Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual
Have a look at the manual Netgear Netgar VPN FIrewall FVS336Gv2 Reference Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
679 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 front panel LEDs 19 ports 18 FTP access, allowing from DMZ (rule example) 264 full tunnel, SSL VPN 459 fully qualified domain names. See FQDNs. G gateway, ISP IPv4 address 38 IPv6 address 95 global addresses, IPv6 103 global IPv6 tunnels DMZ, configuring for 195 LAN, configuring for 178 group and global policies, configuring for SSL VPN 473 groups IP groups 288 LAN groups 135–140 users, for authentication 494 guests, user account 499–501 GUI (graphical user interface) described 23 troubleshooting 613 H hardware back panel components 20 front panel ports 18 requirements 626 Help button (web management interface) 24 hosts exposed, increasing traffic 532 name resolution 454 public web server (rule example) 253 HTTP management 536 humidity, operating and storage 673 I ICMP (Internet Control Message Protocol) type 282 idle time-out, broadband connection 41 IGMP (Internet Group Management Protocol) 276 IGP (Interior Gateway Protocol) 148 IKE policies exchange mode 368, 371, 400 ISAKMP identifier 368, 372, 400 managing 366 Mode Config operation 371, 398 XAUTH 373, 401 inbound rules default 210 examples 253–261 increasing traffic 530 IPv4 DMZ-to-WAN rules 238 LAN-to-DMZ rules 247 LAN-to-WAN rules 229 IPv6 DMZ-to-WAN rules 240 LAN-to-DMZ rules 248 LAN-to-WAN rules 231 order of precedence 212 overview 215 QoS profile, ToS 219 scheduling 292 settings 217–220 inbound traffic, bandwidth 301 increasing traffic overview 530–532 port forwarding 216 individual bandwidth allocation, WAN traffic 77 installation, verifying 84, 113 instant messaging, blocking (rule example) 262 interface specifications 673 Interior Gateway Protocol (IGP) 148 Internet configuration requirements 627 form to save connection information 627 Internet connection configuring 28, 85 default settings 667 Internet connectivity, testing 84, 113 Internet Control Message Protocol (ICMP) type 282 Internet Group Management Protocol (IGMP) 276 Internet Key Exchange. See IKE policies. Internet LED 20 Internet service provider (ISP) connection, troubleshooting 615 gateway IPv4 address 38 gateway IPv6 address 95 Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnels configuring globally 102 DMZ, configuring for 195 LAN, configuring for 178 IP buttons (web management interface) 23 IP groups, creating 288
680 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 IP precedence, QoS 296 IP/MAC bindings 314–324 IPSec hosts, XAUTH 389–391 IPSec VPN Wizard client-to-gateway tunnels, setting up 346 default settings 335 described 17 gateway-to-gateway tunnels, setting up 337, 341 IPSec VPN. See VPN tunnels. IPv4 addresses autogenerated 614 default 122 DHCP, address pool 143 DMZ port 142 DNS servers 42, 47, 123, 143 dynamically assigned 42, 46 errors 24 ISATAP tunnel address 104 L2TP server 422 MAC bindings 316 port forwarding, SSL VPN 456 PPTP server 419 requirements 24 reserved 133 secondary LAN 128–132 secondary WAN 59 SIIT address 108 SSL VPN clients, configuring 461 policies, configuring 479, 481, 483 resources, configuring 471 static or permanent 36, 37, 42, 46 subnet mask, default 122 subnet mask, DMZ port 142 VPN tunnels 339, 348, 372, 384, 400 IPv4 DMZ, configuring 141–144 IPv4 gateway 38 IPv4 Internet connection autodetecting 32 setting up 29 IPv4 ISP, logging in 40 IPv4 routing modes 30 IPv6 addresses autoconfiguration 90, 157, 162, 167, 187, 199 concatenating 103 DHCPv6, stateless and stateful DMZ, configuring 187, 199 LAN, configuring 157, 162, 167 WAN, configuring 92, 160 DMZ address pools 202 DMZ advertisement prefixes 192 DMZ port 187, 199 DNS servers 95, 99, 158, 162, 168, 188, 200 errors 24 fe80 and fec0 153 LAN address pools 169 LAN advertisement prefixes 175 LAN, configuring 157, 161, 167 link-local address 153 