Hub and Spoke VPN network using the VPN Prosafe Client
Page 1
... it describes how to allow VPN clients (Spoke) to a central (Hub) Firewall/Router. Hub and Spoke VPN using the VPN Prosafe Client This document describes the steps to undertake in configuring a Hub-and-Spoke network over the Internet using VPNs (box-to-box and client-to any of the VPN Firewall/Router from firmware version 3.5.0.24 and above, and...
... it describes how to allow VPN clients (Spoke) to a central (Hub) Firewall/Router. Hub and Spoke VPN using the VPN Prosafe Client This document describes the steps to undertake in configuring a Hub-and-Spoke network over the Internet using VPNs (box-to-box and client-to any of the VPN Firewall/Router from firmware version 3.5.0.24 and above, and...
Hub and Spoke VPN network using the VPN Prosafe Client
Page 3
NETWORK SETUP Physical setup FVX538 connected to the Internet via a modem or modem/router FVS338 connected to the Internet via a modem or modem/router VPN Client PCs connected Wireless/Wired to the Internet (via a LAN allowing IPSEC traffic) Logical setup FVX538 LAN IP: 172.22.101.101/24 DHCP...: 3.5.0.24 FVS338 LAN IP: 172.22.102.102/24 DHCP: 172.22.102.0/24 Firmware version: 3.5.0.24 VPN Client Version: 10.8.3 NIC IP: 192.168.0.x/24 VPN configuration The setup will require the creation of multiple VPN policies: FVX538 - 1x Box-to-box policy from the FVX538 to the FVS338 (Policy name: BoxtoBox) ...
NETWORK SETUP Physical setup FVX538 connected to the Internet via a modem or modem/router FVS338 connected to the Internet via a modem or modem/router VPN Client PCs connected Wireless/Wired to the Internet (via a LAN allowing IPSEC traffic) Logical setup FVX538 LAN IP: 172.22.101.101/24 DHCP...: 3.5.0.24 FVS338 LAN IP: 172.22.102.102/24 DHCP: 172.22.102.0/24 Firmware version: 3.5.0.24 VPN Client Version: 10.8.3 NIC IP: 192.168.0.x/24 VPN configuration The setup will require the creation of multiple VPN policies: FVX538 - 1x Box-to-box policy from the FVX538 to the FVS338 (Policy name: BoxtoBox) ...
Configuring a Hub-and-Spoke VPN Using the NETGEAR VPN Client
Page 1
... developed and tested using: • NETGEAR FVX538 ProSafe VPN Firewall with the FVX538 router, firmware version 2.x and NETGEAR ProSafe® VPN client, version 10.7.2 (Build 12). In this configuration, there is a gateway-to configure a Hub-and-Spoke VPN when one of the spokes is the NETGEAR VPN client. Application Note Configuring a Hub-and-Spoke VPN Using the NETGEAR VPN Client Summary A Hub-and-Spoke...
... developed and tested using: • NETGEAR FVX538 ProSafe VPN Firewall with the FVX538 router, firmware version 2.x and NETGEAR ProSafe® VPN client, version 10.7.2 (Build 12). In this configuration, there is a gateway-to configure a Hub-and-Spoke VPN when one of the spokes is the NETGEAR VPN client. Application Note Configuring a Hub-and-Spoke VPN Using the NETGEAR VPN Client Summary A Hub-and-Spoke...
FVX538v2 Product datasheet
Page 2
... to 90 Mbps WAN-to 104ºF) - Configuration and Upgrades: Upload and down load configuration settings, firmware upgradeable flash memory - Network: IP routing, TCP/IP, UDP, ICMP, PPPoE - Weight: 4.42 lbs (2.01 kg) • Environmental Specifications: - NETGEAR 3 year warranty System Requirements - Installation guide - NMS100 ProSafe Network Management Software • VPN Firewalls: - WG302 ProSafe 802.11g Access Point...
