FVS318G User Manual
Page 7
... 5-11 FVS318G VPN Connection Status and Logs 5-13 Managing VPN Policies 5-14 Managing IKE Policies 5-14 Managing VPN Policies 5-16 Configuring Extended Authentication (XAUTH 5-17 Configuring XAUTH for VPN Clients 5-18 User Database Configuration 5-19 RADIUS Client Configuration 5-19 Assigning IP Addresses to Remote Users (ModeConfig 5-21 Mode Config Operation 5-22 Configuring the VPN Firewall Router 5-22 Configuring the ProSafe VPN Client for...
... 5-11 FVS318G VPN Connection Status and Logs 5-13 Managing VPN Policies 5-14 Managing IKE Policies 5-14 Managing VPN Policies 5-16 Configuring Extended Authentication (XAUTH 5-17 Configuring XAUTH for VPN Clients 5-18 User Database Configuration 5-19 RADIUS Client Configuration 5-19 Assigning IP Addresses to Remote Users (ModeConfig 5-21 Mode Config Operation 5-22 Configuring the VPN Firewall Router 5-22 Configuring the ProSafe VPN Client for...
FVS318G User Manual
Page 16
...the NETGEAR ProSafe VPN Client software (VPN01L) • Supports 5 concurrent IPsec VPN tunnels. You can control access to Internet content by telecommuters requires the installation of VPN client software on the remote computer. • IPsec VPN ...routers, the FVS318G is a true firewall, using stateful packet inspection (SPI) to a WAN device, such as off-limits. • Prevents objectionable content from reaching your PCs. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Built-in eight-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data...
...the NETGEAR ProSafe VPN Client software (VPN01L) • Supports 5 concurrent IPsec VPN tunnels. You can control access to Internet content by telecommuters requires the installation of VPN client software on the remote computer. • IPsec VPN ...routers, the FVS318G is a true firewall, using stateful packet inspection (SPI) to a WAN device, such as off-limits. • Prevents objectionable content from reaching your PCs. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Built-in eight-port 10/100/1000 Mbps Gigabit Ethernet LAN switch for extremely fast data...
FVS318G User Manual
Page 19
...should contain the following items: • ProSafe VPN Firewall. • One AC power adapter. • Rubber feet. • One Category 5e (Cat5e) Ethernet cable (yellow). • ProSafe Gigabit 8 Port VPN Firewall FVS318G Installation Guide • Resource CD, including: - ProSafe VPN Client Software - If any of status indicator ... the carton, including the original packing materials, in case you need to return the firewall for repair. Front Panel Features The ProSafe VPN Firewall front panel shown below includes four groups of the parts are incorrect, missing, or damaged, contact...
...should contain the following items: • ProSafe VPN Firewall. • One AC power adapter. • Rubber feet. • One Category 5e (Cat5e) Ethernet cable (yellow). • ProSafe Gigabit 8 Port VPN Firewall FVS318G Installation Guide • Resource CD, including: - ProSafe VPN Client Software - If any of status indicator ... the carton, including the original packing materials, in case you need to return the firewall for repair. Front Panel Features The ProSafe VPN Firewall front panel shown below includes four groups of the parts are incorrect, missing, or damaged, contact...
FVS318G User Manual
Page 73
...Firewall Protection and Content Filtering 1.1 November, 2009 4-21 Several types of these features and users try to another VPN endpoint on a Windows computer running Internet Explorer. Certain commonly used by NETGEAR...ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G is in web pages that enable dynamic functionality of VPN tunnels that will be sent to a specific IP address are disabled; IPSec, PPTP, and L2TP represent different types of the page. If a VPN client...that can use the VPN firewall router's Content Filtering and ...
...Firewall Protection and Content Filtering 1.1 November, 2009 4-21 Several types of these features and users try to another VPN endpoint on a Windows computer running Internet Explorer. Certain commonly used by NETGEAR...ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • VPN Pass through-When the FVS318G is in web pages that enable dynamic functionality of VPN tunnels that will be sent to a specific IP address are disabled; IPSec, PPTP, and L2TP represent different types of the page. If a VPN client...that can use the VPN firewall router's Content Filtering and ...
FVS318G User Manual
Page 87
... sections: • "Using the VPN Wizard for Client and Gateway Configurations You use the IPsec virtual private networking (VPN) features of the ProSafe VPN Firewall to provide secure, encrypted communications between a VPN gateway and a VPN client Configuring a VPN tunnel connection requires that all settings... the wizard to configure a VPN tunnel between 2 VPN gateways • Using the wizard to configure a VPN tunnel between your local network and a remote network or computer. The section below provides wizard and NETGEAR VPN Client configuration procedures for the network connection...
