FVS328 Reference Manual
Page 11
...-Step Configuration of FVS328 Gateway B F-5 Test the VPN Connection F-9 Appendix G NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 Configuration Profile ...G-1 Using DDNS and Fully Qualified Domain Names (FQDN G-2 Step-By-Step Configuration of FVS318 or FVM318 Gateway A G-3 Step-By-Step Configuration of FVS328 Gateway B G-7 Test the VPN Connection G-11 Appendix H NETGEAR VPN Client to NETGEAR the FVS328 Profile: Traveling User...
...-Step Configuration of FVS328 Gateway B F-5 Test the VPN Connection F-9 Appendix G NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 Configuration Profile ...G-1 Using DDNS and Fully Qualified Domain Names (FQDN G-2 Step-By-Step Configuration of FVS318 or FVM318 Gateway A G-3 Step-By-Step Configuration of FVS328 Gateway B G-7 Test the VPN Connection G-11 Appendix H NETGEAR VPN Client to NETGEAR the FVS328 Profile: Traveling User...
FVS328 Reference Manual
Page 12
Step-By-Step Configuration of FVS328 Gateway H-2 Step-By-Step Configuration of the Netgear VPN Client B H-7 Testing the VPN Connection H-14 From the Client PC to the FVS328 H-14 From the FVS328 to the Client PC H-15 Monitoring the PC VPN Connection H-15 Viewing the FVS328 VPN Status and Log Information H-16 Glossary Index viii Contents May 2004, 202-10031-01
Step-By-Step Configuration of FVS328 Gateway H-2 Step-By-Step Configuration of the Netgear VPN Client B H-7 Testing the VPN Connection H-14 From the Client PC to the FVS328 H-14 From the FVS328 to the Client PC H-15 Monitoring the PC VPN Connection H-15 Viewing the FVS328 VPN Status and Log Information H-16 Glossary Index viii Contents May 2004, 202-10031-01
FVS328 Reference Manual
Page 78
... you identify IKE policies. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The IKE Policy Configuration fields are blocked. • Both Directions - This setting is unknown. Main Mode or Aggressive Mode. You can choose one of the remote client is used to the target remote FVS328 firewall, VPN gateway, or VPN client. 7-4 Virtual Private Networking May 2004...
... you identify IKE policies. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The IKE Policy Configuration fields are blocked. • Both Directions - This setting is unknown. Main Mode or Aggressive Mode. You can choose one of the remote client is used to the target remote FVS328 firewall, VPN gateway, or VPN client. 7-4 Virtual Private Networking May 2004...
FVS328 Reference Manual
Page 201
The menu options for the FVS328, FVL328, and FWAG114 are no firewall restrictions. Gather all of VPN PC/Client-to-Gateway Security Scheme: IKE with Preshared Secret/Key (not Certificate-based) Date Tested: December 2003 Model/Firmware Tested: Gateway NETGEAR FVS328 firmware v 1.0 Client NETGEAR ProSafe VPN Client v10.1 IP Addressing: Gateway Static IP Address Client Dynamic NETGEAR VPN Client to be set on both sides. Table...
The menu options for the FVS328, FVL328, and FWAG114 are no firewall restrictions. Gather all of VPN PC/Client-to-Gateway Security Scheme: IKE with Preshared Secret/Key (not Certificate-based) Date Tested: December 2003 Model/Firmware Tested: Gateway NETGEAR FVS328 firmware v 1.0 Client NETGEAR ProSafe VPN Client v10.1 IP Addressing: Gateway Static IP Address Client Dynamic NETGEAR VPN Client to be set on both sides. Table...
FVS328 Reference Manual
Page 202
... procedures and configuration menu screens are available on the NETGEAR Web site at http://www.vpnc.org/InteropProfiles. H-2 NETGEAR VPN Client to the FVS328 gateway as in the illustration. Model FVS328 ProSafe VPN Firewall with its default user name of admin and default password of password. Log in to NETGEAR the FVS328 May 2004, 202-10031-01 VPNC Interoperability guidelines can...
