FVL328 Reference Manual
Page 11
... ...E-11 Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to FVL328 Configuration Template F-1 Step-By-Step Configuration of FVS318 or FVM318 Gateway A F-2 Step-By-Step Configuration of FVL328 Gateway B F-5 Test the VPN Connection F-10 Appendix G NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router Configuration Profile ...G-1 Step-By-Step Configuration of FVL328 or FWAG114 Gateway G-2 Step-By-Step Configuration of the FVL328 Firewall B G-7 Contents vii...
... ...E-11 Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to FVL328 Configuration Template F-1 Step-By-Step Configuration of FVS318 or FVM318 Gateway A F-2 Step-By-Step Configuration of FVL328 Gateway B F-5 Test the VPN Connection F-10 Appendix G NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router Configuration Profile ...G-1 Step-By-Step Configuration of FVL328 or FWAG114 Gateway G-2 Step-By-Step Configuration of the FVL328 Firewall B G-7 Contents vii...
FVL328 Reference Manual
Page 75
...-- Virtual Private Networking 6-5 May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Table 6-1. SA Life Time The amount of the key used on the remote VPN gateway or client. your domain name. • By a Fully Qualified User Name...Signature. Remote Identity Data This field lets you enable Authentication Headers (AH), this field to the target remote FVL328 firewall, VPN gateway, or VPN client. RSA Signature RSA Signature requires a certificate. Remote Identity Type Use this menu lets you selected. •...
...-- Virtual Private Networking 6-5 May 2004, 202-10030-02 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Table 6-1. SA Life Time The amount of the key used on the remote VPN gateway or client. your domain name. • By a Fully Qualified User Name...Signature. Remote Identity Data This field lets you enable Authentication Headers (AH), this field to the target remote FVL328 firewall, VPN gateway, or VPN client. RSA Signature RSA Signature requires a certificate. Remote Identity Type Use this menu lets you selected. •...
FVL328 Reference Manual
Page 195
...) interoperability profile guidelines. The configuration options for the FVS328 and FWAG114 are no firewall restrictions. Appendix G NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router Follow these procedures to configure a VPN tunnel from a NETGEAR ProSafe VPN Client to be necessary, and all of the parameters that need to an FVL328. Verify whether the firmware is up to date, all the necessary information before...
...) interoperability profile guidelines. The configuration options for the FVS328 and FWAG114 are no firewall restrictions. Appendix G NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router Follow these procedures to configure a VPN tunnel from a NETGEAR ProSafe VPN Client to be necessary, and all of the parameters that need to an FVL328. Verify whether the firmware is up to date, all the necessary information before...
FVL328 Reference Manual
Page 196
Log in to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 G-2 NETGEAR VPN Client to the FVL328 gateway as in the illustration. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 LAN IP 192.168.0.0 Gateway FVL328 Network Addresses WAN IP Client WAN IP 66.120.188.153 0.0.0.0 PC with NETGEAR ProSafe VPN client Figure G-1: Addressing and Subnet Used for Examples Note: Product updates are...
Log in to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 G-2 NETGEAR VPN Client to the FVL328 gateway as in the illustration. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 LAN IP 192.168.0.0 Gateway FVL328 Network Addresses WAN IP Client WAN IP 66.120.188.153 0.0.0.0 PC with NETGEAR ProSafe VPN client Figure G-1: Addressing and Subnet Used for Examples Note: Product updates are...
FVL328 Reference Manual
Page 197
... Policies Menu. It is not supplied to NETGEAR FVL328 or FWAG114 VPN Router G-3 May 2004, 202-10030-02 From the Local Identity drop-down box, select Fully Qualified Domain Name (the actual WAN IP address of the FVL328 Prosafe High Speed VPN Firewall as seen in the Policy Name field. From... the Direction/Type drop-down box, select Aggressive Mode. Click IKE Policies under the VPN menu and click Add on page G-8). NETGEAR VPN Client to the remote...
