Owner's Manual

ManualsBrandsNETGEAR ManualsModemDGN2200V3

350 East Plumeria Drive

San Jose, CA 95134

USA

May 2013

202-10870-03

v1.0

N300 Wireless ADSL2+

Modem Router DGN2200v3

User Manual

Summary of content (170 pages)

PAGE 1
N300 Wireless ADSL2+ Modem Router DGN2200v3 User M anua l 350 East Plumeria Drive San Jose, CA 95134 USA May 2013 202-10870-03 v1.
PAGE 2
N300 Wireless ADSL2+ Modem Router DGN2200v3 Support Thank you for selecting NETGEAR products. After installing your device, locate the serial number on the label of your product and use it to register your product at https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR recommends registering your product through the NETGEAR website. For product updates and web support, visit http://support.netgear.com. Phone (US & Canada only): 1-888-NETGEAR.
PAGE 3
Contents Chapter 1 Hardware Setup Unpack Your Modem Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Hardware Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Back Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Front Panel . . . . . . . . . . . . . . . . . . . .
PAGE 4
N300 Wireless ADSL2+ Modem Router DGN2200v3 Change WPA Security Option and Passphrase . . . . . . . . . . . . . . . . . . . 35 Guest Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Guest Network Wireless Security Options . . . . . . . . . . . . . . . . . . . . . . . 37 Chapter 4 NETGEAR genie Advanced Home NETGEAR genie Advanced Home Screen . . . . . . . . . . . . . . . . . . . . . . . . 39 Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
N300 Wireless ADSL2+ Modem Router DGN2200v3 Set Up Port Forwarding to Local Servers . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Add a Custom Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Edit or Delete a Port Forwarding Entry . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Set Up Port Triggering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Schedule Blocking . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
N300 Wireless ADSL2+ Modem Router DGN2200v3 Set Up a Gateway-to-Gateway VPN Configuration . . . . . . . . . . . . . . . . . 117 VPN Tunnel Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Activate a VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Verify the Status of a VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Deactivate a VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
N300 Wireless ADSL2+ Modem Router DGN2200v3 Appendix C Notification of Compliance Index 7
PAGE 8
1. Hardware Setup G et t i n g to k now you r m o dem router 1 The N300 Wireless ADSL2+ Modem Router DGN2200v3 provides you with an easy and secure way to set up a wireless home network with fast access to the Internet over a high-speed digital subscriber line (DSL).
PAGE 9
N300 Wireless ADSL2+ Modem Router DGN2200v3 Unpack Your Modem Router Your box should contain the following items: • N300 Wireless ADSL2+ Modem Router DGN2200v3 • AC power adapter (plug varies by region) • Category 5 (Cat 5) Ethernet cable • Telephone cable with RJ-11 connector • Microfilters and splitters (quantity and type vary by region) • CD with documentation (German only) • Installation guide with cabling and modem router setup instructions If any parts are incorrect, missing, or damaged
PAGE 10
N300 Wireless ADSL2+ Modem Router DGN2200v3 Back Panel The back panel has the On/Off button and port connections as shown in the figure. ADSL Power USB On/Off Ethernet LAN Figure 2. Back panel port connections Front Panel The modem router front panel has the status LEDs and icons shown in the figure. Note that the Wireless and WPS icons are buttons. Power LAN Ports (1–4) USB DSL Internet WiFi WPS Figure 3.
PAGE 11
N300 Wireless ADSL2+ Modem Router DGN2200v3 Table 1. Front panel LEDs and buttons Icon Description Power • Solid green. Power is supplied to the modem router. • Solid red. POST (power-on self-test) failure or a device malfunction has occurred. • Off. Power is not supplied to the modem router. • Blinking. The LED blinks momentarily when the Restore Factory Settings button is pressed for 6 seconds (pressing it briefly resets the unit).
PAGE 12
N300 Wireless ADSL2+ Modem Router DGN2200v3 1. Orient your modem router vertically. 2. Insert the tabs of the stand into the slots on the bottom of your modem router as shown. 3. Place your modem router in a suitable area for installation (near an AC power outlet and accessible to the Ethernet cables for your wired computers). Position Your Modem Router The modem router lets you access your network from virtually anywhere within the operating range of your wireless network.
