Owner's Manual

ManualsBrandsNetgear ManualsModemsNetgear DGN2200v1

350 East Plumeria Drive

San Jose, CA 95134

USA

February 2011

202-10563-04

v1.0

N300 Wireless ADSL2+

Modem Router DGN2200

User Manual

Summary of content (167 pages)

PAGE 1
N300 Wireless ADSL2+ Modem Router DGN2200 User Manual 350 East Plumeria Drive San Jose, CA 95134 USA February 2011 202-10563-04 v1.
PAGE 2
N300 Wireless ADSL2+ Modem Router DGN2200 © 2011 NETGEAR, Inc. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of NETGEAR, Inc. Technical Support Thank you for choosing NETGEAR. To register your product, get the latest product updates, or get support online, visit us at http://support.netgear.com.
PAGE 3
Contents Chapter 1 Hardware Setup Unpack Your Modem Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Hardware Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Back Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Front Panel . . . . . . . . . . . . . . . . . . . . .
PAGE 4
N300 Wireless ADSL2+ Modem Router DGN2200 Turn Off Wireless Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Disable SSID Broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Restrict Access by MAC Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Wireless Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Add Clients (Computers or Devices) to Your Network . . . . . . . . . . . . . .
PAGE 5
N300 Wireless ADSL2+ Modem Router DGN2200 Run Diagnostic Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 Chapter 6 USB Storage USB Drive Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 File-Sharing Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Share Photos within Your Home Network . . . . . . . . . . . . . . . . . . . . . . .63 Share Large Files with FTP via Internet . . .
PAGE 6
N300 Wireless ADSL2+ Modem Router DGN2200 Overview of VPN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Client-to-Gateway VPN Tunnels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Gateway-to-Gateway VPN Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Plan a VPN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 VPN Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
N300 Wireless ADSL2+ Modem Router DGN2200 Configuration Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146 Step-by-Step Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147 Configuration Summary (Telecommuter Example) . . . . . . . . . . . . . . . . .
PAGE 8
1. Hardware Setup 1 Getting to know your modem router The N300 Wireless ADSL2+ Modem Router DGN2200 provides you with an easy and secure way to set up a wireless home network with fast access to the Internet over a high-speed digital subscriber line (DSL). It has a built-in DSL modem, is compatible with all major DSL Internet service providers, lets you block unsafe Internet content and applications, and protects the devices (PCs, gaming consoles, and so on) that you connect to your home network.
PAGE 9
N300 Wireless ADSL2+ Modem Router DGN2200 Unpack Your Modem Router Your box should contain the following items: • N300 Wireless ADSL2+ Modem Router DGN2200 • AC power adapter (plug varies by region) • Category 5 (Cat 5) Ethernet cable • Telephone cable with RJ-11 connector • Microfilters and splitters (quantity and type vary by region) • Resource CD with NETGEAR Genie setup • Installation guide with cabling and modem router setup instructions If any parts are incorrect, missing, or damaged, c
PAGE 10
N300 Wireless ADSL2+ Modem Router DGN2200 Back Panel The back panel has the On/Off button and port connections as shown in the figure. USB ADSL Power On/Off Ethernet LAN Figure 2. Back panel port connections Front Panel The modem router front panel has the status LEDs and icons shown in the figure. Note that the Wireless and WPS icons are buttons. Power LAN Ports (1-4) USB DSL Internet Wireless WPS Figure 3.
PAGE 11
N300 Wireless ADSL2+ Modem Router DGN2200 Table 1. Front Panel LEDs Icon LED Activity Description Power Solid green Power is supplied to the modem router. Solid red POST (power-on self-test) failure or a device malfunction has occurred. Off Power is not supplied to the modem router. Restore factory settings The LED blinks momentarily when the Restore Factory Settings button on the bottom of the unit is pressed for 6 seconds.
PAGE 12
N300 Wireless ADSL2+ Modem Router DGN2200 Modem Router Stand For optimal wireless network performance, use the stand (included in the package) to position your modem router upright. 1. Orient your modem router vertically. 2. Insert the tabs of the stand into the slots on the bottom of your modem router as shown. 3. Place your modem router in a suitable area for installation (near an AC power outlet and accessible to the Ethernet cables for your wired computers).
PAGE 13
N300 Wireless ADSL2+ Modem Router DGN2200 ADSL Microfilters If this is the first time you have cabled a router between a DSL phone line and your computer or laptop, you might not be familiar with ADSL microfilters. If you are, you can skip this section and proceed to Cable Your Modem Router on page 14. An ADSL microfilter is a small in-line device that filters DSL interference out of standard phone equipment that shares the same line with your DSL service.
PAGE 14
N300 Wireless ADSL2+ Modem Router DGN2200 microfilter into the wall outlet, plug your phone equipment into the jack labeled Phone, and plug the modem router into the jack labeled ADSL. Plugs into the DSL line Figure 5. Two-line ADSL microfilter with built-in splitter Summary • One-line ADSL microfilter. Use with a phone or fax machine. • Splitter. Use with a one-line ADSL microfilter to share an outlet with a phone and the modem router. • Two-line ADSL microfilter with built-in splitter.
PAGE 15
N300 Wireless ADSL2+ Modem Router DGN2200 2. Use the included phone cable with RJ-11 jacks to connect the ADSL port (A) of the modem router to the ADSL port (B) of the two-line ADSL microfilter. B A Figure 7. Cable the modem modem router to the microfilter 3. Connect the Ethernet cable from a modem router LAN port (C) to an Ethernet port (D) in your computer. C D Figure 8. Connect the Ethernet cable 4.
PAGE 16
N300 Wireless ADSL2+ Modem Router DGN2200 Verify the Cabling Verify that your modem router is cabled correctly by checking the modem router LEDs. Turn on the modem router by pressing the On/Off button on the back. • • The Power LED is green when the modem routeris turned on. The LAN ports are green for each PC cabled to the modem router by an Ethernet cable. • The wireless LED is green when the modem router is turned on. • The DSL LED is green when you have a DSL connection.
PAGE 17
2. Modem Router Setup 2 This chapter explains how to set up your Internet connection using one of three methods: NETGEAR Genie®, Setup Wizard, or manual setup. If you have already set up your modem router using one of these methods, the initial setup is complete. Refer to this chapter if you want to become familiar with the modem router menus, view or adjust the initial settings, or change the modem router password and login time-out.
PAGE 18
N300 Wireless ADSL2+ Modem Router DGN2200 Modem Router Setup Preparation You can set up your modem router with the NETGEAR Genie as described in NETGEAR Genie Setup on page 19, with the Setup Wizard as described in Setup Wizard on page 22, or manually as described in Manual Setup (Basic Settings) on page 23. However, before you start the setup process, you need to have your ISP information and to make sure the laptops, PCs, and other devices in the network have the settings described here.
PAGE 19
N300 Wireless ADSL2+ Modem Router DGN2200 NETGEAR Genie Setup NETGEAR Genie is on the Resource CD and runs on a PC with Microsoft Windows 7, Windows Vista, Windows XP, or Windows 2000 with Service Pack 2 or later. It is the easiest way to set up the modem router because it automates many steps and verifies that those steps have been successfully completed. It takes about 15 minutes to complete. Before running NETGEAR Genie on a corporate PC, check with your company’s network support staff.
PAGE 20
N300 Wireless ADSL2+ Modem Router DGN2200 Log In to the Modem Router Log in to the modem router to view or change settings or to set up the modem router. 1. Type http://192.168.0.1 in the address field of your browser and press Enter to display the login window. You can also enter either of these addresses to access the modem router: http://www.routerlogin.net or http://www.routerlogin.com. 2. Enter admin for the user name and password for the password, both in lowercase letters.
PAGE 21
N300 Wireless ADSL2+ Modem Router DGN2200 Upgrade Modem Router Firmware When you log in, if you are connected to the Internet, the Firmware Upgrade Assistant screen displays so you can upgrade to the latest firmware. See Chapter 5, Network Maintenance, for more information about upgrading firmware. 1. Click Yes to check for new firmware (recommended). The modem router checks the NETGEAR database for new firmware. 2. If no new firmware is available, click No to exit. You can check for new firmware later. 3.
PAGE 22
N300 Wireless ADSL2+ Modem Router DGN2200 • Setup Wizard. Specify the language and location, and automatically detect the Internet connection. See Setup Wizard on page 22. • Add WPS Client. Add WPS-compatible wireless devices and other equipment to your wireless network. See Add Clients (Computers or Devices) to Your Network on page 31. • Setup menu. Set, upgrade, and check the ISP and wireless network settings of your modem router.