... procedures and configuration menu screens are available on the NETGEAR Web site at http://www.vpnc.org/InteropProfiles. H-2 NETGEAR VPN Client to the FVS328 gateway as in the illustration. Model FVS328 ProSafe VPN Firewall with its default user name of admin and default password of password. Log in to NETGEAR the FVS328 May 2004, 202-10031-01 VPNC Interoperability guidelines can...
FVS328 Reference Manual
Page 203
..., select Aggressive Mode. NETGEAR VPN Client to the remote VPN endpoint. In our example, we used to help you manage the IKE policies. This will also be selected in the VPN Client My Identity ID Type fields, as the Policy Name. - From the Exchange Mode drop-down box, select Remote Access. - Model FVS328 ProSafe VPN Firewall with Dial Back-up...
..., select Aggressive Mode. NETGEAR VPN Client to the remote VPN endpoint. In our example, we used to help you manage the IKE policies. This will also be selected in the VPN Client My Identity ID Type fields, as the Policy Name. - From the Exchange Mode drop-down box, select Remote Access. - Model FVS328 ProSafe VPN Firewall with Dial Back-up...
FVS328 Reference Manual
Page 204
... Model FVS328 ProSafe VPN Firewall with a direct Internet connection or a home telecommuter behind a NAT router to connect regardless of the IP address they have on their remote PC. In the Pre-Shared Key field, type hr5xb84l6aa9r6. This will also be entered in the VPN Client My Identity..., as seen in "Security Policy Editor New Connection" on page H-11. - H-4 NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01 Click Apply. This will also be selected in the VPN Client Security Policy Authentication Phase 1 Proposal 1 Hash Alg field, as seen in "Connection Security...
... Model FVS328 ProSafe VPN Firewall with a direct Internet connection or a home telecommuter behind a NAT router to connect regardless of the IP address they have on their remote PC. In the Pre-Shared Key field, type hr5xb84l6aa9r6. This will also be entered in the VPN Client My Identity..., as seen in "Security Policy Editor New Connection" on page H-11. - H-4 NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01 Click Apply. This will also be selected in the VPN Client Security Policy Authentication Phase 1 Proposal 1 Hash Alg field, as seen in "Connection Security...
FVS328 Reference Manual
Page 205
... will take you to NETGEAR the FVS328 H-5 May 2004, 202-10031-01 Click Add Auto Policy. Click the VPN Policies link under the VPN category on the left side of the main menu. Enter a unique name to the remote VPN endpoint. In our example, we use VPNclient as the Policy Name. - Model FVS328 ProSafe VPN Firewall with Dial Back...
... will take you to NETGEAR the FVS328 H-5 May 2004, 202-10031-01 Click Add Auto Policy. Click the VPN Policies link under the VPN category on the left side of the main menu. Enter a unique name to the remote VPN endpoint. In our example, we use VPNclient as the Policy Name. - Model FVS328 ProSafe VPN Firewall with Dial Back...
FVS328 Reference Manual
Page 206
...(1024 Bit). This will also be entered in the VPN Client Internal Network IP Address field, as seen in "Security Policy Editor New Connection" on page H-12. - Check the IPSec PFS check box to NETGEAR the FVS328 May 2004, 202-10031-01 From the Traffic Selector ...also be entered in the VPN Client Security Policy Enable Perfect Forward Secrecy check box, as seen in "Security Policy Editor New Connection" on page H-10. - This will have a dynamically assigned IP address. This will have a dynamically assigned IP address. Model FVS328 ProSafe VPN Firewall with Dial Back-up ...
...(1024 Bit). This will also be entered in the VPN Client Internal Network IP Address field, as seen in "Security Policy Editor New Connection" on page H-12. - Check the IPSec PFS check box to NETGEAR the FVS328 May 2004, 202-10031-01 From the Traffic Selector ...also be entered in the VPN Client Security Policy Enable Perfect Forward Secrecy check box, as seen in "Security Policy Editor New Connection" on page H-10. - This will have a dynamically assigned IP address. This will have a dynamically assigned IP address. Model FVS328 ProSafe VPN Firewall with Dial Back-up ...
FVS328 Reference Manual
Page 207
... on page H-12. - To import this with the Authentication Protocol (AH) option. Install the Netgear VPN Client Software on the PC. Model FVS328 ProSafe VPN Firewall with Dial Back-up Resource CD (230-10041-02) includes all the settings identified in this procedure. NETGEAR VPN Client to "Import" a predefined configuration profile. Using the AH option will connect to prevent the...