... Policies Menu. It is not supplied to NETGEAR FVL328 or FWAG114 VPN Router G-3 May 2004, 202-10030-02 From the Local Identity drop-down box, select Fully Qualified Domain Name (the actual WAN IP address of the FVL328 Prosafe High Speed VPN Firewall as seen in the Policy Name field. From... the Direction/Type drop-down box, select Aggressive Mode. Click IKE Policies under the VPN menu and click Add on page G-8). NETGEAR VPN Client to the remote...
FVL328 Reference Manual
Page 198
...Policy Authentication (Phase 1)" on page G-11. - G-4 NETGEAR VPN Client to the IKE Policies Menu.The FVL328 IKE Policy is the same for both the FVL328 and the FVL328 Firewall. This will also be selected in the FVL328 Prosafe High Speed VPN Firewall Security Policy Authentication Phase 1 Proposal 1 Hash Alg field,... Bit). This will bring you back to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 From the Encryption Algorithm drop-down box, select SHA-1.This will also be entered in the FVL328 Prosafe High Speed VPN Firewall My Identity ID Type fields, as seen in...
...Policy Authentication (Phase 1)" on page G-11. - G-4 NETGEAR VPN Client to the IKE Policies Menu.The FVL328 IKE Policy is the same for both the FVL328 and the FVL328 Firewall. This will also be selected in the FVL328 Prosafe High Speed VPN Firewall Security Policy Authentication Phase 1 Proposal 1 Hash Alg field,... Bit). This will bring you back to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 From the Encryption Algorithm drop-down box, select SHA-1.This will also be entered in the FVL328 Prosafe High Speed VPN Firewall My Identity ID Type fields, as seen in...
FVL328 Reference Manual
Page 199
... box, select VPNclient which is not supplied to NETGEAR FVL328 or FWAG114 VPN Router G-5 May 2004, 202-10030-02 NETGEAR VPN Client to the remote VPN endpoint. This will take you to identify this policy. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 3. Enter a unique name to the VPN Policies Menu page. Figure G-3: NETGEAR FVL328 VPN - Auto Policy General settings - In our example, we...
... box, select VPNclient which is not supplied to NETGEAR FVL328 or FWAG114 VPN Router G-5 May 2004, 202-10030-02 NETGEAR VPN Client to the remote VPN endpoint. This will take you to identify this policy. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 3. Enter a unique name to the VPN Policies Menu page. Figure G-3: NETGEAR FVL328 VPN - Auto Policy General settings - In our example, we...
FVL328 Reference Manual
Page 200
...FVL328 Prosafe High Speed VPN Firewall Connection Remote Party Identity and Addressing ID Type field, as the start IP Address of the FVL328 (255.255.255.0 in our example) in the SA Life Time (Seconds) field. - Check the IPSec PFS check box to NETGEAR FVL328 or FWAG114 VPN Router... May 2004, 202-10030-02 Type the starting LAN IP Address of the FVL328. Select the Enable Encryption check box. This will have a dynamically assigned IP address. G-6 NETGEAR VPN Client to enable Perfect Forward Secrecy. Type 0...
...FVL328 Prosafe High Speed VPN Firewall Connection Remote Party Identity and Addressing ID Type field, as the start IP Address of the FVL328 (255.255.255.0 in our example) in the SA Life Time (Seconds) field. - Check the IPSec PFS check box to NETGEAR FVL328 or FWAG114 VPN Router... May 2004, 202-10030-02 Type the starting LAN IP Address of the FVL328. Select the Enable Encryption check box. This will have a dynamically assigned IP address. G-6 NETGEAR VPN Client to enable Perfect Forward Secrecy. Type 0...
FVL328 Reference Manual
Page 201
... Enable check box to NETGEAR FVL328 or FWAG114 VPN Router G-7 May 2004, 202-10030-02 When the screen returns to the VPN Policies, make sure the Enable check box is the drive letter of the FVL328 Firewall B Note: The FVL328 Prosafe High Speed VPN Firewall has the ability to select...Select Enable Authentication in this with the Authentication Protocol (AH) option. NETGEAR VPN Client to enable networking features like Windows Network Neighborhood. The FVL328.SPD file on the FVL328 Prosafe High Speed VPN Firewall Resource CD (230-10061-02) includes all the settings identified in...
