ADSL2+ Modem Wireless Router DG834G Reference Manual NETGEAR, Inc.
© 2007 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and the NETGEAR logo are trademarks of Netgear, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.
European Union Statement of Compliance Hereby, NETGEAR, Inc. declares that this modem router is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC. Èesky [Czech] NETGEAR, Inc. tímto prohlašuje, že tento 54 Mbps ADSL2+ Modem Wireless Router Model DG834G je ve shodì se základními požadavky a dalšími pøíslušnými ustanoveními smìrnice 1999/5/ES. Dansk [Danish] Undertegnede NETGEAR, Inc.
Nederlands [Dutch] Hierbij verklaart NETGEAR, Inc. dat het toestel 54 Mbps ADSL2+ Modem Wireless Router Model DG834G in overeenstemming is met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG. Malti [Maltese] Hawnhekk, NETGEAR, Inc., jiddikjara li dan 54 Mbps ADSL2+ Modem Wireless Router Model DG834G jikkonforma mal-tiijiet essenzjali u ma provvedimenti orajn relevanti li hemm fid-Dirrettiva 1999/5/EC. Magyar [Hungarian] Alulírott, NETGEAR, Inc.
Certificate of the Manufacturer/Importer It is hereby certified that the 54 Mbps ADSL2+ Modem Wireless Router Model DG834G has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.
vi v2.
Contents ADSL2+ Modem Wireless Router DG834G Reference Manual About This Manual Conventions, Formats, and Scope ..................................................................................... i How to Use This Manual ................................................................................................... ii How to Print this Manual ....................................................................................................
Changing the Administrator Login Time-out .............................................................3-2 Configuring Basic Firewall Services ...............................................................................3-2 Blocking Keywords, Sites, and Services ..................................................................3-3 Blocking Keywords and Sites ...................................................................................3-3 Firewall Rules ...............................................
Setting Up a Default DMZ Server .............................................................................5-3 LAN IP Settings ..............................................................................................................5-4 DHCP Settings .........................................................................................................5-6 Reserved IP Addresses ...........................................................................................5-7 Dynamic DNS .................
Chapter 7 Troubleshooting Basic Functioning ...........................................................................................................7-1 Power LED Is Not On ...............................................................................................7-2 Power LED Is Red ....................................................................................................7-2 LAN or DSL or Internet Port LEDs Are Not On ........................................................
Viewing the PC Client’s Connection Monitor and Log Viewer ............................... B-22 Viewing the VPN Router’s VPN Status and Log Information ................................ B-23 Appendix C Related Documents 5 v2.
6 v2.
About This Manual The NETGEAR® ADSL2+ Modem Wireless Router DG834G Reference Manual describes how to install, configure ,and troubleshoot the 54 Mbps ADSL2+ Modem Wireless Router Model DG834G. The information in this manual is intended for readers with intermediate computer and Internet skills. Conventions, Formats, and Scope The conventions, formats, and scope of this manual are described in the following paragraphs: • • Typographical Conventions.
ADSL2+ Modem Wireless Router DG834G Reference Manual • Scope. This manual is written for the ADSL2+ Modem Wireless Router according to these specifications: Product Version 54 Mbps ADSL2+ Modem Wireless Router Model DG834G Manual Publication Date September 2007 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix C, “Related Documents”. Note: Product updates are available on the NETGEAR, Inc. website at http://kbserver.netgear.
ADSL2+ Modem Wireless Router DG834G Reference Manual – – – Click the PDF of This Chapter link at the top left of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window. Your computer must have the free Adobe Acrobat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe website at http://www.adobe.com. Click the print icon in the upper left of the window.
ADSL2+ Modem Wireless Router DG834G Reference Manual iv v2.
Chapter 1 Configuring Your Internet Connection This chapter describes how to configure your ADSL2+ Modem Wireless Router Internet connection. When you perform the initial configuration of your modem router using the DG834G ADSL2+ Modem Wireless Router Resource CD as described in the NETGEAR Router Setup Manual, these settings are configured automatically for you.
ADSL2+ Modem Wireless Router DG834G Reference Manual What You Need Before You Begin You need to prepare the following before you can set up your modem router: • Active Internet service provided by an ADSL account. • The Internet Service Provider (ISP) configuration information for your ADSL account.
ADSL2+ Modem Wireless Router DG834G Reference Manual To log in to the modem router: 1. Type http://routerlogin.net or http://192.168.0.1 in the address field of an Internet browser. Figure 1-1 This login window opens: Figure 1-2 2. Enter admin for the user name and password for the password, both in lower case letters. 3. Select Setup Wizard to go to the Setup Wizard screen: Figure 1-3 Configuring Your Internet Connection 1-3 v2.
ADSL2+ Modem Wireless Router DG834G Reference Manual This screen includes the following: • Country. It is important to specify the location where the modem router will operate so that the Internet connection will work correctly. • Language. You can select a language from the drop-down list. • Auto-Detect Connection Type. If you want to change the settings for the Internet connection, select Yes or No, and then click Next. – Yes.
ADSL2+ Modem Wireless Router DG834G Reference Manual The Setup Wizard detects your ISP configuration. Depending on the type of connection, you are prompted to enter your ISP settings, as shown in the following table. Table 1-1. Auto-Detected Internet Connection Types Connection Type ISP Information PPP over Ethernet (PPPoE) PPP over ATM (PPPoA) Enter the login user name and password. These fields are casesensitive. Dynamic IP Account Setup No entries needed.
ADSL2+ Modem Wireless Router DG834G Reference Manual Viewing or Manually Configuring Your ISP Settings NETGEAR recommends that you specify your country and language before you configure the settings on the Basic Settings screen. See “Logging In to the Modem Router” on page 1-2. You must install the ADSL filters and connect the modem router to the ADSL line as described in the NETGEAR Router Setup Manual before you configure the settings in the Basic Settings screen.
ADSL2+ Modem Wireless Router DG834G Reference Manual Understanding the Basic Settings Screen The fields on the Basic Settings screen depend on whether or not your Internet connection requires a login. ISP does not require login ISP does require login Figure 1-4 The following table explains the fields in the Basic Settings screen. Note that the group of fields included in this screen depends on whether or not a login is required. Configuring Your Internet Connection 1-7 v2.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 1-2. Basic Settings screen fields Settings Description Does Your ISP Require a Login? • Yes • No These fields Account Name appear only if no (If required) login is required. Domain Name (If required) Enter the account name provided by your ISP. This might also be called the host name. These fields Encapsulation appear only if your ISP requires a login. Login • PPPoE • PPPoA • PPTP Enter the domain name provided by your ISP.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 1-2. Basic Settings screen fields (continued) Settings Description NAT (Net Address Translation) NAT automatically assigns private IP addresses (10.1.1.x) to LAN-connected devices. • Enable. Usually NAT is enabled. • Disable. This disables NAT, but leaves the firewall active. Disable NAT only if you are sure that you do not require it. When NAT is disabled, only standard routing is performed by this router.
ADSL2+ Modem Wireless Router DG834G Reference Manual ADSL Settings Note: For information about how to install ADSL filters, see the NETGEAR Router Setup Manual. The default ADSL settings of your modem router work fine for most ISPs. However, some ISPs use a specific multiplexing method and virtual circuit number for the virtual path identifier (VPI) and virtual channel identifier (VCI). Note: You must use the Setup Wizard to select the correct country for the default ADSL settings to work.
Chapter 2 Wireless Configuration This chapter describes how to configure the wireless features of your ADSL2+ Modem Wireless Router. In planning your wireless network, consider the level of security required. You should also select the physical placement of your modem router to maximize the network speed.