PAGE 13
N300 Wireless ADSL2+ Modem Router DGN2200v3 When you use multiple access points, it is better if adjacent access points use different radio frequency channels to reduce interference. The recommended channel spacing between adjacent access points is 5 channels (for example, use Channels 1 and 6, or 6 and 11). ADSL Microfilters If this is the first time you have cabled a router between a DSL phone line and your computer or laptop, you might not be familiar with ADSL microfilters.
PAGE 14
N300 Wireless ADSL2+ Modem Router DGN2200v3 microfilter into the wall outlet, plug your phone equipment into the jack labeled Phone, and plug the modem router into the jack labeled ADSL. Plugs into the DSL line Figure 5. Two-line ADSL microfilter with built-in splitter Summary • One-line ADSL microfilter. Use with a phone or fax machine. • Splitter. Use with a one-line ADSL microfilter to share an outlet with a phone and the modem router. • Two-line ADSL microfilter with built-in splitter.
PAGE 15
N300 Wireless ADSL2+ Modem Router DGN2200v3 To cable the modem router: 1. Connect the ADSL. a. Install an ADSL microfilter between the phone line and the phone. Phone Line ADSL b. Connect the ADSL port of the modem router to the ADSL port of the microfilter c. Use an ADSL microfilter for every phone line in the house if your modem router and telephone connect to the same phone line. 2. Add power to the modem router. Internet Phone Line ADSL  2 a.
PAGE 16
N300 Wireless ADSL2+ Modem Router DGN2200v3 You can use an Ethernet cable or connect wirelessly. Internet 3 Phone ADSL Line • Use the yellow Ethernet cable to connect your computer to an Ethernet port on your router. • Or, connect wirelessly by using the preset wireless security settings located on the label on the bottom of the router. 4. Open a browser. 4 If a web page does not open, close and reopen the browser and enter http://routerlogin.net in the address bar. 5.
PAGE 17
N300 Wireless ADSL2+ Modem Router DGN2200v3 Verify the Cabling Verify that your modem router is cabled correctly by checking the modem router LEDs. Turn on the modem router by pressing the On/Off button on the back. • • The Power LED is green when the modem router is turned on. The LAN ports are green for each computer cabled to the modem router by an Ethernet cable. • The WiFi LED is green when the modem router is turned on. • The DSL LED is green when you have a DSL connection.
PAGE 18
2. Getting Started with NETGEAR genie Connecting to the modem router This chapter explains how to use NETGEAR genie to set up your modem router after you complete cabling as described in the installation guide and in the previous chapter.
PAGE 19
N300 Wireless ADSL2+ Modem Router DGN2200v3 Modem Router Setup Preparation You can set up your modem router with the NETGEAR genie automatically, or you can use the genie menus and screens to set up your modem router manually. Before you start the setup process, get your ISP information and make sure the computers and devices in the network have the settings described here.
PAGE 20
N300 Wireless ADSL2+ Modem Router DGN2200v3 NETGEAR genie Setup NETGEAR genie runs on any device with a web browser. Installation and basic setup takes about 15 minutes to complete.  To use NETGEAR genie to set up your modem router: 1. Turn the modem router on by pressing the On/Off button. 2. Make sure that your computer or wireless device is connected to the modem router with an Ethernet cable (wired) or wirelessly with the preset security settings listed on the bottom label. 3.
PAGE 21
N300 Wireless ADSL2+ Modem Router DGN2200v3 If the modem router does not connect to the Internet: 1. Review your settings to be sure that you have selected the correct options and typed everything correctly. 2. Contact your ISP to verify that you have the correct configuration information. 3. Read Chapter 11, Troubleshooting. If problems persist, register your NETGEAR product and contact NETGEAR technical support.
PAGE 22
N300 Wireless ADSL2+ Modem Router DGN2200v3 Upgrade the Firmware When you set up your modem router and are connected to the Internet, the modem router automatically checks for you to see if newer firmware is available. If it is, a message is displayed on the top of the screen. See Upgrade the Modem Router Firmware on page 82 for more information about upgrading firmware. Click the message when it shows up and click Yes to upgrade the modem router with the latest firmware.