MAC bindings 320 PPPoE 98 private address 103 requirements 24 route destination 205 secondary LAN 180–184 SIIT address 108 SSL VPN clients, configuring 465 policies, configuring 479, 481, 483 resources, configuring 471 static or permanent 95 tunnel addresses, viewing 106 unique global address 103 VPN tunnels 343, 372, 384, 400 IPv6 connection, troubleshooting 617 IPv6 DMZ, configuring 184–197 IPv6 gateway 206 IPv6 Internet connection manually configuring 36, 39, 44, 93, 96 IPv6 mode, configuring 88 IPv6 networks, described 87 IPv6 prefix length DMZ address 187, 199 DMZ advertisements 195 DMZ DHCPv6 address pools 202 IPSec VPN policies 384 ISP address 95 LAN address 157, 161, 167 LAN advertisements 178 LAN DHCPv6 address pools 169 LAN prefix delegation 163 secondary LAN IP address 182 SSL VPN policies 481 static routes 205 IPv6 prefix lifetimes DMZ advertisements 195 LAN advertisements 178 IPv6 prefixes 6to4 tunnel 101 DMZ advertisements 195 ISATAP tunnels 104 LAN advertisements 178
681 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 IPv6 tunnel status and addresses, viewing 106 IPv6 tunnels configuring globally 100–107 DMZ, configuring for 195 LAN, configuring for 178 ISAKMP identifier 368, 372, 400 ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) tunnels configuring globally 102 DMZ, configuring for 195 LAN, configuring for 178 ISP (Internet service provider) connection, troubleshooting 615 gateway IPv4 address 38 gateway IPv6 address 95 J Java, blocking 306 K keep-alives, VPN tunnels 384, 412 keyword blocking 307 kit, rack-mounting 22 L L2TP (Layer 2 Tunneling Protocol) server 421 L2TP Access Concentrator (LAC) 421 L2TP users 501 LAC (L2TP Access Concentrator) 421 LAN address pools (IPv6) 168, 200 bandwidth capacity 527 default port MAC addresses 588 default settings 668 groups, assigning and managing 135–140 IPv4 settings, configuring 116 IPv6 settings, configuring 155, 159, 166 Known PCs and Devices table 135 network database 132–138 port status, viewing 587 prefix delegation (IPv6) 154, 163 secondary IPv4 addresses 128–132 secondary IPv6 addresses 180–184 testing the LAN path 620 LAN groups, keyword blocking 311 LAN LEDs 19, 613 LAN ports, described 18 LAN profiles, QoS 293–298 LAN security checks 268 LAN traffic meter (or counter) 561 Layer 2 Tunneling Protocol (L2TP) server 421 LDAP domain authentication 433 LDAP (Lightweight Directory Access Protocol) described 488 domain authentication 491 server, DHCP 123, 144 VLANs 119 lease and rebind time, DHCPv6 158, 162, 168, 188, 200 LEDs explanation of 18–20 troubleshooting 613 lifetime, router DMZ, configuring for 192 LAN, configuring for 175 Lightweight Directory Access Protocol. See LDAP. limits IPv4 sessions 272 LAN traffic volume 563 WAN traffic volume 559 link-local addresses, IPv6 153 link-local advertisements, IPv6 DMZ, configuring for 188 LAN, configuring for 172 load balancing mode bandwidth capacity 527 configuring 49–51 DDNS 63 described 48 VPN IPSec 333 local area network. See LAN. local IPv6 tunnels DMZ, configuring for 195 LAN, configuring for 178 local user database 433, 491 location of the VPN firewall 21 lock, security 20 log messages (system logs and error messages) DHCP 660 other events 658 routing 656 system 643 understanding 642 logging configuring 567–576 terms in log messages 642 login attempts 569 login default settings 667 login policies, user 504–510