ADSL2+ Modem Wireless Router DG834G Reference Manual Wireless Placement and Range Guidelines The range of your wireless connection can vary significantly based on the physical placement of the modem router. The latency, data throughput performance, and notebook power consumption of wireless adapters also vary depending on your configuration choices. For best results, place your modem router according to the following guidelines: • Near the center of the area in which your PCs will operate.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. Select Wireless Settings from the main menu to display the Wireless Settings screen: Figure 2-1 The settings for this screen are explained in Table 2-1. 3. Select the region in which the modem router will operate. 4. For initial configuration and test, leave the other settings unchanged. 5. To save your changes, click Apply. Wireless Configuration 2-3 v2.
ADSL2+ Modem Wireless Router DG834G Reference Manual 6. Configure and test your computers for wireless connectivity. Program the wireless adapter of your computers to have the same SSID and wireless security settings as your modem router. Check that they have a wireless link and are able to obtain an IP address by DHCP from the modem router. If there is interference, adjust the channel. Table 2-1.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 2-1. Wireless Settings (continued) Settings Description Wireless Station Turn Access Control On Access List Access control is disabled by default so that any computer configured with the correct SSID can connect. See “Restricting Access by MAC Address”. Security Options • Disabled. You can use this setting to establish wireless connectivity before implementing wireless security. NETGEAR strongly recommends that you implement wireless security.
ADSL2+ Modem Wireless Router DG834G Reference Manual There are several ways you can enhance the security of your wireless network: Figure 2-2 • Restrict Access Based on MAC Address. You can allow only trusted PCs to connect so that unknown PCs cannot wirelessly connect to the modem router. Restricting access by MAC address adds an obstacle against unwanted access to your network, but the data broadcast over the wireless link is fully exposed. • Turn Off the Broadcast of the Wireless Network Name SSID.
ADSL2+ Modem Wireless Router DG834G Reference Manual Wireless Station Access Control By default, any wireless PC that is configured with the correct SSID and wireless security settings is allowed access to your wireless network. You can use Wireless Access Point settings in the Wireless Setting screen to further restrict wireless access to your network: Figure 2-3 • Turning off wireless connectivity completely. You can completely turn off the wireless portion of the modem router.
ADSL2+ Modem Wireless Router DG834G Reference Manual Restricting Access by MAC Address For increased security, you can restrict access to the wireless network to allow only specific PCs based on their MAC addresses. You can restrict access to only trusted PCs so that unknown PCs cannot wirelessly connect to the ADSL2+ Modem Wireless Router. MAC address filtering adds an obstacle against unwanted access to your network, but the data broadcast over the wireless link is fully exposed.
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. Adjust the list as needed for your network. You can add devices to the Trusted Wireless Stations list using either of the following methods: • If the computer is in the Available Wireless Stations table, select the radio button of that computer to capture its MAC address. • Use the Add New Station Manually fields to enter the MAC address of the device to be added. The MAC address can usually be found on the bottom of the wireless device.
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. In the Security Options section, select the WEP (Wired Equivalent Privacy) radio button: Figure 2-5 4. Select the Authentication Type: Automatic, Open System, or Shared Key. The default is Open System. Note: The authentication scheme is separate from the data encryption. You can select an authentication scheme that requires a shared key but still leaves the data transmissions unencrypted.
ADSL2+ Modem Wireless Router DG834G Reference Manual • Key 1-Key4. These values are not case-sensitive. You can manually enter the four data encryption keys. These values must be identical on all computers and access points in your network. Enter 10 hexadecimal digits (any combination of 0–9, a–f, or A–F). 7. Select which of the four keys will be the default. Data transmissions are always encrypted using the default key. The other keys can be used only to decrypt received data.
ADSL2+ Modem Wireless Router DG834G Reference Manual • Radius Port. Port number of the Radius server. The default is 1812. • Shared Key. This is shared between the wireless access point and the Radius server during authentication. 7. To save your settings, click Apply. 2-12 Wireless Configuration v2.
Chapter 3 Protecting Your Network This chapter describes how to use the basic firewall features of the ADSL2+ Modem Wireless Router to protect your network. Protecting Access to Your ADSL2+ Modem Wireless Router For security reasons, the modem router has its own user name and password. Also, after a period of inactivity for a set length of time, the administrator login automatically disconnects. When prompted, enter admin for the modem router user name and password for the modem router password.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. From the main menu, under the Maintenance heading, select Set Password to display the Set Password screen: Figure 3-2 3. To change the password, first enter the old password, and then enter the new password twice. 4. Click Apply to save your changes. Note: After changing the password, you must log in again to continue the configuration.
ADSL2+ Modem Wireless Router DG834G Reference Manual Blocking Keywords, Sites, and Services The modem router provides a variety of options for blocking Internet-based content and communications services. With its content filtering feature, the modem router prevents objectionable content from reaching your PCs. You can control access to Internet content by screening for keywords within Web addresses. Content filtering options include: • Keyword blocking of HTTP traffic. • Outbound service blocking.
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. To enable keyword blocking, select one of the following: • Per Schedule. Turn on keyword blocking according to the settings on the Schedule screen. • Always. Turn on keyword blocking all the time, independent of the setting in the Schedule screen. 4. Enter a keyword or domain in the Keyword field, click Add Keyword, and then click Apply. Some examples of keyword applications are shown in the following chart.
ADSL2+ Modem Wireless Router DG834G Reference Manual You can define additional rules that will specify exceptions to the default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses, and time of day. You can also choose to log traffic that matches or does not match the rule you have defined. You can change the order of precedence of rules so that the rule that applies most often will take effect first.
ADSL2+ Modem Wireless Router DG834G Reference Manual Inbound Rules (Port Forwarding) Because the modem router uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly access any of your local computers. However, by defining an inbound rule you can make a local server (for example, a Web server or game server) visible and available to the Internet.
ADSL2+ Modem Wireless Router DG834G Reference Manual • Action. Select when you want this type of traffic to be handled. You can block or allow always, or you can choose to block or allow according to the schedule you have defined in the Schedule screen. • Send to LAN Server. Enter the IP address of the computer or server on your LAN which will receive the inbound traffic covered by this rule. • WAN Users.
ADSL2+ Modem Wireless Router DG834G Reference Manual Considerations for Inbound Rules If your external IP address is assigned dynamically by your ISP, the IP address might change periodically as the DHCP lease expires. Consider using the Dynamic DNS feature so that external users can always find your network. If the IP address of the local server computer is assigned by DHCP, it might change when the computer is rebooted.
ADSL2+ Modem Wireless Router DG834G Reference Manual The following screen shows AIM selected in the Service list: Figure 3-7 The Outbound Services screen includes the following fields: • Service. Select the application or service from the drop-down list to be allowed or blocked. You can use the Add Custom Service feature to add any additional services or applications that are not in the list; see “Defining Services” for details. • Action. Choose when you want this type of traffic to be handled.
ADSL2+ Modem Wireless Router DG834G Reference Manual Order of Precedence for Rules As you define new rules, they are added to the tables in the Firewall Rules screen, as shown: Figure 3-8 For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order shown in the rules table, beginning at the top and proceeding to the default rules at the bottom.
ADSL2+ Modem Wireless Router DG834G Reference Manual Defining Services To define a service: 1. Log in to the modem router at its default LAN address of http://192.168.0.1 with its default user name of admin default password of password, or using whatever password and LAN address you have chosen for the modem router. 2. Under the Security heading, select Services to display the Services screen: Figure 3-9 • To create a new service, click Add Custom Service.
