FVS318 Reference Manual
Page 7
... 5-12 How to Configure Static Routes 5-13 Chapter 6 Virtual Private Networking Overview of VPN Configuration 6-1 Understanding How FVS318 VPN Tunnels Are Configured 6-2 Configuring VPN Network Connection Parameters 6-3 Configuring a SA Using IKE Main Mode 6-5 Configuring a SA Using IKE ...VPN 6-16 Monitoring the PC VPN Connection Using SafeNet Tools 6-26 How to Configure Manual Keys as an Alternative to IKE 6-28 How to Delete a Security Association 6-30 Blank VPN Tunnel Configuration Worksheets 6-31 Chapter 7 Managing Your Network Network Management Information 7-1 Viewing Router...
... 5-12 How to Configure Static Routes 5-13 Chapter 6 Virtual Private Networking Overview of VPN Configuration 6-1 Understanding How FVS318 VPN Tunnels Are Configured 6-2 Configuring VPN Network Connection Parameters 6-3 Configuring a SA Using IKE Main Mode 6-5 Configuring a SA Using IKE ...VPN 6-16 Monitoring the PC VPN Connection Using SafeNet Tools 6-26 How to Configure Manual Keys as an Alternative to IKE 6-28 How to Delete a Security Association 6-30 Blank VPN Tunnel Configuration Worksheets 6-31 Chapter 7 Managing Your Network Network Management Information 7-1 Viewing Router...
FVS318 Reference Manual
Page 8
... the ISP Connection 8-4 Troubleshooting a TCP/IP Network Using a Ping Utility 8-5 Testing the LAN Path to Your Firewall 8-6 Testing the Path from Your PC to a Remote Device 8-6 Restoring the Default Configuration and Password 8-7 Problems with Date and Time 8-8 Appendix A Technical Specifications Technical Specifications A-1 Appendix B Networks, Routing, and Firewall Basics Related Publications ...B-1 Basic Router Concepts B-1 What...
... the ISP Connection 8-4 Troubleshooting a TCP/IP Network Using a Ping Utility 8-5 Testing the LAN Path to Your Firewall 8-6 Testing the Path from Your PC to a Remote Device 8-6 Restoring the Default Configuration and Password 8-7 Problems with Date and Time 8-8 Appendix A Technical Specifications Technical Specifications A-1 Appendix B Networks, Routing, and Firewall Basics Related Publications ...B-1 Basic Router Concepts B-1 What...
FVS318 Reference Manual
Page 17
...(VPN) The FVS318 VPN Firewall provides a secure encrypted connection between your network from attacks and intrusions. Chapter 2 Introduction This chapter describes the features of these key features follows. Unlike simple Internet sharing routers ...VPN Communications Over the Internet • A Powerful, True Firewall • Content Filtering • Auto Uplink Ethernet Connection • Extensive Protocol Support • Easy Installation and Management • Helpful Status Indicators A description of the NETGEAR FVS318 Broadband ProSafe VPN Firewall . About the FVS318 The FVS318...
...(VPN) The FVS318 VPN Firewall provides a secure encrypted connection between your network from attacks and intrusions. Chapter 2 Introduction This chapter describes the features of these key features follows. Unlike simple Internet sharing routers ...VPN Communications Over the Internet • A Powerful, True Firewall • Content Filtering • Auto Uplink Ethernet Connection • Extensive Protocol Support • Easy Installation and Management • Helpful Status Indicators A description of the NETGEAR FVS318 Broadband ProSafe VPN Firewall . About the FVS318 The FVS318...
FVS318 Reference Manual
Page 18
...routers, the FVS318 is compatible with many other VPN products. • Supports up to 256 bit AES encryption for maximum security. It is a true firewall, using stateful packet inspection to access objectionable Internet sites. You can configure the firewall ... attacks. You can also configure the firewall to send immediate alert messages to Internet content by screening for the Model FVS318 Broadband ProSafe VPN Firewall • Supports 8 VPN connections. • Supports industry standard VPN protocols The FVS318 VPN Firewall supports standard Manual or IKE keying methods...