PAGE 23
N300 Wireless ADSL2+ Modem Router DGN2200 It is important to specify the location where the modem router operates so that the Internet connection works correctly. 3. Select either Yes or No, I want to configure the Router myself. If you select No, proceed to Manual Setup (Basic Settings) on page 23. 4. If you selected Yes, click Next. With automatic Internet detection, the Setup Wizard searches your Internet connection for servers and protocols to determine your ISP configuration.
PAGE 24
N300 Wireless ADSL2+ Modem Router DGN2200 5. Click Test to test your Internet connection. If the NETGEAR website does not appear within 1 minute, and see Troubleshooting on page 128. ISP does not require login ISP does require login Figure 10. Basic Settings screen without (left) and with (right) login. The following table explains all the possible fields in the Basic Settings screen. Note that which fields appear in this screen depends on whether or not a login is required. Table 2.
PAGE 25
N300 Wireless ADSL2+ Modem Router DGN2200 Table 2. Basic Settings Screen Description Settings Description These fields Encapsulation display only if your ISP requires a login. Login Encapsulation is a method for enclosing multiple protocols. PPP stands for Point-to-Point Protocol. The choices are: • PPPoE (PPP over Ethernet) • PPPoA (PPP over ATM) The login name provided by your ISP. This is often an email address. Password The password that you use to log in to your ISP.
PAGE 26
N300 Wireless ADSL2+ Modem Router DGN2200 ADSL Settings DSL settings of your modem router work fine for most ISPs. However, some ISPs use a multiplexing method and virtual circuit number for the virtual path identifier (VPI) and virtual channel identifier (VCI). Note: You have to use the Setup Wizard to select the correct country for the default DSL settings to work. If your ISP provided you with a multiplexing method or VPI/VCI number, enter the setting: 1.
PAGE 27
N300 Wireless ADSL2+ Modem Router DGN2200 Change Password and Login Time-Out For security reasons, the modem router has its own user name and password that default to admin and password. You can and should change these to a secure user name and password that are easy to remember. The ideal password contains no dictionary words from any language and is a mixture of upper case and lower case letters, numbers, and symbols. It can be up to 30 characters.
PAGE 28
N300 Wireless ADSL2+ Modem Router DGN2200 Log Out Manually The modem router interface provides a Logout command at the bottom of the modem router menus. Log out when you expect to be away from your computer for a relatively long period of time. Types of Logins There are three separate types of logins that have different purposes. It is important that you understand the difference so that you know which login to use when. • Modem router login logs you in to the modem router interface.
PAGE 29
3. Wireless Settings 3 Protecting your network This chapter describes how to use the Wireless Settings screens to view and change (if needed) your wireless network settings. Security features to prevent objectionable content from reaching your PCs are covered in Chapter 4, Content Filtering Settings.
PAGE 30
N300 Wireless ADSL2+ Modem Router DGN2200 Preset Security The modem router comes with preset security. This means that the Wi-Fi network name (SSID), passphrase, and security option (encryption protocol) are preset in the factory. You can find the preset SSID and passphrase on the bottom of the unit. • Wi-Fi network name (SSID) identifies your network so devices can find it. • Passphrase controls access to your network.
PAGE 31
N300 Wireless ADSL2+ Modem Router DGN2200 Disable SSID Broadcast By default, the modem router broadcasts its Wi-Fi network name (SSID) so devices can find it. If you change this setting to not allow the broadcast, wireless devices will not find your modem router unless they are configured with the same SSID. See Wireless Access Point Settings on page 35 for the procedure.
PAGE 32
N300 Wireless ADSL2+ Modem Router DGN2200 Manual Method 1. Open the software that manages your wireless connections on the wireless device (laptop computer, gaming device, iPhone) that you want to connect to your modem router. This software scans for all wireless networks in your area. 2. Look for your network and select it. If you did not change the name of your network during the setup process, look for the default Wi-Fi network name (SSID) and select it.
PAGE 33
N300 Wireless ADSL2+ Modem Router DGN2200 2. Click Next. The following screen lets you select the method for adding the WPS client. WPS Push button method 3. Select either Push Button or PIN Number. With either method, the modem router tries to communicate with the computer or wireless device, set the wireless security for wireless device, and allow it to join the wireless network.
PAGE 34
N300 Wireless ADSL2+ Modem Router DGN2200 Consider Every Device on Your Network Before you begin, check the following: • Every wireless computer has to be able to obtain an IP address by DHCP from the modem router as described in Use Standard TCP/IP Properties for DHCP on page 18. • Each computer or wireless adapter in your network must have the same SSID and wireless mode (bandwidth/data rate) as the modem router.
PAGE 35
N300 Wireless ADSL2+ Modem Router DGN2200 Note: The screen sections, settings, and procedures are explained in the following sections. 4. Set up and test your computers for wireless connectivity: a. Use your wireless computer or device to join your network. When prompted, enter the network password. b. From the wirelessly connected computer, make sure that you can access the Internet. Wireless Settings Screen Fields Wireless Network The primary network is the one that you usually use.
PAGE 36
N300 Wireless ADSL2+ Modem Router DGN2200 Security Options Settings The Security Options section of the Wireless Settings screen lets you change the security option and passphrase. The primary network for your preset modem router is already set up with WPA2 and WPA security. NETGEAR recommends that you set up wireless security for each guest network that you plan to use.
PAGE 37
N300 Wireless ADSL2+ Modem Router DGN2200 2. Select the authentication type. The default is Automatic. Other choices are Open System (any client can authenticate itself to the network) and Shared Key (a passphrase and a four-way challenge are needed for authentication). 3. Select the encryption strength setting, either 64 bit or 128 bit. 4. Enter the four data encryption keys either manually or automatically. These values must be identical on all computers and access points in your network. • Automatic.
PAGE 38
N300 Wireless ADSL2+ Modem Router DGN2200 To set up a wireless guest network: 1. Select Setup > Wireless Settings. 2. Select the radio button for the network profile that you want to set up. 3. You can specify whether the SSID broadcast is enabled, and whether you want to allow the guest to access your local network. You can also change the SSID. • NETGEAR strongly recommends that you change the SSID to a different name. Note that the SSID is case-sensitive.
PAGE 39
4. Content Filtering Settings Keeping unwanted content out of your network 4 This chapter explains how to use the basic firewall features of the modem router to prevent objectionable content from reaching the PCs and other devices connected to your network.
PAGE 40
N300 Wireless ADSL2+ Modem Router DGN2200 Logs The modem router logs security-related events such as denied incoming service requests, hacker probes, and administrator logins. If you enable content filtering in the Block Sites screen, the Logs screen show you when someone on your network tries to access a blocked site. If you enable email notification, you will receive these logs in an email message. To view the log, select Content Filtering > Logs.
PAGE 41
N300 Wireless ADSL2+ Modem Router DGN2200 Examples of Log Messages Following are examples of log messages. In all cases, the log entry shows the time stamp as day, year-month-date hour:minute:second. Activation and Administration Tue, 2006-05-21 18:48:39 - NETGEAR activated [This entry indicates a power-up or reboot with initial time entry.] Tue, 2006-05-21 18:55:00 - Administrator login successful-IP:192.168.0.2 Thu, 2006-05-21 18:56:58 - Administrator logout - IP:192.168.0.
PAGE 42
N300 Wireless ADSL2+ Modem Router DGN2200 Keyword Blocking of HTTP Traffic Use keyword blocking to prevent certain types of HTTP traffic from accessing your network. The blocking can be always or according to a scheduled. 1. Select Security > Block Sites. 2. Select one of the keyword blocking options: • Per Schedule. Turn on keyword blocking according to the Schedule screen settings. • Always. Turn on keyword blocking all the time, independent of the Schedule screen. 3.
PAGE 43
N300 Wireless ADSL2+ Modem Router DGN2200 Specify Trusted Computer You can exempt one trusted computer from blocking and logging. The computer you exempt has to have a fixed IP address. 1. In the Trusted IP Address field, enter the IP address. 2. Click Apply to save your changes. Firewall Rules to Control Network Access Your modem router has a firewall that blocks unauthorized access to your wireless network and permits authorized inbound and outbound communications.
PAGE 44
N300 Wireless ADSL2+ Modem Router DGN2200 To set up firewall rules: 1. Select Security > Firewall Rules to display the following screen: 2. To add an inbound or outbound rule: • For an outbound rule, click Add under Outbound Services. • For an inbound rule, click Add under Inbound Services. 3. To edit or delete a rule, select its button on the left side and click Edit or Delete. 4. To change the order of precedence: a. Select its button on the left side of the table and click Move. b.