ADSL2+ Modem Wireless Router DG834G Reference Manual Setting Your Time Zone To localize the time for your log entries, you must specify your time zone: 1. Log in to the modem router at its default LAN address of http://192.168.0.1 with its default user name of admin, default password of password, or using whatever password and LAN address you have chosen for the modem router. 2. On the main menu, select Schedule to display the Schedule screen: Figure 3-11 3. Select your time zone.
ADSL2+ Modem Wireless Router DG834G Reference Manual Scheduling Firewall Services If you enabled services blocking in the Block Services screen or port forwarding in the Ports screen, you can set up a schedule for when blocking occurs or when access is not restricted. 1. Log in to the modem router at its default LAN address of http://192.168.0.1 with its default user name of admin default password of password, or using whatever password and LAN address you have chosen for the modem router. 2.
ADSL2+ Modem Wireless Router DG834G Reference Manual 3-14 Protecting Your Network v2.
Chapter 4 Managing Your Network This chapter describes how to perform network management tasks with your ADSL2+ Modem Wireless Router. Backing Up, Restoring, or Erasing Your Settings The configuration settings of the modem router are stored in a configuration file in the modem router. This file can be backed up to your computer, restored, or reverted to factory default settings. The procedures below explain how to do these tasks. Backing Up the Configuration to a File 1.
ADSL2+ Modem Wireless Router DG834G Reference Manual Restoring the Configuration from a File To restore the configuration: 1. Log in to the modem router at its default LAN address of http://192.168.0.1 with its default user name of admin default password of password, or using whatever user name, password and LAN address you have chosen for the modem router. 2. Under the Maintenance heading on the main menu, select Backup Settings. 3.
ADSL2+ Modem Wireless Router DG834G Reference Manual Upgrading the Modem Router Firmware NETGEAR recommends that you back up your configuration before doing a firmware upgrade. After the upgrade is complete, you might need to restore your configuration settings. 1. Download and unzip the new software file from NETGEAR. The Web browser used to upload new firmware into the modem router must support HTTP uploads. NETGEAR recommends using Microsoft Internet Explorer 5.0 or later, or Netscape Navigator 4.
ADSL2+ Modem Wireless Router DG834G Reference Manual Network Management Information The modem router provides a variety of status and usage information which is discussed below. Viewing Modem Router Status and Usage Statistics From the main menu, below the Maintenance heading, select Router Status to view this screen. Figure 4-3 The Router Status screen provides status and usage information. This screen shows the following parameters: Table 4-1.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 4-1. Modem Router Status Fields (continued) Field ADSL Port LAN Port Modem Description MAC Address The Ethernet MAC address used by the ADSL port of the modem router. IP Address The IP address used by the ADSL port. If no address is shown, the modem router cannot connect to the Internet. Network Type The network type is determined by your ISP. Common network types are PPPoE and PPPoA.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 4-1. Modem Router Status Fields (continued) Field Wireless Port These are set in the Wireless Settings page; see “Viewing or Changing Wireless Settings” in Chapter 2. Description Name (SSID) The service set ID, also known as the wireless network name. Region The country where the unit is set up for use. Channel The current channel, which determines the operating frequency. Wireless AP Indicates if the access point feature is disabled or not.
ADSL2+ Modem Wireless Router DG834G Reference Manual This following table explains the statistic fields. Table 4-2. Router Statistics Fields Field WAN or LAN Port The statistics for the WAN (Internet) and LAN ports. ADSL Link Downstream or Upstream These statistics might help your technical support representative if there is a connection problem. Description Status The link status of the port. TxPkts The number of packets transmitted on this port since reset or manual clear.
ADSL2+ Modem Wireless Router DG834G Reference Manual This screen shows the following statistics: Table 4-3. Connection Status Fields for PPPoA Field Description Connection Time The time elapsed since the last connection to the Internet via the ADSL port. Connecting to Sender The connection status. Negotiation On or Off. Authentication On or Off. IP Address The IP address assigned to the WAN port by the ADSL Internet Service Provider.
ADSL2+ Modem Wireless Router DG834G Reference Manual Viewing, Selecting, and Saving Logged Information The modem router logs security-related events such as denied incoming service requests, hacker probes, and administrator logins. If you enabled content filtering in the Block Sites screen, the Logs screen can show you when someone on your network tries to access a blocked site. If you enabled e-mail notification, you receive these logs in an e-mail message.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 4-4. Security Log Entry Descriptions Field Description Source IP The IP address of the initiating device for this log entry. Source port and interface The service port number of the initiating device, and whether it originated from the LAN or WAN. Destination The name or IP address of the destination device or website. Destination port and The service port number of the destination device, and whether it is on interface the LAN or WAN.
ADSL2+ Modem Wireless Router DG834G Reference Manual Examples of Log Messages Following are examples of log messages. In all cases, the log entry shows the timestamp as: Day, Year-Month-Date Hour:Minute:Second. Activation and Administration Tue, 2002-05-21 18:48:39 - NETGEAR activated [This entry indicates a power-up or reboot with initial time entry.] Tue, 2002-05-21 18:55:00 - Administrator login successful - IP:192.168.0.2 Thu, 2002-05-21 18:56:58 - Administrator logout - IP:192.168.0.
ADSL2+ Modem Wireless Router DG834G Reference Manual Enabling Security Event E-mail Notification To receive logs and alerts by e-mail, you must provide your e-mail information in the E-mail screen: Figure 4-8 • Turn e-mail notification on. Select this check box if you want to receive e-mail logs and alerts from the modem router. • Send alerts and logs via email. – Send To This E-mail Address. Enter the e-mail address where you want to send the alerts and logs.
ADSL2+ Modem Wireless Router DG834G Reference Manual • Send alert immediately. Select the corresponding check box if you would like immediate notification of a significant security event, such as a known attack, port scan, or attempted access to a blocked site. • Send logs according to this schedule. Specifies how often to send the logs: Hourly, Daily, Weekly, or When Full. – Day for sending log. Specifies which day of the week to send the log. Relevant when the log is sent weekly.
ADSL2+ Modem Wireless Router DG834G Reference Manual From the main menu, under the Maintenance heading, select Modem Router Diagnostics to display the Diagnostics screen: Figure 4-9 Enabling Remote Management Using the Remote Management screen, you can allow a user or users on the Internet to configure, upgrade, and check the status of your modem router. Tip: Be sure to change the modem router default password to a very secure password.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. Under the Advanced heading of the main menu, select Remote Management to display the Remote Management screen: Figure 4-10 3. Select the Turn Remote Management On check box. 4. Specify which external addresses will be allowed to access the modem router’s remote management. For security, restrict access to as few external IP addresses as practical: • To allow access from any IP address on the Internet, select Everyone.
ADSL2+ Modem Wireless Router DG834G Reference Manual When accessing your modem router from the Internet, you will type your modem router WAN IP address in your Internet browser address or location field, followed by a colon (:) and the custom port number. For example, if your external address is 134.177.0.123 and you use port number 8080, enter: http://134.177.0.123:8080 Note: In this case, you must include http:// in the address. 4-16 Managing Your Network v2.
