FVS318 Reference Manual
Page 66
...NETGEAR VPN Firewalls, and between an FVS318 VPN Firewall and the SafeNet SoftRemote VPN Client for additional VPN information. This manual is not possible for NETGEAR to provide specific technical support for every other VPN products, it is written based on your network from any location on the FVS318. Although the FVS318 can interoperate with many VPN...to variations in how manufacturers interpret these two kinds of the SafeNet client. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall VPN client access allows a remote PC to connect to your network is ...
...NETGEAR VPN Firewalls, and between an FVS318 VPN Firewall and the SafeNet SoftRemote VPN Client for additional VPN information. This manual is not possible for NETGEAR to provide specific technical support for every other VPN products, it is written based on your network from any location on the FVS318. Although the FVS318 can interoperate with many VPN...to variations in how manufacturers interpret these two kinds of the SafeNet client. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall VPN client access allows a remote PC to connect to your network is ...
FVS318 Reference Manual
Page 80
...VPN Client for the Model FVS318 Broadband ProSafe VPN Firewall c. The PC can be purchased from "timed out" to the first FVS318. Note: If your situation is working, whenever a PC on the first LAN, the Firewalls will automatically establish the connection. FVS318 A 24.0.0.1 VPN Tunnel 192.168.3.1 Figure 6-12: Remote PC to NETGEAR... an IP address on the second LAN needs to the Internet through a simple cable/DSL router, or if you wish to use different VPN client software, please refer to Local LAN (A) configuration 6-16 M-10146-01 Virtual Private Networking After...
...VPN Client for the Model FVS318 Broadband ProSafe VPN Firewall c. The PC can be purchased from "timed out" to the first FVS318. Note: If your situation is working, whenever a PC on the first LAN, the Firewalls will automatically establish the connection. FVS318 A 24.0.0.1 VPN Tunnel 192.168.3.1 Figure 6-12: Remote PC to NETGEAR... an IP address on the second LAN needs to the Internet through a simple cable/DSL router, or if you wish to use different VPN client software, please refer to Local LAN (A) configuration 6-16 M-10146-01 Virtual Private Networking After...
FVS318 Reference Manual
Page 82
... assigned dynamically. We will assume it is a single PC. 6-18 M-10146-01 Virtual Private Networking Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Figure 6-13: VPN Edit menu for connecting with a VPN client b. See "Configure the VPN Client Identity" on page 6-22. • Remote Subnet Mask: 255.255.255.255 since this connection. Fill in the Connection...
... assigned dynamically. We will assume it is a single PC. 6-18 M-10146-01 Virtual Private Networking Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall Figure 6-13: VPN Edit menu for connecting with a VPN client b. See "Configure the VPN Client Identity" on page 6-22. • Remote Subnet Mask: 255.255.255.255 since this connection. Fill in the Connection...
FVS318 Reference Manual
Page 83
...; IKE Life Time - Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall • Remote WAN IP Address: 0.0.0.0 since the remote PC has a dynamically assigned IP address. Default is not necessary. Default is 28800 seconds (8 hours). d. Set Up the SafeNet VPN Client Software on your PC after installing the client software.s Virtual Private Networking M-10146-01 6-19
...; IKE Life Time - Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall • Remote WAN IP Address: 0.0.0.0 since the remote PC has a dynamically assigned IP address. Default is not necessary. Default is 28800 seconds (8 hours). d. Set Up the SafeNet VPN Client Software on your PC after installing the client software.s Virtual Private Networking M-10146-01 6-19
FVS318 Reference Manual
Page 85
... the PFS Key Group. • Check the Enable Replay Detection checkbox. Figure 6-15: Security Policy Editor Security Policy • Select Main Mode in the SafeNet VPN Client Software. • In the Network Security Policy list, expand the new connection by double clicking its name or clicking on the Security Policy subheading to... Policy in the Select Phase 1 Negotiation Mode box. • Check the Enable Perfect Forward Secrecy (PFS) checkbox. • Select Diffie-Hellman Group 1 for the Model FVS318 Broadband ProSafe VPN Firewall c.
