Netgear Dgn2200v4 N300 Wireless Adsl2 Plus Modem Router User Manual
Have a look at the manual Netgear Dgn2200v4 N300 Wireless Adsl2 Plus Modem Router User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 106
Virtual Private Networking 106
N300 Wireless ADSL2+ Modem Router DGN2200v4
4.
Fill in the Connection Name and pre-shared key fields. Select the A remote VPN Gateway
radio button and click Next.
5. Fill in the IP address or FQDN for the target VPN endpoint WAN connection, and click Next.
6. Fill in the IP
Address and Subnet Mask fields for the target endpoint that can use this\
tunnel,
and click Next.
The VPN Wizard Summary screen displays:
To view the VPNC-recommended authentication and...](http://img.usermanuals.tech/thumb/55/59058/w64_dgn2200v4-n300-wireless-adsl2-plus-modem-router-user-manual-105.png "Page 106
Virtual Private Networking 106
N300 Wireless ADSL2+ Modem Router DGN2200v4
4.
Fill in the Connection Name and pre-shared key fields. Select the A remote VPN Gateway
radio button and click Next.
5. Fill in the IP address or FQDN for the target VPN endpoint WAN connection, and click Next.
6. Fill in the IP
Address and Subnet Mask fields for the target endpoint that can use this\
tunnel,
and click Next.
The VPN Wizard Summary screen displays:
To view the VPNC-recommended authentication and...")
![Page 107
Virtual Private Networking 107
N300 Wireless ADSL2+ Modem Router DGN2200v4
The VPN Policies screen displays, showing that the new tunnel is enabled\
.
8.
Repeat these steps for the gateway on LAN B, and pay special attention to the following
network settings:
• W
AN IP of the remote VPN gateway (for example, 14.15.16.17)
•LAN IP settings of the remote VPN gateway:
- IP address (for example, 192.168.0.1)
- Subnet mask (for example, 255.255.255.0)
- Pre-shared key (for example, 12345678)
Activate a VPN...](http://img.usermanuals.tech/thumb/55/59058/w64_dgn2200v4-n300-wireless-adsl2-plus-modem-router-user-manual-106.png "Page 107
Virtual Private Networking 107
N300 Wireless ADSL2+ Modem Router DGN2200v4
The VPN Policies screen displays, showing that the new tunnel is enabled\
.
8.
Repeat these steps for the gateway on LAN B, and pay special attention to the following
network settings:
• W
AN IP of the remote VPN gateway (for example, 14.15.16.17)
•LAN IP settings of the remote VPN gateway:
- IP address (for example, 192.168.0.1)
- Subnet mask (for example, 255.255.255.0)
- Pre-shared key (for example, 12345678)
Activate a VPN...")
![Page 108
Virtual Private Networking 108
N300 Wireless ADSL2+ Modem Router DGN2200v4
View or Change the Status of a VPN Tunnel
The VPN Status/Log screen displays the status.
To check the status of a VPN tunnel:
1.
Select Advanced >
Advanced - VPN > VPN Status.
The VPN Status/Log screen displays:
This log shows the details of recent VPN activity, including the building of the VPN tunnel. If there is a problem with the VPN tunnel, refer to the log for informat\
ion about what might
be the cause of the...](http://img.usermanuals.tech/thumb/55/59058/w64_dgn2200v4-n300-wireless-adsl2-plus-modem-router-user-manual-107.png "Page 108
Virtual Private Networking 108
N300 Wireless ADSL2+ Modem Router DGN2200v4
View or Change the Status of a VPN Tunnel
The VPN Status/Log screen displays the status.
To check the status of a VPN tunnel:
1.
Select Advanced >
Advanced - VPN > VPN Status.
The VPN Status/Log screen displays:
This log shows the details of recent VPN activity, including the building of the VPN tunnel. If there is a problem with the VPN tunnel, refer to the log for informat\
ion about what might
be the cause of the...")
![Page 109
Virtual Private Networking 109
N300 Wireless ADSL2+ Modem Router DGN2200v4
•
SLifeTime (Secs) . The remaining soft lifetime for this SA in seconds. When the soft
lifetime becomes 0 (zero), the SA (security association) is renegoti\
ated.
• HLifeT
ime (Secs). The remaining hard lifetime for this SA in seconds. When the hard
lifetime becomes 0 (zero), the SA (security association) is terminat\
ed. (It is
reestablished if necessary.)