... Enable check box to NETGEAR FVL328 or FWAG114 VPN Router G-7 May 2004, 202-10030-02 When the screen returns to the VPN Policies, make sure the Enable check box is the drive letter of the FVL328 Firewall B Note: The FVL328 Prosafe High Speed VPN Firewall has the ability to select...Select Enable Authentication in this with the Authentication Protocol (AH) option. NETGEAR VPN Client to enable networking features like Windows Network Neighborhood. The FVL328.SPD file on the FVL328 Prosafe High Speed VPN Firewall Resource CD (230-10061-02) includes all the settings identified in...
FVL328 Reference Manual
Page 202
Note: Before installing the FVL328 Prosafe High Speed VPN Firewall software, be sure to turn off any virus protection or firewall software you may need to insert your Windows CD to the Internet through dialup, cable or DSL modem, or other means, and we will connect to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 Configure the Connection Network...
Note: Before installing the FVL328 Prosafe High Speed VPN Firewall software, be sure to turn off any virus protection or firewall software you may need to insert your Windows CD to the Internet through dialup, cable or DSL modem, or other means, and we will connect to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 Configure the Connection Network...
FVL328 Reference Manual
Page 203
...Gateway Tunnel check box is selected. - In the Protocol menu, All is selected. Figure G-6: My Identity NETGEAR VPN Client to FVL328. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure G-5: Security Policy Editor Options menu Note: If the configuration settings on this screen...Security Policy list, click the My Identity subheading. From the Edit menu of the FVL328. Rename the "New Connection" to NETGEAR FVL328 or FWAG114 VPN Router G-9 May 2004, 202-10030-02 Enter FVL328 in the Mask field, which is selected. - a. A "New Connection" listing...
...Gateway Tunnel check box is selected. - In the Protocol menu, All is selected. Figure G-6: My Identity NETGEAR VPN Client to FVL328. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure G-5: Security Policy Editor Options menu Note: If the configuration settings on this screen...Security Policy list, click the My Identity subheading. From the Edit menu of the FVL328. Rename the "New Connection" to NETGEAR FVL328 or FWAG114 VPN Router G-9 May 2004, 202-10030-02 Enter FVL328 in the Mask field, which is selected. - a. A "New Connection" listing...
FVL328 Reference Manual
Page 204
... entered in this example, select Domain Name as the ID Type, and enter VPNclient. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 In this field: hr5xb84l6aa9r6 Figure G-8: Connection Identity Pre-Shared Key c. G-10 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 In the Network Security Policy list, click the Security Policy subheading...
... entered in this example, select Domain Name as the ID Type, and enter VPNclient. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 In this field: hr5xb84l6aa9r6 Figure G-8: Connection Identity Pre-Shared Key c. G-10 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 In the Network Security Policy list, click the Security Policy subheading...
FVL328 Reference Manual
Page 205
...Configure the Connection Security Policy In this procedure follow the VPNC guidelines. Configure the Authentication (Phase 1) Settings. NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 G-11 Select the Enable Perfect Forward Secrecy (PFS) check box. - ... - Select the Enable Replay Detection check box. 5. Figure G-10: Connection Security Policy Authentication (Phase 1) a. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure G-9: Security Policy b. For this example, ensure that the following settings are configured: -
...Configure the Connection Security Policy In this procedure follow the VPNC guidelines. Configure the Authentication (Phase 1) Settings. NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 G-11 Select the Enable Perfect Forward Secrecy (PFS) check box. - ... - Select the Enable Replay Detection check box. 5. Figure G-10: Connection Security Policy Authentication (Phase 1) a. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Figure G-9: Security Policy b. For this example, ensure that the following settings are configured: -
FVL328 Reference Manual
Page 206
..., select SHA-1. - In the Compression menu, select None. - In the Key Group menu, select Diffie-Hellman Group 2. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • Expand the Security Policy heading, then expand the Authentication (Phase 1) heading, and click on Proposal... settings are configured: - In the SA Life menu, select Unspecified. - In the Hash Alg, select SHA-1. - G-12 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 In the Encrypt Alg menu, select Triple DES. - In the SA Life, select Unspecified. -...