... the PFS Key Group. • Check the Enable Replay Detection checkbox. Figure 6-15: Security Policy Editor Security Policy • Select Main Mode in the SafeNet VPN Client Software. • In the Network Security Policy list, expand the new connection by double clicking its name or clicking on the Security Policy subheading to... Policy in the Select Phase 1 Negotiation Mode box. • Check the Enable Perfect Forward Secrecy (PFS) checkbox. • Select Diffie-Hellman Group 1 for the Model FVS318 Broadband ProSafe VPN Firewall c.
FVS318 Reference Manual
Page 86
... to Specify Internal Network Address checkbox and click OK. Configure the Global Policy Settings. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall d. Either a fixed IP address or a "fixed virtual" IP address of the VPN client PC. • In the Network Security Policy list on My Identity. 6-22 M-10146-01 Virtual Private Networking Figure 6-16...
... to Specify Internal Network Address checkbox and click OK. Configure the Global Policy Settings. Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall d. Either a fixed IP address or a "fixed virtual" IP address of the VPN client PC. • In the Network Security Policy list on My Identity. 6-22 M-10146-01 Virtual Private Networking Figure 6-16...
FVS318 Reference Manual
Page 87
... M-10146-01 6-23 In this box empty. This selection must match your Ethernet adapter if you will be used for the Model FVS318 Broadband ProSafe VPN Firewall Figure 6-17: Security Policy Editor My Identity • Choose None in the Select Certificate menu. • Select IP Address in the... In the Pre-Shared Key dialog box, click the Enter Key button. Select PPP Adapter in the Internal Network IP Address box. Configure the VPN Client Authentication Proposal. If you are using a virtual fixed IP address, enter this address in the Name menu if you have a dial-up Internet ...
... M-10146-01 6-23 In this box empty. This selection must match your Ethernet adapter if you will be used for the Model FVS318 Broadband ProSafe VPN Firewall Figure 6-17: Security Policy Editor My Identity • Choose None in the Select Certificate menu. • Select IP Address in the... In the Pre-Shared Key dialog box, click the Enter Key button. Select PPP Adapter in the Internal Network IP Address box. Configure the VPN Client Authentication Proposal. If you are using a virtual fixed IP address, enter this address in the Name menu if you have a dial-up Internet ...
FVS318 Reference Manual
Page 88
... Save Changes. Save the VPN Client Settings. Then select Proposal 1 below Authentication. • In the Authentication Method menu, select Pre-Shared key. • In the Encrypt Alg menu, select the type of the remote VPN router's LAN. 6-24 M-10146...-01 Virtual Private Networking In this example, use DES. • In the Hash Alg menu, select MD5. • In the Encapsulation menu, select Tunnel. • Leave the Authentication Protocol (AH) checkbox unchecked. In this step, you configured for the Model FVS318 Broadband ProSafe VPN Firewall...
... Save Changes. Save the VPN Client Settings. Then select Proposal 1 below Authentication. • In the Authentication Method menu, select Pre-Shared key. • In the Encrypt Alg menu, select the type of the remote VPN router's LAN. 6-24 M-10146...-01 Virtual Private Networking In this example, use DES. • In the Hash Alg menu, select MD5. • In the Encapsulation menu, select Tunnel. • Leave the Authentication Protocol (AH) checkbox unchecked. In this step, you configured for the Model FVS318 Broadband ProSafe VPN Firewall...
FVS318 Reference Manual
Page 90
To launch these functions, click on the progress and status of the VPN client connection can see the following: 6-26 M-10146-01 Virtual Private Networking The Log Viewer screen for a successful connection is shown below : Figure 6-... Viewer. Reference Manual for this connection is shown below : Figure 6-20: Log Viewer screen The Connection Monitor screen for the Model FVS318 Broadband ProSafe VPN Firewall Monitoring the PC VPN Connection Using SafeNet Tools Information on the Windows Start button, then select Programs, then SafeNet SoftRemote, then either the Connection Monitor or...
To launch these functions, click on the progress and status of the VPN client connection can see the following: 6-26 M-10146-01 Virtual Private Networking The Log Viewer screen for a successful connection is shown below : Figure 6-... Viewer. Reference Manual for this connection is shown below : Figure 6-20: Log Viewer screen The Connection Monitor screen for the Model FVS318 Broadband ProSafe VPN Firewall Monitoring the PC VPN Connection Using SafeNet Tools Information on the Windows Start button, then select Programs, then SafeNet SoftRemote, then either the Connection Monitor or...
