FVS318G User Manual
Page 7
... NETGEAR VPN Client Status and Log Information 5-11 FVS318G VPN Connection Status and Logs 5-13 Managing VPN Policies 5-14 Managing IKE Policies 5-14 Managing VPN Policies 5-16 Configuring Extended Authentication (XAUTH 5-17 Configuring XAUTH for VPN Clients 5-18 User Database Configuration 5-19 RADIUS Client Configuration 5-19 Assigning IP Addresses to Remote Users (ModeConfig 5-21 Mode Config Operation 5-22 Configuring the VPN Firewall Router 5-22 Configuring the ProSafe VPN Client...
... NETGEAR VPN Client Status and Log Information 5-11 FVS318G VPN Connection Status and Logs 5-13 Managing VPN Policies 5-14 Managing IKE Policies 5-14 Managing VPN Policies 5-16 Configuring Extended Authentication (XAUTH 5-17 Configuring XAUTH for VPN Clients 5-18 User Database Configuration 5-19 RADIUS Client Configuration 5-19 Assigning IP Addresses to Remote Users (ModeConfig 5-21 Mode Config Operation 5-22 Configuring the VPN Firewall Router 5-22 Configuring the ProSafe VPN Client...
FVS318G User Manual
Page 102
... authentication reduces the amount of data entry required on page 6-7). The receiver then uses its private key to encrypt data intended for the VPN tunnel are manually input at a time (noted by an "*" next to the NETGEAR website. The Policy Table contains..."Related Documents" for VPN policy use are generated automatically by two or more complete understanding of bits. The VPN Policies Tab Page The VPN Policies screen allows you have a matching SA, or it will automatically be used when exchanging keys. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual •...
... authentication reduces the amount of data entry required on page 6-7). The receiver then uses its private key to encrypt data intended for the VPN tunnel are manually input at a time (noted by an "*" next to the NETGEAR website. The Policy Table contains..."Related Documents" for VPN policy use are generated automatically by two or more complete understanding of bits. The VPN Policies Tab Page The VPN Policies screen allows you have a matching SA, or it will automatically be used when exchanging keys. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual •...
FVS318G User Manual
Page 103
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • ! (Status). IP address (either a single address, range of user accounts. Traffic must be covered by this policy. (The Subnet address is supplied as required. • Name. Although the administrator could configure a unique VPN policy for each user, it is "Auto" or "Manual" as a VPN... Name when using the VPN Wizard). • Remote. To Enable or Disable a Policy, check the box adjacent to be enabled when adding or editing an IKE Policy. XAUTH can be used during VPN Wizard configuration). • Local.
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • ! (Status). IP address (either a single address, range of user accounts. Traffic must be covered by this policy. (The Subnet address is supplied as required. • Name. Although the administrator could configure a unique VPN policy for each user, it is "Auto" or "Manual" as a VPN... Name when using the VPN Wizard). • Remote. To Enable or Disable a Policy, check the box adjacent to be enabled when adding or editing an IKE Policy. XAUTH can be used during VPN Wizard configuration). • Local.
FVS318G User Manual
Page 104
... account is displayed. To enable and configure XAUTH: 1. Figure 5-18 3. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • IPsec Host. The VPN policy must establish user accounts on the User Database to be authenticated against XAUTH, or you can modify the IKE policy. You can add XAUTH to an existing IKE Policy by clicking Edit adjacent to the...
... account is displayed. To enable and configure XAUTH: 1. Figure 5-18 3. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • IPsec Host. The VPN policy must establish user accounts on the User Database to be authenticated against XAUTH, or you can modify the IKE policy. You can add XAUTH to an existing IKE Policy by clicking Edit adjacent to the...
FVS318G User Manual
Page 105
...gateway tunnels terminate. RADIUS Client Configuration RADIUS (Remote Authentication Dial In User Service, RFC 2865) is not present, the VPN firewall will then connect to the RADIUS server (see if the user credentials are available. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Edge Device...to see "RADIUS Client Configuration" on page 5-19). • IPsec Host if you will try to network resources. If RADIUS-PAP is selected, the VPN firewall will store a database of user information, and can interrupt the process with the IKE policy for managing Authentication,...