PAGE 45
N300 Wireless ADSL2+ Modem Router DGN2200 Note: Some residential broadband ISP accounts do not let you run server processes (such as a Web or FTP server) from your location. Your ISP might periodically check for servers and suspend your account if it discovers any active services at your location. If you are unsure, refer to the acceptable use policy of your ISP.
PAGE 46
N300 Wireless ADSL2+ Modem Router DGN2200 • Log. You can select whether to log the traffic: - Never. No log entries are made for this service. - Always. Any traffic for this service type is logged. - Match. Traffic of this type that matches the settings and action are logged. - Not match. Traffic of this type that does not match the settings and action are logged.
PAGE 47
N300 Wireless ADSL2+ Modem Router DGN2200 Outbound Rules (Service Blocking) You can block computers on your local network from using certain Internet services. This is called service blocking or port filtering. You can add an outbound rule to block Internet access from a local computer based on the computer, Internet site, time of day, and type of service. 1. Select Security > Firewall Rules to display the following screen: 2. Under Outbound Services, click Add. 3.
PAGE 48
N300 Wireless ADSL2+ Modem Router DGN2200 Set Up Services Services are functions performed by server computers at the request of client computers. For example, Web servers serve Web pages, time servers serve time and date information, and game hosts serve data about other players’ moves. When a computer on the Internet sends a request for service to a server computer, the requested service is identified by a service or port number.
PAGE 49
N300 Wireless ADSL2+ Modem Router DGN2200 Set the Time Zone The modem router uses the Network Time Protocol (NTP) to obtain the current time and date from one of several network time servers on the Internet. 1. Select Security > Schedule. 2. Select your time zone. This setting determines the blocking schedule and time-stamping of log entries. 3. If your time zone is in daylight savings time, select the Adjust for daylight savings time check box to add one hour to standard time.
PAGE 50
N300 Wireless ADSL2+ Modem Router DGN2200 Schedule Services If you enabled service blocking in the Block Services screen or port forwarding in the Ports screen, you can set up a schedule for when blocking occurs or when access is not restricted. 1. Select Security > Schedule. 2. To block Internet services based on a schedule, select Every Day or select one or more days. 3. If you want to limit access completely for the selected days, select All Day.
PAGE 51
N300 Wireless ADSL2+ Modem Router DGN2200 Enable Security Event Email Notification To receive logs and alerts by email, provide your email information in the E-mail screen and specify which alerts you want to receive and how often. Select Security > E-mail to display the following screen: Figure 12. E-Mail screen • Turn E-mail Notification On. Select this check box if you want to receive email logs and alerts from the modem router. • Send to This E-mail Address.
PAGE 52
N300 Wireless ADSL2+ Modem Router DGN2200 • Send Alerts Immediately. Select the corresponding check box if you would like immediate notification of a significant security event, such as a known attack, port scan, or attempted access to a blocked site. • Send logs according to this schedule. Specifies how often to send the logs: Hourly, Daily, Weekly, or When Full. - Days specifies which day of the week to send the log. This is relevant when the log is sent weekly.
PAGE 53
5. Network Maintenance Administering your network 5 This chapter describes the modem router settings for administering and maintaining the modem router and home network. This chapter contains the following sections: • Upgrade the Modem Router Firmware • Manually Check for Firmware Upgrades • Manage the Configuration File • View Router Status • View Attached Devices • Run Diagnostic Utilities Chapter 5.
PAGE 54
N300 Wireless ADSL2+ Modem Router DGN2200 Upgrade the Modem Router Firmware The modem router firmware (routing software) is stored in flash memory. By default, when you log in to your modem router, it checks the NETGEAR website for new firmware and alerts you if there is a newer version. WARNING! When uploading firmware to the modem router, do not interrupt the Web browser by closing the window, clicking a link, or loading a new page. If the browser is interrupted, it could corrupt the firmware.
PAGE 55
N300 Wireless ADSL2+ Modem Router DGN2200 Stop the Automatic Firmware Check You can turn the automatic firmware checking off and check for firmware updates manually if you prefer. See Manually Check for Firmware Upgrades on page 55. To turn off the automatic firmware check at login: 1. Select Maintenance > Router Upgrade. 2. Clear the Check for Updated Firmware Upon Log-in check box.
PAGE 56
N300 Wireless ADSL2+ Modem Router DGN2200 4. Select Maintenance > Router Upgrade to display the following screen: 5. Click Browse, and locate the firmware you downloaded (the file ends in .img). 6. Click Upload to send the firmware to the modem router. When the upload is complete, your modem router restarts. The upgrade process typically takes about 1 minute. Read the new firmware release notes to determine whether or not you need to reconfigure the modem router after upgrading.
PAGE 57
N300 Wireless ADSL2+ Modem Router DGN2200 Restore 1. Enter the full path to the file on your network, or click the Browse button to find the file. 2. When you have located the .cfg file, click the Restore button to upload the file to the modem router. Upon completion, the modem router reboots. Erase Click the Erase button to reset the modem router to its factory default settings. Erase sets the password to password, the LAN IP address to 192.168.0.1, and enables the modem router’s DHCP.
PAGE 58
N300 Wireless ADSL2+ Modem Router DGN2200 LAN Port (Local Ports) MAC Address. The modem router LAN port Ethernet MAC address. IP Address. The modem router LAN port IP address. The default is 192.168.0.1. DHCP. If Off, the modem router does not assign IP addresses to PCs on the LAN. If On, the modem router does assign IP addresses to PCs on the LAN. IP Subnet Mask. The IP subnet mask used by the modem router LAN. The default is 255.255.255.0. Modem ADSL Firmware Version. The version of the firmware.
PAGE 59
N300 Wireless ADSL2+ Modem Router DGN2200 Show Statistics Click the Show Statistics button on the Router Status screen to display a screen similar to this: Port The statistics for the WAN (Internet), LAN (local), and wireless LAN (WLAN) ports. For each port, the screen displays the following: • Status. The link status of the port. • TxPkts. The number of packets transmitted since reset or manual clear. • RxPkts. The number of packets received since reset or manual clear. • Collisions.
PAGE 60
N300 Wireless ADSL2+ Modem Router DGN2200 Connection Status In the Router Status screen, click the Connection Status button to display a screen similar to this: • Connection Time. The time elapsed since the last connection to the Internet through the DSL port. • Connecting to sender. The connection status. • Negotiation. On or Off. • Authentication. On or Off. • Getting IP Address. The IP address assigned to the WAN port by the ISP. • Getting Network Mask.
PAGE 61
N300 Wireless ADSL2+ Modem Router DGN2200 Run Diagnostic Utilities The modem router has a diagnostics feature. Select Maintenance > Diagnostics to display the following screen. You can perform the following functions: • Ping an IP address to test connectivity to see if you can reach a remote host. • Perform a DNS lookup to test if an Internet name resolves to an IP address to verify that the DNS server configuration is working.
PAGE 62
6. USB Storage 6 This chapter describes how to access and configure a USB storage drive attached to your modem router. Figure 13. USB port on rear panel. The USB port on the modem router can be used only to connect USB storage devices like flash drives or hard drives. Do not connect computers, USB modems, printers, CD drives, or DVD drives to the this USB port.
PAGE 63
N300 Wireless ADSL2+ Modem Router DGN2200 USB Drive Requirements The modem router works with 1.0 and 1.1 (USB Full Speed) and 2.0 (USB High Speed) standards. The approximate USB bus speeds are shown in the following table. Bus Speed/Second USB 1.1 12 Mbits USB 2.0 480 Mbits Actual bus speeds can vary, depending on the CPU speed, memory, speed of the network, and other variables. The modem router should work with USB 2.0-compliant or 1.1-compliant external flash and hard drives.
PAGE 64
N300 Wireless ADSL2+ Modem Router DGN2200 Share Large Files with FTP via Internet 1. To protect your network, set up security if someone else will be downloading the files. Create a user name and password with appropriate access. 2. If you want to limit USB drive access to only read access, from the modem router USB Storage (Basic Settings) screen, click Edit a Network folder. In the Write Access field, select admin, and then click Apply.
PAGE 65
N300 Wireless ADSL2+ Modem Router DGN2200 • Type \\readyshare in the address field of your Web browser. Network/device name: \\readyshare Share name: \\readyshare\USB_Storage If you logged in to the modem router before you connected your USB device, you might not see your USB device in the modem router screens until you log out and then log in again. Basic Settings Screen Fields and Buttons • Network Device Name. The default is \\readyshare.
