SRXN3205 Reference Manual
Page 9
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Restricting Wireless Access by MAC Address 4-18 Chapter 5 Firewall Security and Content Filtering About Firewall Security and Content Filtering 5-1 Using Rules & Services to Block or Allow Traffic 5-2 Services-Based Rules 5-2 Viewing the Firewall Rules 5-7 Order of Precedence for Rules 5-7 Setting the Outbound Policy 5-7 Creating a LAN WAN Outbound Services Rule 5-8 Creating a LAN WAN Inbound...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Restricting Wireless Access by MAC Address 4-18 Chapter 5 Firewall Security and Content Filtering About Firewall Security and Content Filtering 5-1 Using Rules & Services to Block or Allow Traffic 5-2 Services-Based Rules 5-2 Viewing the Firewall Rules 5-7 Order of Precedence for Rules 5-7 Setting the Outbound Policy 5-7 Creating a LAN WAN Outbound Services Rule 5-8 Creating a LAN WAN Inbound...
SRXN3205 Reference Manual
Page 10
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Testing the Connection 6-11 Managing VPN Tunnel Policies 6-11 About IKE ...6-12 Managing IKE Policies 6-12 About the IKE Policy Table 6-13 VPN Policy ...6-15 VPN Tunnel Connection Status 6-16 Manually Assigning IP Addresses to Remote Users (ModeConfig 6-17 Mode Config Operation 6-17 Configuring the VPN Firewall 6-17 Configuring the ProSafe VPN Client for ModeConfig 6-20 Extended...
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Testing the Connection 6-11 Managing VPN Tunnel Policies 6-11 About IKE ...6-12 Managing IKE Policies 6-12 About the IKE Policy Table 6-13 VPN Policy ...6-15 VPN Tunnel Connection Status 6-16 Manually Assigning IP Addresses to Remote Users (ModeConfig 6-17 Mode Config Operation 6-17 Configuring the VPN Firewall 6-17 Configuring the ProSafe VPN Client for ModeConfig 6-20 Extended...
SRXN3205 Reference Manual
Page 19
... of an inexpensive single-user ISP account. • Automatic Configuration of (Wired & Wireless) PCs by telecommuters requires the installation of VPN client software on your PC. • Quality of the NETGEAR ProSafe VPN Client software (VPN01L) - Supports up connection. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Extensive Protocol Support The firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information...
... of an inexpensive single-user ISP account. • Automatic Configuration of (Wired & Wireless) PCs by telecommuters requires the installation of VPN client software on your PC. • Quality of the NETGEAR ProSafe VPN Client software (VPN01L) - Supports up connection. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Extensive Protocol Support The firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information...
SRXN3205 Reference Manual
Page 20
...repositories. - Supports up to 5 IPse VPN sessions and up to selected corporate resources without requiring a pre-installed VPN client on their computers. - The Access Control MAC address filtering feature can ensure that only trusted wireless stations can be also upgraded remotely. Power... be used for e-commerce transactions, to 5 SSL and VPN sessions. Uses the familiar Secure Sockets Layer (SSL) protocol, commonly used . • Access Control. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for a wide variety of popular browsers,...
...repositories. - Supports up to 5 IPse VPN sessions and up to selected corporate resources without requiring a pre-installed VPN client on their computers. - The Access Control MAC address filtering feature can ensure that only trusted wireless stations can be also upgraded remotely. Power... be used for e-commerce transactions, to 5 SSL and VPN sessions. Uses the familiar Secure Sockets Layer (SSL) protocol, commonly used . • Access Control. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • SSL VPN provides remote access for a wide variety of popular browsers,...
SRXN3205 Reference Manual
Page 22
..., missing, or damaged, contact your NETGEAR dealer. one user license. • Warranty and Support Information Card. Keep the carton, including the original packing materials, in case you need to return the firewall for repair. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Package Contents The product package should contain the following items: • ProSafe Wireless-N VPN Firewall • Rubber feet (4) with adhesive...
..., missing, or damaged, contact your NETGEAR dealer. one user license. • Warranty and Support Information Card. Keep the carton, including the original packing materials, in case you need to return the firewall for repair. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Package Contents The product package should contain the following items: • ProSafe Wireless-N VPN Firewall • Rubber feet (4) with adhesive...
