Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Set Up Virtual Private Networking With IPSec Connections 339 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Click the Apply button. Your settings are saved. The VPN Policies screen displays the IPv4 settings with the new, automatically generated VPN policy in the List of VPN Policies table. 9. On the remote gateway, configure a VPN policy that allows connection to the VPN firewall. This VPN tunnel will use the following local WAN InterfaceSelect a WAN interface from the menu. The VPN tunnel uses the WAN interface as the local endpoint. To enable VPN rollover, select the Enable RollOver? check box. The menu to the right of the check box automatically selects the WAN interface that is available for rollover. Configuring VPN rollover is optional. With VPN rollover, if the WAN interface that functions as the local endpoint goes down, the VPN tunnel is reestablished on the other WAN interface. Note:If the VPN firewall is configured to function in WAN auto-rollover mode, you can use the VPN Wizard to configure VPN rollover and do not need to configure VPN rollover manually. End Point Informationa What is the Remote WAN’s IP Address or Internet Name?Enter the IPv4 address or Internet name (FQDN) of the WAN interface on the remote VPN tunnel endpoint. What is the Local WAN’s IP Address or Internet Name?When you select the Gateway radio button in the About VPN Wizard section, the IPv4 address of the VPN firewall’s active WAN interface is automatically entered and you do not need to enter it manually. Secure Connection Remote Accessibility What is the remote LAN IP Address?Enter the LAN IPv4 address of the remote gateway. Note:The remote LAN IPv4 address must be in a different subnet from the local LAN IP address. For example, if the local subnet is 192.168.1.x, the remote subnet could be 192.168.10.x but could not be 192.168.1.x. If this information is incorrect, the tunnel fails to connect. What is the remote LAN Subnet Mask?Enter the LAN subnet mask for the remote gateway. a. Both local and remote endpoints must be defined as either FQDNs or IP addresses. The VPN firewall does not support a combination of an IP address and an FQDN. SettingDescription
Set Up Virtual Private Networking With IPSec Connections 340 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 The configuration steps depend on the remote gateway. 10. On the VPN firewall, activate the IPSec VPN connection: a.Select VPN > Connection Status. b. Locate the policy in the table and click the Connect button. The IPSec VPN connection becomes active. Note:If you use an FQDN as the tunnel endpoint address on the VPN firewall, if the Dynamic DNS service is slow to update its servers when your DHCP WAN address changes, the VPN tunnel fails because the FQDN does not resolve to your new address. If you have the option to configure the update interval for the Dynamic DNS service, set it to an appropriately short time. Create an IPv6 Gateway-to-Gateway VPN Tunnel with the Wizard The following figure shows an example of an IPv6 gateway-to-gateway IPSec VPN connection and the following procedure describes how to set up an IPv6 gateway-to-gateway VPN tunnel using the VPN Wizard. Figure 9. Example of an IPv6 gateway-to-gateway IPSec VPN connection
Set Up Virtual Private Networking With IPSec Connections 341 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 To set up an IPv6 gateway-to-gateway VPN tunnel using the VPN Wizard: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select VPN > IPSec VPN > VPN Wizard. The VPN Wizard screen displays the IPv4 settings. 7. In the upper right, select the IPv6 radio button. The VPN Wizard screen displays the IPv6 settings. The following figure shows an example that does not relate to other examples in this manual.
Set Up Virtual Private Networking With IPSec Connections 342 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Enter the settings as described in the following table. SettingDescription About VPN Wizard This VPN tunnel will connect to the following peersSelect the Gateway radio button. The local WAN port’s IP address or Internet name displays in the End Point Information section. Connection Name and Remote IP Type What is the new Connection Name?Enter a descriptive name for the connection. This name helps you to manage the VPN settings; the name is not supplied to the remote VPN endpoint. What is the pre-shared key? Enter a pre-shared key. This key must also be entered on the remote VPN gateway. The key must have a minimum length of 8 characters and must not exceed 49 characters.