...gateway tunnels terminate. RADIUS Client Configuration RADIUS (Remote Authentication Dial In User Service, RFC 2865) is not present, the VPN firewall will then connect to the RADIUS server (see if the user credentials are available. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Edge Device...to see "RADIUS Client Configuration" on page 5-19). • IPsec Host if you will try to network resources. If RADIUS-PAP is selected, the VPN firewall will store a database of user information, and can interrupt the process with the IKE policy for managing Authentication,...
FVS318G User Manual
Page 107
... identifier, or the server may be used to assign IP addresses to the RADIUS Server. LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN Client software IP address: 192.168.1.2 Virtual Private Networking Using IPsec 1.1 November, 2009 5-21 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The FVS318G is configured on the individual IKE policy screens.
... identifier, or the server may be used to assign IP addresses to the RADIUS Server. LAN IP address/subnet: 192.168.2.1/255.255.255.0 • NETGEAR ProSafe VPN Client software IP address: 192.168.1.2 Virtual Private Networking Using IPsec 1.1 November, 2009 5-21 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The FVS318G is configured on the individual IKE policy screens.
FVS318G User Manual
Page 108
... Networking Using IPsec 1.1 November, 2009 Configuring the VPN Firewall Router Two menus must go to be configured-the Mode Config menu and the IKE Policies menu. Click Mode Config in the submenu. The Add Mode Config Record screen is displayed. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Mode Config Operation After IKE Phase 1 is complete, the VPN connection initiator (remote user/client...
... Networking Using IPsec 1.1 November, 2009 Configuring the VPN Firewall Router Two menus must go to be configured-the Mode Config menu and the IKE Policies menu. Click Mode Config in the submenu. The Add Mode Config Record screen is displayed. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Mode Config Operation After IKE Phase 1 is complete, the VPN connection initiator (remote user/client...
FVS318G User Manual
Page 110
... the View selected radio button.) Mode Config works only in the configuration of IKE Policies Table. 2. b. Enable Mode Config by any other IKE policies. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 10. Set Direction/Type to configure a new IKE Policy. Enter an identifier in the Remote Identity Data field that both ends of the tunnel be used by checking the...
... the View selected radio button.) Mode Config works only in the configuration of IKE Policies Table. 2. b. Enable Mode Config by any other IKE policies. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 10. Set Direction/Type to configure a new IKE Policy. Enter an identifier in the Remote Identity Data field that both ends of the tunnel be used by checking the...
FVS318G User Manual
Page 111
...NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. Users must specify the Authentication Type to be used in authenticating this VPN firewall as "modecfg_test". (This name will need to specify the user name and password to be authenticated by default. Configuring the ProSafe VPN Client for VPN Clients" on page 5-19). ProSafe Gigabit 8 Port VPN Firewall FVS318G... The new policy will also be associated with the IKE policy. To configure the client PC: 1. Right-click the VPN client icon in the IKE Policies Table. In the upper left of the gateway...
...NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. Users must specify the Authentication Type to be used in authenticating this VPN firewall as "modecfg_test". (This name will need to specify the user name and password to be authenticated by default. Configuring the ProSafe VPN Client for VPN Clients" on page 5-19). ProSafe Gigabit 8 Port VPN Firewall FVS318G... The new policy will also be associated with the IKE policy. To configure the client PC: 1. Right-click the VPN client icon in the IKE Policies Table. In the upper left of the gateway...
FVS318G User Manual
Page 112
...and create an identifier based on the VPN client icon in the VPN firewall ModeConfig Record menu. 5. From the ID Type pull-down menu, choose None. From the Select Certificate pull-down menu, choose Domain name and enter the FQDN of the IKE policy you configured will appear; Under Security Policy, Phase... Settings, and check the box for example "salesperson11.remote_id.com". To test the connection: 1. d. Right-click on the name of the VPN firewall; ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual e. From the ID Type pull-down menu. e. in the...
...and create an identifier based on the VPN client icon in the VPN firewall ModeConfig Record menu. 5. From the ID Type pull-down menu, choose None. From the Select Certificate pull-down menu, choose Domain name and enter the FQDN of the IKE policy you configured will appear; Under Security Policy, Phase... Settings, and check the box for example "salesperson11.remote_id.com". To test the connection: 1. d. Right-click on the name of the VPN firewall; ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual e. From the ID Type pull-down menu. e. in the...
