will be the value of your Router's LAN Network IP Address. ➏The value of the Mask field will be the value of your Router's LAN Network IP Mask. • Next, tick the checkbox next to Use: Secure Gateway Tunnel. ➌ The ID Type field will be the value of your Local Identifier Information. ➏ The value of the Gateway IP Address will be the value of your ➌ ➏ Router's WAN IP Address.
Version 1.1 • Click on the name of your new created policy and change the ID Type field to IP Subnet ➎➏ ➎ The Subnet field will be the value of your Router's LAN Network IP Address. ➏The value of the Mask field will be the value of your Router's LAN Network IP Mask. • Next, tick the checkbox next to Use: Secure Gateway Tunnel. ➌ The ID Type field will be the value of your Local Identifier Information. ➏ The value of the Gateway IP Address will be the value of your ➌ ➏ Router's WAN IP Address.
VPN configuration with ProSafe Client
Page 8
Version 1.1 • Input the Pre-Shared Key that you have used when creating the VPN Policy on the Router and click on the OK Button. • Next, change the ID Type to Domain name. ➋ ➋ In the field that will open, add the value of your Remote Identifier Information.
Version 1.1 • Input the Pre-Shared Key that you have used when creating the VPN Policy on the Router and click on the OK Button. • Next, change the ID Type to Domain name. ➋ ➋ In the field that will open, add the value of your Remote Identifier Information.
DGFV338 Installation Guide
Page 1
... the Ethernet port of the full manual. • Test: When the router is first turned on the Resource CD or the NETGEAR knowledgebase at 100 Mbps. b. Use a browser to connect to set up your computer. )NSTALLATION'UIDE DGFV338 ProSafe™ Wireless ADSL Modem VPN Firewall Router Start Here Follow these instructions to http://192.168.1.1. Green on top indicates your...
... the Ethernet port of the full manual. • Test: When the router is first turned on the Resource CD or the NETGEAR knowledgebase at 100 Mbps. b. Use a browser to connect to set up your computer. )NSTALLATION'UIDE DGFV338 ProSafe™ Wireless ADSL Modem VPN Firewall Router Start Here Follow these instructions to http://192.168.1.1. Green on top indicates your...
DGFV338 Installation Guide
Page 2
...on the modem (if applicable). For help with your network in securely and the modem and wireless ADSL gateway are trademarks or registered trademarks of NETGEAR, Inc. This symbol was placed in securely, the wireless ADSL gateway turned on and synchronized to the ADSL network. ... regional customer support centers are some tips for either a Dedicated ADSL or a Dedicated Ethernet port connection. (If both ISP settings and selected Rollover Mode in the DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual. Select the correct Country/Region setting so that is...
...on the modem (if applicable). For help with your network in securely and the modem and wireless ADSL gateway are trademarks or registered trademarks of NETGEAR, Inc. This symbol was placed in securely, the wireless ADSL gateway turned on and synchronized to the ADSL network. ... regional customer support centers are some tips for either a Dedicated ADSL or a Dedicated Ethernet port connection. (If both ISP settings and selected Rollover Mode in the DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual. Select the correct Country/Region setting so that is...
DGFV338 Product datasheet
Page 1
... URLs, fortifying your small to mid-sized business needs. 24/7 TECHNICAL S U P P O R T* 1-888-NETGEAR (638-4327) Email: info@NETGEAR.com Notebook PC with Dual 108 Mbps Wireless Adapter PC Card (WAG511) Notebook PC with Dual 108 Mbps Wireless Adapter PC Card (WAG511) ProSafe™ Wireless ADSL Modem VPN Firewall Router (DGFV338) Desktop PC with 10/100 NIC (FA311) Desktop PC with the highest...
... URLs, fortifying your small to mid-sized business needs. 24/7 TECHNICAL S U P P O R T* 1-888-NETGEAR (638-4327) Email: info@NETGEAR.com Notebook PC with Dual 108 Mbps Wireless Adapter PC Card (WAG511) Notebook PC with Dual 108 Mbps Wireless Adapter PC Card (WAG511) ProSafe™ Wireless ADSL Modem VPN Firewall Router (DGFV338) Desktop PC with 10/100 NIC (FA311) Desktop PC with the highest...
DGFV338 Product datasheet
Page 2
... and display table), WAN DHCP client, diagnostic tools (ping, trace route, other countries. NETGEAR Lifetime Warranty† ProSupport™ Service Packs Available • On Call 24 x 7 - ProSafe Wireless ADSL Modem VPN Firewall Router (DGFV338) - Warranty/support information card Ordering Information - United Kingdom: DGFV338 - 100UKS - ProSafe™ Wireless ADSL Modem VPN Firewall Router DGFV338 Technical Specifications • Wireless - Antenna: (2) 5dBi, detachable • Physical Interfaces - LAN ports: Eight (8) 10/100Mbps autosensing...
... and display table), WAN DHCP client, diagnostic tools (ping, trace route, other countries. NETGEAR Lifetime Warranty† ProSupport™ Service Packs Available • On Call 24 x 7 - ProSafe Wireless ADSL Modem VPN Firewall Router (DGFV338) - Warranty/support information card Ordering Information - United Kingdom: DGFV338 - 100UKS - ProSafe™ Wireless ADSL Modem VPN Firewall Router DGFV338 Technical Specifications • Wireless - Antenna: (2) 5dBi, detachable • Physical Interfaces - LAN ports: Eight (8) 10/100Mbps autosensing...
DGFV338 Reference Manual
Page 2
... the registration card and mailing it to the use or application of the product(s) or circuit layout(s) described herein. DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Technical Support Please register to http://www.NETGEAR.com. Trademarks NETGEAR and the NETGEAR logo are registered trademarks or trademarks of Microsoft Corporation. To register your proof of 500 feet (152.4 m) for...
... the registration card and mailing it to the use or application of the product(s) or circuit layout(s) described herein. DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual Technical Support Please register to http://www.NETGEAR.com. Trademarks NETGEAR and the NETGEAR logo are registered trademarks or trademarks of Microsoft Corporation. To register your proof of 500 feet (152.4 m) for...