PAGE 23
N300 Wireless ADSL2+ Modem Router DGN2200v3 • Parental Controls. Download and set up parental controls to prevent objectionable content from reaching your computers. • ReadySHARE. If you connected a USB storage device to the modem router, then it is displayed here. • Guest Network. Set up a guest network to allow visitors to use your modem router’s Internet connection. • Advanced tab.
PAGE 24
N300 Wireless ADSL2+ Modem Router DGN2200v3 The WPS process automatically sets up your wireless computer with the network password and connects you to the wireless network. NETGEAR genie App and Mobile genie App The genie app is the easy dashboard for managing, monitoring, and repairing your home network. See the NETGEAR genie App User Manual for details about the genie apps.
PAGE 25
3.
PAGE 26
N300 Wireless ADSL2+ Modem Router DGN2200v3 Basic Home Screen The genie Basic Home screen is shown in the following figure: Internet Setup The Internet Setup screen is where you view or change basic ISP information. Note: You can use the Setup Wizard to detect the Internet connection and automatically set up the modem router. See Setup Wizard on page 39.
PAGE 27
N300 Wireless ADSL2+ Modem Router DGN2200v3  To view or change the basic Internet setup: 1. From the Home screen, select Internet. The following screen displays: Scroll to view more settings The fields that display in the Internet Setup screen depend on whether your Internet connection requires a login. • Yes. Select the encapsulation method and enter the login name. If you want to change the login time-out, enter a new value in minutes. • No. Enter the account and domain names, only if needed. 2.
PAGE 28
N300 Wireless ADSL2+ Modem Router DGN2200v3 • Idle Timeout (In minutes). If you want to change the login timeout, enter a new value in minutes. This setting determines how long the modem router keeps the Internet connection active after there is no Internet activity from the LAN. A value of 0 (zero) means never log out. Internet IP Address. • Get Dynamically from ISP. Your ISP uses DHCP to assign your IP address. Your ISP automatically assigns these addresses. • Use Static IP Address.
PAGE 29
N300 Wireless ADSL2+ Modem Router DGN2200v3 Attached Devices Use the Attached Device screen to view all computers or devices that are currently connected to your network.  To go to the Attached Devices screen: From the Basic Home screen, select Attached Devices to display the following screen: Wired devices are connected to the modem router with Ethernet cables. Wireless devices have joined the wireless network. • # (number). The order in which the device joined the network. • IP Address.
PAGE 30
N300 Wireless ADSL2+ Modem Router DGN2200v3 Parental Controls The first time you select Parental Controls from the Basic Home screen, your browser goes to the Parental Controls website. You can learn more about Live Parental Controls or download the application.  To set up Live Parental Controls: 1. Select Parental Controls on the Dashboard screen. 2. Click either the Windows Users or Mac Users button. 3.
PAGE 31
N300 Wireless ADSL2+ Modem Router DGN2200v3 4. Click Next, read the note, and click Next again to proceed. Because Live Parental Controls uses free OpenDNS accounts, you are prompted to log in or create a free account. 5. Select the radio button that applies to you and click Next. • If you already have an OpenDNS account, leave the Yes radio button selected. • If you do not have an OpenDNS account, select the No radio button.
PAGE 32
N300 Wireless ADSL2+ Modem Router DGN2200v3 6. Select the radio button for the filtering level that you want and click Next. 7. Click the Take me to the status screen button. Parental controls are now set up for the router. The Dashboard shows Parental Controls as Enabled. ReadySHARE USB Storage You can view information about a USB storage device that is connected to the modem router’s USB port here.
PAGE 33
N300 Wireless ADSL2+ Modem Router DGN2200v3 name (account name) for All – no password is guest. The password for admin is the same one that you use to log in to the modem router. By default, it is password. Folder Name. Full path of the network folder. Volume Name. Volume name from the storage device (either USB drive or HDD). Total/Free Space. Shows the current utilization of the storage device. • Edit. Click the Edit button to edit the Available Network Folders settings. • Safely Remove a USB Device.
PAGE 34