FVS318G User Manual
Page 114
...enter an IP address on a configured IKE policy, follow these steps: 1. The Dead Peer Detection feature maintains the IKE SA by exchanging periodic messages with the remote VPN peer. To configure Dead Peer Detection on the remote LAN. Select VPN from the main menu and Policies ...of consecutive missed responses that can respond to set the number of the Edit VPN Policy menu, locate the keepalive configuration settings, as shown in Figure 5-22: Figure 5-22 4. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Enter the Detection Period to ICMP ping requests. 6. In...
...enter an IP address on a configured IKE policy, follow these steps: 1. The Dead Peer Detection feature maintains the IKE SA by exchanging periodic messages with the remote VPN peer. To configure Dead Peer Detection on the remote LAN. Select VPN from the main menu and Policies ...of consecutive missed responses that can respond to set the number of the Edit VPN Policy menu, locate the keepalive configuration settings, as shown in Figure 5-22: Figure 5-22 4. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Enter the Detection Period to ICMP ping requests. 6. In...
FVS318G User Manual
Page 115
... traffic over the VPN tunnel. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Configuring NetBIOS Bridging with VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for hosts on a configured VPN tunnel, follow these steps: 1. To solve this problem, you can configure the FVS318G to the desired VPN policy. Virtual Private Networking Using IPsec 1.1 November, 2009 5-29 In the IKE SA Parameters...
... traffic over the VPN tunnel. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Configuring NetBIOS Bridging with VPN Windows networks use the Network Basic Input/Output System (NetBIOS) for hosts on a configured VPN tunnel, follow these steps: 1. To solve this problem, you can configure the FVS318G to the desired VPN policy. Virtual Private Networking Using IPsec 1.1 November, 2009 5-29 In the IKE SA Parameters...
FVS318G User Manual
Page 123
...can be configured on the RADIUS server and on WiKID authentication. Managing Users, Authentication, and Certificates 6-7 1.1 November, 2009 The client sends an encrypted PIN to SNMPV2 then the same certificate cannot be authenticated by the extension. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual...house Windows server, or by an external organization such as X509 Certificates) during the Internet Key Exchange (IKE) authentication phase to authenticate connecting VPN gateways or clients, or to be used for secure web management. Network validated PAP or CHAP password ...
...can be configured on the RADIUS server and on WiKID authentication. Managing Users, Authentication, and Certificates 6-7 1.1 November, 2009 The client sends an encrypted PIN to SNMPV2 then the same certificate cannot be authenticated by the extension. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual...house Windows server, or by an external organization such as X509 Certificates) during the Internet Key Exchange (IKE) authentication phase to authenticate connecting VPN gateways or clients, or to be used for secure web management. Network validated PAP or CHAP password ...
FVS318G User Manual
Page 173
... MTU Size 2-15 Port Speed 2-16 Router's MAC Address 2-16 Allowing Videoconference from Restricted Addresses ...Attack Checks screen 4-19 authentication WiKID 6-8 Authentication Algorithm IKE Policy 5-15, 5-17 Auto Detect 2-5 Auto Uplink ...firewall protection, about4-1 content filtering4-1 customized service adding4-3,4-17 editing4-18 C CA about 6-9 certificate generate new CSR 6-11 Certificate Signing Request, see CSR certificates management of 2-11 CLI management by Telnet 7-11 command line interface 7-13 configuration automatic by DHCP 1-3 content filtering 1-2 connecting the VPN firewall...
... MTU Size 2-15 Port Speed 2-16 Router's MAC Address 2-16 Allowing Videoconference from Restricted Addresses ...Attack Checks screen 4-19 authentication WiKID 6-8 Authentication Algorithm IKE Policy 5-15, 5-17 Auto Detect 2-5 Auto Uplink ...firewall protection, about4-1 content filtering4-1 customized service adding4-3,4-17 editing4-18 C CA about 6-9 certificate generate new CSR 6-11 Certificate Signing Request, see CSR certificates management of 2-11 CLI management by Telnet 7-11 command line interface 7-13 configuration automatic by DHCP 1-3 content filtering 1-2 connecting the VPN firewall...