Deactivate a VPN Tunnel
Sometimes a VPN tunnel has to be deactivated...](http://img.usermanuals.tech/thumb/55/59058/w64_dgn2200v4-n300-wireless-adsl2-plus-modem-router-user-manual-108.png "Page 109
Virtual Private Networking 109
N300 Wireless ADSL2+ Modem Router DGN2200v4
•
SLifeTime (Secs) . The remaining soft lifetime for this SA in seconds. When the soft
lifetime becomes 0 (zero), the SA (security association) is renegoti\
ated.
• HLifeT
ime (Secs). The remaining hard lifetime for this SA in seconds. When the hard
lifetime becomes 0 (zero), the SA (security association) is terminat\
ed. (It is
reestablished if necessary.)
Deactivate a VPN Tunnel
Sometimes a VPN tunnel has to be deactivated...")
![Page 110
Virtual Private Networking 110
N300 Wireless ADSL2+ Modem Router DGN2200v4
Delete a VPN Tunnel
To delete VPN tunnel:
1.
Select Advanced >
Advanced - VPN > VPN Policies.
2. Select the radio button for the VPN tunnel.
3. Click Delete .
Auto Policy Example
You need to configure matching VPN settings on both VPN endpoints. The outbound VPN
settings on one end have to match to the inbound VPN settings on other e\
nd, and vice versa
Auto policy creates a typical automated Internet Key Exchange (IKE)...](http://img.usermanuals.tech/thumb/55/59058/w64_dgn2200v4-n300-wireless-adsl2-plus-modem-router-user-manual-109.png "Page 110
Virtual Private Networking 110
N300 Wireless ADSL2+ Modem Router DGN2200v4
Delete a VPN Tunnel
To delete VPN tunnel:
1.
Select Advanced >
Advanced - VPN > VPN Policies.
2. Select the radio button for the VPN tunnel.
3. Click Delete .
Auto Policy Example
You need to configure matching VPN settings on both VPN endpoints. The outbound VPN
settings on one end have to match to the inbound VPN settings on other e\
nd, and vice versa
Auto policy creates a typical automated Internet Key Exchange (IKE)...")
![Page 111
Virtual Private Networking 111
N300 Wireless ADSL2+ Modem Router DGN2200v4
Add or Edit a VPN Auto Policy
An Auto VPN policy uses the IKE (Internet Key Protocol) to exchange and n\
egotiate
parameters for the IPSec SA (security association). Because of this ne\
gotiation, not all of the
settings on this VPN gateway have to match the settings on the remote VP\
N endpoint.
Where settings have to match, this requirement is indicated.
To add an Auto policy:
1. Set the LAN IPs on each gateway to dif...](http://img.usermanuals.tech/thumb/55/59058/w64_dgn2200v4-n300-wireless-adsl2-plus-modem-router-user-manual-110.png "Page 111
Virtual Private Networking 111
N300 Wireless ADSL2+ Modem Router DGN2200v4
Add or Edit a VPN Auto Policy
An Auto VPN policy uses the IKE (Internet Key Protocol) to exchange and n\
egotiate
parameters for the IPSec SA (security association). Because of this ne\
gotiation, not all of the
settings on this VPN gateway have to match the settings on the remote VP\
N endpoint.
Where settings have to match, this requirement is indicated.
To add an Auto policy:
1. Set the LAN IPs on each gateway to dif...")
![Page 115
Virtual Private Networking 115
N300 Wireless ADSL2+ Modem Router DGN2200v4
Add or Edit a Manual VPN Policy
A manual VPN policy requires all settings for the VPN tunnel to be manua\
lly entered at each
end (both VPN endpoints).
To add or edit a manual policy:
1. Select Advanced >
Advanced - VPN > VPN Policies and click the Add Manual Policy
radio button.
The VPN - Manual Policy screen displays.
2. Specify the general settings:
• In the Policy Name field, enter a unique name.
This name is not...](http://img.usermanuals.tech/thumb/55/59058/w64_dgn2200v4-n300-wireless-adsl2-plus-modem-router-user-manual-114.png "Page 115
Virtual Private Networking 115
N300 Wireless ADSL2+ Modem Router DGN2200v4
Add or Edit a Manual VPN Policy
A manual VPN policy requires all settings for the VPN tunnel to be manua\
lly entered at each
end (both VPN endpoints).
To add or edit a manual policy:
1. Select Advanced >
Advanced - VPN > VPN Policies and click the Add Manual Policy
radio button.
The VPN - Manual Policy screen displays.
2. Specify the general settings:
• In the Policy Name field, enter a unique name.
This name is not...")