Set Up Virtual Private Networking With IPSec Connections 343 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 9. Click the Apply button. Your settings are saved. The VPN Policies screen displays the IPv6 settings with the new, automatically generated VPN policy in the List of VPN Policies table. 10. On the remote gateway, configure a VPN policy that allows connection to the VPN firewall. The configuration steps depend on the remote gateway. This VPN tunnel will use the following local WAN InterfaceSelect a WAN interface from the menu. The VPN tunnel uses the WAN interface as the local endpoint. To enable VPN rollover, select the Enable RollOver? check box. The menu to the right of the check box automatically selects the WAN interface that is available for rollover. Configuring VPN rollover is optional. With VPN rollover, if the WAN interface that functions as the local endpoint goes down, the VPN tunnel is reestablished on the other WAN interface. Note:If the VPN firewall is configured to function in WAN auto-rollover mode, you can use the VPN Wizard to configure VPN rollover and do not need to configure VPN rollover manually. End Point Informationa What is the Remote WAN’s IP Address or Internet Name?Enter the IPv6 address or Internet name (FQDN) of the WAN interface on the remote VPN tunnel endpoint. What is the Local WAN’s IP Address or Internet Name?When you select the Gateway radio button in the About VPN Wizard section, the IPv6 address of the VPN firewall’s active WAN interface is automatically entered and you do not need to enter it manually. Secure Connection Remote Accessibility What is the remote LAN IP Address?Enter the LAN IPv6 address of the remote gateway. Note:The remote LAN IPv6 address must be different from the local LAN IPv6 address. For example, if the local LAN IPv6 address is fec0::1, the remote LAN IPv6 address could be fec0:1::1 but could not be fec0::1. If this information is incorrect, the tunnel fails to connect. IPv6 Prefix Length Enter the prefix length for the remote gateway. a. Both local and remote endpoints must be defined as either FQDNs or IP addresses. The VPN firewall does not support a combination of an IP address and an FQDN. SettingDescription
Set Up Virtual Private Networking With IPSec Connections 344 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 11. On the VPN firewall, activate the IPSec VPN connection: a.Select VPN > Connection Status. b. Locate the policy in the table and click the Connect button. The IPSec VPN connection becomes active. Note:If you use an FQDN as the tunnel endpoint address on the VPN firewall, if the Dynamic DNS service is slow to update its servers when your DHCP WAN address changes, the VPN tunnel fails because the FQDN does not resolve to your new address. If you have the option to configure the update interval for the Dynamic DNS service, set it to an appropriately short time. Create an IPv4 Client-to-Gateway VPN Tunnel with the Wizard The following sections provide information about creating an IPv4 client-to-gateway VPN tunnel with the VPN Wizard: •Client-to-Gateway Tunnels •Use the VPN Wizard to Configure the Gateway for a Client Tunnel •Use the NETGEAR ProSAFE VPN Client Wizard to Create a Secure Connection to the VPN Firewall •Manually Create a Secure Connection to the VPN Firewall Using the NETGEAR ProSAFE VPN Client Client-to-Gateway Tunnels The following figure shows an example of an IPv4 client-to-gateway IPSec VPN connection.
Set Up Virtual Private Networking With IPSec Connections 345 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 Figure 10. Example of an IPv4 client-to-gateway IPSec VPN connection The VPN firewall supports client connections with the NETGEAR ProSAFE VPN Client, which is an application that you can install on a computer. The VPN firewall is bundled with a single-user license of the NETGEAR ProSAFE VPN Client software (VPN01L). For information about the NETGEAR ProSAFE VPN Client, including information about multi-user licenses, visit http://www.netgear.com/business/products/security/vpn-software.aspx. Note:The NETGEAR ProSAFE VPN Client supports IPv4 only; a future release of the VPN Client might support IPv6. Setting up an IPv4 client-to-gateway connection includes two tasks: 1. On the VPN firewall, use the IPSec VPN Wizard to set up a connection to the client (see Use the VPN Wizard to Configure the Gateway for a Client Tunnel on page 345). 2. On the computer that has the VPN ProSAFE Client installed, set up a connection to the VPN firewall. You can use one of two methods, which are described in the following sections: •Use the NETGEAR ProSAFE VPN Client Wizard to Create a Secure Connection to the VPN Firewall on page 349 •Manually Create a Secure Connection to the VPN Firewall Using the NETGEAR ProSAFE VPN Client on page 354 Use the VPN Wizard to Configure the Gateway for a Client Tunnel The following procedure describes how to set up thew VPN firewall for a client-to-gateway VPN tunnel using the VPN Wizard. Note:In this section, the NETGEAR ProSAFE VPN Client is referred to as the VPN client.
Set Up Virtual Private Networking With IPSec Connections 346 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 To set up the VPN firewall for a client-to-gateway VPN tunnel using the VPN Wizard: 1. On your computer, launch an Internet browser. 2. In the address field of your browser, enter the IP address that was assigned to the VPN firewall during the installation process. The VPN firewall factory default IP address is 192.168.1.1. The NETGEAR Configuration Manager Login screen displays. 3. In the Username field, type your user name and in the Password / Passcode field, type your password. For the default administrative account, the default user name is admin and the default password is password. 4. If you changed the default domain or were assigned a domain, from the Domain menu, select the domain. If you did not change the domain or were not assigned a domain, leave the menu selection at geardomain. 5. Click the Login button. The Router Status screen displays. 6. Select VPN > IPSec VPN > VPN Wizard. The VPN Wizard screen displays the IPv4 settings. The following figure shows an example.
Set Up Virtual Private Networking With IPSec Connections 347 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 7. Enter the settings as described in the following table. SettingDescription About VPN Wizard This VPN tunnel will connect to the following peersSelect the VPN Client radio button. The default remote FQDN (remote.com) and the default local FQDN (local.com) display in the End Point Information section. Connection Name and Remote IP Type What is the new Connection Name?Enter a descriptive name for the connection. This name helps you to manage the VPN settings; the name is not supplied to the VPN client. What is the pre-shared key? Enter a pre-shared key. This key must also be entered on the VPN client. The key must have a minimum length of 8 characters and must not exceed 49 characters.
Set Up Virtual Private Networking With IPSec Connections 348 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 8. Click the Apply button. Your settings are saved. The VPN Policies screen displays the IPv4 settings with the new, automatically generated VPN policy in the List of VPN Policies table. This VPN tunnel will use the following local WAN InterfaceSelect a WAN interface from the menu. The VPN tunnel uses the WAN interface as the local endpoint. To enable VPN rollover, select the Enable RollOver? check box. The menu to the right of the check box automatically selects the WAN interface that is available for rollover. Configuring VPN rollover is optional. With VPN rollover, if the WAN interface that functions as the local endpoint goes down, the VPN tunnel is reestablished on the other WAN interface. Note:If the VPN firewall is configured to function in WAN auto-rollover mode, you can use the VPN Wizard to configure VPN rollover and do not need to configure VPN rollover manually. End Point Informationa What is the Remote Identifier Information?When you select the VPN Client radio button in the About VPN Wizard section, the default remote FQDN (remote.com) is automatically entered. Use the default remote FQDN or enter another FQDN. Note:The remote ID on the VPN firewall is the local ID on the VPN client. It might be less confusing to configure an FQDN such as client.com as the remote ID on the VPN firewall and then enter client.com as the local ID on the VPN client. What is the Local Identifier Information?When you select the VPN Client radio button in the About VPN Wizard section, the default local FQDN (local.com) is automatically entered. Use the default local FQDN or enter another FQDN. Note:The local ID on the VPN firewall is the remote ID on the VPN client. It might be less confusing to configure an FQDN such as router.com as the local ID on the VPN firewall and then enter router.com as the remote ID on the VPN client. Secure Connection Remote Accessibility What is the remote LAN IP Address? These fields are masked out and do not apply to VPN client connections. What is the remote LAN Subnet Mask? a. Both local and remote endpoints must be defined as either FQDNs or IP addresses. The VPN firewall does not support a combination of an IP address and an FQDN. SettingDescription