... to 90 Mbps WAN-to 104ºF) - Configuration and Upgrades: Upload and down load configuration settings, firmware upgradeable flash memory - Network: IP routing, TCP/IP, UDP, ICMP, PPPoE - Weight: 4.42 lbs (2.01 kg) • Environmental Specifications: - NETGEAR 3 year warranty System Requirements - Installation guide - NMS100 ProSafe Network Management Software • VPN Firewalls: - WG302 ProSafe 802.11g Access Point...
FVX538v2 Reference Manual
Page 14
.... 2007 New features: IP/MAC Binding; Oray Support Oct. 2007 Document corrections Oct. 2007 Document additions to the NETGEAR website in order to these specifications. ProSafe VPN Firewall 200 FVX538 Reference Manual • Scope. How to Print This Manual To print this feature. Session Limits; Note:... 202-10062-05 1.0 202-10062-06 1.0 202-10062-06 1.1 202-10062-06 1.2 202-10062-07 1.0 Aug. 2006 Product update: New firmware and a new user interface. Bandwidth Limits; Tip: If your computer must have the free Adobe Acrobat reader installed in Appendix E, "Related Documents." ...
.... 2007 New features: IP/MAC Binding; Oray Support Oct. 2007 Document corrections Oct. 2007 Document additions to the NETGEAR website in order to these specifications. ProSafe VPN Firewall 200 FVX538 Reference Manual • Scope. How to Print This Manual To print this feature. Session Limits; Note:... 202-10062-05 1.0 202-10062-06 1.0 202-10062-06 1.1 202-10062-06 1.2 202-10062-07 1.0 Aug. 2006 Product update: New firmware and a new user interface. Bandwidth Limits; Tip: If your computer must have the free Adobe Acrobat reader installed in Appendix E, "Related Documents." ...
FVX538v2 Reference Manual
Page 15
... Add LAN WAN Inbound Service screen (see "Inbound Rules (Port Forwarding)" and "Inbound Rules Examples"). • Support for more clarity. About This Manual xv v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual 202-10062-09 1.0 202-10062-10 1.0 Mar. 09 January 2010 Adds these corrections and topics for the March 2009 firmware maintenance...
... Add LAN WAN Inbound Service screen (see "Inbound Rules (Port Forwarding)" and "Inbound Rules Examples"). • Support for more clarity. About This Manual xv v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual 202-10062-09 1.0 202-10062-10 1.0 Mar. 09 January 2010 Adds these corrections and topics for the March 2009 firmware maintenance...
FVX538v2 Reference Manual
Page 18
...NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive Protocol Support. • Login capability. • Front panel LEDs for easy monitoring of either 10 Mbps or 100 Mbps. Dual WAN ...Ports for Increased Reliability or Outbound Load Balancing The FVX538 has two broadband WAN ports, WAN1 and WAN2, each capable of operating independently at speeds of status and activity. • Flash memory for firmware upgrade. • One U ...
...NETGEAR ProSafe Network Management Software (NMS100). • Easy, web-based setup for installation and management. • Advanced SPI Firewall and Multi-NAT support. • Extensive Protocol Support. • Login capability. • Front panel LEDs for easy monitoring of either 10 Mbps or 100 Mbps. Dual WAN ...Ports for Increased Reliability or Outbound Load Balancing The FVX538 has two broadband WAN ports, WAN1 and WAN2, each capable of operating independently at speeds of status and activity. • Flash memory for firmware upgrade. • One U ...
FVX538v2 Reference Manual
Page 21
..., and remote reboot. • Remote Management. The VPN firewall's front panel LEDs provide an easy way to return the VPN firewall for repair. Maintenance and Support NETGEAR offers the following items: • FVX538 ProSafe VPN Firewall 200. • AC power cable. • 19...Introduction 1-5 v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP. For security, you can limit remote management access to a specified remote IP address or range of addresses, and you change the system variables for firmware upgrade • Technical support seven...