N300 Wireless ADSL2+ Modem Router DGN2200v3 1. Select Basic > Wireless to display the Wireless Settings screen. The screen sections, settings, and procedures are explained in the following sections. 2. Make any changes that are needed and click Apply to save your settings. 3. Set up and test your wireless devices and computers to make sure that they can connect wirelessly.
PAGE 35
N300 Wireless ADSL2+ Modem Router DGN2200v3 box is selected by default. To turn off the SSID broadcast, clear the Allow Broadcast of Name (SSID) check box, and click Apply. Name (SSID). The SSID is also known as the wireless network name. Enter a 32-character (maximum) name in this field. This field is case-sensitive. The default SSID is randomly generated, and NETGEAR strongly recommends that you do not change this setting. Channel. This setting is the wireless channel the gateway uses.
PAGE 36
N300 Wireless ADSL2+ Modem Router DGN2200v3 Guest Networks Adding a guest network allows visitors at your home to use the Internet without giving them your wireless security key. You can add a guest network to each wireless network: 2.4 GHz b/g/n and 5.0 GHz a/n.  To set up a guest network: 1. Select Basic > Guest Network to display the following screen: 2. Select any of the following wireless settings: Enable this wireless network.
PAGE 37
N300 Wireless ADSL2+ Modem Router DGN2200v3 Guest Network Wireless Security Options A security option is the type of security protocol applied to your wireless network. The security protocol in force encrypts data transmissions and ensures that only trusted devices receive authorization to connect to your network. Wi-Fi Protected Access (WPA) has several options including pre-shared key (PSK) encryption.
PAGE 38
4. NETGEAR genie Advanced Home Sp ecif yi ng custom set ti ngs This chapter contains the following sections: • NETGEAR genie Advanced Home Screen • Setup Wizard • WPS Wizard • Setup Menu • WAN Setup • LAN Setup • Quality of Service (QoS) Setup Some selections on the Advanced Home screen are described in separate chapters: • USB Storage. See Chapter 5, USB Storage. • Security. See Chapter 7, Security. • Administration. See Chapter 8, Administration. • Advanced Setup.
PAGE 39
N300 Wireless ADSL2+ Modem Router DGN2200v3 NETGEAR genie Advanced Home Screen The genie Advanced Home dashboard presents status information. The content is the same as what is on the Router Status screen available from the Administration menu.The genie Advanced Home screen is shown in the following figure: This screen is also displayed through the Administration menu. Setup Wizard You can use the Setup Wizard to detect your Internet settings and automatically set up your router.
PAGE 40
N300 Wireless ADSL2+ Modem Router DGN2200v3 3. Select Yes and click Next. The Setup Wizard searches your Internet connection for servers and protocols to determine your ISP configuration. The following screen displays: WPS Wizard The WPS Wizard helps you add a WPS-capable client device (a wireless device or computer) to your network. On the client device, either press its WPS button or locate its WPS PIN.  To use the WPS Wizard: 1. Select Advanced > WPS Wizard. 2. Click Next.
PAGE 41
N300 Wireless ADSL2+ Modem Router DGN2200v3 • To use the PIN method, select the PIN Number radio button, enter the client security PIN, and click Next. Within 2 minutes, go to the client device and use its WPS software to join the network without entering a password. The modem router attempts to add the WPS-capable device. The WPS LED on the front of the modem router blinks green.
PAGE 42
N300 Wireless ADSL2+ Modem Router DGN2200v3 WAN Setup The WAN Setup screen lets you configure a DMZ (demilitarized zone) server, change the Maximum Transmit Unit (MTU) size, and enable the modem router to respond to a ping on the WAN (Internet) port.  To view or change the WAN settings: Select Advanced > Setup > WAN Setup The following settings are available: • Disable Port Scan and DoS Protection.
PAGE 43
N300 Wireless ADSL2+ Modem Router DGN2200v3 NAT provides a much less secured firewall, but allows almost all Internet applications to function. • Disable SIP ALG. The Session Initiation Protocol (SIP) Application Level Gateway (ALG) is enabled by default to optimize VoIP phone calls that use the SIP. The Disable SIP ALG check box allows you to disable the SIP ALG. Disabling the SIP ALG might be useful when running certain applications. • Disable IGMP Proxying.
PAGE 44