682 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 login time-out changing 511 default 26 looking up DNS address 608 M MAC addresses blocked or permitted, adding 313 configuring 70 defaults, LAN and WAN ports 588–590 format 71, 314 IP bindings 314–324 spoofing 617 VLANs, unique 126 main navigation menu (web management interface) 23 managed RA flags DMZ, configuring for 191 LAN, configuring for 174 management default settings 672 maximum transmission unit (MTU) default 67 IPv6 DMZ packets 192 IPv6 LAN packets 175 MCHAP (Microsoft CHAP) 419, 423, 491 MD5 IKE polices 372 Mode Config setting 398 RIP-2 150 self-signed certificate requests 518 SNMPv3 users settings 544 VPN policies 385 Media Access Control. See MAC addresses. membership, ports, VLAN 591 menu (web management interface) 23 Message-Digest algorithm 5. See MD5. metering LAN traffic 561 WAN traffic 558 metric static IPv4 routes 146 static IPv6 routes 206 MIAS (Microsoft Internet Authentication Service) described 487 MIAS-CHAP and MIAS-PAP 433, 491 Microsoft CHAP (MCHAP) 419, 423, 491 Microsoft Point-to-Point Encryption (MPPE) 419 Mode Config operation configuring 394 record 371 Monitor 557 monitoring default settings 672 MPPE (Microsoft Point-to-Point Encryption) 419 MTU (maximum transmission unit) default 67 IPv6 DMZ packets 192 IPv6 LAN packets 175 multicast pass-through 276 multihome LAN addresses IPv4, configuring 128–132 IPv6, configuring 180–184 multiple WAN ports auto-rollover and load balancing 629–633 FQDNs 63, 333–334, 632 network, planning 624 overview 14 N names, changing DDNS host and domain 65 ISP login 41, 45 known PCs and devices 135 LAN groups 139 PPTP and PPPoE accounts 45 NAS (Network Access Server) 393 NAT (Network Address Translation) configuring 30 described 16 firewall, use with 209 mapping, one-to-one described 31 rule example 257 status, viewing 589 navigation menu (web management interface) 23 NBMA (nonbroadcast multiple access) 174, 191 NDP (Neighbor Discovery Protocol) 172, 188 NetBIOS, VPN tunnels 383, 416 Network Access Server (NAS) 393 Network Address Translation. See NAT. network configuration requirements 626 network planning for multiple WAN ports 624 network resources, SSL VPN, configuring 467–473 Network Time Protocol (NTP) modes and servers, settings 556 troubleshooting 621 networks database 132–138, 600 diagnostic tools 604 newsgroup 307 nonbroadcast multiple access (NBMA) 174, 191 NT Domain 433, 491
683 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 NT domain 488 NTP (Network Time Protocol) modes and servers, settings 556 troubleshooting 621 O one-time passcode (OTP) 662–664 online documentation 622 online games, DMZ port 140, 184 option arrows (web management interface) 23 Oray.net 63–65 order of precedence, firewall rules 212 other event log messages 658 OTP (one-time passcode) 662–664 outbound rules default 210 examples 261–265 IPv4 DMZ-to-WAN rules 233 LAN-to-DMZ rules 242 LAN-to-WAN rules 224 IPv6 DMZ-to-WAN rules 235 LAN-to-DMZ rules 244 LAN-to-WAN rules 226 order of precedence 212 overview 212 QoS profile, ToS 214 reducing traffic 528 scheduling 292 service blocking 212 settings 213–215 outbound traffic, bandwidth 301 P package contents, VPN firewall 18 packets accepted and dropped 568 capturing 609 matching and marking 76–77 transmitted, received, and collided 585 PAP (Password Authentication Protocol) 419, 423, 487–491 See also MIAS (Microsoft Internet Authentication Service) RADIUS authentication WiKID pass-through, multicast 276 pass-through, VPN 269–272 passwords changing 511 default 25 Perfect Forward Secrecy (PFS) 386, 397 performance management 527 permanent addresses IPv4 address 36, 37, 42, 46 IPv6 address 95 PFS (Perfect Forward Secrecy) 386, 397 physical specifications 672 pinging auto-rollover IPv4 56 IPv6 109 checking connections 604 responding on Internet ports 267 responding on LAN ports 268 troubleshooting TCP/IP 620 using the ping utility 604 pinouts, console port 20 placement of the VPN firewall 21 plug and play (UPnP), configuring 330 Point-to-Point Tunneling Protocol (PPTP) server settings 417 settings 35, 44, 45 policies IKE exchange mode 368, 371, 400 ISAKMP identifier 368, 372, 400 managing 366 Mode Config operation 371, 398 XAUTH 373, 401 IPSec VPN automatically generated 379 groups, configuring 494 managing 365 manually generated 378 SSL VPN managing 473 settings 475–483 policy hierarchy 473 pools, Mode Config operation 397 port filtering reducing traffic 528 rules 211 port forwarding firewall rules 211, 215 increasing traffic 216 reducing traffic 530 port membership, VLANs 122 port numbers