Virtual Private Networking 111 N300 Wireless ADSL2+ Modem Router DGN2200v4 Add or Edit a VPN Auto Policy An Auto VPN policy uses the IKE (Internet Key Protocol) to exchange and n\ egotiate parameters for the IPSec SA (security association). Because of this ne\ gotiation, not all of the settings on this VPN gateway have to match the settings on the remote VP\ N endpoint. Where settings have to match, this requirement is indicated. To add an Auto policy: 1. Set the LAN IPs on each gateway to dif ferent subnets and configure each correctly for the Internet. 2. Select Advanced > Advanced - VPN > VPN Policies and click the Add Auto Policy button. 3. Specify the general settings: • In the Policy Name field, enter a unique name. This name is not supplied to the remote VPN endpoint. It is used only to\ help you manage the policies. • From the Address Type list, select Fully Qualified Domain Name , Dynamic IP Address or Fixed IP Address . You can set up multiple remote dynamic IP policies, but only one policy c\ an be enabled at a time. • If you want to ensure that a connection is kept open, or , if that is not possible, it is quickly reestablished when disconnected, select the IKE Keep Alive check box and fill in the Ping IP Address field. • Fill in the Ping IP Address field. The ping IP address has to be associated with the remote endpoint. Eithe\ r the WAN or a LAN address can be used; a LAN address is preferable. This IP address is pinged to generate some traffic for the VPN tunnel.
Virtual Private Networking 112 N300 Wireless ADSL2+ Modem Router DGN2200v4 4. Specify the Local LAN settings: •From the IP Address list, select Subnet address, Single address, or Range address. •Fill in the Single/Start IP Address field. •If you are specifying a range, fill in the Finish IP Address field. This range must be an address range used on your LAN. For a single IP address, do not fill in the Finish IP Address field. The remote VPN endpoint must have these IP addresses entered as its remote addresses. 5. Specify the Remote LAN settings. •From the IP Address list, select Single PC -no Subnet, Single address, Range address, or Subnet address. If there is no LAN (only a single computer) at the remote endpoint, select the Single PC -no Subnet option. The Single address option is typically used to access a server on the remote LAN. •If you want to specify a range, fill in the Finish IP Address field. This range must be an address range used on the remote LAN. •Fill in the Subnet Mask field. The remote VPN endpoint must have these IP addresses entered as its local addresses. 6. Specify the IKE settings: •From the Direction list, select either Responder only or Initiator and Responder. The modem router uses this setting to determine if the IKE policy matches the current traffic. With the Responder only setting, incoming connections are allowed and outgoing connections are blocked. With the Initiator and Responder setting, both incoming and outgoing connections are allowed. •Ensure that the remote VPN endpoint is set to use Main Mode. •Select the Diffie-Hellman (DH) Group from the list. The Diffie-Hellman algorithm is used when keys are exchanged. The DH Group setting determines the bit size used in the exchange. This value needs to match the value used on the remote VPN gateway. •Select the local identity type. Select an option to match the Remote Identity Type setting on the remote VPN endpoint. -WAN IP Address. Your Internet IP address. -Fully Qualified Domain Name. Your domain name. -Fully Qualified User Name. Your name, email address, or other ID. •Select the remote identity type.
Virtual Private Networking 113 N300 Wireless ADSL2+ Modem Router DGN2200v4 Select the option that matches the Local Identity Type setting on the remote VPN endpoint. -IP Address. The Internet IP address of the remote VPN endpoint. -Fully Qualified Domain Name. The domain name of the remote VPN endpoint. -Fully Qualified User Name. The name, email address, or other ID of the remote VPN endpoint. 7. Specify the following parameters: •Select the encryption algorithm. This is the encryption algorithm used for both IKE and IPSec. This setting has to match the setting used on the remote VPN gateway. DES and 3DES are supported. -DES. The Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting these values using a 56-bit key. Faster but less secure than 3DES. -3DES. (Triple DES) achieves a higher level of security by encrypting the data three times using DES with three different, unrelated keys. •Select the authentication algorithm. This is the authentication algorithm used for both IKE and IPSec. This setting has to match the setting used on the remote VPN gateway. Auto, MD5, and SHA-1 are supported. Auto negotiates with the remote VPN endpoint and is not available in responder-only mode. -MD5. 128 bits, faster but less secure. -SHA-1. 160 bits, slower but more secure. This is the default. •Enter the pre-shared key. The key has to be entered both here and on the remote VPN gateway. •Enter the SA life time value. This value is the time interval before the SA (security association) expires. (It is automatically reestablished as required.) While using a short time period (or data amount) increases security, it also degrades performance. It is common to use periods over an hour (3600 seconds) for the SA life time. This setting applies to both IKE and IPSec SAs. •If you want enhanced security, select the Enable IPSec PFS (Perfect Forward Secrecy) check box. If this check box is selected, security is enhanced by ensuring that the key is changed at regular intervals. Also, even if one key is broken, subsequent keys are no easier to break. (Each key has no relationship to the previous key.) This setting applies to both IKE and IPSec SAs. When configuring the remote endpoint to match this setting, you might have to specify the key group used. For this device, the key group is the same as the DH Group setting in the IKE section. 8. Click Apply.