PAGE 66
N300 Wireless ADSL2+ Modem Router DGN2200 1. Click the Edit button to open the Edit Network Folder screen: 2. You can use this screen to select a folder, to change the share name, or to change read access or write access from All-no password to admin. The password for admin is the same one that is used to log in to the modem router main menu. By default it is password. 3. Click Apply for your changes to take effect. 66 | Chapter 6.
PAGE 67
N300 Wireless ADSL2+ Modem Router DGN2200 USB Storage Advanced Settings To configure advanced USB settings, select USB > Advanced Settings. The USB Storage (Advanced Settings) screen displays: You can use this screen to specify access to the USB storage device. The settings are as follows: • Network Device Name. The default is readyshare. This is the name used to access the USB device connected to the modem router from your computer. • Workgroup.
PAGE 68
N300 Wireless ADSL2+ Modem Router DGN2200 Available Network Folders • Folder Name. Full path of the Network folder. • Volume Name. Volume name from the storage device (either USB drive or HDD). • Total Free Space. The space currently available on the storage device. • Share Name. You can click the name shown or you can type it into the address field of your Web browser. If Not Shared is shown, then the default share has been deleted and no other share for the root folder exists.
PAGE 69
N300 Wireless ADSL2+ Modem Router DGN2200 Unmount a USB Drive To unmount a USB disk drive so that no users can access it, from the USB Settings screen, click the Safely Remove USB button. This takes the drive offline. CAUTION: Unmount the USB drive before physically unplugging it from the modem router. If the USB disk is removed or a cable is pulled while data is being written to the disk, it could result in file or disk corruption.
PAGE 70
N300 Wireless ADSL2+ Modem Router DGN2200 Connect to the USB Drive from a Remote Computer To connect to the USB drive from remote computers using a Web browser, you use the modem router’s Internet port IP address. Locate the Internet Port IP Address The Router Status screen shows the Internet port IP address: 1. Log in to the modem router. 2. Select Maintenance > Router Status. 3. Record the IP address that is listed for the Internet port.
PAGE 71
N300 Wireless ADSL2+ Modem Router DGN2200 Note: In Windows 2000 and Windows XP, File and Printer Sharing is enabled by default. Configuring Windows 98SE and Windows ME The easiest way to get to your network properties is to go to your desktop, right-click Network Neighborhood and then select Properties. File and Printer Sharing for Microsoft Windows should be listed. If not, click Add and follow the installation prompts.
PAGE 72
7. Advanced Settings Configuring for unique situations 7 This chapter describes the advanced features of your modem router. The information is for users with a solid understanding of networking concepts who want to set the modem router up for unique situations such as when remote access from the Internet by IP or domain name is needed.
PAGE 73
N300 Wireless ADSL2+ Modem Router DGN2200 WAN Setup Select Advanced > WAN Setup to display the following screen: The following settings are available: • Disable Port Scan and DoS Protection. The firewall protects your LAN against port scans and denial of service (DoS) attacks. This protection should be disabled only in special circumstances. • Default DMZ Server.
PAGE 74
N300 Wireless ADSL2+ Modem Router DGN2200 Default DMZ Server The default demilitarized zone (DMZ) server feature is helpful when you use online games and video conferencing applications that are incompatible with NAT. The modem router is programmed to recognize some of these applications and to work correctly with them, but there are other applications that might not function well.
PAGE 75
N300 Wireless ADSL2+ Modem Router DGN2200 Dynamic DNS If your network has a permanently assigned IP address, you can register a domain name that is linked to your IP address by public Domain Name Servers (DNS). More commonly, Internet accounts have dynamically assigned IP addresses in which the IP addresses change frequently. In this case, use a commercial Dynamic DNS service to register your domain to its IP address and forward traffic directed at your domain to your current IP address.
PAGE 76
N300 Wireless ADSL2+ Modem Router DGN2200 If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the Dynamic DNS service does not work because private addresses are not routed on the Internet. LAN Setup The LAN Setup screen allows configuration of LAN IP services such as DHCP and Routing Information Protocol (RIP). The modem router is shipped preconfigured to use private IP addresses on the LAN side and to act as a DHCP server.
PAGE 77
N300 Wireless ADSL2+ Modem Router DGN2200 LAN Setup Screen Settings • IP Address. The LAN IP address of the modem router. • IP Subnet Mask. The LAN subnet mask of the modem router. Combined with the IP address, the IP subnet mask allows a device to know which other addresses are local to it, and which have to be reached through a gateway or modem router. • Use Router as DHCP Server.
PAGE 78
N300 Wireless ADSL2+ Modem Router DGN2200 Quality of Service (QoS) Quality of Service (QoS) is an advanced feature that can be used to prioritize some types of traffic ahead of others. The modem router can provide QoS prioritization over the wireless link and on the Internet connection. The modem router supports Wi-Fi Multimedia Quality of Service (WMM QoS) to prioritize wireless voice and video traffic over the wireless link.
PAGE 79
N300 Wireless ADSL2+ Modem Router DGN2200 2. Click Setup QoS rule. The QoS Priority Rule list displays: 3. To change a rule, select its radio button, scroll down and click Edit. 4. To add a custom rule, click Add Priority Rule. 5. Click Apply to save your changes and return to the QoS Setup screen. 6. In the QoS Setup screen, click Apply. Advanced Wireless Settings To view or change advanced wireless settings: 1. Select Advanced > Wireless Settings to display the following screen: Chapter 7.
PAGE 80
N300 Wireless ADSL2+ Modem Router DGN2200 Note: The advanced WPS settings section is not displayed if you selected WEP as the security option. 2. If you make changes, click Apply. Note that the WLAN settings come from the settings you made in the Wireless Settings screen (see Wireless Settings Screen on page 33). Advanced Wireless Settings • Enable Wireless Router Radio. When this check box is selected, the modem router works as an access point broadcasting a wireless signal. • Fragmentation Length.
PAGE 81
N300 Wireless ADSL2+ Modem Router DGN2200 Wireless Card Access List The Wireless Card Access List lets you restrict access to your network to a specific list of devices based on their MAC addresses. This section explains how to set up the list. 1.
PAGE 82
N300 Wireless ADSL2+ Modem Router DGN2200 Remote Management The Remote Management screen lets you allow a user or users on the Internet to configure, upgrade, and check the status of your modem router. 1. Select Advanced > Remote Management to display this screen: 2. Select the Turn Remote Management On check box. 3. Specify the external addresses that can access remote management. For security, restrict access to as few external IP addresses as practical. Select a radio button: • Only This Computer.
PAGE 83
N300 Wireless ADSL2+ Modem Router DGN2200 Static Routes Static routes provide additional routing information to your modem router. Under normal circumstances, the modem router has adequate routing information after it has been configured for Internet access, and you do not need to configure additional static routes. You configure static routes only for unusual cases such as multiple routers or multiple IP subnets located on your network.
PAGE 84
N300 Wireless ADSL2+ Modem Router DGN2200 Add a Static Route 1. Select Advanced > Static Routes to display the following screen: 2. Click Add to open the following screen. 3. Fill in the fields: • In the Route Name field, enter a route name for this static route. This name is for identification purpose only. • Select Private if you want to limit access to the LAN only. The static route will not be reported in RIP. • Select Active to make this route effective.
PAGE 85
N300 Wireless ADSL2+ Modem Router DGN2200 Universal Plug and Play Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, access the network and connect to other devices as needed. UPnP devices can automatically discover the services from other registered UPnP devices on the network. 1. Select Advanced > UPnP to display the following screen: 2. Specify the settings as follows: • Turn UPnP On. UPnP can be enabled or disabled for automatic device configuration.
PAGE 86
N300 Wireless ADSL2+ Modem Router DGN2200 Traffic Meter Traffic metering allows you to monitor the volume of Internet traffic passing through your modem router’s Internet port. With the Traffic Meter utility, you can set limits for traffic volume, set a monthly limit, and get a live update of traffic usage. To monitor traffic on your modem router: 1. Select Advanced > Traffic Meter. 2. To enable the Traffic Meter, select the Enable Traffic Meter check box. 3.
PAGE 87
N300 Wireless ADSL2+ Modem Router DGN2200 Advanced USB Settings For added security, you can specify that only approved USB devices are shared. 1. Select Advanced > USB. The following screen displays: 2. Select No and click Apply. 3. To define the approved devices, click USB Approved Devices. Wireless Bridging and Repeating Networks With the modem router, you can build large bridged wireless networks that form an IEEE 802.11n Wireless Distribution System (WDS).