..., and remote reboot. • Remote Management. The VPN firewall's front panel LEDs provide an easy way to return the VPN firewall for repair. Maintenance and Support NETGEAR offers the following items: • FVX538 ProSafe VPN Firewall 200. • AC power cable. • 19...Introduction 1-5 v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual • SNMP. For security, you can limit remote management access to a specified remote IP address or range of addresses, and you change the system variables for firmware upgrade • Technical support seven...
FVX538v2 Reference Manual
Page 40
...auto-rollover mode, you will need a fully qualified domain name (FQDN) to your frequently-changing IP address. The VPN firewall firmware includes software that match the configured WAN Mode will display (see Figure 2-6 on page 2-15). The Dynamic DNS Configuration screen will be accessed by public Domain...If your IP address by others on the Internet. Select Network Configuration from the primary menu and Dynamic DNS from the submenu. ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring Dynamic DNS (Optional) Dynamic DNS (DDNS) is an Internet service that name linked with a ...
...auto-rollover mode, you will need a fully qualified domain name (FQDN) to your frequently-changing IP address. The VPN firewall firmware includes software that match the configured WAN Mode will display (see Figure 2-6 on page 2-15). The Dynamic DNS Configuration screen will be accessed by public Domain...If your IP address by others on the Internet. Select Network Configuration from the primary menu and Dynamic DNS from the submenu. ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring Dynamic DNS (Optional) Dynamic DNS (DDNS) is an Internet service that name linked with a ...
FVX538v2 Reference Manual
Page 154
...tools. You can be used by its QoS setting, however. ProSafe VPN Firewall 200 FVX538 Reference Manual You will not change the WAN bandwidth used to monitor the traffic conditions and control who has ...firmware, and enable remote management. Tools for a discussion of traffic through the WAN ports by granting some services a higher priority than others. The Local Authentication screen will change the administrator and guest passwords and settings, configure authentication for the VPN firewall's Web Configuration Manager is read /write and guest access is password. Netgear...
...tools. You can be used by its QoS setting, however. ProSafe VPN Firewall 200 FVX538 Reference Manual You will not change the WAN bandwidth used to monitor the traffic conditions and control who has ...firmware, and enable remote management. Tools for a discussion of traffic through the WAN ports by granting some services a higher priority than others. The Local Authentication screen will change the administrator and guest passwords and settings, configure authentication for the VPN firewall's Web Configuration Manager is read /write and guest access is password. Netgear...
FVX538v2 Reference Manual
Page 164
..., system location, and system name. 3. The SNMP SysConfiguration screen will display. You can later restore the VPN firewall settings from the user's PC, or cleared to use a different firmware version. 6-18 VPN Firewall and Network Management v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual When you click on the SNMP System Info link on the SNMP...
..., system location, and system name. 3. The SNMP SysConfiguration screen will display. You can later restore the VPN firewall settings from the user's PC, or cleared to use a different firmware version. 6-18 VPN Firewall and Network Management v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual When you click on the SNMP System Info link on the SNMP...
FVX538v2 Reference Manual
Page 165
... downloaded files automatically, locate where you start restoring settings or erasing the VPN firewall, do anything else to Restore save a copy of your browser is not set up settings: 1. VPN Firewall and Network Management v1.0, January 2010 6-19 ProSafe VPN Firewall 200 FVX538 Reference Manual Backing Up Settings To back up to save downloaded...from the submenu. Warning: Once you want to save the file, specify file name, and click Save. On the Settings Backup and Firmware Upgrade screen, next to the VPN firewall until it finishes restarting! If your current settings.
... downloaded files automatically, locate where you start restoring settings or erasing the VPN firewall, do anything else to Restore save a copy of your browser is not set up settings: 1. VPN Firewall and Network Management v1.0, January 2010 6-19 ProSafe VPN Firewall 200 FVX538 Reference Manual Backing Up Settings To back up to save downloaded...from the submenu. Warning: Once you want to save the file, specify file name, and click Save. On the Settings Backup and Firmware Upgrade screen, next to the VPN firewall until it finishes restarting! If your current settings.
