User's Manual
Table Of Contents
- Reference Manual for the NETGEAR ProSafe VPN Client
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Installation
- Chapter 4 Configuring L2TP Connections
- Chapter 5 Using the Security Policy Editor
- What is the Security Policy Editor?
- Basic Steps to Configure a Security Policy
- How to Secure All Connections
- How to Configure Global Policy Settings
- How to Configure Other Connections
- How to Add and Configure a Connection
- How to Enter a Preshared Key
- How to Configure a Gateway
- Configure My Identity
- Configure Security Policy Connection Options
- Configure Authentication (Phase 1)
- Configure Key Exchange (Phase 2)
- Edit a Distinguished Name
- Configure and Manage Connections
- Manage Proposals
- Manage Redundant Gateways
- Manage the Security Policy
- Chapter 6 Using the Certificate Manager
- What is the Certificate Manager?
- Obtain Certificates
- With Online (SCEP) Enrollment
- CAs that Support SCEP
- Retrieve a CA Certificate Online
- Configure a CA Certificate
- Use an HTTP Proxy Server for Online Certificate Requests and CRL Updates
- Import a CA Certificate
- Select a CSP
- Request a Personal Certificate
- Define How Often to Check for and Retrieve New Personal Certificates
- Retrieve a Personal Certificate Manually
- Manage Certificate Requests
- With Manual (File-Based) Enrollment
- Obtain Certificates Through Internet Explorer
- With Online (SCEP) Enrollment
- Manage Certificates
- Manage Certificate Revocation Lists (CRLs)
- Manage the Trust Policy
- Chapter 7 Using Sessions
- Chapter 8 Distributing Customized Profiles
- Chapter 9 Troubleshooting
- Appendix A Networks, Routing, and Firewall Basics
- Appendix B Virtual Private Networking
- Appendix C NETGEAR ProSafe VPN Client to NETGEAR FVS318 or FVM318 VPN Routers
- Appendix D NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
- Glossary
- Index
Reference Manual for the NETGEAR ProSafe VPN Client
NETGEAR ProSafe VPN Client to NETGEAR FVS318 or FVM318 VPN Routers C-5
202-10015-01
– Type the IP Address of client B (0.0.0.0 in our example) in the Remote LAN Start IP
Address field. Entering 0.0.0.0 as the Remote LAN Start IP Address tells the FVS318 to
accept a connection from any IP address. This enables travelling users who will not know
the IP address of their connection to use this tunnel. It also allows telecommuters who
have a direct connection at their home with a dynamic IP address to use this tunnel.
– Leave the Remote WAN IP or FQDN address field blank.
Figure C-4: NETGEAR FVS318 VPN Settings – Main Mode
– From the Secure Association drop-down box, select Main Mode.
– Next to Perfect Forward Secrecy, select the Enabled radio button.
– From the Encryption Protocol drop-down box, select 3DES.
– In the PreShared Key box, type a unique text string to be used as the shared key between
the FVS318 and the VPN client. In this example, we used hr5xb84l6aa9r6. You must
make sure the key is entered correctly in both the gateway and the client.
– In the Key Life box, enter 28800 seconds.
– In the IKE Life Time, enter 86400 seconds.
Note: Entering 0.0.0.0 as the Remote LAN Start IP Address uses two of the available 8
FVS318 tunnels. If you wish to provide a tunnel for home users who are connecting
through a home NAT router, use a reserved IP configuration for the PC on the home
router. Specifying a reserved IP address for a PC on the home NAT router assures that
PC will always receive the same IP address from the DHCP server in the home NAT
router. In such a case, you would enter the reserved IP address of the PC for the Remote
LAN Start IP Address. To avoid duplicate IP address conflicts, be sure the remote PC IP
address is on a different subnet than the FVS318.