PAGE 88
N300 Wireless ADSL2+ Modem Router DGN2200 Select Advanced > Wireless Repeating Function to display the following screen: • Enable Wireless Repeating Function. Select this check box if you want to use the wireless repeating function. • Wireless MAC of this router. This field displays the MAC address for your modem router for your reference. You will need to enter this MAC address in the corresponding Wireless Repeating Function screen of the other access point you are using. • Wireless Repeater.
PAGE 89
N300 Wireless ADSL2+ Modem Router DGN2200 Set Up a Point-to-Point Bridge In point-to-point bridge mode, the modem router communicates as an access point with another bridge-mode wireless station. As a bridge, wireless client associations are disabled. Only wired clients can be connected. Use wireless security to protect this communication. The following figure shows an example of point-to-point bridge mode. Both access points (APs) are in point-to-point bridge mode.
PAGE 90
N300 Wireless ADSL2+ Modem Router DGN2200 Set Up a Multi-Point Bridge Multi-point bridge mode allows a router to bridge to multiple peer access points simultaneously. Wireless client associations are disabled. Only wired clients can be connected. Multi-point bridge mode configuration includes the following steps: • Set up the modem router for wireless repeating as the base station, and specify the MAC addresses of the access points that are repeaters.
PAGE 91
N300 Wireless ADSL2+ Modem Router DGN2200 2. Set up AP 2 and AP 3 to be wireless repeaters. a. In the Wireless Repeating Function screen for AP 2 and AP 3, select the Enable Wireless Repeating Function check box. b. Select the Wireless Repeater radio button. c. Select the corresponding Disable Wireless Client Association check box. d. Enter the MAC addresses for your modem router in the Base Station MAC Address field. e. Click Apply. 3. Disable the DHCP server on AP 2 and AP 3.
PAGE 92
N300 Wireless ADSL2+ Modem Router DGN2200 The following figure shows an example of a repeater mode configuration. Wireless PC associated with AP 1 Wireless PC associated with AP 2 DGN2200 AP 2 in repeater mode Internet Wireless PC associated with AP 3 192.168.0.1 PCs AP 1 (parent AP in repeater mode) AP 3 in repeater mode Figure 16.
PAGE 93
N300 Wireless ADSL2+ Modem Router DGN2200 • The access points are on the same LAN. That is, the LAN IP addresses for the access points are in the same network. • If you are using DHCP, access point devices are set to Obtain an IP address automatically (DHCP Client) in the Basic Settings screen. • Access point devices use the same SSID, channel, authentication mode, and encryption. Verify connectivity across the LANs.
PAGE 94
8. Virtual Private Networking 8 This chapter describes how to use the virtual private networking (VPN) features of the modem router. VPN communications paths are called tunnels. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer. See Appendix B, NETGEAR VPN Configuration, and click the link to Virtual Private Networking (VPN) on page 159 to learn more about VPNs.
PAGE 95
N300 Wireless ADSL2+ Modem Router DGN2200 Overview of VPN Configuration Two common scenarios for VPN tunnels are between a remote PC and a network gateway; and between two or more network gateways. The DGN2200 supports both types. The DGN2200 supports up to five concurrent tunnels. Client-to-Gateway VPN Tunnels Client-to-gateway VPN tunnels provide secure access from a remote PC, such as a telecommuter connecting to an office network.
PAGE 96
N300 Wireless ADSL2+ Modem Router DGN2200 A VPN between two or more NETGEAR VPN-enabled routers is a good way to connect branch or home offices and business partners over the Internet. VPN tunnels also enable access to network resources across the Internet. In this case, use gateways on each end of the tunnel to form the VPN tunnel end points. See Set Up a Gateway-to-Gateway VPN Configuration on page 108 for information about how to set up this configuration.
PAGE 97
N300 Wireless ADSL2+ Modem Router DGN2200 page 146) can allow a VPN endpoint with a dynamic IP address to initiate or respond to a tunnel request. Otherwise, the side using a dynamic IP address has to always be the initiator. • Which method will you use to configure your VPN tunnels? - The VPN Wizard using VPNC defaults (see Table 4, Parameters Recommended by the BPNC and Used in the VPN Wizard on page 97).
PAGE 98
N300 Wireless ADSL2+ Modem Router DGN2200 • See Use Manual Policy to Configure VPN Tunnels on page 125 when the VPN Wizard and its VPNC defaults are not appropriate for your special circumstances and you have to specify each phase of the connection. You manually enter all the authentication and key parameters.
PAGE 99
N300 Wireless ADSL2+ Modem Router DGN2200 The following worksheet identifies the parameters used in this procedure, which are highlighted in blue. For a blank worksheet, see Plan a VPN on page 96. Table 5.
PAGE 100
N300 Wireless ADSL2+ Modem Router DGN2200 3. Select the radio button for the type of target end point, and click Next. 4. Enter the remote IP address and subnet mask, and click Next. The Summary screen displays: Note: To view the VPNC-recommended authentication and encryption settings used by the VPN Wizard, click the here link. 5. Click Done. The VPN Policies screen displays, showing that the new tunnel is enabled: 100 | Chapter 8.
PAGE 101
N300 Wireless ADSL2+ Modem Router DGN2200 To view or modify the tunnel settings, select its radio button and click Edit. Note: See Use Auto Policy to Configure VPN Tunnels on page 118 for information about how to enable the IKE keep-alive capability on an existing VPN tunnel. Step 2: Configure the NETGEAR ProSafe VPN Client This section describes how to configure the NETGEAR ProSafe VPN Client on a remote PC. These instructions assume that the PC running the client has a dynamically assigned IP address.
PAGE 102
N300 Wireless ADSL2+ Modem Router DGN2200 b. From the Edit menu of the Security Policy Editor, select Add, and then click Connection. A New Connection listing appears in the list of policies. c. Rename the new connection so that it matches the Connection Name field in the VPN Settings screen of the modem router on LAN A. Choose connection names that make sense to the people using and administering the VPN.
PAGE 103
N300 Wireless ADSL2+ Modem Router DGN2200 3. Configure the security policy in the NETGEAR ProSafe VPN Client software: a. In the Network Security Policy list, expand the new connection by double-clicking its name or clicking the + symbol. My Identity and Security Policy subheadings appear below the connection name. b. Click the Security Policy subheading to view the Security Policy settings. Figure 20. Security Policy settings, Client-to-Gateway A c.
PAGE 104
N300 Wireless ADSL2+ Modem Router DGN2200 c. In the ID Type drop-down list, select IP Address. If you are using a virtual fixed IP address, enter this address in the Internal Network IP Address field. Otherwise, leave this field empty. d. In the Internet Interface section of the screen, select the adapter that you use to access the Internet. If you have a dial-up Internet account, select PPP Adapter in the Name field. If you have a dedicated cable or DSL line, select your Ethernet adapter.
PAGE 105
N300 Wireless ADSL2+ Modem Router DGN2200 d. In the Encrypt Alg drop-down list, select the type of encryption that is configured for the Encryption Protocol in the modem router in Table 3 on page 96. This example uses Triple DES. e. In the Hash Alg drop-down list, select SHA-1. f. In the SA Life drop-down list, select Unspecified. g. In the Key Group drop-down list, select Diffie-Hellman Group 2. 6. Configure the VPN client key exchange proposal.
PAGE 106
N300 Wireless ADSL2+ Modem Router DGN2200 To check the VPN connection, you can initiate a request from the remote PC to the modem router’s network by using the Connect option in the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client reports the results of the attempt to connect. Since the remote PC has a dynamically assigned WAN IP address, it has to initiate the request. To perform a ping test using our example, start from the remote PC: a. Establish an Internet connection from the PC. b.
PAGE 107
N300 Wireless ADSL2+ Modem Router DGN2200 To launch this function, click the Windows Start button, then select Programs > NETGEAR ProSafe VPN Client > Log Viewer. The Log Viewer screen for a successful connection is shown in this figure: Note: Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel. 9.
PAGE 108
N300 Wireless ADSL2+ Modem Router DGN2200 Set Up a Gateway-to-Gateway VPN Configuration This section describes how to use the VPN Wizard to set up the VPN tunnel using the VPNC default parameters listed in Table 4 on page 97. If you have special requirements not covered by these VPNC-recommended parameters, see Set Up VPN Tunnels in Special Circumstances on page 118 for information about how to set up the VPN tunnel. Follow this procedure to configure a gateway-to-gateway VPN tunnel using the VPN Wizard.