Chapter 5 Advanced Configuration This chapter describes how to configure the advanced features of your ADSL2+ Modem Wireless Router. Advanced Settings The ADSL2+ Modem Wireless Router provides a variety of advanced features, such as the following: • WAN Setup. • LAN TCP/IP settings • Using the Router as a DHCP Server • Configuring Dynamic DNS • Configuring Static Routes. • Wireless Bridging and Repeating These features are discussed in the following sections of this chapter.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. From the main menu, select WAN Setup to display the WAN Setup screen: Figure 5-1 3. Make the changes that you want, and then click Apply to save the settings. The WAN Setup fields are described in the following table: Table 5-1. WAN Setup Settings Setting Description Connect Automatically, as Required Usually, this check box is selected, so that an Internet connection is made automatically, whenever Internet-bound traffic is detected.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 5-1. WAN Setup Settings Setting Description Respond to Pin on Internet WAN Port If you want the modem router to respond to a ping from the Internet, select this check box. This should be used only as a diagnostic tool, since it allows your modem router to be discovered. Do not select this check box unless you have a specific reason to do so.
ADSL2+ Modem Wireless Router DG834G Reference Manual LAN IP Settings The LAN IP Setup screen allows configuration of LAN IP services such as DHCP and RIP. These features can be found under the Advanced heading in the modem router main menu. The modem router is shipped preconfigured to use private IP addresses on the LAN side, and to act as a DHCP server. The modem router default LAN IP configuration is: • LAN IP addresses: 192.168.0.1 • Subnet mask: 255.255.255.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. Change the settings. For more information, see Table 5-2, “DHCP Settings” on page 5-6 or “Reserved IP Addresses” on page 5-7. 3. Click Apply to save the changes. The LAN TCP/IP Setup parameters are explained in the following table. Table 5-2. LAN IP Setup Settings LAN TCP/IP Setup Description IP Address The LAN IP address of the modem router. IP Subnet Mask The LAN subnet mask of the modem router.
ADSL2+ Modem Wireless Router DG834G Reference Manual DHCP Settings By default, the modem router functions as a Dynamic Host Configuration Protocol (DHCP) server, allowing it to assign IP, DNS server, and default gateway addresses to all computers connected to the modem router’s LAN. The assigned default gateway address is the LAN address of the router. IP addresses is assigned to the attached PCs from a pool of addresses specified in this screen.
ADSL2+ Modem Wireless Router DG834G Reference Manual Reserved IP Addresses When you specify a reserved IP address for a computer on the LAN, that computer always receives the same IP address each time it access the router’s DHCP server. Reserved IP addresses should be assigned to servers that require permanent IP settings. To reserve an IP address: 1. Click the Add button. 2. In the IP Address field, type the IP address to assign to the computer or server.
ADSL2+ Modem Wireless Router DG834G Reference Manual The router contains a client that can connect to a Dynamic DNS service provider. To use this feature, you must select a service provider and obtain an account with them. After you have configured your account information in the router, whenever your ISP-assigned IP address changes, your router will automatically contact your Dynamic DNS service provider, log in to your account, and register your new IP address.
ADSL2+ Modem Wireless Router DG834G Reference Manual 6. Fill in the Host Name, User Name, and Password fields. The dynamic DNS service provider may call the host name a domain name. If your URL is myName.dyndns.org, then your host name is myName. The password can be a key for your dynamic DNS account. 7. If your dynamic DNS provider allows the use of wildcards in resolving your URL, you can select the Use wildcards check box to activate this feature. For example, the wildcard feature will cause *.yourhost.
ADSL2+ Modem Wireless Router DG834G Reference Manual In this example: • The Destination IP Address and IP Subnet Mask fields specify that this static route applies to all 134.177.x.x addresses. • The Modem Router IP Address fields specifies that all traffic for these addresses should be forwarded to the ISDN router at 192.168.0.100. • In the Metric field, a value of 1 will work since the ISDN router is on the LAN. This represents the number of routers between your network and the destination.
ADSL2+ Modem Wireless Router DG834G Reference Manual 4. Fill in or change the fields: • Route Name. The route name is for identification purposes only. • Private. Select this check box if you want to limit access to the LAN only. The static route will not be reported in RIP. • Active. Select this check box to make this route effective. • Destination IP Address, and IP Subnet Mask. If the destination is a single host, type a subnet value of 255.255.255.255. • Gateway IP Address.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. Fill in the settings on the UPnP screen: • Turn UPnP On. UPnP can be enabled or disabled for automatic device configuration. The default setting for UPnP is enabled. If disabled, the modem router will not allow any device to automatically control the resources, such as port forwarding (mapping), of the modem router. • Advertisement Period. The advertisement period is how often the modem router advertises (broadcasts) its UPnP information.
ADSL2+ Modem Wireless Router DG834G Reference Manual Wireless Bridging and Repeating You can build large bridged wireless networks by using the modem router to configure a wireless distribution system (WDS). Here are some examples of wireless bridged configurations: • Point-to-Point bridge. The modem router communicates with another bridge-mode wireless station. See “Point-to-Point Bridge Configuration”. • Multi-Point bridge. The modem router is the “master” for a group of bridge-mode wireless stations.
ADSL2+ Modem Wireless Router DG834G Reference Manual Point-to-Point Bridge Configuration In Point-to-Point Bridge mode, the DG834G v4 modem router communicates as an access point with another bridge-mode wireless station. As a bridge, wireless client associations are disabled— only wired clients can be connected. You must enter the MAC address of the other bridge-mode wireless station in the field provided. Use wireless security to protect this communication.
ADSL2+ Modem Wireless Router DG834G Reference Manual Multi-Point Bridge Configuration Multi-Point Bridge mode allows a modem router to bridge to multiple peer access points simultaneously. As a bridge, wireless client associations are disabled—only wired clients can be connected. Multi-Point Bridge mode configuration includes the following steps: • Entering the MAC addresses of the other access points in the fields provided.
ADSL2+ Modem Wireless Router DG834G Reference Manual • Configure the access point (AP3) on LAN Segment 3 in Point-to-Point Bridge mode with the remote MAC address of the DG834G v4 modem router. 2. Disable the DHCP server on AP2 and AP3. AP1 will then be the DHCP server. 3. Verify the following for all access points: • The LAN network configuration of the modem router and other access points are configured to operate in the same LAN network address range as the LAN devices.
ADSL2+ Modem Wireless Router DG834G Reference Manual • You cannot configure a sequence of parent/child APs. You are limited to only one parent AP, although if the DG834G v4 is the parent AP it can connect with up to four child APs. The following figure shows an example of a Repeater Mode configuration. Wireless PC associated with AP 1 Wireless PC associated with AP2 DG834G v4 Modem Router AP 2 in Repeater mode Internet 192.168.0.
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. Verify connectivity across the LANs. A computer on any LAN segment should be able to connect to the Internet or share files and printers with any other PCs or servers connected to any of the three WLAN segments. 5-18 Advanced Configuration v2.
Chapter 6 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the ADSL2+ Modem Wireless Router. VPN communications paths are called tunnels. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer. See “Virtual Private Networking (VPN)” in Appendix C to learn more about VPN.
ADSL2+ Modem Wireless Router DG834G Reference Manual Client-to-Gateway VPN Tunnels Client-to-gateway VPN tunnels provide secure access from a remote PC, such as a telecommuter connecting to an office network. Figure 6-1 A VPN client access allows a remote PC to connect to your network from any location on the Internet. In this case, the remote PC is one tunnel endpoint, running the VPN client software. The modem router on your network is the other tunnel endpoint.
ADSL2+ Modem Wireless Router DG834G Reference Manual Planning a VPN When you set up a VPN, it is helpful to plan the network configuration and record the configuration parameters on a worksheet: Table 6-1.