N300 Wireless ADSL2+ Modem Router DGN2200v3 The best MTU setting for NETGEAR equipment is often just the default value. In some situations, changing the value fixes one problem but causes another. Leave the MTU unchanged unless one of these situations occurs: • You have problems connecting to your ISP or other Internet service, and the technical support of either the ISP or NETGEAR recommends changing the MTU setting.
PAGE 45
N300 Wireless ADSL2+ Modem Router DGN2200v3  To change the MTU size: 1. Select Advanced > Setup > WAN Setup. 2. In the MTU Size field, enter a value from 64 to 1500. 3. Click Apply to save the settings. LAN Setup The LAN Setup screen allows configuration of LAN IP services such as Dynamic Host Configuration Protocol (DHCP) and Routing Information Protocol (RIP). The modem router is shipped preconfigured to use private IP addresses on the LAN side and to act as a DHCP server.
PAGE 46
N300 Wireless ADSL2+ Modem Router DGN2200v3 2. Enter the settings that you want to customize. These settings are described in the following section, LAN Setup Screen Settings. 3. Click Apply to save your changes. LAN Setup Screen Settings LAN TCP/IP Setup • IP Address. The LAN IP address of the modem router. • IP Subnet Mask. The LAN subnet mask of the modem router.
PAGE 47
N300 Wireless ADSL2+ Modem Router DGN2200v3 Use the Modem Router as a DHCP Server By default, the modem router acts as a DHCP server. The router assigns IP, DNS server, and default gateway addresses to all computers connected to the LAN. The assigned default gateway address is the LAN address of the modem router. The modem router assigns IP addresses to the attached computers from a pool of addresses specified in this screen.
PAGE 48
N300 Wireless ADSL2+ Modem Router DGN2200v3 4. Click Apply to enter the reserved address into the table. The reserved address is not assigned until the next time the computer contacts the modem router’s DHCP server. Reboot the computer, or access its IP configuration and force a DHCP release and renew. To edit or delete a reserved address entry, select the radio button next to the reserved address you want to edit or delete. Then click Edit or Delete.
PAGE 49
N300 Wireless ADSL2+ Modem Router DGN2200v3 • Specific online games • Individual Ethernet LAN ports of the modem router • A specific device by MAC address To specify prioritization of traffic, create a policy for the type of traffic and add the policy to the QoS Policy table in the QoS Setup screen. For convenience, the QoS Policy table lists many common applications and online games that can benefit from QoS handling.
PAGE 50
N300 Wireless ADSL2+ Modem Router DGN2200v3 6. You can select an existing item from the list, or you can scroll and select Add a New Application or Add a New Game, as applicable. 7. If prompted, in the Connection Type list, select either TCP, UDP, or both (TCP/UDP). Specify the port number or range of port numbers that the application or game uses. 8. From the Priority list, select the priority for Internet access for this traffic relative to other applications and traffic.
PAGE 51
N300 Wireless ADSL2+ Modem Router DGN2200v3 3. From the Priority Category list, select MAC Address to display the following screen: 4. If the device to be prioritized appears in the MAC Device List, select its radio button. The information from the MAC Device List populates the policy name, MAC Address, and Device Name fields. If the device does not appear in the MAC Device List, click Refresh. If it still does not appear, then fill in these fields manually. 5.
PAGE 52
5. USB Storage Accessi ng and config uring a US B storage drive 5 This chapter describes how to access and configure a USB storage drive attached to your modem router. The USB port on the modem router can be used only to connect USB storage devices like flash drives or hard drives, or a printer. Do not connect computers, USB modems, CD drives, or DVD drives to the modem router USB port.
PAGE 53
N300 Wireless ADSL2+ Modem Router DGN2200v3 USB Drive Requirements The modem router works with 1.0 and 1.1 (USB Full Speed) and 2.0 (USB High Speed) standards. The approximate USB bus speeds are shown in the following table. Actual bus speeds can vary, depending on the CPU speed, memory, speed of the network, and other variables. Table 3. USB Drive Speeds Bus Speed/Sec USB 1.1 12 Mbits USB 2.0 480 Mbits The modem router works with most USB-compliant external flash and hard drives.
PAGE 54