PAGE 109
N300 Wireless ADSL2+ Modem Router DGN2200 The LAN IP address ranges of each VPN endpoint has to be different. The connection will fail if both are using the NETGEAR default address range of 192.168.0.x. To configure a gateway-to-gateway VPN tunnel using the VPN Wizard: 1. Log in to Gateway A on LAN A. Select VPN Wizard. Click Next, and the Step 1 of 3 screen displays. 2. Fill in the Connection Name field and pre-shared key fields.
PAGE 110
N300 Wireless ADSL2+ Modem Router DGN2200 The VPN Wizard Summary screen displays: To view the VPNC-recommended authentication and encryption settings used by the VPN Wizard, click the here link. 5. Click Done on the Summary screen. 6. The VPN Policies screen displays, showing that the new tunnel is enabled. Note: See Use Auto Policy to Configure VPN Tunnels on page 118 for information about how to enable the IKE keepalive capability on an existing VPN tunnel. 7.
PAGE 111
N300 Wireless ADSL2+ Modem Router DGN2200 Note: The VPN Status screen is only one of three ways to active a VPN tunnel. See Activate a VPN Tunnel on page 112 for information about the other ways. a. On the modem router menu, select VPN Status. The VPN Status/Log screen displays: b. Click the VPN Status button to display the Current VPN Tunnels (SAs) screen: c. Click Connect for the VPN tunnel you want to activate. View the VPN Status/Log screen to verify that the tunnel is connected. Chapter 8.
PAGE 112
N300 Wireless ADSL2+ Modem Router DGN2200 VPN Tunnel Control Activate a VPN Tunnel There are three ways to activate a VPN tunnel: • Use the VPN Status screen. • Ping the remote endpoint. • Start using the VPN tunnel. Note: See Use Auto Policy to Configure VPN Tunnels on page 118 for information about how to enable the IKE keep-alive capability on an existing VPN tunnel. Use the VPN Status Screen to Activate a VPN Tunnel 1. Select Advanced - VPN > VPN Status.
PAGE 113
N300 Wireless ADSL2+ Modem Router DGN2200 2. Click VPN Status to display the Current VPN Tunnels (SAs) screen: 3. Click Connect for the VPN tunnel that you want to activate. Activate the VPN Tunnel by Pinging the Remote Endpoint Note: This section uses 192.168.3.1 for sample remote endpoint LAN IP address. To activate the VPN tunnel by pinging the remote endpoint (for example, 192.168.3.
PAGE 114
N300 Wireless ADSL2+ Modem Router DGN2200 This causes a continuous ping to be sent to the first DGN2200. Within 2 minutes, the ping response should change from timed out to reply. Note: You can use Ctrl-C to stop the pinging. Once the connection is established, you can open a browser on the PC and enter the LAN IP address of the remote DGN2200. After a short wait, you should see the login screen of the modem router (unless another PC already has the DGN2200 management interface open).
PAGE 115
N300 Wireless ADSL2+ Modem Router DGN2200 Verify the Status of a VPN Tunnel 1. Select Advanced - VPN > VPN Status to display the VPN Status/Log screen. This log shows the details of recent VPN activity, including the building of the VPN tunnel. If there is a problem with the VPN tunnel, refer to the log for information about what might be the cause of the problem. • Click Refresh to see the most recent entries. • Click Clear Log to delete all log entries. 2.
PAGE 116
N300 Wireless ADSL2+ Modem Router DGN2200 • HLifeTime (Secs). The remaining hard lifetime for this SA in seconds. When the hard lifetime becomes 0 (zero), the SA (wecurity association) is terminated. (It is re-established if required.) Deactivate a VPN Tunnel Sometimes a VPN tunnel has to be deactivated for testing purposes.
PAGE 117
N300 Wireless ADSL2+ Modem Router DGN2200 Use the VPN Status Screen to Deactivate a VPN Tunnel 1. Select Advanced - VPN > VPN Status to display the VPN Status screen. 2. Click VPN Status. The Current VPN Tunnels (SAs) screen displays: 3. Click Drop for the VPN tunnel that you want to deactivate. Chapter 8.
PAGE 118
N300 Wireless ADSL2+ Modem Router DGN2200 Delete a VPN Tunnel 1. Select Advanced - VPN > VPN Policies to display the VPN Policies screen. 2. In the Policy Table, select the radio button for the VPN tunnel to be deleted, and then click Delete. Set Up VPN Tunnels in Special Circumstances When the VPN Wizard and its VPNC defaults (see Table 4 on page 97) are not appropriate for your circumstances, use one of these alternatives: • Auto Policy.
PAGE 119
N300 Wireless ADSL2+ Modem Router DGN2200 The most common configuration scenarios use IKE to manage the authentication and encryption keys. The IKE protocol performs negotiations between the two VPN endpoints to automatically generate and update the required encryption parameters. Select Advanced - VPN > VPN Policies, and click the Add Auto Policy button to display the VPN - Auto Policy screen: The DGN2200 VPN tunnel network connection fields are defined in the following sections.
PAGE 120
N300 Wireless ADSL2+ Modem Router DGN2200 The ping IP address has to be associated with the remote endpoint. You have to use the remote LAN address. This IP address will be pinged periodically to generate traffic for the VPN tunnel. The remote keep-alive IP address needs to be covered by the remote LAN IP range and to correspond to a device that can respond to a ping. The range should be made as narrow as possible to meet this objective.
PAGE 121
N300 Wireless ADSL2+ Modem Router DGN2200 • Diffie-Hellman (DH) Group. The Diffie-Hellman algorithm is used when keys are exchanged. The DH Group setting determines the bit size used in the exchange. This value needs to match the value used on the remote VPN gateway. • Local Identity Type. Select an option to match the Remote Identity Type setting on the remote VPN endpoint. - WAN IP Address. Your Internet IP address. - Fully Qualified Domain Name. Your domain name. • Fully Qualified User Name.
PAGE 122
N300 Wireless ADSL2+ Modem Router DGN2200 This setting applies to both IKE and IPSec SAs. When configuring the remote endpoint to match this setting, you might have to specify the key group used. For this device, the key group is the same as the DH Group setting in the IKE section. Example of Using Auto Policy IP: 192.168.0.1 14.15.16.17 IP:192.168.3.1 VPN Tunnel 22.23.24.25 Gateway A Gateway B Internet Figure 22. Auto Policy The following settings are assumed for this example:. Table 7.
PAGE 123
N300 Wireless ADSL2+ Modem Router DGN2200 2. Select Advanced - VPN > VPN Policies and click the Add Auto Policy button. The VPN Auto Policy screen displays: 3. Enter these policy settings: Auto Policy Field Description General Policy Name GtoG Remote VPN Endpoint Address Type Fixed Remote VPN Endpoint Address Data 22.23.24.25 Local LAN Remote LAN Use the default settings. IP Address Select Subnet address from the drop-down list. Start IP Address 192.168.3.1 Subnet Mask 255.255.255.
PAGE 124
N300 Wireless ADSL2+ Modem Router DGN2200 Auto Policy Field Description IKE Direction Initiator and Responder Exchange Mode Main Mode Diffie-Hellman (DH) Group Group 2 (1024 Bit) Local Identity Type Use the default setting. Remote Identity Type Use the default setting. Encryption Algorithm 3DES Authentication Algorithm MD5 Pre-shared Key 12345678 Parameters 4. Click Apply. The VPN Policies screen displays: 5. Repeat these steps for the DGN2200 on LAN B.
PAGE 125
N300 Wireless ADSL2+ Modem Router DGN2200 a. Select VPN > VPN Status to display the VPN Status/Log screen. Then click VPN Status to display the Current VPN Tunnels (SAs) screen: b. Click Connect for the VPN tunnel that you want to activate. Review the VPN Status/Log screen (Figure a on page 111) to verify that the tunnel is connected. Use Manual Policy to Configure VPN Tunnels As an alternative to IKE, you can use manual keying, in which you need to specify each phase of the connection.
PAGE 126
N300 Wireless ADSL2+ Modem Router DGN2200 Select Advanced - VPN > VPN Policies, and then click the Add Manual Policy radio button to display the VPN - Manual Policy screen: The following sections explain the fields in the VPN Manual Policy screen. VPN Manual Policy General Settings The DGN2200 VPN tunnel network connection fields are as follows. • Policy Name. Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint.