Virtual Private Networking 114 N300 Wireless ADSL2+ Modem Router DGN2200v4 The VPN Policies screen displays: 9. Repeat these steps for the gateway on LAN B. Pay special attention to the following network settings: • General, Remote Address Data (for example, 14.15.16.17) • Remote LAN, Start IP Address - IP Address (for example, 192.168.0.1) -Subnet Mask (for example, 255.255.255.0) - Pre-shared Key (for example, 12345678) 10. T o activate the VPN tunnel, start using it, or use the VPN Status screen \ (select the tunnel and click Connect).
Virtual Private Networking 115 N300 Wireless ADSL2+ Modem Router DGN2200v4 Add or Edit a Manual VPN Policy A manual VPN policy requires all settings for the VPN tunnel to be manua\ lly entered at each end (both VPN endpoints). To add or edit a manual policy: 1. Select Advanced > Advanced - VPN > VPN Policies and click the Add Manual Policy radio button. The VPN - Manual Policy screen displays. 2. Specify the general settings: • In the Policy Name field, enter a unique name. This name is not supplied to the remote VPN endpoint. It is used only to\ help you manage the policies. • From the Address Type list, select Fully Qualified Domain Name , or select Fixed IP Address and fill in the Address Data field. You can set up multiple remote dynamic IP policies, but only one such pol\ icy can be enabled at a time. 3. Specify the Local LAN settings: • From the IP Address list, select Subnet address, Single address, or Range address. • Fill in the Single/Start IP Address field. • If you are specifying a range, fill in the Finish IP Address field. This range must be an address range used on your LAN. For a single IP ad\ dress, do not fill in the Finish IP Address field. The remote VPN endpoint must have these IP addresses entered as its remo\ te addresses.
Virtual Private Networking 116 N300 Wireless ADSL2+ Modem Router DGN2200v4 4. Specify the Remote LAN settings. •From the IP Address list, select Single PC -no Subnet, Single address, Range address, or Subnet address. If there is no LAN (only a single computer) at the remote endpoint, select the Single PC -no Subnet option. The Single address option is typically used to access a server on the remote LAN. •If you want to specify a range, fill in the Finish IP Address field. This range must be an address range used on the remote LAN. •Fill in the Subnet Mask field. The remote VPN endpoint must have these IP addresses entered as its local addresses. 5. Specify the ESP (Encapsulating Security Payload) settings: ESP provides security for the payload (data) sent through the VPN tunnel. •In the SPI field, enter the required security policy indexes (SPIs). Each policy has to have unique SPIs. These settings need to match the remote VPN endpoint. The in setting here has to match the out setting on the remote VPN endpoint, and the out setting here has to match the in setting on the remote VPN endpoint. •From the Encryption list, select DES or 3DES, and fill in the Key field. For 3DES, the keys should be 24 ASCII characters, and for DES, the keys should be 8 ASCII characters. -DES. The Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting these values using a 56-bit key. Faster but less secure than 3DES. -3DES. (Triple DES) achieves a higher level of security by encrypting the data three times using DES with three different, unrelated keys. •From the Authentication list, select MD5 or SHA-1, and fill in the Key field.