...routers, the FVS318 is compatible with many other VPN products. • Supports up to 256 bit AES encryption for maximum security. It is a true firewall, using stateful packet inspection to access objectionable Internet sites. You can configure the firewall ... attacks. You can also configure the firewall to send immediate alert messages to Internet content by screening for the Model FVS318 Broadband ProSafe VPN Firewall • Supports 8 VPN connections. • Supports industry standard VPN protocols The FVS318 VPN Firewall supports standard Manual or IKE keying methods...
FVS318 Reference Manual
Page 24
... for the Model FVS318 Broadband ProSafe VPN Firewall LAN Configuration Requirements For the initial connection to the Internet and configuration of your ISP to provide it or you can try one or more of these configuration parameters to connect your firewall to the Internet:...connected using the active Internet access account, you with DHCP configuration. There are several ways you can gather the configuration information from the firewall via DHCP. Once you locate your Internet configuration parameters, you may also refer to the FVS318 Resource CD (SW-10021-01) for the NETGEAR Router...
... for the Model FVS318 Broadband ProSafe VPN Firewall LAN Configuration Requirements For the initial connection to the Internet and configuration of your ISP to provide it or you can try one or more of these configuration parameters to connect your firewall to the Internet:...connected using the active Internet access account, you with DHCP configuration. There are several ways you can gather the configuration information from the firewall via DHCP. Once you locate your Internet configuration parameters, you may also refer to the FVS318 Resource CD (SW-10021-01) for the NETGEAR Router...
FVS318 Reference Manual
Page 27
... Cable or DSL Modem to the Internet 3-5 M-10146-01 B Cable or DSL modem Figure 3-3: Connect the computers on the router to make the right connection. Connecting the Firewall to the firewall d. connecting to a PC) or an 'uplink' connection (e.g. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall c. Each LAN Ethernet port will accommodate either type of cable to your computer. This...
... Cable or DSL Modem to the Internet 3-5 M-10146-01 B Cable or DSL modem Figure 3-3: Connect the computers on the router to make the right connection. Connecting the Firewall to the firewall d. connecting to a PC) or an 'uplink' connection (e.g. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall c. Each LAN Ethernet port will accommodate either type of cable to your computer. This...
FVS318 Reference Manual
Page 31
...be called Host Name) and Domain Name. If you leave the Domain Name field blank, the firewall will automatically log you in Figure 3-7: Figure 3-7: Setup Wizard menu for the Model FVS318 Broadband ProSafe VPN Firewall Wizard-Detected PPPoE Option If the Setup Wizard determines that your ISP does not automatically transmit DNS ... by your Account Name (may be directed to a menu like the PPPoE menu in . 3. Enter your ISP. Entering zero will keep the router connected to the firewall during login, select "Use these DNS servers" and enter the IP address of your ISP's Primary DNS Server.
...be called Host Name) and Domain Name. If you leave the Domain Name field blank, the firewall will automatically log you in Figure 3-7: Figure 3-7: Setup Wizard menu for the Model FVS318 Broadband ProSafe VPN Firewall Wizard-Detected PPPoE Option If the Setup Wizard determines that your ISP does not automatically transmit DNS ... by your Account Name (may be directed to a menu like the PPPoE menu in . 3. Enter your ISP. Entering zero will keep the router connected to the firewall during login, select "Use these DNS servers" and enter the IP address of your ISP's Primary DNS Server.
FVS318 Reference Manual
Page 33
...address of that your Internet connection. If the NETGEAR website does not appear within one or two DNS servers to your firewall during login. Typically your PCs after configuring the firewall. 3. If you enter an address here, you are now using. The Router's MAC Address is allowed... card in your PC when your firewall to masquerade as www.netgear.com) to Chapter 8, Troubleshooting". If the ISP does not transfer an address, you can type in Figure 3-9 below: Figure 3-9: Setup Wizard menu for the Model FVS318 Broadband ProSafe VPN Firewall A DNS server is first opened....
...address of that your Internet connection. If the NETGEAR website does not appear within one or two DNS servers to your firewall during login. Typically your PCs after configuring the firewall. 3. If you enter an address here, you are now using. The Router's MAC Address is allowed... card in your PC when your firewall to masquerade as www.netgear.com) to Chapter 8, Troubleshooting". If the ISP does not transfer an address, you can type in Figure 3-9 below: Figure 3-9: Setup Wizard menu for the Model FVS318 Broadband ProSafe VPN Firewall A DNS server is first opened....
FVS318 Reference Manual
Page 34
...'s gateway router. Click on the Test button to test your firewall, launch a browser such as Dial-Up Networking or Enternet to connect, log in "Worksheet for Recording Your Internet Connection Information" ...connected to your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 8, Troubleshooting. The following chapters describe how to configure the Advanced features of your PCs after configuring the firewall for the Model FVS318 Broadband ProSafe VPN Firewall 1. Testing Your Internet Connection After completing the Internet connection...
...'s gateway router. Click on the Test button to test your firewall, launch a browser such as Dial-Up Networking or Enternet to connect, log in "Worksheet for Recording Your Internet Connection Information" ...connected to your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 8, Troubleshooting. The following chapters describe how to configure the Advanced features of your PCs after configuring the firewall for the Model FVS318 Broadband ProSafe VPN Firewall 1. Testing Your Internet Connection After completing the Internet connection...
FVS318 Reference Manual
Page 36
The Gateway is the ISP's router to which your firewall will register the Ethernet MAC address of the network interface card in the settings according to the firewall during login, select "Use these settings take effect. Some ISPs will connect. e. If your ISP assigned. Enter your PC,... the IP address that your Internet connection does not require a login, click No at the top of that is available, enter it . Domain Name Server (DNS) Address: If you a permanent, fixed (static) IP address for the Model FVS318 Broadband ProSafe VPN Firewall 2. Gateway's MAC Address: This ...
The Gateway is the ISP's router to which your firewall will register the Ethernet MAC address of the network interface card in the settings according to the firewall during login, select "Use these settings take effect. Some ISPs will connect. e. If your ISP assigned. Enter your PC,... the IP address that your Internet connection does not require a login, click No at the top of that is available, enter it . Domain Name Server (DNS) Address: If you a permanent, fixed (static) IP address for the Model FVS318 Broadband ProSafe VPN Firewall 2. Gateway's MAC Address: This ...
FVS318 Reference Manual
Page 58
...) server, allowing it is assigned to meet the MTU requirement. Using the Router as a DHCP Server By default, the Firewall will manually configure the network settings of your computers, clear the 'Use router as DHCP server' check box. If another device on page B-10 for ...for your ISP connection. IP addresses will need to the attached PCs from a pool of the Firewall are satisfactory. For some ISPs, particularly some using PPPoE, your network will be assigned to reduce the MTU manually. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Note: If you...
...) server, allowing it is assigned to meet the MTU requirement. Using the Router as a DHCP Server By default, the Firewall will manually configure the network settings of your computers, clear the 'Use router as DHCP server' check box. If another device on page B-10 for ...for your ISP connection. IP addresses will need to the attached PCs from a pool of the Firewall are satisfactory. For some ISPs, particularly some using PPPoE, your network will be assigned to reduce the MTU manually. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Note: If you...
FVS318 Reference Manual
Page 59
... until the next time the PC contacts the router's DHCP server. Click the Add button. 2. In the IP Address box, type the IP address to assign to servers that require permanent IP settings. Tip: If the PC is the Firewall's LAN IP address • Primary DNS Server...address from the router's LAN subnet, such as 192.168.0.X. 3. To edit or delete a reserved address entry: 1. If you connect to Specify Reserved IP Addresses When you entered a Primary DNS address in the Basic Settings menu • WINS Server, short for the Model FVS318 Broadband ProSafe VPN Firewall The Firewall will always ...
... until the next time the PC contacts the router's DHCP server. Click the Add button. 2. In the IP Address box, type the IP address to assign to servers that require permanent IP settings. Tip: If the PC is the Firewall's LAN IP address • Primary DNS Server...address from the router's LAN subnet, such as 192.168.0.X. 3. To edit or delete a reserved address entry: 1. If you connect to Specify Reserved IP Addresses When you entered a Primary DNS address in the Basic Settings menu • WINS Server, short for the Model FVS318 Broadband ProSafe VPN Firewall The Firewall will always ...
FVS318 Reference Manual
Page 62
...must configure static routes only for your dynamic DNS account. 7. For example, for connecting to the company where you do not need to an ISP. • You have an ISDN router on your configuration. Type the FQDN that your dynamic DNS service provider gave you...service' list, and register for the Model FVS318 Broadband ProSafe VPN Firewall 3. Using Static Routes Static Routes provide additional routing information to www.oray.net. 4. Reference Manual for an account. If your ISP assigns a private WAN IP address such as multiple routers or multiple IP subnets located on the ...
...must configure static routes only for your dynamic DNS account. 7. For example, for connecting to the company where you do not need to an ISP. • You have an ISDN router on your configuration. Type the FQDN that your dynamic DNS service provider gave you...service' list, and register for the Model FVS318 Broadband ProSafe VPN Firewall 3. Using Static Routes Static Routes provide additional routing information to www.oray.net. 4. Reference Manual for an account. If your ISP assigns a private WAN IP address such as multiple routers or multiple IP subnets located on the ...
FVS318 Reference Manual
Page 64
The static route will not be a router on the same LAN segment as the Metric value. If the destination is for the Model FVS318 Broadband ProSafe VPN Firewall a. Type a number between your network and the destination. Reference Manual for identification purpose only. Type a route name for this is a direct connection, set it to 1. 4. Select Private if you...
The static route will not be a router on the same LAN segment as the Metric value. If the destination is for the Model FVS318 Broadband ProSafe VPN Firewall a. Type a number between your network and the destination. Reference Manual for identification purpose only. Type a route name for this is a direct connection, set it to 1. 4. Select Private if you...
FVS318 Reference Manual
Page 65
... the FVS318 VPN Firewall. Virtual Private Networking 6-1 M-10146-01 VPN tunnels provide secure, encrypted communications between a remote computer and a network. VPN tunnels also enable access to network resources when NAT is a good way to an office network. Figure 6-1: Secure access through FVS318 VPN routers The FVS318 supports these configurations: • Secure access between networks, such as a telecommuter connecting to connect branch...
... the FVS318 VPN Firewall. Virtual Private Networking 6-1 M-10146-01 VPN tunnels provide secure, encrypted communications between a remote computer and a network. VPN tunnels also enable access to network resources when NAT is a good way to an office network. Figure 6-1: Secure access through FVS318 VPN routers The FVS318 supports these configurations: • Secure access between networks, such as a telecommuter connecting to connect branch...
FVS318 Reference Manual
Page 66
... the Model FVS318 Broadband ProSafe VPN Firewall VPN client access allows a remote PC to connect to your network is the other tunnel endpoint • The FVS318 VPN Firewall supports up to eight concurrent tunnels. The FVS318 VPN Firewall router on your network from any location on the FVS318. NETGEAR provides support for connections between NETGEAR VPN Firewalls, and between an FVS318 VPN Firewall and the SafeNet SoftRemote VPN Client for additional VPN information. Identifies...
... the Model FVS318 Broadband ProSafe VPN Firewall VPN client access allows a remote PC to connect to your network is the other tunnel endpoint • The FVS318 VPN Firewall supports up to eight concurrent tunnels. The FVS318 VPN Firewall router on your network from any location on the FVS318. NETGEAR provides support for connections between NETGEAR VPN Firewalls, and between an FVS318 VPN Firewall and the SafeNet SoftRemote VPN Client for additional VPN information. Identifies...
FVS318 Reference Manual
Page 68
Enter a subnet for the Model FVS318 Broadband ProSafe VPN Firewall The FVS318 VPN tunnel network connection fields are defined in the following table. For a discussion of the VPN tunnel. Reference Manual for the remote LAN. This name must be accessed Use this field to manage what... finish Local IP addresses. 3. Tunnel can choose one of 255.255.255.255. Then enter the NAT router's public (WAN) IP address or FQDN in the remote connection can use this endpoint. Enter the remote WAN IP address or FQDN. Table 6-1. Local IPSec identifier Enter ...
Enter a subnet for the Model FVS318 Broadband ProSafe VPN Firewall The FVS318 VPN tunnel network connection fields are defined in the following table. For a discussion of the VPN tunnel. Reference Manual for the remote LAN. This name must be accessed Use this field to manage what... finish Local IP addresses. 3. Tunnel can choose one of 255.255.255.255. Then enter the NAT router's public (WAN) IP address or FQDN in the remote connection can use this endpoint. Enter the remote WAN IP address or FQDN. Table 6-1. Local IPSec identifier Enter ...
FVS318 Reference Manual
Page 78
...VPN tunnel to connecting to just that FVS318 must unique in this VPN tunnel, you could use FQDN, that device. • Remote LAN IP Address in the FVS318 on LAN B: 192.168.3.1 and Remote Subnet Mask in the FVS318 on LAN B: 255.255.255.0 This is the LAN IP Address for the Model FVS318 Broadband ProSafe VPN Firewall... the VPN tunnel to connecting to just those devices. c. For each FVS318, fill in the Connection Name VPN settings as the WAN IP Address for the FVS318 on LAN B by viewing its Maintenance menu Router Status link. When the FVS318 on LAN B is connected to any...
...VPN tunnel to connecting to just that FVS318 must unique in this VPN tunnel, you could use FQDN, that device. • Remote LAN IP Address in the FVS318 on LAN B: 192.168.3.1 and Remote Subnet Mask in the FVS318 on LAN B: 255.255.255.0 This is the LAN IP Address for the Model FVS318 Broadband ProSafe VPN Firewall... the VPN tunnel to connecting to just those devices. c. For each FVS318, fill in the Connection Name VPN settings as the WAN IP Address for the FVS318 on LAN B by viewing its Maintenance menu Router Status link. When the FVS318 on LAN B is connected to any...
FVS318 Reference Manual
Page 80
... (or Soft-PK) Secure VPN Client for the Model FVS318 Broadband ProSafe VPN Firewall c. Figure 6-11: Ping test results At this point the connection is working, whenever a PC on the first LAN, the Firewalls will automatically establish the connection. FVS318 A 24.0.0.1 VPN Tunnel 192.168.3.1 Figure 6-12: Remote PC to NETGEAR's web site for example, if your VPN connection is established. After between...
... (or Soft-PK) Secure VPN Client for the Model FVS318 Broadband ProSafe VPN Firewall c. Figure 6-11: Ping test results At this point the connection is working, whenever a PC on the first LAN, the Firewalls will automatically establish the connection. FVS318 A 24.0.0.1 VPN Tunnel 192.168.3.1 Figure 6-12: Remote PC to NETGEAR's web site for example, if your VPN connection is established. After between...
FVS318 Reference Manual
Page 88
...range of encryption to be used for the Model FVS318 Broadband ProSafe VPN Firewall • Expand the Authentication subheading by double clicking its name or clicking on the "+" symbol. This selection must match your PC will automatically open the VPN connection when you will provide the type of encryption (...menu, select None. • Check the Encapsulation Protocol (ESP) checkbox. • In the Encrypt Alg menu, select the type of the remote VPN router's LAN. 6-24 M-10146-01 Virtual Private Networking In this example, use DES. • In the Hash Alg menu, select MD5. •...
...range of encryption to be used for the Model FVS318 Broadband ProSafe VPN Firewall • Expand the Authentication subheading by double clicking its name or clicking on the "+" symbol. This selection must match your PC will automatically open the VPN connection when you will provide the type of encryption (...menu, select None. • Check the Encapsulation Protocol (ESP) checkbox. • In the Encrypt Alg menu, select the type of the remote VPN router's LAN. 6-24 M-10146-01 Virtual Private Networking In this example, use DES. • In the Hash Alg menu, select MD5. •...