FVX538v2 Reference Manual
Page 166
... version. ProSafe VPN Firewall 200 FVX538 Reference Manual 2. Upgrading the Firmware You can install a different version of the screen will display. 5. The Settings Backup and Firmware Upgrade screen will change to reach the download page. On the Settings Backup and Firmware Upgrade screen, click default. 2. Reverting to Factory Default Settings To reset the VPN firewall to the NETGEAR website...
... version. ProSafe VPN Firewall 200 FVX538 Reference Manual 2. Upgrading the Firmware You can install a different version of the screen will display. 5. The Settings Backup and Firmware Upgrade screen will change to reach the download page. On the Settings Backup and Firmware Upgrade screen, click default. 2. Reverting to Factory Default Settings To reset the VPN firewall to the NETGEAR website...
FVX538v2 Reference Manual
Page 167
..., and confirm the new firmware version to synchronize computer clock times in a network of the upgrade, your VPN firewall. Configuring Date and Time Service Date, time and NTP server designations can be necessary to the VPN firewall until the VPN firewall finishes the upgrade! Warning:... After you have clicked Upload, do not try to your VPN firewall will reboot. To set time, date, and NTP servers: 1. ProSafe VPN Firewall 200 FVX538 Reference Manual 6. The Time ...
..., and confirm the new firmware version to synchronize computer clock times in a network of the upgrade, your VPN firewall. Configuring Date and Time Service Date, time and NTP server designations can be necessary to the VPN firewall until the VPN firewall finishes the upgrade! Warning:... After you have clicked Upload, do not try to your VPN firewall will reboot. To set time, date, and NTP servers: 1. ProSafe VPN Firewall 200 FVX538 Reference Manual 6. The Time ...
FVX538v2 Reference Manual
Page 176
... entered on the WAN ISP Settings screen. DHCP can be made on page 6-29). Router Status Fields Item System Name Firmware Version LAN Port Description This is read-only, any changes must be either Enabled or Disabled. 6-30 VPN Firewall and Network Management v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing the VPN Firewall Configuration and...
... entered on the WAN ISP Settings screen. DHCP can be made on page 6-29). Router Status Fields Item System Name Firmware Version LAN Port Description This is read-only, any changes must be either Enabled or Disabled. 6-30 VPN Firewall and Network Management v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual Viewing the VPN Firewall Configuration and...
FVX538v2 Reference Manual
Page 191
... page 2-16). The VPN firewall uses the Network Time Protocol (NTP) to obtain the current time from the Settings Backup and Firmware Upgrade screen (see "Reverting to the MAC address of the VPN firewall. Your ISP could be...the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the VPN firewall's administration password to password and the IP address to reboot. You can do this on the WAN1 ...the reset button on page 2-3). - Troubleshooting 7-7 v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual -
... page 2-16). The VPN firewall uses the Network Time Protocol (NTP) to obtain the current time from the Settings Backup and Firmware Upgrade screen (see "Reverting to the MAC address of the VPN firewall. Your ISP could be...the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the VPN firewall's administration password to password and the IP address to reboot. You can do this on the WAN1 ...the reset button on page 2-3). - Troubleshooting 7-7 v1.0, January 2010 ProSafe VPN Firewall 200 FVX538 Reference Manual -
FVX538v2 Reference Manual
Page 235
...results of the fast-growing cyber crime activities used by introducing and requiring additional factors to existing NETGEAR products through via firmware upgrade. This appendix contains the following sections: • "Why do I need to go ...firmware release, NETGEAR has implemented a more sophisticated, and user names, encrypted passwords, and the presence of firewalls are losing millions of dollars and running into risks of Two-Factor Authentication? • Stronger security. on this page. • "NETGEAR Two-Factor Authentication Solutions" on its SSL and IPSec VPN firewall...
...results of the fast-growing cyber crime activities used by introducing and requiring additional factors to existing NETGEAR products through via firmware upgrade. This appendix contains the following sections: • "Why do I need to go ...firmware release, NETGEAR has implemented a more sophisticated, and user names, encrypted passwords, and the presence of firewalls are losing millions of dollars and running into risks of Two-Factor Authentication? • Stronger security. on this page. • "NETGEAR Two-Factor Authentication Solutions" on its SSL and IPSec VPN firewall...
FVX538v2 Reference Manual
Page 244
... WAN port reference case B-7 increasing traffic 6-4 DMZ Port 6-7 Port Forwarding 6-5 Port Triggering 6-6 VPN Tunnels 6-7 installation 1-4 Installation, instructions for 2-1 Interior Gateway Protocol. See FQDN. See ISP. Internet configuration requirements B-3, B-4 configuring the connection manually 2-5 connecting to 5-27 Inbound Rules default definition 4-2 field descriptions 4-6 order of 5-16 IKE Policies screen 5-27 IKE Policy about 4-1 firewall protection 4-1 firmware...
... WAN port reference case B-7 increasing traffic 6-4 DMZ Port 6-7 Port Forwarding 6-5 Port Triggering 6-6 VPN Tunnels 6-7 installation 1-4 Installation, instructions for 2-1 Interior Gateway Protocol. See FQDN. See ISP. Internet configuration requirements B-3, B-4 configuring the connection manually 2-5 connecting to 5-27 Inbound Rules default definition 4-2 field descriptions 4-6 order of 5-16 IKE Policies screen 5-27 IKE Policy about 4-1 firewall protection 4-1 firmware...
FVX538v2 Reference Manual
Page 248
See SNMP. Single WAN Port inbound traffic B-7 SIP 4-23 sniffer 7-3 SNMP about 6-16 configuring 6-17 global ...4-3 Outbound Rules 4-3 port filtering 4-3 service numbers common protocols 4-24 Index-8 Services screen 4-25 Session Initiation Protocol. See RIP. ProSafe VPN Firewall 200 FVX538 Reference Manual router administration tips on 4-40 router broadcast RIP, use with 3-17 Router Status 2-8 Router Status screen 6-...Schedule 1 screen 4-29 Security features of 4-16 Settings Backup & Upgrade screen 6-18 Settings Backup and Firmware Upgrade 6-19 Simple Network Management Protocol. See SIP.
See SNMP. Single WAN Port inbound traffic B-7 SIP 4-23 sniffer 7-3 SNMP about 6-16 configuring 6-17 global ...4-3 Outbound Rules 4-3 port filtering 4-3 service numbers common protocols 4-24 Index-8 Services screen 4-25 Session Initiation Protocol. See RIP. ProSafe VPN Firewall 200 FVX538 Reference Manual router administration tips on 4-40 router broadcast RIP, use with 3-17 Router Status 2-8 Router Status screen 6-...Schedule 1 screen 4-29 Security features of 4-16 Settings Backup & Upgrade screen 6-18 Settings Backup and Firmware Upgrade 6-19 Simple Network Management Protocol. See SIP.
Generating a Self Certificate Request Using OpenSSL
Page 1
... leave it blank. 8. This application note is the same for example, cert1). 2. Application Note Generating a Self Certificate Request Using OpenSSL for an FVX538 or FVS338 ProSafe® VPN Firewall Summary This application note describes how to configure a self certificate request (CSR) on one WAN interface of a NETGEAR FVX538 or FVS338 ProSafe VPN Firewall using the version 2.x router firmware.
... leave it blank. 8. This application note is the same for example, cert1). 2. Application Note Generating a Self Certificate Request Using OpenSSL for an FVX538 or FVS338 ProSafe® VPN Firewall Summary This application note describes how to configure a self certificate request (CSR) on one WAN interface of a NETGEAR FVX538 or FVS338 ProSafe VPN Firewall using the version 2.x router firmware.