ADSL2+ Modem Wireless Router DG834G Reference Manual • Will either endpoint use fully qualified domain names (FQDNs)? FQDNs supplied by Dynamic DNS providers (see “Using a Fully Qualified Domain Name (FQDN)” on page B-7) can allow a VPN endpoint with a dynamic IP address to initiate or respond to a tunnel request. Otherwise, the side using a dynamic IP address must always be the initiator.
ADSL2+ Modem Wireless Router DG834G Reference Manual VPN Tunnel Configuration There are two tunnel configurations and three ways to configure them: • Use the VPN Wizard to configure a VPN tunnel (recommended for most situations): – See “Setting Up a Client-to-Gateway VPN Configuration” on page 6-5. – See “Setting Up a Gateway-to-Gateway VPN Configuration” on page 6-18.
ADSL2+ Modem Wireless Router DG834G Reference Manual • “Step 1: Configuring the Client-to-Gateway VPN Tunnel on the DG834G v4” on page 6-6 describes how to use the VPN Wizard to configure the VPN tunnel between the remote PC and network gateway. • “Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC” on page 6-9 shows how to configure the NETGEAR ProSafe VPN Client endpoint.
ADSL2+ Modem Wireless Router DG834G Reference Manual 1. Log in to the modem router at its LAN address of http://192.168.0.1 with its default user name of admin and password of password. On the main menu, select VPN Wizard. The VPN Wizard screen displays: Figure 6-4 2. Click Next to proceed. Fill in the Connection Name and the pre-shared key fields. Select the radio button for the type of target end point, and then click Next to proceed. Enter the new connection name, for example, 12345678.
ADSL2+ Modem Wireless Router DG834G Reference Manual The Summary screen displays: Figure 6-6 To view the VPNC-recommended authentication and encryption settings used by the VPN Wizard, click the here link. You can click Back to return to the Summary screen. Figure 6-7 6-8 Virtual Private Networking v2.
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. Click Done on the Summary screen to complete the configuration procedure. The VPN Policies screen displays, showing that the new tunnel is enabled: Figure 6-8 To view or modify the tunnel settings, select the radio button next to the tunnel entry and click Edit. Note: See “Using Auto Policy to Configure VPN Tunnels” on page 6-32 to enable the IKE keepalive capability on an existing VPN tunnel.
ADSL2+ Modem Wireless Router DG834G Reference Manual If you do not have a modem or dial-up adapter installed in your PC, you might see the warning message stating “The NETGEAR ProSafe VPN Component requires at least one dial-up adapter be installed.” You can disregard this message. b. Reboot the remote PC. The ProSafe icon ( ) is in the system tray. c. Double-click the ProSafe icon to open the Security Policy Editor. 2. Add a new connection. a.
ADSL2+ Modem Wireless Router DG834G Reference Manual Tip: Choose connection names that make sense to the people using and administering the VPN. c. Enter the following settings: • Connection Security: Secure. • ID Type: IP Subnet. • Subnet: In this example, type 192.168.3.1 as the network address of the DG834G v4. • Mask: Enter 255.255.255.0 as the LAN Subnet Mask of the DG834G v4. • Protocol: Select All to allow all traffic through the VPN tunnel. d.
ADSL2+ Modem Wireless Router DG834G Reference Manual c. In the Select Phase 1 Negotiation Mode section of the screen, select the Main Mode radio button. 4. Configure the VPN client identity. In this step, you provide information about the remote VPN client PC. You must provide the pre-shared key that you configured in the DG834G v4 and either a fixed IP address or a fixed virtual IP address of the VPN client PC. a.
ADSL2+ Modem Wireless Router DG834G Reference Manual e. In the My Identity section of the screen, click the Pre-Shared Key button. The Pre-Shared Key screen displays: Figure 6-12 f. Click Enter Key. Enter the DG834G v4 pre-shared key, and then click OK. In this example, 12345678 is entered. This field is case-sensitive. 5. Configure the VPN Client Authentication Proposal. In this step, you provide the type of encryption (DES or 3DES) to be used for this connection.
ADSL2+ Modem Wireless Router DG834G Reference Manual c. In the Authentication Method drop-down list, select Pre-Shared key. d. In the Encrypt Alg drop-down list, select the type of encryption that is configured for the Encryption Protocol in the DG834G v4 in Table 6-3 on page 6-6. In this example, use Triple DES. e. In the Hash Alg drop-down list, select SHA-1. f. In the SA Life drop-down list, select Unspecified. g. In the Key Group drop-down list, select Diffie-Hellman Group 2. 6.
ADSL2+ Modem Wireless Router DG834G Reference Manual f. In the Hash Alg drop-down list, select SHA-1. g. In the Encapsulation drop-down list, select Tunnel. h. Leave the Authentication Protocol (AH) check box cleared. 7. Save the VPN Client Settings. In the Security Policy Editor window, select File > Save. After you have configured and saved the VPN client information, your PC automatically opens the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router’s LAN.
ADSL2+ Modem Wireless Router DG834G Reference Manual This causes a continuous ping to be sent to the first DG834G v4. After between several seconds and two minutes, the ping response should change from timed out to reply. Figure 6-16 Once the connection is established, you can open a browser on the PC and enter the LAN IP address of the remote DG834G v4. After a short wait, you should see the login screen of the modem router (unless another PC already has the DG834G v4 management interface open).
ADSL2+ Modem Wireless Router DG834G Reference Manual 9. The Connection Monitor screen for this connection is shown in the following figure: Figure 6-18 In this example you can see these settings: • The DG834G v4 has a GW Address (public IP WAN address) of 22.23.24.25. • The DG834G v4 has a Remote Address (LAN IP address) of 192.168.3.1. • The VPN client PC has a Local Address (dynamically assigned address) of 192.168.2.2.
ADSL2+ Modem Wireless Router DG834G Reference Manual Setting Up a Gateway-to-Gateway VPN Configuration Note: This section describes how to use the VPN Wizard to set up the VPN tunnel using the VPNC default parameters listed in Table 6-2 on page 6-4. If you have special requirements not covered by these VPNC-recommended parameters, refer to “Setting Up VPN Tunnels in Special Circumstances” on page 6-32 for information about how to set up the VPN tunnel.
ADSL2+ Modem Wireless Router DG834G Reference Manual Set the LAN IPs on each DG834G v4 to different subnets and configure each properly for the Internet. The examples below assume the following settings: Table 6-4.
ADSL2+ Modem Wireless Router DG834G Reference Manual 1. Log in to the DG834G v4 on LAN A at its default LAN address of http://192.168.0.1 with its default user name of admin and password of password. Select VPN Wizard on the main menu. The VPN Wizard screen displays: Figure 6-20 2. Click Next to proceed, and the Step 1 of 3 screen displays: Enter the new connection name: (for example, GtoG). Enter the pre-shared key: (for example, 12345678). Select the radio button: A remote VPN Gateway.
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. Fill in the connection name and pre-shared key fields. Select the radio button for the type of target end point, and then click Next to proceed. The Step 2 of 3 screen displays: Enter the WAN IP address of the remote VPN gateway: (for example, 22.23.24.25) Figure 6-22 4. Fill in the IP address or FQDN for the target VPN endpoint WAN connection, and then click Next.
ADSL2+ Modem Wireless Router DG834G Reference Manual The VPN Wizard Summary screen displays: Figure 6-24 To view the VPNC-recommended authentication and encryption settings used by the VPN Wizard, click the here link (see Figure 6-24). You can click Back to return to the Summary screen. Figure 6-25 6-22 Virtual Private Networking v2.