684 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 customized services 281 port triggering 325 SSL VPN port forwarding 438, 454 port ranges port triggering 327 SSL VPN policies 479, 481, 483 SSL VPN resources 471 port speed 69 port triggering configuring 325–330 increasing traffic 532 status monitoring 329, 593 port VLAN identifier (PVID) 116 portals, SSL VPN 440 configuring 448–453 options for 426 ports front panel and back panel 18 VLAN membership, viewing 591 Power LED 19, 613 power receptacle 21 power specifications 672 PPP connection 426 PPPoE (PPP over Ethernet) described 17 IPv4 settings 35, 39 IPv6 settings 98 PPTP (Point-to-Point Tunneling Protocol) server settings 417 settings 35, 44 users 501 precedence, firewall rules 212 preference, router (IPv6) DMZ, configuring for 192 LAN, configuring for 175 prefix delegation (IPv6) LAN DHCPv6 server 154, 163 WAN DHCPv6 client 90, 92 prefix length, IPv6 DMZ address 187, 199 DMZ advertisements 195 DMZ DHCPv6 address pools 202 IPSec VPN policies 384 ISP address 95 LAN address 157, 161, 167 LAN advertisements 178 LAN DHCPv6 address pools 169 LAN prefix delegation 163 secondary LAN IP address 182 SSL VPN policies 481 static routes 205 prefix lifetimes, IPv6 DMZ advertisements 195 LAN advertisements 178 prefixes, IPv6 6to4 tunnel 101 DMZ advertisements 195 ISATAP tunnel 104 LAN advertisements 178 pre-shared key client-to-gateway VPN tunnel 347 gateway-to-gateway VPN tunnel 338, 342 IKE policy settings 372 primary WAN mode bandwidth capacity 527 IPv4, described 49 IPv6, described 109 priority queue control profiles LAN QoS 296 WAN QoS 74, 78–80, 82 privacy algorithm and password, SNMPv3 users 545 private addresses, IPv6 103 profiles bandwidth 299–303 QoS, firewall rules 293 QoS, WAN interfaces 74 VLANs 117–124 protection from common attacks 266–269 protocol binding, configuring 49–54 protocols compatibilities 672 RIP 16 service numbers 281 traffic volume by protocol 598 PSK. See pre-shared key. public web server, hosting (rule example) 253 PVID (port VLAN identifier) 116 Q QoS (Quality of Service) LAN profiles 293–298 profiles 293 shifting traffic mix 533 WAN profiles 74–84 question mark icon (web management interface) 24 queues, priority LAN traffic 296 WAN traffic 74, 78–80, 82
685 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 R rack-mounting kit 22 RADIUS CHAP and PAP domain authentication 433, 491 MSCHAP(v2), domain authentication 433, 491 RADIUS authentication CHAP and PAP domain authentication 491 XAUTH 374, 389–391, 401 described 487 RADIUS servers configuring 392–394 edge devices 391 RADVD (Router Advertisement Deamon) DMZ, configuring for 188 LAN, configuring for 171 rate control profile, WAN traffic 74–77 rate-limiting, forwarded traffic 72 read-only and read-write access 499 rebooting with same firmware 611 reducing traffic 528–530 relay gateway 122, 143 Remote Authentication Dial In User Service See RADIUS authentication. See RADIUS servers. remote management access 534 remote users, assigning addresses (Mode Config) 394 requirements, hardware 626 reserved IPv4 addresses, configuring 133 Reset button 21 resources, SSL VPN, configuring 467–473 restarting traffic meter (or counter) LAN traffic 563 WAN traffic 560 restoring configuration file 548 retry interval, DNS lookup or ping IPv4 59 IPv6 112 RFC 1349 294 RFC 1700 281 RFC 2865 392 RIP (Routing Information Protocol), configuring 148–150 round-robin load balancing 51 Router Advertisement Deamon (RADVD) DMZ, configuring for 188 LAN, configuring for 171 Routing Information Protocol (RIP), configuring 148–150 routing log messages, explanation 656 routing logs 568 routing modes IPv4 30 IPv6 (IPv4-only and IPv4/IPv6) 88 routing table adding static IPv4 routes 145 adding static IPv6 routes 204 displaying 608 RSA signatures 372 rules See inbound rules. See outbound rules. S SA (security association) IKE policies 368, 372, 400 IPSec VPN Wizard 