FVS318 Reference Manual
Page 91
... M-10146-01 6-27 Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall • The FVS318 has a public IP WAN address of 134.177.100.11 • The FVS318 has a LAN IP address of 192.168.0.1 • The VPN client PC has a dynamically assigned address of 12.236.5.184 • The VPN client PC is using a "virtual fixed" IP address...
... M-10146-01 6-27 Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall • The FVS318 has a public IP WAN address of 134.177.100.11 • The FVS318 has a LAN IP address of 192.168.0.1 • The VPN client PC has a dynamically assigned address of 12.236.5.184 • The VPN client PC is using a "virtual fixed" IP address...
FVS318 Reference Manual
Page 221
... 5-4 R rear panel 2-6 Index requirements access device 3-1 hardware 3-1 Reserved IP Addresses 5-9 restore factory settings 7-11 RFC 1466 B-7, B-9 1597 B-7, B-9 1631 B-8, B-9 finding B-7 RIP (Router Information Protocol) 5-7 router concepts B-1 Routing Information Protocol 2-3, B-2 S SA 6-9, D-4 SafeNet Secure VPN Client 6-16 Scope of Document 1-1 Secondary DNS Server 3-9, 3-10, 3-12, 3-14 security association 6-9 service numbers 4-7 Services/Games 5-3 Setup Wizard 3-1 SHA-1 authentication 6-29...
... 5-4 R rear panel 2-6 Index requirements access device 3-1 hardware 3-1 Reserved IP Addresses 5-9 restore factory settings 7-11 RFC 1466 B-7, B-9 1597 B-7, B-9 1631 B-8, B-9 finding B-7 RIP (Router Information Protocol) 5-7 router concepts B-1 Routing Information Protocol 2-3, B-2 S SA 6-9, D-4 SafeNet Secure VPN Client 6-16 Scope of Document 1-1 Secondary DNS Server 3-9, 3-10, 3-12, 3-14 security association 6-9 service numbers 4-7 Services/Games 5-3 Setup Wizard 3-1 SHA-1 authentication 6-29...
FVS318v3 Reference Manual
Page 6
... Smart Setup Wizard 3-11 How to Manually Configure Your Internet Connection 3-12 Chapter 4 Firewall Protection and Content Filtering Firewall Protection and Content Filtering Overview 4-1 Block Sites ...4-2 Using Rules to Block or Allow...Networking Overview of VPN Configuration 5-2 Client-to-Gateway VPN Tunnels 5-2 Gateway-to-Gateway VPN Tunnels 5-2 Planning a VPN ...5-3 VPN Tunnel Configuration 5-5 How to Set Up a Client-to-Gateway VPN Configuration 5-5 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS318v3 5-6 Step 2: Configuring the NETGEAR ProSafe VPN Client on the ...
... Smart Setup Wizard 3-11 How to Manually Configure Your Internet Connection 3-12 Chapter 4 Firewall Protection and Content Filtering Firewall Protection and Content Filtering Overview 4-1 Block Sites ...4-2 Using Rules to Block or Allow...Networking Overview of VPN Configuration 5-2 Client-to-Gateway VPN Tunnels 5-2 Gateway-to-Gateway VPN Tunnels 5-2 Planning a VPN ...5-3 VPN Tunnel Configuration 5-5 How to Set Up a Client-to-Gateway VPN Configuration 5-5 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS318v3 5-6 Step 2: Configuring the NETGEAR ProSafe VPN Client on the ...
FVS318v3 Reference Manual
Page 11
... E-18 The FVS318v3-to-FVL328 Case E-20 Configuring the VPN Tunnel E-20 Viewing and Editing the VPN Parameters E-23 Initiating and Checking the VPN Connections E-25 The FVS318v3-to-VPN Client Case E-27 Client-to-Gateway VPN Tunnel Overview E-27 Configuring the VPN Tunnel E-28 Initiating and Checking the VPN Connections E-36 Glossary List of Glossary Terms G-1 Numeric ...G-1 A ...G-1 B ...G-2 C ...G-2 D ...G-3 E ...G-4 G ...G-4 I ...G-4 L ...G-6 M ...G-6 P ...G-7 Q ...G-8 R ...G-8 S ...G-9 T ...G-9 U ...G-9 W ...G-9 Contents...