... sections: • "Using the VPN Wizard for Client and Gateway Configurations You use the IPsec virtual private networking (VPN) features of the ProSafe VPN Firewall to provide secure, encrypted communications between a VPN gateway and a VPN client Configuring a VPN tunnel connection requires that all settings... the wizard to configure a VPN tunnel between 2 VPN gateways • Using the wizard to configure a VPN tunnel between your local network and a remote network or computer. The section below provides wizard and NETGEAR VPN Client configuration procedures for the network connection...
FVS318G User Manual
Page 89
... LAN IP address must be a public address or the Internet name of 8 characters and should be in a different subnet than the Local LAN IP address. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Create a Connection Name. Tip: For DHCP WAN configurations, first, set up the tunnel with IP addresses. For example, if the local subnet... the remote gateway in a Dynamic DNS service. This name used to help you validate the connection, use the wizard to the host on the remote VPN gateway, or the remote VPN client. Enter a Pre-shared Key.
... LAN IP address must be a public address or the Internet name of 8 characters and should be in a different subnet than the Local LAN IP address. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 3. Create a Connection Name. Tip: For DHCP WAN configurations, first, set up the tunnel with IP addresses. For example, if the local subnet... the remote gateway in a Dynamic DNS service. This name used to help you validate the connection, use the wizard to the host on the remote VPN gateway, or the remote VPN client. Enter a Pre-shared Key.
FVS318G User Manual
Page 91
... update interval, set it to VPN > VPN Wizard. Virtual Private Networking Using IPsec 5-5 1.1 November, 2009 The VPN Wizard displays. Creating a Client to Gateway VPN Tunnel Figure 5-5 Follow these steps to configure the a VPN client tunnel: • Configure the client policies on the gateway. • Configure the VPN client to connect to your new address. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The tunnel will...
... update interval, set it to VPN > VPN Wizard. Virtual Private Networking Using IPsec 5-5 1.1 November, 2009 The VPN Wizard displays. Creating a Client to Gateway VPN Tunnel Figure 5-5 Follow these steps to configure the a VPN client tunnel: • Configure the client policies on the gateway. • Configure the VPN client to connect to your new address. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The tunnel will...
FVS318G User Manual
Page 92
... GW1_local.com. it is not supplied to keep the tunnel alive. 5-6 Virtual Private Networking Using IPsec 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual . Select VPN Client as your gateway to GW1". Create a Connection Name like "Client to form FQDNs used in by pre-pending the first several letters of the model number of the network...
... GW1_local.com. it is not supplied to keep the tunnel alive. 5-6 Virtual Private Networking Using IPsec 1.1 November, 2009 ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual . Select VPN Client as your gateway to GW1". Create a Connection Name like "Client to form FQDNs used in by pre-pending the first several letters of the model number of the network...
FVS318G User Manual
Page 93
... with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to save your settings: the VPN Policies page shows the policy is enabled. Follow these steps to configure your Windows toolbar, choose Security Policy Editor, and verify that the Options > Secure > Specified Connections selection is now enabled. Click Apply to the FVS318G. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual...
... with the NETGEAR Prosafe VPN Client installed, configure a VPN client policy to connect to save your settings: the VPN Policies page shows the policy is enabled. Follow these steps to configure your Windows toolbar, choose Security Policy Editor, and verify that the Options > Secure > Specified Connections selection is now enabled. Click Apply to the FVS318G. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual...
FVS318G User Manual
Page 97
... and troubleshooting problems with a connection. NETGEAR VPN Client Status and Log Information To test a client connection and view the status and log information, follow these steps. 1. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS318G provide VPN connection and status information. To test the client connection, from your Windows toolbar and...
... and troubleshooting problems with a connection. NETGEAR VPN Client Status and Log Information To test a client connection and view the status and log information, follow these steps. 1. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual Testing the Connections and Viewing Status Information Both the NETGEAR VPN Client and the FVS318G provide VPN connection and status information. To test the client connection, from your Windows toolbar and...
FVS318G User Manual
Page 98
Figure 5-15 5-12 Virtual Private Networking Using IPsec 1.1 November, 2009 To view more detailed additional status and troubleshooting information from the NETGEAR VPN client, follow these steps. • Right-click the VPN Client icon in the system tray and select Connection Monitor. Figure 5-14 • Right-click the VPN Client icon in the system tray and select Log Viewer. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2.
Figure 5-15 5-12 Virtual Private Networking Using IPsec 1.1 November, 2009 To view more detailed additional status and troubleshooting information from the NETGEAR VPN client, follow these steps. • Right-click the VPN Client icon in the system tray and select Connection Monitor. Figure 5-14 • Right-click the VPN Client icon in the system tray and select Log Viewer. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2.
FVS318G User Manual
Page 99
Figure 5-16 Virtual Private Networking Using IPsec 1.1 November, 2009 5-13 Table 5-1. System Tray Icon Status The client policy is activated and connected. A flashing vertical bar indicates traffic on the tunnel. The client policy is deactivated. FVS318G VPN Connection Status and Logs To view FVS318G VPN connection status, go to VPN > Connection Status. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The VPN client system tray icon provides a variety of status indications, which are listed below. The client policy is activated but not connected.
Figure 5-16 Virtual Private Networking Using IPsec 1.1 November, 2009 5-13 Table 5-1. System Tray Icon Status The client policy is activated and connected. A flashing vertical bar indicates traffic on the tunnel. The client policy is deactivated. FVS318G VPN Connection Status and Logs To view FVS318G VPN connection status, go to VPN > Connection Status. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The VPN client system tray icon provides a variety of status indications, which are listed below. The client policy is activated but not connected.
FVS318G User Manual
Page 103
...key for all clients. IP address or address range of XAUTH are available: • Edge Device. Although the administrator could configure a unique VPN policy for each user, it is more gateway tunnels terminate. Two types of the remote network. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual ...• ! (Status). Traffic must be to (or from a stored list of the remote VPN gateways: User Database, RADIUS-PAP, or RADIUS-CHAP. Virtual Private ...
...key for all clients. IP address or address range of XAUTH are available: • Edge Device. Although the administrator could configure a unique VPN policy for each user, it is more gateway tunnels terminate. Two types of the remote network. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual ...• ! (Status). Traffic must be to (or from a stored list of the remote VPN gateways: User Database, RADIUS-PAP, or RADIUS-CHAP. Virtual Private ...
FVS318G User Manual
Page 104
...PAP server is enabled for authentication, XAUTH will first check the local User Database for authenticating this gateway. Configuring XAUTH for VPN Clients Once the XAUTH has been enabled, you can modify the IKE policy. Note: You cannot modify an existing IKE policy... clicking Add. 4. The VPN policy must enable a RADIUS-CHAP or RADIUS-PAP server. Select 5-18 Virtual Private Networking Using IPsec 1.1 November, 2009 Figure 5-18 3. If you can create a new IKE Policy incorporating XAUTH by a VPN policy. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • IPsec...
...PAP server is enabled for authentication, XAUTH will first check the local User Database for authenticating this gateway. Configuring XAUTH for VPN Clients Once the XAUTH has been enabled, you can modify the IKE policy. Note: You cannot modify an existing IKE policy... clicking Add. 4. The VPN policy must enable a RADIUS-CHAP or RADIUS-PAP server. Select 5-18 Virtual Private Networking Using IPsec 1.1 November, 2009 Figure 5-18 3. If you can create a new IKE Policy incorporating XAUTH by a VPN policy. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • IPsec...
FVS318G User Manual
Page 105
... with the IKE policy for managing Authentication, Authorization and Accounting (AAA) of a VPN connection, the VPN gateway can interrupt the process with an XAUTH request. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Edge Device to save your settings. In the adjacent Username and... Click Apply to use a RADIUS server, you may want to see "RADIUS Client Configuration" on page 5-19). - Whether or not you use this information first against the VPN firewall's user database. Users must provide authentication information such as described in a network....
... with the IKE policy for managing Authentication, Authorization and Accounting (AAA) of a VPN connection, the VPN gateway can interrupt the process with an XAUTH request. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual • Edge Device to save your settings. In the adjacent Username and... Click Apply to use a RADIUS server, you may want to see "RADIUS Client Configuration" on page 5-19). - Whether or not you use this information first against the VPN firewall's user database. Users must provide authentication information such as described in a network....
FVS318G User Manual
Page 107
... cases it should wait for a response from the VPN firewall. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS318G ProSafe VPN Firewall - This name would enter here. Note: Selection ...simply the process of connecting remote VPN clients to the FVS318G, the ModeConfig module can be used to assign IP addresses to the RADIUS server before giving up. 8. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The FVS318G is acting as seamless extensions of...
... cases it should wait for a response from the VPN firewall. In the following example, we configured the VPN firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR FVS318G ProSafe VPN Firewall - This name would enter here. Note: Selection ...simply the process of connecting remote VPN clients to the FVS318G, the ModeConfig module can be used to assign IP addresses to the RADIUS server before giving up. 8. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual The FVS318G is acting as seamless extensions of...
FVS318G User Manual
Page 109
...If you have access. This setting must match exactly the configuration of the VPN firewall.) Virtual Private Networking Using IPsec 1.1 November, 2009 5-23 Note: The IP Pool should not be used by remote VPN clients. 8. Enter a descriptive Record Name such as 172.20.xx.xx. ...the remote VPN client, 9. Typically, this is your VPN firewall's LAN subnet, such as 192.168.2.1/255.255.255.0. (If not specified, it will default to which the remote client will have a WINS Server on your local network IP addresses. Figure 5-21 4. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual...
...If you have access. This setting must match exactly the configuration of the VPN firewall.) Virtual Private Networking Using IPsec 1.1 November, 2009 5-23 Note: The IP Pool should not be used by remote VPN clients. 8. Enter a descriptive Record Name such as 172.20.xx.xx. ...the remote VPN client, 9. Typically, this is your VPN firewall's LAN subnet, such as 192.168.2.1/255.255.255.0. (If not specified, it will default to which the remote client will have a WINS Server on your local network IP addresses. Figure 5-21 4. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual...
FVS318G User Manual
Page 110
...View selected radio button.) Mode Config works only in the Remote Identity Data field that both ends of IKE Policies Table. 2. For Local information: a. This name will ... The Add IKE Policy screen is not used as part of the local identifier in the VPN client configuration. In the General section: a. Set Direction/Type to configure a new IKE Policy....main menu. Click Add to Responder. These settings must configure an IKE Policy: 1. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 10. Specify the IKE SA parameters. The IKE Policies screen is displayed ...
...View selected radio button.) Mode Config works only in the Remote Identity Data field that both ends of IKE Policies Table. 2. For Local information: a. This name will ... The Add IKE Policy screen is not used as part of the local identifier in the VPN client configuration. In the General section: a. Set Direction/Type to configure a new IKE Policy....main menu. Click Add to Responder. These settings must configure an IKE Policy: 1. ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 10. Specify the IKE SA parameters. The IKE Policies screen is displayed ...
FVS318G User Manual
Page 111
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7. For more gateway tunnels terminate. (If selected, you must be authenticated by the remote gateway. To configure the client PC: 1. a. b. d. To enable XAUTH, choose one of the following: • Edge Device to use ...used in the Windows toolbar. Enter a Username and Password to see "Configuring XAUTH for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. The new policy will first check the User Database to be used internally). c. Users must ...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 7. For more gateway tunnels terminate. (If selected, you must be authenticated by the remote gateway. To configure the client PC: 1. a. b. d. To enable XAUTH, choose one of the following: • Edge Device to use ...used in the Windows toolbar. Enter a Username and Password to see "Configuring XAUTH for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. The new policy will first check the User Database to be used internally). c. Users must ...
FVS318G User Manual
Page 112
...toolbar and click Connect. c. From the ID Type pull-down menu, choose Domain Name and create an identifier based on the VPN client icon in this case "My Connections\modecfg_test". 5-26 Virtual Private Networking Using IPsec 1.1 November, 2009 On the left side of ...-down menu, choose Domain name and enter the FQDN of the VPN firewall; Enter the Authentication values to save the Security Policy and close the VPN ProSafe VPN client. From the ID Type pull-down menu and enter the WAN IP address of the VPN firewall; ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual e.
...toolbar and click Connect. c. From the ID Type pull-down menu, choose Domain Name and create an identifier based on the VPN client icon in this case "My Connections\modecfg_test". 5-26 Virtual Private Networking Using IPsec 1.1 November, 2009 On the left side of ...-down menu, choose Domain name and enter the FQDN of the VPN firewall; Enter the Authentication values to save the Security Policy and close the VPN ProSafe VPN client. From the ID Type pull-down menu and enter the WAN IP address of the VPN firewall; ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual e.