..., select SHA-1. - In the Compression menu, select None. - In the Key Group menu, select Diffie-Hellman Group 2. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 • Expand the Security Policy heading, then expand the Authentication (Phase 1) heading, and click on Proposal... settings are configured: - In the SA Life menu, select Unspecified. - In the Hash Alg, select SHA-1. - G-12 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 In the Encrypt Alg menu, select Triple DES. - In the SA Life, select Unspecified. -...
FVL328 Reference Manual
Page 207
... G-12: Security Policy Editor Global Policy Options b. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 6. Increase the Retransmit Interval period to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 G-13 Note: Whenever you attempt to Specify Internal Network Address check box and click OK. 7. NETGEAR VPN Client to 45 seconds. Select the Allow to access any...
... G-12: Security Policy Editor Global Policy Options b. Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 6. Increase the Retransmit Interval period to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 G-13 Note: Whenever you attempt to Specify Internal Network Address check box and click OK. 7. NETGEAR VPN Client to 45 seconds. Select the Allow to access any...
FVL328 Reference Manual
Page 208
... a request from the remote PC to open the popup menu. G-14 NETGEAR VPN Client to the FVL328 over the VPN tunnel 1. Figure G-13: Connecting the PC to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 Right-mouse-click on the remote PC with VPN communications. The FVL328 Firewall will report the results of the attempt to open the My...
... a request from the remote PC to open the popup menu. G-14 NETGEAR VPN Client to the FVL328 over the VPN tunnel 1. Figure G-13: Connecting the PC to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 Right-mouse-click on the remote PC with VPN communications. The FVL328 Firewall will report the results of the attempt to open the My...
FVL328 Reference Manual
Page 209
... click on the remote PC and enter the LAN IP Address of the VPN client connection can use the FVL328 Diagnostic utilities to test the VPN connection from the remote PC to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 G-15 Establish an Internet connection from the ....168.0.1 in this example. After a period of the FVL328. This will cause a continuous ping to the client PC. After a short wait, you can open a browser on the Windows Start button, then select Programs, then FVL328 Prosafe High Speed VPN Firewall, then either the Connection Monitor or Log Viewer.
... click on the remote PC and enter the LAN IP Address of the VPN client connection can use the FVL328 Diagnostic utilities to test the VPN connection from the remote PC to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 G-15 Establish an Internet connection from the ....168.0.1 in this example. After a period of the FVL328. This will cause a continuous ping to the client PC. After a short wait, you can open a browser on the Windows Start button, then select Programs, then FVL328 Prosafe High Speed VPN Firewall, then either the Connection Monitor or Log Viewer.
FVL328 Reference Manual
Page 210
... FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 The Log Viewer screen for a successful connection is shown below: Figure G-14: Log Viewer screen A sample Connection Monitor screen for a different connection is shown below: Figure G-15: Connection Monitor screen In this menu will change to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 G-16 NETGEAR VPN Client to...
... FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 The Log Viewer screen for a successful connection is shown below: Figure G-14: Log Viewer screen A sample Connection Monitor screen for a different connection is shown below: Figure G-15: Connection Monitor screen In this menu will change to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 G-16 NETGEAR VPN Client to...
FVL328 Reference Manual
Page 211
The FVL328 VPN Status screen for a successful connection is shown below: Figure G-16: FVL328 VPN Status screen NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 G-17 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Viewing the FVL328 VPN Status and Log Information Information on the FVL328 main menu. To view this screen, click the VPN Status link on the status of the VPN client connection can be viewed by opening the FVL328 VPN Status screen.
The FVL328 VPN Status screen for a successful connection is shown below: Figure G-16: FVL328 VPN Status screen NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02 G-17 Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 Viewing the FVL328 VPN Status and Log Information Information on the FVL328 main menu. To view this screen, click the VPN Status link on the status of the VPN client connection can be viewed by opening the FVL328 VPN Status screen.
FVL328 Reference Manual
Page 212
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 G-18 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2 G-18 NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router May 2004, 202-10030-02