PAGE 127
N300 Wireless ADSL2+ Modem Router DGN2200 • Single/Start IP Address. The IP address for a single address, or the starting address for an address range used on the LAN. If you want to make a single server on your LAN available to remote users, use a single address Any settings. The remote VPN endpoint can be at any IP address. • Finish IP Address. For an address range, enter the finish IP address. This has to be an address range used on your LAN. • Subnet Mask. Enter the network mask.
PAGE 128
9. Troubleshooting Diagnosing and Solving Problems 9 This chapter provides information to help you diagnose and solve problems you might have with your modem router. If you do not find the solution here, check the NETGEAR support site at http://support.netgear.com for product and contact information.
PAGE 129
N300 Wireless ADSL2+ Modem Router DGN2200 Troubleshooting with the LEDs When you turn the power on, the power, LAN, and DSL LEDs should light as described here. If they do not, refer to the sections that follow for help. 1. When power is first applied, the Power LED lights. 2. After approximately 10 seconds, the LAN and DSL LEDs light as follows: a. The LAN port LEDs light for any local ports that are connected. b. The DSL link LED lights to indicate that there is a link to the connected device. c.
PAGE 130
N300 Wireless ADSL2+ Modem Router DGN2200 If the Power LED turns red to indicate a modem router fault, turn the power off and on to see if the modem router recovers. If the power LED is still red 1 minute after power-up: • Turn the power off and on one more time to see if the modem router recovers. • Clear the modem router’s configuration to factory defaults as explained in Factory Settings on page 138. This sets the modem router’s IP address to 192.168.0.1.
PAGE 131
N300 Wireless ADSL2+ Modem Router DGN2200 • Make sure you are using the correct login information. The factory default login name is admin, and the password is password. Make sure that Caps Lock is off when you enter this information. Troubleshooting the Internet Connection If your modem router is unable to access the Internet, you should check the ADSL connection, then the WAN TCP/IP connection.
PAGE 132
N300 Wireless ADSL2+ Modem Router DGN2200 Internet LED Is Red If the Internet LED is red, the device was unable to connect to the Internet. Verify the following: • Check that your login credentials are correct, or that the information you entered on the Basic Settings screen is correct. • Check with your ISP to verify that the multiplexing method, VPI, and VCI settings on the ADSL settings screen are correct.
PAGE 133
N300 Wireless ADSL2+ Modem Router DGN2200 Troubleshooting PPPoE or PPPoA The PPPoE or PPPoA connection can be debugged as follows: 1. Access the main menu of the modem router at http://192.168.0.1. 2. Select Maintenance > Router Status. 3. Click the Connection Status button. 4. If all of the steps indicate OK, then your PPPoE or PPPoA connection is up and working. 5. If any of the steps indicates Failed, you can attempt to reconnect by clicking Connect.
PAGE 134
N300 Wireless ADSL2+ Modem Router DGN2200 Test the LAN Path to Your Modem Router You can ping the modem router from your computer to verify that the LAN path to your modem router is set up correctly. To ping the modem router from a PC running Windows 95 or later: 1. From the Windows task bar, click the Start button, and select Run. 2. In the field provided, type ping followed by the IP address of the modem router, as in this example: ping 192.168.0.1 3. Click OK.
PAGE 135
N300 Wireless ADSL2+ Modem Router DGN2200 • Check that your PC has the IP address of your modem router listed as the default modem router. If the IP configuration of your PC is assigned by DHCP, this information is not visible in your PC’s Network Control Panel. Verify that the IP address of the modem router is listed as the default router. • Check that the network address of your PC (the portion of the IP address specified by the netmask) is different from the network address of the remote device.
PAGE 136
N300 Wireless ADSL2+ Modem Router DGN2200 Changes Not Saved If the modem router does not save the changes you make in the modem router interface, check the following: • When entering configuration settings, always click the Apply button before moving to another screen or tab, or your changes are lost. • Click the Refresh or Reload button in the Web browser. The changes might have occurred, but the old settings might be in the Web browser’s cache.
PAGE 137
A. Supplemental Information A This appendix includes the factory default settings and technical specifications for the N300 Wireless ADSL2+ Modem Router DGN2200, and instructions for wall-mounting the unit. This appendix contains the following sections: • Factory Settings • Specifications • Wall-Mount Your Modem Router Appendix A.
PAGE 138
N300 Wireless ADSL2+ Modem Router DGN2200 Factory Settings You can return the modem router to its factory settings. On the bottom of the modem router, use the end of a paper clip or some other similar object to press and hold the Restore Factory Settings button for at least 7 seconds. The modem router resets, and returns to the factory settings. Your device will return to the factory configuration settings shown in the following table. Table 8.
PAGE 139
N300 Wireless ADSL2+ Modem Router DGN2200 Table 8. Factory Default Settings (Continued) Feature Wireless Default Behavior Wireless communication Enabled SSID name Can be found on the label on the bottom of the unit. Security Can be found on the label on the bottom of the unit.
PAGE 140
N300 Wireless ADSL2+ Modem Router DGN2200 Specifications Specification Description Network protocol and standards compatibility TCP/IP, RIP-1, RIP-2, DHCP, PPPoE or PPPoA, RFC 1483 Bridged or Routed Ethernet, and RFC 1577 Classical IP over ATM Power adapter North America: 120V, 60 Hz, input UK, Australia: 240V, 50 Hz, input Europe: 230V, 50 Hz, input All regions (output): 12V @ 1.5A output Physical Dimensions: 6.80 in. x 5.03 in. x 1.28 in. (173 mm x 128 mm x 33 mm) Weight: 0.65 lbs.
PAGE 141
N300 Wireless ADSL2+ Modem Router DGN2200 Wall-Mount Your Modem Router Your modem router’s location can affect wireless connections. For example, the thickness and number of walls the wireless signal passes through might limit its range. For best results, place your modem router: • Near an AC power outlet, close to computers you plan to connect with Ethernet cables, and near locations where you use wireless computers.
PAGE 142
N300 Wireless ADSL2+ Modem Router DGN2200 3. Insert screws into the wall anchors, leaving 3/16 in. (0.5 cm) of each screw exposed. Figure 26. Insert screws into the wall anchors 4. For best wireless performance, position the wireless antennas as shown with the top one facing up and the bottom one facing away from the modem router.. Figure 27. Position the antennas 142 | Appendix A.
PAGE 143
B. NETGEAR VPN Configuration B This appendix is a case study on how to configure a secure IPSec VPN tunnel from a NETGEAR DGN2200 to a FVL328. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html). Configuration Profile The configuration in this appendix follows the addressing and configuration mechanics defined by the VPN Consortium. Gather necessary information before you begin configuration.
PAGE 144
N300 Wireless ADSL2+ Modem Router DGN2200 172.23.9.0/24 10.506.0/24 Gateway A (DGN2200) Gateway B LAN IP 10.5.6.1 WAN IP 14.15.16.17 Internet WAN IP 22.23.24.25 LAN IP 172.23.9.1 Figure 28. VPNC Example, Network Interface Addressing Step-by-Step Configuration 1. Use the VPN Wizard to configure Gateway A (DGN2200) for a gateway-to-gateway tunnel (see Set Up a Gateway-to-Gateway VPN Configuration on page 108), being certain to use appropriate network addresses for the environment.
PAGE 145
N300 Wireless ADSL2+ Modem Router DGN2200 3. On the Gateway B router menu, under VPN, select IKE Policies, and click the Edit button to display the IKE Policy Configuration screen: toGW_A 22.23.24.25 14.15.16.17 4. On Gateway B router menu, under VPN, select VPN Policies, and click the Edit button to display the VPN Auto Policy screen: toGW_A toGW_A 14.15.16.17 172 23 10 9 5 1 6 5. Test the VPN tunnel by pinging the remote network from a PC attached to Gateway A (modem router). a.
PAGE 146
N300 Wireless ADSL2+ Modem Router DGN2200 Modem Router with FQDN to Gateway B This section is a case study on how to configure a VPN tunnel from a NETGEAR modem router to a gateway using a fully qualified domain name (FQDN) to resolve the public address of one or both routers. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html).
PAGE 147
N300 Wireless ADSL2+ Modem Router DGN2200 retrieved. Now, a gateway can be configured to use a third-party service instead of a permanent and unchanging IP address to establish bi-directional VPN connectivity. To use DDNS, you need to register with a DDNS service provider. Some DDNS service providers include: • DynDNS: www.dyndns.org • TZO.com: netgear.tzo.com • ngDDNS: ngddns.iego.net In this example, Gateway A is configured using a sample FQDN provided by a DDNS service provider.