117 10 10. Troubleshooting This chapter provides information to help you diagnose and solve problems you might have with your modem router. If you do not find the solution here, check the NETGEAR support site at http://support.netgear.com for product and contact information. This chapter contains the following sections: •Troubleshoot with the LEDs •Cannot Log In to the Modem Router •Troubleshoot the Internet Connection •TCP/IP Network Not Responding •Changes Not Saved •Incorrect Date or Time
Troubleshooting 118 N300 Wireless ADSL2+ Modem Router DGN2200v4 Troubleshoot with the LEDs When you turn on the power, the power, LAN, and DSL LEDs should light as described here. If they do not, refer to the sections that follow for help. 1. When power is first applied, the Power LED lights. 2. After approximately 10 seconds, the LAN and DSL LEDs light as follows: a.The LAN port LEDs light for any local ports that are connected. b. The DSL link LED lights green to indicate that a DSL link is established. c. If a LAN port is connected to a 100 Mbps device, verify that the LAN port’s LED is green. If the LAN port is 10 Mbps, the LED is amber. Power LED Is Off If the Power and other LEDs are off when your modem router is turned on: •Check that the power cord is correctly connected to your modem router and the power supply adapter is correctly connected to a functioning power outlet. •Check that you are using the 12 V DC power adapter supplied by NETGEAR for this product. If the error persists, you could have a hardware problem and should contact NETGEAR technical support. Power LED Is Red When the modem router is turned on, it performs a power-on self-test, during which time the Power LED turns red. If the Power LED does not turn green within a minute or so or if it turns red at any other time during normal operation, there is a fault within the modem router. If the Power LED turns red to indicate a modem router fault, turn the power off and on to see if the modem router recovers. If the Power LED is still red 1 minute after power-up: •Turn the power off and on one more time to see if the modem router recovers. •Clear the modem router’s configuration to factory defaults as explained in Factory Settings on page 126. This sets the modem router’s IP address to 192.168.0.1. If the error persists, you could have a hardware problem and should contact NETGEAR technical support. LAN LED Is Off If the LAN LED for a port does not light when you connect a device, check the following: •The Ethernet cable connections are secure at the modem router and at the hub or device. •The power is turned on to the connected hub or device. •You are using the correct cable.
Troubleshooting 119 N300 Wireless ADSL2+ Modem Router DGN2200v4 Cannot Log In to the Modem Router If you are unable to log in to the modem router from a computer on your local network, check the following: •If you are using an Ethernet-connected computer, check the Ethernet connection between the computer and the modem router as described in the previous section. •Make sure that your computer’s IP address is on the same subnet as the modem router. If you are using the recommended addressing scheme, your computer’s address should be in the range of 192.168.0.2 to 192.168.0.254. •If your computer’s IP address is shown as 169.254.x.x, recent versions of Windows and Mac OS generate and assign an IP address if the computer cannot reach a DHCP server. These autogenerated addresses are in the range of 169.254.x.x. If your IP address is in this range, check the connection from the computer to the modem router, and reboot your computer. •If your modem router’s IP address was changed and you do not know the current IP address, clear the modem router’s configuration to factory defaults. This sets the modem router’s IP address to 192.168.0.1. This procedure is explained in Factory Settings on page 126. •Make sure that your browser has Java, JavaScript, or ActiveX enabled. If you are using Internet Explorer, click Refresh to be sure that the Java applet is loaded. •Try quitting the browser and launching it again. •Make sure that you are using the correct login information. The factory default login name is admin, and the password is password. Make sure that Caps Lock is off when you enter this information.
Troubleshooting 120 N300 Wireless ADSL2+ Modem Router DGN2200v4 Troubleshoot the Internet Connection If your modem router is unable to access the Internet, check the ADSL connection, then the WAN TCP/IP connection. ADSL Link If your modem router is unable to access the Internet, first determine whether you have an ADSL link with the service provider. The state of this connection is indicated with the Internet LED. ADSL Link LED Is Green If your ADSL link LED is green, you have a good ADSL connection. You can be confident that the service provider has connected your line correctly and that your wiring is correct. ADSL Link LED Is Blinking Green If your ADSL link LED is blinking green, your modem router is attempting to make an ADSL connection with the service provider. The LED should turn green within several minutes. If the ADSL link LED does not turn green, disconnect all telephones on the line. If this solves the problem, reconnect the telephones one at a time, being sure to use a microfilter on each telephone. If the microfilters are connected correctly, you should be able to connect all your telephones. If disconnecting telephones does not result in a green ADSL link LED, there might be a problem with your wiring. If the telephone company has tested the ADSL signal at your network interface device (NID), then you might have poor-quality wiring in your house. ADSL Link LED Is Off If the ADSL link LED is off, disconnect all telephones on the line. If this solves the problem, reconnect the telephones one at a time, being sure to use a microfilter on each telephone. If the microfilters are connected correctly, you should be able to connect all your telephones. If disconnecting telephones does not result in a green ADSL link LED, check for the following: •Check that the telephone company has made the connection to your line and tested it. •Verify that you are connected to the correct telephone line. If you have more than one phone line, be sure that you are connected to the line with the ADSL service. It might be necessary to use a swapper if your ADSL signal is on pins 1 and 4 or the RJ-11 jack. The modem router uses pins 2 and 3. Internet LED Is Red If the Internet LED is red, the device was unable to connect to the Internet. Verify the following: