FVS318 Reference Manual
Page 10
... the Process Before You Begin D-6 VPN Process Overview D-7 Network Interfaces and Addresses D-7 Interface Addressing D-7 Firewalls ...D-8 Setting Up a VPN Tunnel Between Gateways D-8 VPNC IKE Security Parameters D-10 VPNC IKE Phase I Parameters D-10 VPNC IKE Phase II Parameters D-11 Testing and Troubleshooting D-11 Additional Reading ...D-11 Appendix E NETGEAR VPN Configuration of FVS318 or FVM318 to FVL328 Configuration Profile...
... the Process Before You Begin D-6 VPN Process Overview D-7 Network Interfaces and Addresses D-7 Interface Addressing D-7 Firewalls ...D-8 Setting Up a VPN Tunnel Between Gateways D-8 VPNC IKE Security Parameters D-10 VPNC IKE Phase I Parameters D-10 VPNC IKE Phase II Parameters D-11 Testing and Troubleshooting D-11 Additional Reading ...D-11 Appendix E NETGEAR VPN Configuration of FVS318 or FVM318 to FVL328 Configuration Profile...
FVS318 Reference Manual
Page 66
.... Reference Manual for additional VPN information. The FVS318 VPN Firewall router on your network from any location on the Internet. However, due to your network is the complete URL of information: • Connection. This manual is slightly slower than Main Mode but more secure. - Please see NETGEAR's web site for the Model FVS318 Broadband ProSafe VPN Firewall VPN client access allows...
.... Reference Manual for additional VPN information. The FVS318 VPN Firewall router on your network from any location on the Internet. However, due to your network is the complete URL of information: • Connection. This manual is slightly slower than Main Mode but more secure. - Please see NETGEAR's web site for the Model FVS318 Broadband ProSafe VPN Firewall VPN client access allows...
FVS318 Reference Manual
Page 68
...the start IP address and subnet mask. For a discussion of a department on page B-4. 2. A single remote address, such as the Remote IPSec Identifier. Then enter the NAT router's public (WAN) IP address or FQDN in the Remote WAN IP or FQDN field below. 4. The Remote WAN IP or FQDN. It... Local IP addresses. 4. Enter the start IP Address field, along with the designated devices on page B-4. 3. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall The FVS318 VPN tunnel network connection fields are defined in the following four options: 1.
...the start IP address and subnet mask. For a discussion of a department on page B-4. 2. A single remote address, such as the Remote IPSec Identifier. Then enter the NAT router's public (WAN) IP address or FQDN in the Remote WAN IP or FQDN field below. 4. The Remote WAN IP or FQDN. It... Local IP addresses. 4. Enter the start IP Address field, along with the designated devices on page B-4. 3. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall The FVS318 VPN tunnel network connection fields are defined in the following four options: 1.
FVS318 Reference Manual
Page 74
...- The Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting these values using a dynamic DNS service for the Model FVS318 Broadband ProSafe VPN Firewall • Will the local end be any device on the remote LAN, a portion of the remote network (as its encryption technique in which you... the data three times using DES with a dynamic IP address must specify each phase of the connection? • For the WAN connection, what level of IPSec VPN encryption will you use? - AES - 128, - 192, or - 256. The the key length can be specified to 128, 192 or 256 bits.The ...
...- The Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting these values using a dynamic DNS service for the Model FVS318 Broadband ProSafe VPN Firewall • Will the local end be any device on the remote LAN, a portion of the remote network (as its encryption technique in which you... the data three times using DES with a dynamic IP address must specify each phase of the connection? • For the WAN connection, what level of IPSec VPN encryption will you use? - AES - 128, - 192, or - 256. The the key length can be specified to 128, 192 or 256 bits.The ...
FVS318 Reference Manual
Page 75
... to an FVS318 Follow this example. A blank worksheet is provided at page 6-31. Null, DES, 3DES, or AES -128, -192, or -256: DES Key Life in seconds: 3600 (1 hour) IKE Life Time in seconds: 28800 (8 hours) Network Local IPSec ID LAN IP... this procedure to configure a VPN tunnel between two FVS318 VPN Firewalls. The worksheet below shows the settings for the Model FVS318 Broadband ProSafe VPN Firewall How to Configure a Network to Network VPN Tunnel A VPN Tunnel B Figure 6-6: LAN to LAN VPN access through an FVS318 to Network IKE VPN Tunnel Configuration Worksheet IKE Security ...
... to an FVS318 Follow this example. A blank worksheet is provided at page 6-31. Null, DES, 3DES, or AES -128, -192, or -256: DES Key Life in seconds: 3600 (1 hour) IKE Life Time in seconds: 28800 (8 hours) Network Local IPSec ID LAN IP... this procedure to configure a VPN tunnel between two FVS318 VPN Firewalls. The worksheet below shows the settings for the Model FVS318 Broadband ProSafe VPN Firewall How to Configure a Network to Network VPN Tunnel A VPN Tunnel B Figure 6-6: LAN to LAN VPN access through an FVS318 to Network IKE VPN Tunnel Configuration Worksheet IKE Security ...
FVS318 Reference Manual
Page 78
...VPN network. • Local IPSec Identifier in the FVS318 on LAN B: LAN_B • Remote IPSec Identifier in the FVS318 on LAN A: LAN_B • Remote IPSec Identifier in the FVS318 on LAN B: LAN_A • Remote LAN IP Address in the FVS318 on LAN A: 192.168.0.1 and Remote Subnet Mask in this VPN... Router Status link. Alternatively, you can specify the IP address of a single address on LAN B and a Subnet Mask of the FVS318 ...FVS318 on LAN B: 192.168.3.1 and Remote Subnet Mask in the FVS318 on LAN B: 255.255.255.0 This is the LAN IP Address for the Model FVS318 Broadband ProSafe VPN Firewall...
...VPN network. • Local IPSec Identifier in the FVS318 on LAN B: LAN_B • Remote IPSec Identifier in the FVS318 on LAN A: LAN_B • Remote IPSec Identifier in the FVS318 on LAN B: LAN_A • Remote LAN IP Address in the FVS318 on LAN A: 192.168.0.1 and Remote Subnet Mask in this VPN... Router Status link. Alternatively, you can specify the IP address of a single address on LAN B and a Subnet Mask of the FVS318 ...FVS318 on LAN B: 192.168.3.1 and Remote Subnet Mask in the FVS318 on LAN B: 255.255.255.0 This is the LAN IP Address for the Model FVS318 Broadband ProSafe VPN Firewall...
FVS318 Reference Manual
Page 80
Now that supports IPSec. How to Configure a Remote PC to Local LAN (A) configuration 6-16 M-10146-01 Virtual Private Networking Note: If your situation is different, for additional VPN applications information. NETGEAR recommends and supports the SafeNet SoftRemote (or Soft-PK) Secure VPN Client for the Model FVS318 Broadband ProSafe VPN Firewall c. FVS318 A 24.0.0.1 VPN Tunnel 192.168.3.1 Figure 6-12: Remote PC...
Now that supports IPSec. How to Configure a Remote PC to Local LAN (A) configuration 6-16 M-10146-01 Virtual Private Networking Note: If your situation is different, for additional VPN applications information. NETGEAR recommends and supports the SafeNet SoftRemote (or Soft-PK) Secure VPN Client for the Model FVS318 Broadband ProSafe VPN Firewall c. FVS318 A 24.0.0.1 VPN Tunnel 192.168.3.1 Figure 6-12: Remote PC...
FVS318 Reference Manual
Page 81
...) IKE Life Time in the procedure below : Virtual Private Networking M-10146-01 6-17 Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall The worksheet below identifies the parameters used in seconds: 28800 (8 hours) Network Local IPSec ID LAN IP Address Subnet Mask FQDN or Gateway IP (WAN IP Address) Network: LAN A LANAPCIPSEC 192.168...
...) IKE Life Time in the procedure below : Virtual Private Networking M-10146-01 6-17 Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall The worksheet below identifies the parameters used in seconds: 28800 (8 hours) Network Local IPSec ID LAN IP Address Subnet Mask FQDN or Gateway IP (WAN IP Address) Network: LAN A LANAPCIPSEC 192.168...
FVS318 Reference Manual
Page 82
Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Figure 6-13: VPN Edit menu for connecting with a VPN client b. Fill in the Connection Name VPN settings as illustrated. • Connection Name: VPNLANPC • Local IPSec Identifier: LANAPCIPSEC Note: This IPSec name must not be used in any other SA in the configuration of the VPN client. This IP address will...
Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Figure 6-13: VPN Edit menu for connecting with a VPN client b. Fill in the Connection Name VPN settings as illustrated. • Connection Name: VPNLANPC • Local IPSec Identifier: LANAPCIPSEC Note: This IPSec name must not be used in any other SA in the configuration of the VPN client. This IP address will...
FVS318 Reference Manual
Page 83
...provides greater security. • Key Life - e. Install the SafeNet Secure VPN Client. • You may have a modem or dial-up adapter be temporarily disconnected upon renegotiation. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall • Remote WAN IP Address: 0.0.0.0 since the remote PC has a... For Encryption Protocol, select: DES • Enter the case sensitive Pre-Shared Key: r>T(h4&3@#kB This combination of the VPN Adapter or the IPSec Component. Reboot your PC, you may be sure to save the Security Association tunnel settings into the table. 2. Set Up...
...provides greater security. • Key Life - e. Install the SafeNet Secure VPN Client. • You may have a modem or dial-up adapter be temporarily disconnected upon renegotiation. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall • Remote WAN IP Address: 0.0.0.0 since the remote PC has a... For Encryption Protocol, select: DES • Enter the case sensitive Pre-Shared Key: r>T(h4&3@#kB This combination of the VPN Adapter or the IPSec Component. Reboot your PC, you may be sure to save the Security Association tunnel settings into the table. 2. Set Up...
FVS318 Reference Manual
Page 95
... in seconds: Network Local IPSec ID LAN IP Address Subnet Mask FQDN or Gateway IP (WAN IP Address) Virtual Private Networking M-10146-01 6-31 Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Blank VPN Tunnel Configuration Worksheets The blank... configuration worksheets below are provided to Network IKE VPN Tunnel Configuration Worksheet IKE Tunnel Security Association Settings Connection Name: Pre-...
... in seconds: Network Local IPSec ID LAN IP Address Subnet Mask FQDN or Gateway IP (WAN IP Address) Virtual Private Networking M-10146-01 6-31 Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Blank VPN Tunnel Configuration Worksheets The blank... configuration worksheets below are provided to Network IKE VPN Tunnel Configuration Worksheet IKE Tunnel Security Association Settings Connection Name: Pre-...
FVS318 Reference Manual
Page 96
Null, DES, 3DES, or AES -128, -192, or -256: Key Life in seconds: IKE Life Time in seconds: Network Network: PC: Local IPSec ID LAN IP Address Subnet Mask FQDN or Gateway IP (WAN IP Address) 6-32 M-10146-01 Virtual Private Networking Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Table 6-4: PC to Network IKE VPN Tunnel Settings Configuration Worksheet IKE Tunnel Security Association Settings Connection Name: Pre-Shared Key: Secure Association -- Main Mode, Aggressive Mode, or Manual Keys: Perfect Forward Secrecy: Encryption Protocol --
Null, DES, 3DES, or AES -128, -192, or -256: Key Life in seconds: IKE Life Time in seconds: Network Network: PC: Local IPSec ID LAN IP Address Subnet Mask FQDN or Gateway IP (WAN IP Address) 6-32 M-10146-01 Virtual Private Networking Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Table 6-4: PC to Network IKE VPN Tunnel Settings Configuration Worksheet IKE Tunnel Security Association Settings Connection Name: Pre-Shared Key: Secure Association -- Main Mode, Aggressive Mode, or Manual Keys: Perfect Forward Secrecy: Encryption Protocol --
FVS318 Reference Manual
Page 159
... connection over any type of connecting home users is also used to tap directly into the network and read the data. IPSec-based VPNs can be created over the Internet. These locations range from other traffic so that the data flowing across the network is... a remote employee's home. A key aspect of the most complete, secure, and commercially available, standards-based protocols developed for transporting data. IPSec-based VPNs use encryption to provide data security, which is used for sharing applications and files. Often this , organizations are traditionally used for e-mail and...
... connection over any type of connecting home users is also used to tap directly into the network and read the data. IPSec-based VPNs can be created over the Internet. These locations range from other traffic so that the data flowing across the network is... a remote employee's home. A key aspect of the most complete, secure, and commercially available, standards-based protocols developed for transporting data. IPSec-based VPNs use encryption to provide data security, which is used for sharing applications and files. Often this , organizations are traditionally used for e-mail and...
FVS318 Reference Manual
Page 160
Common uses for extranet connections. What Is IPSec and How Does It Work? Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall • Remote Access: Remote access enables telecommuters and mobile workers to connection costs, time delays, and... access availability. A packet is a data bundle that is the most secure method commercially available for connecting network sites. IPSec Security Features IPSec is ...
Common uses for extranet connections. What Is IPSec and How Does It Work? Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall • Remote Access: Remote access enables telecommuters and mobile workers to connection costs, time delays, and... access availability. A packet is a data bundle that is the most secure method commercially available for connecting network sites. IPSec Security Features IPSec is ...
FVS318 Reference Manual
Page 161
...hide the message content. Using ESP authentication, ESP provides authentication and integrity for the payload and not for the Model FVS318 Broadband ProSafe VPN Firewall • Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity. • Authentication Header (AH): Provides ... header. Furthermore, packets that are not authenticated are discarded and not delivered to a readable message. The algorithms IPSec uses produce a unique and unforgeable identifier for implementing industry standard algorithms, such as SHA and MD5. In addition...
...hide the message content. Using ESP authentication, ESP provides authentication and integrity for the payload and not for the Model FVS318 Broadband ProSafe VPN Firewall • Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity. • Authentication Header (AH): Provides ... header. Furthermore, packets that are not authenticated are discarded and not delivered to a readable message. The algorithms IPSec uses produce a unique and unforgeable identifier for implementing industry standard algorithms, such as SHA and MD5. In addition...
FVS318 Reference Manual
Page 162
... anti-replay protection, which protects against unauthorized retransmission of two unidirectional SAs, which protect against data tampering, using the defined IPSec protocols. An SA provides data protection for the Model FVS318 Broadband ProSafe VPN Firewall The ESP header is inserted into the packet between the IP header and any subsequent packet contents. However, because ESP...
... anti-replay protection, which protects against unauthorized retransmission of two unidirectional SAs, which protect against data tampering, using the defined IPSec protocols. An SA provides data protection for the Model FVS318 Broadband ProSafe VPN Firewall The ESP header is inserted into the packet between the IP header and any subsequent packet contents. However, because ESP...
FVS318 Reference Manual
Page 163
... in both transport mode or tunnel mode. therefore, an attacker can be used for the Model FVS318 Broadband ProSafe VPN Firewall Mode SAs operate using modes. Figure D-3: Original packet and packet with IPSec ESP in the IP header; IPSec can learn where the packet is coming from and where it is going to. Reference Manual for...
... in both transport mode or tunnel mode. therefore, an attacker can be used for the Model FVS318 Broadband ProSafe VPN Firewall Mode SAs operate using modes. Figure D-3: Original packet and packet with IPSec ESP in the IP header; IPSec can learn where the packet is coming from and where it is going to. Reference Manual for...
FVS318 Reference Manual
Page 164
... can access it is a member of refreshing keys; Other good sources include: • The NETGEAR VPN Tutorial - http://www.netgear.com/planetvpn/pvpn_2.html • The VPN Consortium - D-6 Virtual Private Networking M-10146-01 Understand the Process Before You Begin This document provides... to be necessary, and all the necessary information required to establish a VPN before you begin the configuration process. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Key Management IPSec uses the Internet Key Exchange (IKE) protocol to facilitate and automate the...
... can access it is a member of refreshing keys; Other good sources include: • The NETGEAR VPN Tutorial - http://www.netgear.com/planetvpn/pvpn_2.html • The VPN Consortium - D-6 Virtual Private Networking M-10146-01 Understand the Process Before You Begin This document provides... to be necessary, and all the necessary information required to establish a VPN before you begin the configuration process. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Key Management IPSec uses the Internet Key Exchange (IKE) protocol to facilitate and automate the...
FVS318 Reference Manual
Page 165
... interface" in the example. Please note that the addresses used in documentation regarding the construction of VPN communication. These addresses are attempting to connect via IPSec VPN. 10.5.6.0/24 VPNC Example Network Interface Addressing 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A 14.15... "public" facing address (WAN side) and a "private" facing address (LAN side). Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall VPN Process Overview Even though IPSec is standards-based, each vendor has its own set of terms and procedures for each Gateway will be a good idea...
... interface" in the example. Please note that the addresses used in documentation regarding the construction of VPN communication. These addresses are attempting to connect via IPSec VPN. 10.5.6.0/24 VPNC Example Network Interface Addressing 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A 14.15... "public" facing address (WAN side) and a "private" facing address (LAN side). Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall VPN Process Overview Even though IPSec is standards-based, each vendor has its own set of terms and procedures for each Gateway will be a good idea...
FVS318 Reference Manual
Page 167
.... VPN Gateway IPSec Security Association IKE VPN Tunnel Negotiation Steps 1) Communication request sent to the gateways. Virtual Private Networking D-9 M-10146-01 The gateways contain this process is often referred to as a "tunnel." As illustrated below, the most common method of the negotiation procedures. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall VPN Gateway A VPN Tunnel VPN Gateway B Figure D-5: VPN...
.... VPN Gateway IPSec Security Association IKE VPN Tunnel Negotiation Steps 1) Communication request sent to the gateways. Virtual Private Networking D-9 M-10146-01 The gateways contain this process is often referred to as a "tunnel." As illustrated below, the most common method of the negotiation procedures. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall VPN Gateway A VPN Tunnel VPN Gateway B Figure D-5: VPN...