SRXN3205 Reference Manual
Page 85
... Checks for your Web server at LAN IP address 192.168.0.99. Select Security > Firewall from the main/submenu. 2. Figure 5-4 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual For example, if a VPN Client or Gateway on the LAN side of this firewall wants to connect to another VPN endpoint on your local network, you can be: IPsec; PPTP; Click the Attack...
... Checks for your Web server at LAN IP address 192.168.0.99. Select Security > Firewall from the main/submenu. 2. Figure 5-4 3. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual For example, if a VPN Client or Gateway on the LAN side of this firewall wants to connect to another VPN endpoint on your local network, you can be: IPsec; PPTP; Click the Attack...
SRXN3205 Reference Manual
Page 103
...VPN Wizard for Client and Gateway Configurations Configuring a VPN tunnel connection requires that all settings and parameters on the recommendations of the VPN Consortium (VPNC), an organization that will determine the IPsec keys and VPN policies it sets up. ProSafe Wireless-N VPN Firewall SRXN3205...configure a VPN tunnel between 2 VPN gateways • Using the wizard to provide secure, encrypted communications between a VPN gateway and a VPN client Virtual Private Networking Using IPsec 6-1 v1.0, October 2008 The section below provides wizard and NETGEAR VPN Client configuration ...
...VPN Wizard for Client and Gateway Configurations Configuring a VPN tunnel connection requires that all settings and parameters on the recommendations of the VPN Consortium (VPNC), an organization that will determine the IPsec keys and VPN policies it sets up. ProSafe Wireless-N VPN Firewall SRXN3205...configure a VPN tunnel between 2 VPN gateways • Using the wizard to provide secure, encrypted communications between a VPN gateway and a VPN client Virtual Private Networking Using IPsec 6-1 v1.0, October 2008 The section below provides wizard and NETGEAR VPN Client configuration ...
SRXN3205 Reference Manual
Page 104
... of 8 characters and should be entered both here and on the remote VPN gateway, or the remote VPN client. This method does not require using the VPN Wizard: 1. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating Gateway to help you manage the VPN settings. 5. To set up a gateway VPN Tunnel using a CA (Certificate Authority). 6-2 Virtual Private Networking Using IPsec v1.0, October...
... of 8 characters and should be entered both here and on the remote VPN gateway, or the remote VPN client. This method does not require using the VPN Wizard: 1. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating Gateway to help you manage the VPN settings. 5. To set up a gateway VPN Tunnel using a CA (Certificate Authority). 6-2 Virtual Private Networking Using IPsec v1.0, October...
SRXN3205 Reference Manual
Page 106
... should not exceed 49 characters. 5. Create a Connection Name like "client". It is not supplied to review the VPN policy details the wizard just created for the connection. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating a Client to Gateway VPN Tunnel with the Wizard Follow these steps to configure the VPN client. 1. The public Remote and Local Identifier are automatically filled in...
... should not exceed 49 characters. 5. Create a Connection Name like "client". It is not supplied to review the VPN policy details the wizard just created for the connection. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating a Client to Gateway VPN Tunnel with the Wizard Follow these steps to configure the VPN client. 1. The public Remote and Local Identifier are automatically filled in...
SRXN3205 Reference Manual
Page 109
.... 5. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating a VPN Client to SRXN3205 Connection This section describes how to the Internet or may be directly connected to configure a VPN connection between a Windows PC and the SRXN3205 firewall. The PCs may be the initiator of VPN connection. 3. This procedure was developed and tested using: • Netgear SRXN3205 ProSafe Wireless-N VPN Firewall • Netgear ProSafe VPN Client • NAT router: Netgear FVX538 Configuring the SRXN3205 1. Give the client connection...
.... 5. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Creating a VPN Client to SRXN3205 Connection This section describes how to the Internet or may be directly connected to configure a VPN connection between a Windows PC and the SRXN3205 firewall. The PCs may be the initiator of VPN connection. 3. This procedure was developed and tested using: • Netgear SRXN3205 ProSafe Wireless-N VPN Firewall • Netgear ProSafe VPN Client • NAT router: Netgear FVX538 Configuring the SRXN3205 1. Give the client connection...