... E-18 The FVS318v3-to-FVL328 Case E-20 Configuring the VPN Tunnel E-20 Viewing and Editing the VPN Parameters E-23 Initiating and Checking the VPN Connections E-25 The FVS318v3-to-VPN Client Case E-27 Client-to-Gateway VPN Tunnel Overview E-27 Configuring the VPN Tunnel E-28 Initiating and Checking the VPN Connections E-36 Glossary List of Glossary Terms G-1 Numeric ...G-1 A ...G-1 B ...G-2 C ...G-2 D ...G-3 E ...G-4 G ...G-4 I ...G-4 L ...G-6 M ...G-6 P ...G-7 Q ...G-8 R ...G-8 S ...G-9 T ...G-9 U ...G-9 W ...G-9 Contents...
FVS318v3 Reference Manual
Page 23
... table: Table 2-2. Reference Manual for the ProSafe VPN Firewall FVS318v3 • DC power input • ON/OFF switch NETGEAR-Related Products NETGEAR products related to : http://kbserver.netgear.com. Registration is available on the Resource CD and at http://www.NETGEAR.com/register. Documentation is required before you .../Outdoor 9 dBi Antenna ANT24D18 Indoor/Outdoor 18 dBi Antenna Antenna Cables-1.5, 3, 5, 10, and 30 m lengths VPN01L and VPN05L ProSafe VPN Client Software NETGEAR Product Registration, Support, and Documentation Register your product at http://kbserver...
... table: Table 2-2. Reference Manual for the ProSafe VPN Firewall FVS318v3 • DC power input • ON/OFF switch NETGEAR-Related Products NETGEAR products related to : http://kbserver.netgear.com. Registration is available on the Resource CD and at http://www.NETGEAR.com/register. Documentation is required before you .../Outdoor 9 dBi Antenna ANT24D18 Indoor/Outdoor 18 dBi Antenna Antenna Cables-1.5, 3, 5, 10, and 30 m lengths VPN01L and VPN05L ProSafe VPN Client Software NETGEAR Product Registration, Support, and Documentation Register your product at http://kbserver...
FVS318v3 Reference Manual
Page 57
..." on page 5-5 provides the steps needed to configure a VPN tunnel between a remote PC and a network gateway using the VPN Wizard and the NETGEAR ProSafe VPN Client. • "How to Set Up a Gateway-to-Gateway VPN Configuration" on how to configure a secure IPSec VPN tunnel from a NETGEAR FVS318v3 to a FVL328. VPN communications paths are inappropriate. • Appendix C, "Virtual Private Networking" discusses...
..." on page 5-5 provides the steps needed to configure a VPN tunnel between a remote PC and a network gateway using the VPN Wizard and the NETGEAR ProSafe VPN Client. • "How to Set Up a Gateway-to-Gateway VPN Configuration" on how to configure a secure IPSec VPN tunnel from a NETGEAR FVS318v3 to a FVL328. VPN communications paths are inappropriate. • Appendix C, "Virtual Private Networking" discusses...
FVS318v3 Reference Manual
Page 58
... up to eight concurrent tunnels. Client-to-Gateway VPN Tunnels Client-to your network is one tunnel endpoint, running the VPN client software. The FVS318v3 VPN Firewall on the Internet. The FVS318v3 VPN Firewall supports up this case, the remote PC is the other tunnel endpoint. FVS318 24.0.0.1 VPN Tunnel 192.168.3.1 PCs Figure 5-1: Client-to-gateway VPN tunnel A VPN client access allows a remote PC...
... up to eight concurrent tunnels. Client-to-Gateway VPN Tunnels Client-to your network is one tunnel endpoint, running the VPN client software. The FVS318v3 VPN Firewall on the Internet. The FVS318v3 VPN Firewall supports up this case, the remote PC is the other tunnel endpoint. FVS318 24.0.0.1 VPN Tunnel 192.168.3.1 PCs Figure 5-1: Client-to-gateway VPN tunnel A VPN client access allows a remote PC...