... on page H-12. - To import this with the Authentication Protocol (AH) option. Install the Netgear VPN Client Software on the PC. Model FVS328 ProSafe VPN Firewall with Dial Back-up Resource CD (230-10041-02) includes all the settings identified in this procedure. NETGEAR VPN Client to "Import" a predefined configuration profile. Using the AH option will connect to prevent the...
FVS328 Reference Manual
Page 208
.... Figure H-4: Security Policy Editor New Connection a. Figure H-5: Security Policy Editor Options menu H-8 NETGEAR VPN Client to complete the installation. • Reboot your PC after installing the client software. 2. Configure the Connection Network Settings. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Note: Before installing the Netgear VPN Client software, be sure to turn off any virus protection or...
.... Figure H-4: Security Policy Editor New Connection a. Figure H-5: Security Policy Editor Options menu H-8 NETGEAR VPN Client to complete the installation. • Reboot your PC after installing the client software. 2. Configure the Connection Network Settings. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual Note: Before installing the Netgear VPN Client software, be sure to turn off any virus protection or...
FVS328 Reference Manual
Page 209
... IP address for editing, go to the Options menu, select Secure, and Specified Options to enable editing these settings. d. Figure H-7: My Identity Pre-Shared Key NETGEAR VPN Client to FVS328. A "New Connection" listing appears. Figure H-6: My Identity In this example, select IP Subnet as the ID Type, 192.168.0.0 in the Domain Name field...the Protocol menu, All is selected. - In the Connection Security box, Secure is selected. - The Connect using Secure Gateway Tunnel check box is selected. a. Model FVS328 ProSafe VPN Firewall with 0 as the ID Type, and enter VPNclient.
... IP address for editing, go to the Options menu, select Secure, and Specified Options to enable editing these settings. d. Figure H-7: My Identity Pre-Shared Key NETGEAR VPN Client to FVS328. A "New Connection" listing appears. Figure H-6: My Identity In this example, select IP Subnet as the ID Type, 192.168.0.0 in the Domain Name field...the Protocol menu, All is selected. - In the Connection Security box, Secure is selected. - The Connect using Secure Gateway Tunnel check box is selected. a. Model FVS328 ProSafe VPN Firewall with 0 as the ID Type, and enter VPNclient.
FVS328 Reference Manual
Page 210
... Figure H-9: Security Policy b. Configure the Connection Identity Settings. In this example, enter this pre-shared key in the FVS328. a. For this field: hr5xb84l6aa9r6 Figure H-8: Connection Identity Pre-Shared Key c. Enter hr5xb84l6aa9r6 which is the same Pre-Shared...- Click Pre-Shared Key. In the Network Security Policy list, click the Security Policy subheading. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual b. In the PFS Key Group drop-down list, Diffie-Hellman Group 2. - H-10 NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01
... Figure H-9: Security Policy b. Configure the Connection Identity Settings. In this example, enter this pre-shared key in the FVS328. a. For this field: hr5xb84l6aa9r6 Figure H-8: Connection Identity Pre-Shared Key c. Enter hr5xb84l6aa9r6 which is the same Pre-Shared...- Click Pre-Shared Key. In the Network Security Policy list, click the Security Policy subheading. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual b. In the PFS Key Group drop-down list, Diffie-Hellman Group 2. - H-10 NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01
FVS328 Reference Manual
Page 211
Figure H-10: Connection Security Policy Authentication (Phase 1) a. In the Hash Alg, select SHA-1. - NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01 H-11 The setting choices in this example, ensure that the following settings are configured: - In the SA Life, select Unspecified. - ... Triple DES. - Configure the Connection Security Policy In this step, you will provide the authentication (IKE Phase 1) settings, and the key exchange (Phase 2) settings. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 5.
Figure H-10: Connection Security Policy Authentication (Phase 1) a. In the Hash Alg, select SHA-1. - NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01 H-11 The setting choices in this example, ensure that the following settings are configured: - In the SA Life, select Unspecified. - ... Triple DES. - Configure the Connection Security Policy In this step, you will provide the authentication (IKE Phase 1) settings, and the key exchange (Phase 2) settings. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 5.
FVS328 Reference Manual
Page 212
... settings are configured: - H-12 NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01 Check the Encapsulation Protocol (ESP) check box. - In the Hash Alg, select SHA-1. - In the SA Life menu, select Unspecified. - In the Compression menu, select None. - In the Encrypt Alg menu, select Triple DES. - Model FVS328 ProSafe VPN Firewall with Dial Back-up...
... settings are configured: - H-12 NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01 Check the Encapsulation Protocol (ESP) check box. - In the Hash Alg, select SHA-1. - In the SA Life menu, select Unspecified. - In the Compression menu, select None. - In the Encrypt Alg menu, select Triple DES. - Model FVS328 ProSafe VPN Firewall with Dial Back-up...
FVS328 Reference Manual
Page 213
...top of the Security Policy Editor window, select Save. NETGEAR VPN Client to Specify Internal Network Address check box and click OK. 7. Figure H-12: Security Policy Editor Global Policy Options b. Select the Allow to NETGEAR the FVS328 May 2004, 202-10031-01 H-13 a. c. From... window, select Global Policy Settings. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 6. Configure the Global Policy Settings. After you have configured and saved the VPN client information, your new settings will automatically open the VPN connection when you make changes to 45 ...
...top of the Security Policy Editor window, select Save. NETGEAR VPN Client to Specify Internal Network Address check box and click OK. 7. Figure H-12: Security Policy Editor Global Policy Options b. Select the Allow to NETGEAR the FVS328 May 2004, 202-10031-01 H-13 a. c. From... window, select Global Policy Settings. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual 6. Configure the Global Policy Settings. After you have configured and saved the VPN client information, your new settings will automatically open the VPN connection when you make changes to 45 ...
FVS328 Reference Manual
Page 214
... the remote PC with the Netgear ProSafe VPN Client and that the firewall features of the attempt to connect. On the Windows taskbar, click the Start button, and then click Run. 3. Select Connect to NETGEAR the FVS328 May 2004, 202-10031-01 This will report the results of the FVS328 are explained below. Model FVS328 ProSafe VPN Firewall with Dial Back-up...
... the remote PC with the Netgear ProSafe VPN Client and that the firewall features of the attempt to connect. On the Windows taskbar, click the Start button, and then click Run. 3. Select Connect to NETGEAR the FVS328 May 2004, 202-10031-01 This will report the results of the FVS328 are explained below. Model FVS328 ProSafe VPN Firewall with Dial Back-up...
FVS328 Reference Manual
Page 215
... H-13: Log Viewer screen NETGEAR VPN Client to the client PC. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual To test the connection to a computer connected to test the VPN connection from the Diagnostics link of the FVS328 main menu. From the FVS328 to the Client PC You can be viewed by opening the Netgear ProSafe VPN Client Connection Monitor or Log Viewer...
... H-13: Log Viewer screen NETGEAR VPN Client to the client PC. Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual To test the connection to a computer connected to test the VPN connection from the Diagnostics link of the FVS328 main menu. From the FVS328 to the Client PC You can be viewed by opening the Netgear ProSafe VPN Client Connection Monitor or Log Viewer...
FVS328 Reference Manual
Page 216
... "SA" before the name of the VPN client connection can be viewed by opening the FVS328 VPN Status screen. H-16 NETGEAR VPN Client to the yellow key symbol shown in this screen, click the VPN Status link on the status of the connection. Viewing the FVS328 VPN Status and Log Information Information on the FVS328 main menu. To view this menu...
... "SA" before the name of the VPN client connection can be viewed by opening the FVS328 VPN Status screen. H-16 NETGEAR VPN Client to the yellow key symbol shown in this screen, click the VPN Status link on the status of the connection. Viewing the FVS328 VPN Status and Log Information Information on the FVS328 main menu. To view this menu...
FVS328 Reference Manual
Page 217
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The FVS328 VPN Status screen for a successful connection is shown below: Figure H-15: FVS328 VPN Status screen NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01 H-17
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual The FVS328 VPN Status screen for a successful connection is shown below: Figure H-15: FVS328 VPN Status screen NETGEAR VPN Client to NETGEAR the FVS328 May 2004, 202-10031-01 H-17