PAGE 148
N300 Wireless ADSL2+ Modem Router DGN2200 d. Click Show Status. The resulting screen should show Update OK: good: 3. On NETGEAR Gateway B, configure the Dynamic DNS settings. Assume a correctly configured DynDNS account. a. From the main menu, select Dynamic DNS. b. Select the DynDNS.org radio button. The Dynamic DNS screen displays: c. Fill in the fields with the account and host name settings. • In the Host and Domain Name field enter fvl328.dyndns.org.
PAGE 149
N300 Wireless ADSL2+ Modem Router DGN2200 The LAN addresses used in this example are as follows: Table 12. Device LAN IP Address LAN Subnet Mask DGN2200 10.5.6.1 255.255.255.0 FVL328 172.23.6.1 255.255.255.0 a. Enter toFVL328 for the connection name. b. Enter fvl328.dyndns.org for the remote WAN's IP address. c. Enter the following: • IP Address: 172.23.9.1 • Subnet Mask: 255.255.255.0 5.
PAGE 150
N300 Wireless ADSL2+ Modem Router DGN2200 Verify that the firmware is up to date, and make sure you have all the addresses and parameters to be set on both sides. Assure that there are no firewall restrictions. Table 13. VPN Consortium Scenario Scenario 1 Type of VPN: PC/client-to-gateway, with client behind NAT router Security scheme: IKE with pre-shared secret/key (not certificate based) IP addressing: Gateway Fully qualified domain name (FQDN) Client Dynamic 192.168.0.
PAGE 151
N300 Wireless ADSL2+ Modem Router DGN2200 Step 1: Configure Gateway A (the NETGEAR VPN Router at the Main Office) 1. Log in to the VPN router. Select VPN Policies to display the VPN Policies screen. Click Add Auto Policy to proceed and enter the information. fromGW_A (in the example) IKE Keep Alive is optional; has to match Remote LAN IP Address when enabled (remote PC has to respond to pings) 192.168.2.
PAGE 152
N300 Wireless ADSL2+ Modem Router DGN2200 Step 2: Configure Gateway B (the Modem Router at the Regional Office) This procedure assumes that the PC running the client has a dynamically assigned IP address. The PC needs to have a VPN client program installed that supports IPSec (in this case study, the NETGEAR VPN ProSafe Client is used). Go to the NETGEAR website (www.netgear.com) for information about how to purchase the NETGEAR ProSafe VPN Client.
PAGE 153
N300 Wireless ADSL2+ Modem Router DGN2200 d. Select Secure in the Connection Security section. e. Select IP Subnet in the ID Type drop-down list. f. toGW_A In this example, type 192.168.0.1 in the Subnet field as the network address of the modem router. g. Enter 255.255.255.0 in the Mask field as the LAN subnet mask of the modem router. h. Select All in the Protocol drop-down list to allow all traffic through the VPN tunnel. i. Select the Connect using Secure Gateway Tunnel check box. j.
PAGE 154
N300 Wireless ADSL2+ Modem Router DGN2200 a. In the Network Security Policy list on the left side of the Security Policy Editor window, click My Identity. b. Select None in the Select Certificate field. c. Select Domain Name in the ID Type field, and enter toGW_A.com (in this example). Select Disabled in the Virtual Adapter field. d.
PAGE 155
N300 Wireless ADSL2+ Modem Router DGN2200 b. Expand the Authentication subheading by double-clicking its name or clicking the + symbol. Then select Proposal 1 below Authentication. c. In the Authentication Method drop-down list, select Pre-Shared Key. d. In the Encrypt Alg drop-down list, select the type of encryption. In this example, use Triple DES. e. In the Hash Alg drop-down list, select SHA-1. f. In the SA Life drop-down list, select Unspecified. g.
PAGE 156
N300 Wireless ADSL2+ Modem Router DGN2200 To check the VPN connection, you can initiate a request from the remote PC to the VPN router’s network by using the Connect option in the modem router screen: Right-click the system tray icon to open the pop-up menu. Since the remote PC has a dynamically assigned WAN IP address, it has to initiate the request. a. Right-click the system tray icon to open the pop-up menu. b. Select Connect to open the My Connections list. c. Select toDGN2200.
PAGE 157
N300 Wireless ADSL2+ Modem Router DGN2200 This causes a continuous ping to be sent to the VPN router. Within 2 minutes, the ping response should change from timed out to reply. Once the connection is established, you can open the browser on the PC and enter the LAN IP address of the VPN router. After a short wait, you should see the login screen of the VPN router (unless another PC already has the VPN router management interface open).
PAGE 158
N300 Wireless ADSL2+ Modem Router DGN2200 While the connection is being established, the connection name listed in this screen shows SA before the name of the connection. When the connection is successful, the SA changes to the yellow key symbol. Note: While your PC is connected to a remote LAN through a VPN, you might not have normal Internet access. If this is the case, you need to close the VPN connection to have normal Internet access.
PAGE 159
C. Notification of Compliance Wireless Routers, Gateways, and Access Points C Regulatory Compliance Information This section includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices. Failure of the end-user to comply with the applicable requirements may result in unlawful operation and adverse action against the end-user by the applicable National regulatory authority.
PAGE 160
N300 Wireless ADSL2+ Modem Router DGN2200 FCC Caution • Any changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate this equipment. • This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
PAGE 161
N300 Wireless ADSL2+ Modem Router DGN2200 EDOC in Languages of the European Community Cesky [Czech] NETGEAR Inc. tímto prohlašuje, že tento Radiolan je ve shode se základními požadavky a dalšími príslušnými ustanoveními smernice 1999/5/ES. Dansk [Danish] Undertegnede NETGEAR Inc. erklærer herved, at følgende udstyr Radiolan overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF. Deutsch [German] Hiermit erklärt NETGEAR Inc.
PAGE 162
N300 Wireless ADSL2+ Modem Router DGN2200 Português [Portuguese] NETGEAR Inc. declara que este Radiolan está conforme com os requisitos essenciais e outras disposições da Directiva 1999/5/CE. Slovensko [Slovenian] NETGEAR Inc. izjavlja, da je ta Radiolan v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/ES. Slovensky [Slovak]NETGEAR Inc. týmto vyhlasuje, že Radiolan spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/ES.
PAGE 163
Index A access lists 81 adapter, wireless 29 addresses, DNS 25 ADSL see also DSL settings ADSL microfilter cabling, described 14 filter, described 13 ADSL settings 26 ADSL statistics, viewing 59 Advanced Wireless Settings screen 80 alerts, emailing 51 Application Level Gateway (ALG), disabling 73 approved USB devices 69 attached devices, viewing 60 authentication proposal 104 Auto Policy to configure VPN tunnels 118 automatic firmware checking 54 automatic Internet connection 23 B back panel 10 backing up
PAGE 164
N300 Wireless ADSL2+ Modem Router DGN2200 file sharing 63 filtering content 39 firewalls CU-SeeMe connection 46 IM ports 44 inboudn rules 46 inbound rules 44, 45 rules 43 firmware, upgrading 54, 82 at log in 21 automatic check 54 manually 55 front panel 10 LEDs described 10 FTP, sharing files using 64 fully qualified domain name (FQDN), configuring VPN tunnels using 146 DSL settings 26 DSL synchronization 11 ISP login 18 K keywords, blocking traffic using 42 L host name 24 host, trusted 43 label, prod
PAGE 165
N300 Wireless ADSL2+ Modem Router DGN2200 NETGEAR genie 19 NETGEAR ProSafe VPN Client 101 Network Address Translation (NAT) 25 network folder creating 68 editing 65 Network Time Protocol (NTP) 49, 136 networks controlling access 43 guest 37 troubleshooting 133 no Internet connection 26 O On/Off LED 11 one-line ADSL microfilter 13 online help, router 21 outbound firewall rules 47 P passphrase, product label 9 passphrases 36, 37 passwords, see passphrases phone line, cabling 15 ping 106, 156 plug and play,
PAGE 166
N300 Wireless ADSL2+ Modem Router DGN2200 network troubleshooting 133 no Internet connection 26 technical specifications 140 technical support 2 time of day 136 time zone, setting 49 time-stamping 49 trademarks 2 traffic metering 86 traffic, log 46 troubleshooting 128 cannot log in 135 date or time incorrect 136 Internet browsing 133 Internet connection 131, 132 LEDs 129, 130, 132 log in access 130 network 133 PPPoA or PPPoE 133 router changes not saved 136 router not on 129 trusted host 43 Trusted IP Addr
PAGE 167
N300 Wireless ADSL2+ Modem Router DGN2200 wrong date or time 136 Index | 167