FVS318v3 Reference Manual
Page 61
... Virtual Private Networking" when the VPN Wizard and its VPNC defaults (see Figure 5-3) involves the following two steps: • "Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS318v3" on page 5-6 uses the VPN Wizard to -Gateway VPN Configuration" on page 5-9 configures the NETGEAR ProSafe VPN Client endpoint. Reference Manual for the ProSafe VPN Firewall FVS318v3 VPN Tunnel Configuration There are not...
... Virtual Private Networking" when the VPN Wizard and its VPNC defaults (see Figure 5-3) involves the following two steps: • "Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS318v3" on page 5-6 uses the VPN Wizard to -Gateway VPN Configuration" on page 5-9 configures the NETGEAR ProSafe VPN Client endpoint. Reference Manual for the ProSafe VPN Firewall FVS318v3 VPN Tunnel Configuration There are not...
FVS318v3 Reference Manual
Page 63
Reference Manual for the ProSafe VPN Firewall FVS318v3 Enter the new Connection Name: (RoadWarrior in this example) Enter the pre-shared key: (12345678 in this example) Select the radio button: A remote VPN client (single PC) Figure 5-5: Connection Name and Remote IP Type The Summary screen below displays. Figure 5-6: VPN Wizard Summary Basic Virtual Private Networking 5-7 January 2005
Reference Manual for the ProSafe VPN Firewall FVS318v3 Enter the new Connection Name: (RoadWarrior in this example) Enter the pre-shared key: (12345678 in this example) Select the radio button: A remote VPN client (single PC) Figure 5-5: Connection Name and Remote IP Type The Summary screen below displays. Figure 5-6: VPN Wizard Summary Basic Virtual Private Networking 5-7 January 2005
FVS318v3 Reference Manual
Page 65
...for the ProSafe VPN Firewall FVS318v3 Step 2: Configuring the NETGEAR ProSafe VPN Client on the remote PC and reboot. Basic Virtual Private Networking 5-9 January 2005 This example assumes the PC running the NETGEAR ProSafe VPN Client, see the warning message stating "The NETGEAR ProSafe VPN Component ... connection. The PC must have the option to purchase the NETGEAR ProSafe VPN Client. Note: Before installing the NETGEAR ProSafe VPN Client software, be sure to turn off any virus protection or firewall software you may be installed." Install the IPSec Component. Go...
...for the ProSafe VPN Firewall FVS318v3 Step 2: Configuring the NETGEAR ProSafe VPN Client on the remote PC and reboot. Basic Virtual Private Networking 5-9 January 2005 This example assumes the PC running the NETGEAR ProSafe VPN Client, see the warning message stating "The NETGEAR ProSafe VPN Component ... connection. The PC must have the option to purchase the NETGEAR ProSafe VPN Client. Note: Before installing the NETGEAR ProSafe VPN Client software, be sure to turn off any virus protection or firewall software you may be installed." Install the IPSec Component. Go...
FVS318v3 Reference Manual
Page 67
... IP Subnet in Figure 5-10. 3. e. h. The resulting Connection Settings are shown in the ID Type menu. a. Reference Manual for the ProSafe VPN Firewall FVS318v3 Figure 5-10: Security Policy Editor connection settings c. In this example, type 192.168.3.1 in the field directly below the ID Type menu... or clicking on the Security Policy subheading to allow all traffic through the VPN tunnel. Basic Virtual Private Networking January 2005 5-11 Select Secure in the NETGEAR ProSafe VPN Client software. Configure the Security Policy in the Connection Security check box.
... IP Subnet in Figure 5-10. 3. e. h. The resulting Connection Settings are shown in the ID Type menu. a. Reference Manual for the ProSafe VPN Firewall FVS318v3 Figure 5-10: Security Policy Editor connection settings c. In this example, type 192.168.3.1 in the field directly below the ID Type menu... or clicking on the Security Policy subheading to allow all traffic through the VPN tunnel. Basic Virtual Private Networking January 2005 5-11 Select Secure in the NETGEAR ProSafe VPN Client software. Configure the Security Policy in the Connection Security check box.