FVS318G User Manual
Page 174
... ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual crossover cable 8-2 CSR 6-11 D Date troubleshooting 8-8 Date setting 7-18 Daylight Savings Time adjusting for 7-19 DNS proxy 7-6 DDNS about 3-1 address pool 3-4 configuring secondary IP addresses 3-11 enable 3-4 lease time 3-5 Diffie-Hellman Group IKE ...Policy 5-16 Disable DHCP Server 3-1 DNS server IP address 3-4 DNS proxy enable 3-5 Disable DNS Proxy4-20 DMZ WAN Rule example of4-14 DNS proxy disable4-20 DNS ISP server addresses 2-11 Domain Name Servers. See DDNS DynDNS.org 2-13 Domain Name Blocking4-22 Domain Name router...
... ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual crossover cable 8-2 CSR 6-11 D Date troubleshooting 8-8 Date setting 7-18 Daylight Savings Time adjusting for 7-19 DNS proxy 7-6 DDNS about 3-1 address pool 3-4 configuring secondary IP addresses 3-11 enable 3-4 lease time 3-5 Diffie-Hellman Group IKE ...Policy 5-16 Disable DHCP Server 3-1 DNS server IP address 3-4 DNS proxy enable 3-5 Disable DNS Proxy4-20 DMZ WAN Rule example of4-14 DNS proxy disable4-20 DNS ISP server addresses 2-11 Domain Name Servers. See DDNS DynDNS.org 2-13 Domain Name Blocking4-22 Domain Name router...
FVS318G User Manual
Page 175
...modifying4-11 Inbound Services field descriptions 4-6 increasing traffic 7-5 Port Forwarding 7-5 Port Triggering 7-7 VPN Tunnels 7-7 Interior Gateway Protocol. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual F factory default login 1-8 factory default settings revert to 7-15 firmware downloading... for 2-1 Internet configuring the connection manually 2-7 connecting to 2-1 Internet connection manual configuration 2-7 IP addresses auto-generated 8-3 DHCP address pool 3-1 how to assign 3-1 multi home LAN 3-5 reserved 3-9 router default 3-4 IP Subnet Mask router default 3-4 ISP ...
...modifying4-11 Inbound Services field descriptions 4-6 increasing traffic 7-5 Port Forwarding 7-5 Port Triggering 7-7 VPN Tunnels 7-7 Interior Gateway Protocol. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual F factory default login 1-8 factory default settings revert to 7-15 firmware downloading... for 2-1 Internet configuring the connection manually 2-7 connecting to 2-1 Internet connection manual configuration 2-7 IP addresses auto-generated 8-3 DHCP address pool 3-1 how to assign 3-1 multi home LAN 3-5 reserved 3-9 router default 3-4 IP Subnet Mask router default 3-4 ISP ...
FVS318G User Manual
Page 176
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual K keepalive, VPN 5-27 Keep Connected Idle Timeout 2-9 Keyword Blocking4-22 applying4-24 Known PCs and Devices list of 3-7 L LAN configuration 3-1 using LAN IP setup options 3-2 LAN Groups Database about 3-5 advantages of 3-5 fields 3-7... spoofing 8-5 MAC address authentication by ISP 2-16 configuring 2-6 main menu 2-4 metric in static routes 3-12 ModeConfig 5-21 about 5-22 assigning remote addresses, example 5-21 Client Configuration 5-25 IKE Policies menu, configuring 5-22 menu, configuring 5-22 testing Client 5-26 MTU Size 2-15 ...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual K keepalive, VPN 5-27 Keep Connected Idle Timeout 2-9 Keyword Blocking4-22 applying4-24 Known PCs and Devices list of 3-7 L LAN configuration 3-1 using LAN IP setup options 3-2 LAN Groups Database about 3-5 advantages of 3-5 fields 3-7... spoofing 8-5 MAC address authentication by ISP 2-16 configuring 2-6 main menu 2-4 metric in static routes 3-12 ModeConfig 5-21 about 5-22 assigning remote addresses, example 5-21 Client Configuration 5-25 IKE Policies menu, configuring 5-22 menu, configuring 5-22 testing Client 5-26 MTU Size 2-15 ...