334 Mode Config operation 397 VPN connection status 364 VPN policies 384, 386 sample firewall rules 252–265 scheduling firewall rules 292 secondary LAN addresses IPv4, configuring 128–132 IPv6, configuring 180–184 Secure Hash Algorithm 1. See SHA-1. secure HTTP management 536 security association. See SA. security checks, LAN 268 security level, SNMPv3 users 544 security lock 20 Security Parameters Index (SPI) 384 server preference, DHCPv6 158, 162, 168, 187, 200 service blocking reducing traffic 528 rules, firewall 211, 212 service numbers, common protocols 281 Session Initiation Protocol (SIP) 278 session limits configuring 272 logging dropped packets 569 severities, syslog 572 SHA-1 IKE policies 372 Mode Config operation 398 self certificate requests 518 SNMPv3 user settings 544 VPN policies 385
686 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 shared bandwidth allocation, WAN traffic 77 shutting down 611 signature key length 518 SIIT (Stateless IP/ICMP Translation) 107 Simple Network Management Protocol (SNMP) configuring 538–546 described 17 single WAN port mode bandwidth capacity 527 IPv4, described 49 IPv6, described 109 SIP (Session Initiation Protocol) 278 sit0-WAN1 (6to4 tunnel) 101 SLA ID (site level aggregation identifier) DMZ advertisements 195 LAN advertisements 178 sniffer 614 SNMP (Simple Network Management Protocol) configuring 538–546 described 17 software, downloading and upgrading 550–551 source MAC filtering configuring MAC addresses 312 logging matched packets 569 reducing traffic 530 specifications, physical and technical 672 speed, ports 69 SPI (Security Parameters Index) 384 SPI (stateful packet inspection) 15, 209 split tunnel, SSL VPN 459 spoofing MAC addresses 617 SSL certificate, warning and downloading 25 SSL VPN ActiveX web cache cleaner 431, 451 ActiveX-based client 426 authentication 433, 491 cache control 431, 451 client IP address range and routes 436, 460–467 configuration steps 446 domain settings, using SSL VPN Wizard 433 FQDNs, configuring port forwarding 447 logs 445 manual configuration steps 446 network resources, configuring 467–473 overview 15 policies managing 473 settings 475, 483 port forwarding configuring 453–457 described 426 port number 438 using SSL VPN Wizard 438 portal accessing 440 settings, using SSL VPN Wizard 431 portals configuring 448–453 options 426 resources, configuring 467–473 specifications 674 status 444 tunnel, described 426 user account 499–501 user portal 442 user settings, using SSL VPN Wizard 435 SSL VPN Wizard 427 stateful packet inspection (SPI) 15, 209 stateless and stateful IPv6 addresses, autoconfiguration 90, 157, 162, 167, 187, 199 Stateless IP/ICMP Translation (SIIT) 107 static addresses IPv4 address 36, 37, 42, 46 IPv6 address 95 static routes IPv4 routes configuring 144–151 routing table 145 IPv6 routes configuring 204–207 routing table 204 statistics, viewing 584 status screens 581–601 stealth mode 267 stratum, NTP servers 556 submenu tabs (web management interface) 23 SYN flood 267 syslog server 572 system date and time settings, configuring 554 logs 569 status, viewing 582–592 updating firmware 550 system log messages, explanation 643 T tabs, submenu (web management interface) 23 TCP (Transmission Control Protocol) 327 TCP flood, blocking 267 TCP/IP network, troubleshooting 620 technical specifications 672
687 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 technical support 2, 609 telecommuter (client-to-gateway) 634 Telnet and RTelnet, restricting access (rule example) 260 Telnet management 537 temperatures, operating and storage 673 Test LED 19, 613 testing, Internet connectivity 84, 113 time settings configuring 555 troubleshooting 621 time-out L2TP users 423 PPTP users 419 time-out error, troubleshooting 614 tips, firewall and content filtering 209 ToS (Type of Service), QoS profiles configuring for firewall rules 296 inbound rules 219 outbound rules 214 WAN interfaces 74 tracert, using with DDNS 535 tracing a route (traceroute) 606 trademarks 2 traffic bandwidth 299–303 blocking reaching LAN limit 563 reaching WAN limit 560 diagnostic tools 604 inbound (planning) 629 increasing 530–532 managing 527 meter (or counter) LAN 561 WAN 558 rate-limiting 72 reducing 528–530 volume by protocol 598 volume, limiting LAN 563 WAN 559 Transmission Control Protocol (TCP) 327 traps, SNMP 540 troubleshooting basic functioning 612 browsers 614 configuration settings, using sniffer 614 date and time settings 621 defaults 614 IP addresses, requirements 24 IPv6 connection 617 ISP connection 615 LEDs 613 NTP 621 testing your setup 621 time-out error 614 web management interface 613 trusted certificates 514–515 trusted domains, building a list of 310 tunnels, IPv6 configuring globally 100–107 DMZ, configuring for 195 LAN, configuring for 178 two-factor authentication authentication, overview 661 described 488 WiKID-PAP and WiKID-CHAP 491 TZO.com 63–65 U UDP (User Datagram Protocol) 327 UDP flood, blocking 268 unicast packets, IPv6 DMZ, configuring for 191 LAN, configuring for 174 Universal Plug and Play (UPnP), configuring 330 unsolicited multicast packets, IPv6 DMZ, configuring for 191 LAN, configuring for 174 upgrading firmware 550–551 UPnP (Universal Plug and Play), configuring 330 user accounts, configuring 498 User Datagram Protocol (UDP) 327 user interface described 23 troubleshooting 613 user name, default 25 user passwords, changing 511 user policies, configuring for SSL VPN 473 user portal, SSL-VPN 442 user types 499–503 users active VPN, PPTP, and L2TP 592 administrative (admin) settings 511 assigned groups 501 login policies, configuring 504–510 login time-out 511 V vendor class identifier (VCI) 35
688 ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2 versions SNMP 540 videoconferencing DMZ port 140, 184 from restricted address (rule example) 255 violations, IP/MAC binding 317, 321 virtual LAN. See VLANs. Virtual Private Network Consortium (VPNC) 17, 335 virtual private network. See VPN tunnels. VLANs advantages 115 described 115 DHCP options 118–119 MAC addresses 126 port membership configuring 122 default 116 viewing 591 port-based 116 profiles, configuring 119–126 VoIP (voice over IP) sessions 278 VPN client Configuration Wizard, using 349 configuring manually 354 Mode Config tunnel, opening 408 Mode Config, configuring 402 tunnel, opening 361 VPN IPSec Wizard. See IPSec VPN Wizard. VPN SSL Wizard 427 VPN tunnels active users 592 autoinitiating 383 auto-rollover mode 333 client policy, creating 349 client-to-gateway, using IPSec VPN Wizard 346 connection status 363 DPD (Dead Peer Detection) 412 failover 383 FQDNs 333–334, 632 FQDNs, configuring endpoints 339, 343, 347, 372 gateway-to-gateway auto-rollover 636 load balancing 637 single WAN port mode 636 gateway-to-gateway, using IPSec VPN Wizard 337, 341 IKE policies exchange mode 368, 371, 400 ISAKMP identifier 368, 372, 400 managing 366 Mode Config operation 371, 398 XAUTH 373, 401 increasing traffic 532 IP addresses client-to-gateway (wizard) 348 gateway-to-gateway (wizard) 339, 343 local and remote 372, 384, 400 IPSec VPN logs 364 specifications 673 IPSec VPN policies automatically generated 379 groups, configuring 494 managing 365 manually generated 378 IPSec VPN user account 499–501 keep-alives 384, 412 load balancing mode 333 NetBIOS 383, 416 pass-through (IPSec, PPTP, L2TP) 271 planning 629 pre-shared key client-to-gateway tunnel 347 gateway-to-gateway tunnel 338, 342 IKE policy settings 372 rollover See auto-rollover mode. RSA signature 372 sending syslogs 576 telecommuter auto-rollover 634 load balancing 635 single WAN port mode 634 testing connections 361 VPN Telecommuter auto-rollover 639 load balancing 640 single WAN port mode 638 XAUTH 388–391 VPNC (Virtual Private Network Consortium) 17, 335 W WA N auto-rollover mode DDNS 63 IPv4 configuring 56–58 described 49 IPv6 configuring 109 described 109 VPN IPSec 333, 339, 343, 348 bandwidth capacity 527