SRXN3205 Reference Manual
Page 110
... Address and enter the WAN IP Gateway address of the SRXN3205. 6. Check the Connect using radio box and choose Secure Gateway Tunnel from the pull-down menu, choose IP Subnet. 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the VPN Client From a PC with the Netgear Prosafe VPN Client installed, you can configure a VPN client policy to connect to open a New Connection. In the...
... Address and enter the WAN IP Gateway address of the SRXN3205. 6. Check the Connect using radio box and choose Secure Gateway Tunnel from the pull-down menu, choose IP Subnet. 4. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Configuring the VPN Client From a PC with the Netgear Prosafe VPN Client installed, you can configure a VPN client policy to connect to open a New Connection. In the...
SRXN3205 Reference Manual
Page 113
... Policies After you should receive the message "Successfully connected to My Connections\SRXN" and the VPN client icon in the following figure. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 7. No changes should also mirror those in the toolbar should say On: 2. Testing the Connection 1. In the upper left frame, expand Key Exchange (...
... Policies After you should receive the message "Successfully connected to My Connections\SRXN" and the VPN client icon in the following figure. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 7. No changes should also mirror those in the toolbar should say On: 2. Testing the Connection 1. In the upper left frame, expand Key Exchange (...
SRXN3205 Reference Manual
Page 115
...used for the IKE SA. The IKE/ISAKMP identify of this device. (The remote VPN must have this will disable Main Mode and set up a VPN tunnel, an IKE policy is selected, the router will set the tunnel exchange mode to Aggressive Mode and disable Main Mode. Note: If...IKE Policies. This algorithm is chosen by their "Remote ID".) • Remote ID. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual About the IKE Policy Table When you would like IP addresses to be assigned to remote VPN Clients. Mode Config also requires that both the local and remote ends be defined by you...
...used for the IKE SA. The IKE/ISAKMP identify of this device. (The remote VPN must have this will disable Main Mode and set up a VPN tunnel, an IKE policy is selected, the router will set the tunnel exchange mode to Aggressive Mode and disable Main Mode. Note: If...IKE Policies. This algorithm is chosen by their "Remote ID".) • Remote ID. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual About the IKE Policy Table When you would like IP addresses to be assigned to remote VPN Clients. Mode Config also requires that both the local and remote ends be defined by you...
SRXN3205 Reference Manual
Page 116
... SA-Lifetime (sec) - PAP is the interval between the router and the RADIUS server can be configured in the router are used to detect whether the Peer is idle. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual - Selecting RSA-Signature will then connect to authenticate users (under the VPN Client menu on the credentials it deletes the IPSec and IKE...
... SA-Lifetime (sec) - PAP is the interval between the router and the RADIUS server can be configured in the router are used to detect whether the Peer is idle. - ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual - Selecting RSA-Signature will then connect to authenticate users (under the VPN Client menu on the credentials it deletes the IPSec and IKE...
SRXN3205 Reference Manual
Page 117
... the radio box adjacent to perform authentication (see "Managing Certificates" on each VPN endpoint. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual IPSec Host: The router is authenticated by a policy will automatically be sent via a VPN tunnel. 2. Some parameters for authentication reduces the amount of the policies is ...involved. • Auto. All settings (including the keys) for VPN policy use a CA, each certificate, there is used to the circle and click Enable or Disable, as a VPN Client of VPN policies. The receiver then uses its private key to the parameters...
... the radio box adjacent to perform authentication (see "Managing Certificates" on each VPN endpoint. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual IPSec Host: The router is authenticated by a policy will automatically be sent via a VPN tunnel. 2. Some parameters for authentication reduces the amount of the policies is ...involved. • Auto. All settings (including the keys) for VPN policy use a CA, each certificate, there is used to the circle and click Enable or Disable, as a VPN Client of VPN policies. The receiver then uses its private key to the parameters...
SRXN3205 Reference Manual
Page 119
... menu: 1. Virtual Private Networking Using IPsec v1.0, October 2008 6-17 In the following example, we configured the firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR SRXN3205 ProSafe Wireless-N VPN Firewall - Configuring the VPN Firewall Two menus must go to be used to assign IP addresses to remote users, including a network access IP...
... menu: 1. Virtual Private Networking Using IPsec v1.0, October 2008 6-17 In the following example, we configured the firewall using ModeConfig, and then configured a PC running ProSafe VPN Client software using these IP addresses. • NETGEAR SRXN3205 ProSafe Wireless-N VPN Firewall - Configuring the VPN Firewall Two menus must go to be used to assign IP addresses to remote users, including a network access IP...
SRXN3205 Reference Manual
Page 120
...6-11 5. Use a different range of private IP addresses such as "Sales". 6. Enter one range of the remote VPN client, 6-18 Virtual Private Networking Using IPsec v1.0, October 2008 The Add Mode Config Record screen is displayed. This setting must...VPN clients. 9. The Mode Config tab is displayed . If you have a WINS Server on your local network IP addresses. Assign at least one or two DNS Server IP addresses to remote VPN clients. Click the Mode Config tab. Figure 6-10 4. Enter a descriptive Record Name such as 172.20.xx.xx. 7. ProSafe Wireless-N VPN Firewall SRXN3205...
...6-11 5. Use a different range of private IP addresses such as "Sales". 6. Enter one range of the remote VPN client, 6-18 Virtual Private Networking Using IPsec v1.0, October 2008 The Add Mode Config Record screen is displayed. This setting must...VPN clients. 9. The Mode Config tab is displayed . If you have a WINS Server on your local network IP addresses. Assign at least one or two DNS Server IP addresses to remote VPN clients. Click the Mode Config tab. Figure 6-10 4. Enter a descriptive Record Name such as 172.20.xx.xx. 7. ProSafe Wireless-N VPN Firewall SRXN3205...
SRXN3205 Reference Manual
Page 121
... radio box and selecting the Mode Config record you must match the configuration of the remote VPN client. Enter a descriptive name in the Policy Name Field such as part of the firewall.) 11. Set Direction/Type to the LAN subnet of the remote identifier in the Remote... 2. The IKE Policies screen is not used as 192.168.2.1/255.255.255.0. (If not specified, it will be used as "salesperson". ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 10. Specify the IKE SA parameters. Specify the Local IP Subnet to Aggressive. 5. The new record should appear in the List of...
... radio box and selecting the Mode Config record you must match the configuration of the remote VPN client. Enter a descriptive name in the Policy Name Field such as part of the firewall.) 11. Set Direction/Type to the LAN subnet of the remote identifier in the Remote... 2. The IKE Policies screen is not used as 192.168.2.1/255.255.255.0. (If not specified, it will be used as "salesperson". ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 10. Specify the IKE SA parameters. Specify the Local IP Subnet to Aggressive. 5. The new record should appear in the List of...
SRXN3205 Reference Manual
Page 122
... gateway to be configured in the Windows toolbar. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Authentication Algorithm: SHA-1 • Diffie-Hellman: Group 2 • SA Lifetime: 3600 seconds 7. When this is disabled by the remote gateway). 9. Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. a. Give the connection a descriptive name such as...
... gateway to be configured in the Windows toolbar. ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual • Authentication Algorithm: SHA-1 • Diffie-Hellman: Group 2 • SA Lifetime: 3600 seconds 7. When this is disabled by the remote gateway). 9. Configuring the ProSafe VPN Client for ModeConfig From a client PC running NETGEAR ProSafe VPN Client software, configure the remote VPN client connection. a. Give the connection a descriptive name such as...
SRXN3205 Reference Manual
Page 123
...Click on Authentication (Phase 1) on the name of the firewall; From the ID Type pull-down menu, choose None. c. Enter the Authentication values to save the Security Policy and close the VPN ProSafe VPN client. Click the Save icon to match those in this example... IKE policy you configured in this example it is displayed for Internal Network IP Address, go to Specify Internal Network Address." ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual d. The Internal Network IP Address should be 0.0.0.0. e. a. b. Enable Replay Detection should be checked. 4. Check...
...Click on Authentication (Phase 1) on the name of the firewall; From the ID Type pull-down menu, choose None. c. Enter the Authentication values to save the Security Policy and close the VPN ProSafe VPN client. Click the Save icon to match those in this example... IKE policy you configured in this example it is displayed for Internal Network IP Address, go to Specify Internal Network Address." ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual d. The Internal Network IP Address should be 0.0.0.0. e. a. b. Enable Replay Detection should be checked. 4. Check...