ADSL2+ Modem Wireless Router DG834G Reference Manual 6. Click Done on the Summary screen (see Figure 6-24) to complete the configuration procedure. The VPN Policies screen displays, showing that the new tunnel is enabled. Figure 6-26 Note: See “Using Auto Policy to Configure VPN Tunnels” on page 6-32 for information about how to enable the IKE keepalive capability on an existing VPN tunnel. 7.
ADSL2+ Modem Wireless Router DG834G Reference Manual a. On the DG834G v4 main menu, select VPN Status. The VPN Status/Log screen displays: Figure 6-27 b. Click the VPN Status button to get the Current VPN Tunnels (SAs) screen: Figure 6-28 c. Click Connect for the VPN tunnel you want to activate. View the VPN Status/Log screen (Figure 6-29) to verify that the tunnel is connected. 6-24 Virtual Private Networking v2.
ADSL2+ Modem Wireless Router DG834G Reference Manual VPN Tunnel Control Activating a VPN Tunnel There are three ways to activate a VPN tunnel: • Use the VPN Status screen. • Activate the VPN tunnel by pinging the remote endpoint. • Start using the VPN tunnel. Note: See “Using Auto Policy to Configure VPN Tunnels” on page 6-32 for information about how to enable the IKE keepalive capability on an existing VPN tunnel.
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. Click VPN Status to get the Current VPN Tunnels (SAs) screen: Figure 6-30 4. Click Connect for the VPN tunnel that you want to activate. Activating the VPN Tunnel by Pinging the Remote Endpoint Note: This section uses 192.168.3.1 for an example remote endpoint LAN IP address. To activate the VPN tunnel by pinging the remote endpoint (for example, 192.168.3.
ADSL2+ Modem Wireless Router DG834G Reference Manual c. Type ping -t 192.168.3.1, and then click OK. Running a ping test to the LAN from the PC Figure 6-31 This causes a continuous ping to be sent to the first DG834G v4. Within two minutes, the ping response should change from timed out to reply. Note: You can use Ctrl-C to stop the pinging. Figure 6-32 Once the connection is established, you can open a browser on the PC and enter the LAN IP address of the remote DG834G v4.
ADSL2+ Modem Wireless Router DG834G Reference Manual b. Type ping 192.168.3.1. Figure 6-33 Note: The pings may fail the first time. If so, then try the pings a second time. Start Using a VPN Tunnel to Activate It To use a VPN tunnel, use a Web browser to go to a URL whose IP address or range is covered by the policy for that VPN tunnel. Verifying the Status of a VPN Tunnel To use the VPN Status screen to determine the status of a VPN tunnel: 1. Log in to the modem router. 2.
ADSL2+ Modem Wireless Router DG834G Reference Manual This log shows the details of recent VPN activity, including the building of the VPN tunnel. If there is a problem with the VPN tunnel, refer to the log for information about what might be the cause of the problem. • Click Refresh to see the most recent entries. • Click Clear Log to delete all log entries. 3. On the VPN Status/Log screen, click VPN Status to display the Current VPN Tunnels (SAs) screen.
ADSL2+ Modem Wireless Router DG834G Reference Manual Deactivating a VPN Tunnel Sometimes a VPN tunnel must be deactivated for testing purposes. You can deactivate a VPN tunnel from two places: • Policy table on VPN Policies screen • VPN Status screen Using the Policy Table on the VPN Policies Screen to Deactivate a VPN Tunnel To use the VPN Policies screen to deactivate a VPN tunnel: 1. Log in to the modem router. 2. On the main menu, select VPN Policies to display the VPN Policies screen. Figure 6-36 3.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. On the main menu, select VPN Policies to display the VPN Policies screen. Figure 6-37 3. Click VPN Status. The Current VPN Tunnels (SAs) screen displays: Figure 6-38 4. Click Drop for the VPN tunnel that you want to deactivate. Deleting a VPN Tunnel To delete a VPN tunnel: 1. Log in to the modem router. Virtual Private Networking 6-31 v2.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. On the main menu, select VPN Policies to display the VPN Policies screen. In the Policy Table, select the radio button for the VPN tunnel to be deleted, and then click Delete. Figure 6-39 Setting Up VPN Tunnels in Special Circumstances When the VPN Wizard and its VPNC defaults (see Table 6-2) are not appropriate for your circumstances, use one of these alternatives: • Auto Policy.
ADSL2+ Modem Wireless Router DG834G Reference Manual Configuring VPN Network Connection Parameters All VPN tunnels on the modem router requires taht you configure several network parameters. This section describes those parameters and how to access them. The most common configuration scenarios will use IKE to manage the authentication and encryption keys. The IKE protocol performs negotiations between the two VPN endpoints to automatically generate and update the required encryption parameters.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 6-5. VPN-Auto Policy Screen Settings Fields and Settings Description General Policy Name Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. It is used only to help you manage the policies. Remote VPN Endpoint • The remote VPN endpoint must have this VPN gateway's address entered as its remote VPN endpoint. • If the remote endpoint has a dynamic IP address, select Dynamic IP address.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 6-5. VPN-Auto Policy Screen Settings (continued) Fields and Settings Description Remote LAN IP Address The remote VPN endpoint must have these IP addresses Single/Start IP entered as its Address Local addresses. Single PC - no Subnet. Select this option if there is no LAN (only a single PC) at the remote endpoint. If this option is selected, no additional data is required. The typical application is a PC running the VPN client at the remote end.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 6-5. VPN-Auto Policy Screen Settings (continued) Fields and Settings Description Parameters Encryption Algorithm The encryption algorithm used for both IKE and IPSec. This setting must match the setting used on the remote VPN Gateway. DES and 3DES are supported. • DES. The Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting these values using a 56-bit key. Faster but less secure than 3DES. • 3DES.
ADSL2+ Modem Wireless Router DG834G Reference Manual Example of Using Auto Policy Figure 6-41 To use Autho Policy: 1. Set the LAN IPs on each DG834G v4 modem router to different subnets and configure each properly for the Internet. The following settings are assumed for this example: Table 6-6.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. On the main menu, select VPN Policies to display the VPN Policies screen: Figure 6-42 3. Click Add Auto Policy. The VPN Auto Policy screen displays: Figure 6-43 6-38 Virtual Private Networking v2.
ADSL2+ Modem Wireless Router DG834G Reference Manual 4. Enter these policy settings: Auto Policy Field Setting General Policy Name GtoG Remote VPN Endpoint Address Type Fixed Remote VPN Endpoint Address Data 22.23.24.25 Local LAN Remote LAN IKE Parameters Use the default settings. IP Address Select Subnet address from the drop-down list. Start IP Address 192.168.3.1 Subnet Mask 255.255.255.
ADSL2+ Modem Wireless Router DG834G Reference Manual 6. Repeat these steps for the DG834G v4 on LAN B. Pay special attention to the following network settings: • General, Remote Address Data (for example, 14.15.16.17) • Remote LAN, Start IP Address – IP Address (for example, 192.168.0.1) – Subnet Mask (for example, 255.255.255.0) – Pre-shared Key (for example, 12345678) 7. Use the VPN Status screen to activate the VPN tunnel: Note: The VPN Status screen is only one of three ways to active a VPN tunnel.
ADSL2+ Modem Wireless Router DG834G Reference Manual Using Manual Policy to Configure VPN Tunnels As an alternative to IKE, you may use manual keying, in which you must specify each phase of the connection. A manual VPN policy requires all settings for the VPN tunnel to be manually input at each end (both VPN endpoints). On the main menu, select VPN Policies, and then click the Add Manual Policy radio button to display the VPN - Manual Policy screen: Figure 6-46 Virtual Private Networking 6-41 v2.
ADSL2+ Modem Wireless Router DG834G Reference Manual The following table explains the fields in the VPN Manual Policy screen. Table 6-7. VPN Manual Policy Fields and Settings Fields and Settings Description General The DG834G v4 VPN tunnel network connection fields. Policy Name Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. It is used only to help you manage the policies.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 6-7. VPN Manual Policy Fields and Settings (continued) Fields and Settings Remote LAN The remote VPN endpoint must have these IP addresses entered as its Local addresses. ESP Configuration ESP (Encapsulating Security Payload) provides security for the payload (data) sent through the VPN tunnel. Description IP Address Single PC - no Subnet. Select this option if there is no LAN (only a single PC) at the remote endpoint.
ADSL2+ Modem Wireless Router DG834G Reference Manual 6-44 Virtual Private Networking v2.
Chapter 7 Troubleshooting This chapter gives information about troubleshooting your ADSL2+ Modem Wireless Router. After each problem description, instructions are provided to help you diagnose and solve the problem. For the common problems listed, go to the section indicated. • Is the router on? • Have I connected the router correctly? Go to “Basic Functioning” on page 7-1. • I can’t access the router’s configuration with my browser.
ADSL2+ Modem Wireless Router DG834G Reference Manual b. The Ethernet LAN port LEDs are lit for any local ports that are connected. If a LAN port’s LED is lit, a link has been established to the connected device. If a LAN port is connected to a 100 Mbps device, verify that the port’s LED is green. If the port is 10 Mbps, the LED is amber. c. The DSL and Internet LEDs are lit. If any of these conditions does not occur, refer to the appropriate following section.
ADSL2+ Modem Wireless Router DG834G Reference Manual Troubleshooting Access to the Modem Router Main Menu If you are unable to access the modem router main menu from a computer on your local network, check the following: • If you are using an Ethernet-connected computer, check the Ethernet connection between the computer and the router as described in the previous section. • Make sure your computer’s IP address is on the same subnet as the router.
ADSL2+ Modem Wireless Router DG834G Reference Manual Troubleshooting the ISP Connection ADSL Link If your router is unable to access the Internet, you should first determine whether you have a DSL link with the service provider. The state of this connection is indicated with the DSL LED. ADSL Link If your router is unable to access the Internet, you should first determine whether you have an ADSL link with the service provider. The state of this connection is indicated with the DSL LED.
ADSL2+ Modem Wireless Router DG834G Reference Manual • Verify that you are connected to the correct telephone line. If you have more than one phone line, be sure that you are connected to the line with the ADSL service. It may be necessary to use a swapper if you ADSL signal is on pins 1 and 4 or the RJ-11 jack. The modem router uses pins 2 and 3.
ADSL2+ Modem Wireless Router DG834G Reference Manual – Configure your router to spoof your computer’s MAC address. This can be done in the Basic Settings screen. Troubleshooting PPPoE or PPPoA The PPPoA or PPPoA connection can be debugged as follows: 1. Access the main menu of the router at http://192.168.0.1. 2. Under the Maintenance heading, select Router Status. 3. Click Connection Status. 4. If all of the steps indicate OK, then your PPPoE or PPPoA connection is up and working. 5.
ADSL2+ Modem Wireless Router DG834G Reference Manual Troubleshooting a TCP/IP Network Using the Ping Utility Most TCP/IP terminal devices and routers contain a ping utility that sends an echo request packet to the designated device. The device then responds with an echo reply. Troubleshooting a TCP/IP network is made very easy by using the ping utility in your computer. Testing the LAN Path to Your Router You can ping the router from your PC to verify that the LAN path to your router is set up correctly.
ADSL2+ Modem Wireless Router DG834G Reference Manual Testing the Path from Your Computer to a Remote Device After verifying that the LAN path works correctly, test the path from your PC to a remote device. 1. From the Windows toolbar, click the Start button, and select Run. 2. In the Windows Run window, type: PING -n 10 IP address where IP address is the IP address of a remote device such as your ISP’s DNS server. If the path is functioning correctly, replies as in the previous section are displayed.
ADSL2+ Modem Wireless Router DG834G Reference Manual Using the Reset Button To restore the factory default configuration settings without knowing the administration password or IP address, you must use the reset button on the rear panel of the router. 1. Press and hold the reset button until the Power LED turns red (about 6 seconds). 2. Release the reset button and wait for the router to reboot.
ADSL2+ Modem Wireless Router DG834G Reference Manual 7-10 Troubleshooting v2.
Appendix A Technical Specifications This appendix provides technical specifications for the 54 Mbps ADSL2+ Modem Wireless Router Model DG834G.
ADSL2+ Modem Wireless Router DG834G Reference Manual A-2 Technical Specifications v2.
Appendix B NETGEAR VPN Configuration DG834G v4 to FVL328 This appendix is a case study on how to configure a secure IPSec VPN tunnel from a NETGEAR DG834G v4 to a FVL328. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html). Configuration Profile The configuration in this document follows the addressing and configuration mechanics defined by the VPN Consortium.
ADSL2+ Modem Wireless Router DG834G Reference Manual 10.5.6.0/24 Gateway A LAN IP 10.5.6.1 172.23.9.0/24 VPNC Example Network Interface Addressing 14.15.16.17 22.23.24.25 WAN IP WAN IP Gateway B LAN IP 172.23.9.1 FVL328 DG834G Figure B-1 Note: Product updates are available on the NETGEAR website at http://www.netgear.com. Step-By-Step Configuration 1.
ADSL2+ Modem Wireless Router DG834G Reference Manual Click VPN Policies under the Advanced - VPN heading to display this screen. toFVL328 10.5.6.1 172.23.9.1 toFVL328 22.23.24.25 10 5 6 172 23 9 Figure B-2 NETGEAR VPN Configuration B-3 v2.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. Configure the FVL328 as in the gateway-to-gateway procedures for the VPN Wizard (see “Setting Up a Gateway-to-Gateway VPN Configuration” on page 6-18), being certain to use appropriate network addresses for the environment. a. Enter toDG834 for the connection name b. Enter 14.15.16.17 for the remote WAN’s IP address c. Enter the following: • IP Address: 10.5.6.1 • Subnet Mask: 255.255.255.0 toDG834 toDG834 22.23.24.25 14.15.16.
ADSL2+ Modem Wireless Router DG834G Reference Manual toDG834 172.23.9.1 10.5.6.1 toDG834 toDG834 14.15.16.17 Click VPN Policies under the VPN heading to display this screen. 172 23 10 9 5 1 6 Figure B-4 3. Test the VPN tunnel by pinging the remote network from a PC attached to the DG834G v4. a. Open the command prompt (Start > Run > cmd) b. Type ping 172.23.9.1 Figure B-5 Note: The pings might fail the first time. If this happens, try the pings a second time.
ADSL2+ Modem Wireless Router DG834G Reference Manual DG834G v4 with FQDN to FVL328 This section is a case study on how to configure a VPN tunnel from a NETGEAR DG834G v4 to a FVL328 using a fully qualified domain name (FQDN) to resolve the public address of one or both routers. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html).
ADSL2+ Modem Wireless Router DG834G Reference Manual Note: Product updates are available on the NETGEAR website at http://www.netgear.com. Using a Fully Qualified Domain Name (FQDN) Many ISPs (Internet Service Providers) provide connectivity to their customers using dynamic instead of static IP addressing. This means that a user’s IP address does not remain constant over time, which presents a challenge for gateways attempting to establish VPN connectivity.
ADSL2+ Modem Wireless Router DG834G Reference Manual a. Under the Advanced Heading, select Dyanmic DNS to display the Dynamic DNS Setup screen: Figure B-7 b. Configure this screen with appropriate account and hostname settings and then click Apply. • Select the Use a Dynamic DNS Service check box. • In the Host Name field type dg834g.dyndns.org. • In the User Name field enter the account user name. • In the Password field enter the account password. c. Click Show Status.
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. On the FVL328, configure the Dynamic DNS settings. Assume a correctly configured DynDNS account. a. From the main menu, select Dynamic DNS to display the Dynamic DNS Setup screen: Figure B-9 b. Select the DynDNS.org radio button. The Dynamic DNS screen displays: Figure B-10 c. Configure the appropriate account and host name settings, and then click Apply. • In the Host and Domain Name field enter fvl328.dyndns.org.
ADSL2+ Modem Wireless Router DG834G Reference Manual d. Click Show Status. The resulting screen should show Update OK: good: Figure B-11 4. Configure the DG834G v4 as in the gateway-to-gateway procedures using the VPN Wizard (see “Setting Up a Gateway-to-Gateway VPN Configuration” on page 6-18), being certain to use appropriate network addresses for the environment. The LAN addresses used in this example are as follows:1 Device LAN IP Address LAN Subnet Mask DG834G v4 10.5.6.1 255.255.255.
ADSL2+ Modem Wireless Router DG834G Reference Manual 6. Test the VPN tunnel by pinging the remote network from a PC attached to the DG834G v4. a. Open the command prompt (Start -> Run -> cmd) b. Type ping 172.23.9.1 Figure B-12 Note: The pings might fail the first time. If this happens, try the pings a second time. Configuration Summary (Telecommuter Example) The configuration in this section follows the addressing and configuration mechanics defined by the VPN Consortium.
ADSL2+ Modem Wireless Router DG834G Reference Manual 192.168.0.1/24 Telecommuter Example Client B Gateway A LAN IP WAN IP WAN IP 192.168.0.1 FQDN ntgr.dyndns.org "fromDG834G.com" 0.0.0.0 NAT Router B 192.168.2.3 "toDG834G.
ADSL2+ Modem Wireless Router DG834G Reference Manual fromDG834G (in the example) Dynamic IP address IKE Keep Alive is optional; must match Remote LAN IP Address when enabled (remote PC must respond to pings) Subnet address 192.168.0.1 (in this example) 255.255.255.0 Single address 192.168.2.3 (in this example) (Remote NAT router must have Address Reservation set and VPN Passthrough enabled) Main Mode Fully Qualified Domain Name fromDG834G.com (in this example) Fully Qualified Domain Name toDG834G.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. Click Apply when you are finished to display the VPN Policies screen. Figure B-15 To view or modify the tunnel settings, select the radio button next to the tunnel entry, and then click Edit. Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter’s Home Office This procedure describes how to configure the ADSL2+ Modem Wireless Router.
ADSL2+ Modem Wireless Router DG834G Reference Manual c. Install the IPSec component. You might have the option to install either the VPN adapter or the IPSec component or both. The VPN adapter is not necessary. d. The system should show the ProSafe icon ( ) in the system tray after rebooting. e. Double-click the system tray icon to open the Security Policy Editor. 2. Add a new connection. a. Run the NETGEAR ProSafe Security Policy Editor program, and create a VPN Connection. b.
ADSL2+ Modem Wireless Router DG834G Reference Manual Figure B-17 c. Select Secure in the Connection Security check-box group. d. Select IP Subnet in the ID Type drop-down list. e. In this example, type 192.168.0.1 in the Subnet field as the network address of the DG834G v4. f. Enter 255.255.255.0 in the Mask field as the LAN Subnet Mask of the DG834G v4. g. Select All in the Protocol drop-down list to allow all traffic through the VPN tunnel. h. Select the Connect using Secure Gateway Tunnel check box.
ADSL2+ Modem Wireless Router DG834G Reference Manual b. Click Security Policy to show the Security Policy menu. Figure B-18 c. Select the Main Mode radio button in the Select Phase 1 Negotiation Mode group. 4. Configure the VPN client identity. In this step, you provide information about the remote VPN client PC. You must provide the pre-shared key that you configured in the DG834G v4 and either a fixed IP address or a fixed virtual IP address of the VPN client PC. NETGEAR VPN Configuration B-17 v2.
ADSL2+ Modem Wireless Router DG834G Reference Manual a. In the Network Security Policy list on the left side of the Security Policy Editor window, click My Identity. Figure B-19 b. Select None in the Select Certificate drop-down list. c. Select Domain Name in the ID Type drop down list, and then enter toDG834G.com (in this example). Select Disabled in the Virtual Adapter drop-down list. d.
ADSL2+ Modem Wireless Router DG834G Reference Manual 5. Configure the VPN Client Authentication Proposal. In this step, you will provide the type of encryption (DES or 3DES) to be used for this connection. This selection must match your selection in the VPN router configuration. a. In the Network Security Policy list on the left side of the Security Policy Editor window, expand the Security Policy heading by double-clicking its name or clicking the + symbol. b.
ADSL2+ Modem Wireless Router DG834G Reference Manual a. Expand the Key Exchange subheading by double clicking its name or clicking the + symbol. Then select Proposal 1 below Key Exchange. Figure B-22 b. In the SA Life drop-down list, select Unspecified. c. In the Compression drop-down list, select None. d. Select the Encapsulation Protocol (ESP) check box. e. In the Encrypt Alg drop-down list, select the type of encryption. In this example, use Triple DES. f.
ADSL2+ Modem Wireless Router DG834G Reference Manual 8. Check the VPN connection. To check the VPN Connection, you can initiate a request from the remote PC to the VPN router’s network by using the Connect option in the modem router menu (see Figure B-23). Since the remote PC has a dynamically assigned WAN IP address, it must initiate the request. a. Right-click the system tray icon to open the popup menu. b. Select Connect to open the My Connections list. c. Select toDG834G.
ADSL2+ Modem Wireless Router DG834G Reference Manual This causes a continuous ping to be sent to the VPN router. Within two minutes, the ping response should change from timed out to reply. Figure B-25 Once the connection is established, you can open the browser on the PC and enter the LAN IP address of the VPN router. After a short wait, you should see the login screen of the VPN router (unless another PC already has the VPN router management interface open).
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. The Connection Monitor screen displays: Figure B-26 While the connection is being established, the Connection Name listed in this screen shows SA before the name of the connection. When the connection is successful, the SA changes to the yellow key symbol. Note: While your PC is connected to a remote LAN through a VPN, you might not have normal Internet access.
ADSL2+ Modem Wireless Router DG834G Reference Manual 1. On the modem router main menu, select Router Status, and then click the VPN Status button. The VPN Status/Log screen for a connection is shown below: Figure B-27 2. To view the VPN tunnels status, click VPN Status. Figure B-28 B-24 NETGEAR VPN Configuration v2.
Appendix C Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and TCP/IP Addressing http://documentation.netgear.com/reference/enu/tcpip/index.htm Wireless Communications http://documentation.netgear.com/reference/enu/wireless/index.htm Preparing a Computer for Network Access http://documentation.netgear.com/reference/enu/wsdhcp/index.
ADSL2+ Modem Wireless Router DG834G Reference Manual C-2 Related Documents v2.