N300 Wireless ADSL2+ Modem Router DGN2200v3 • Sharing multimedia with friends and family such as MP3 files, pictures, and other multimedia with local and remote users. • Sharing resources on your network. You can store files in a central location so that you do not have to power up a computer to perform local sharing. In addition, you can share files between Macintosh, Linux, and PC computers by using the USB drive as a go-between across the systems.
PAGE 55
N300 Wireless ADSL2+ Modem Router DGN2200v3 Sharing files with a remote colleague involves the following considerations: • There are two user accounts: admin and guest. The password for admin is the same one that you use to access the modem router. By default, it is password. The guest user account has no password. • On the FTP site, the person receiving the files uses the guest user account and enters the password. (FTP requires that you type something in the password field.
PAGE 56
N300 Wireless ADSL2+ Modem Router DGN2200v3  To access your USB device: 1. Click the network device name or the share name in your computer’s network folders list. 2. For SMB://readyshare, click Connect. Note: If you logged in to the modem router before you connected your USB device, you might not see your USB device in the modem router screens. If this happens, log out and then log back in. Add or Edit a Network Folder 1.
PAGE 57
N300 Wireless ADSL2+ Modem Router DGN2200v3 3. can use this screen to select a folder, change the share name, or change the read access or write access from All – no password to . The user name (account name) for All – no password is guest. The password for admin is the same one that is used to log in to the modem router. By default, it is password. 4. Click Apply for your changes to take effect.
PAGE 58
N300 Wireless ADSL2+ Modem Router DGN2200v3 domain name to access the USB drive over the Internet. This setting supports file uploading only. FTP. Disabled by default. FTP (via Internet). Disabled by default. If you enable this setting, remote users can access the USB drive through FTP over the Internet. This setting supports both downloading and uploading of files. Available Network Folders You might need to scroll down to view this section of the screen: • Share Name.
PAGE 59
N300 Wireless ADSL2+ Modem Router DGN2200v3 Media Server Settings By default, the modem router is set up to act as a Ready DLNA Media server. This setting lets you view movies and photos on DLNA/UPnP AV–compliant media players, such as Xbox360, Playstation, and NETGEAR’s Digital Entertainer Live.
PAGE 60
N300 Wireless ADSL2+ Modem Router DGN2200v3 This screen shows the approved USB devices and the available USB devices. You can remove or add approved USB devices. 3. To add an approved USB device, select it from the Available USB Devices list, and then click Add. 4. Select the Allow only approved devices check box. 5. Click Apply so that your change takes effect. If you want to work with another USB device, first click the Safely Remove USB Device button for the currently connected USB device.
PAGE 61
6. 6 ReadySHARE Printer ReadySHARE Printer is compatible with Macs and Windows PCs. It lets you connect a USB printer to the router’s USB port, and access it wirelessly. This chapter contains the following sections: • ReadySHARE Printer • USB Control Center Utility For additional about ReadySHARE features, see www.netgear.com/readyshare.
PAGE 62
N300 Wireless ADSL2+ Modem Router DGN2200v3 ReadySHARE Printer You can connect a USB printer to the router’s USB port, and share it among Windows and Mac computers on the network.  To set up ReadySHARE Printer: 1. Connect the USB printer to the router’s USB port with a USB printer cable. 2. Install the USB printer driver software on each computer that will share the printer.
PAGE 63
N300 Wireless ADSL2+ Modem Router DGN2200v3 4. Follow the instructions to install the NETGEAR USB Control Center utility. 5. After you have installed the utility, select the language.
PAGE 64
N300 Wireless ADSL2+ Modem Router DGN2200v3 6. The first time you access the utility, you are asked to select the printer and click the Connect button. Once the connection is established, the status changes to Manually connected by xxx. You can click the Disconnect button at any time to release the connection. The status then changes to Available. After you click the Connect button once on each computer in the network, the utility on each of them handles the printing queue and handling.
PAGE 65
N300 Wireless ADSL2+ Modem Router DGN2200v3 • You can set the value for the default time-out time from the Tools > Configuration screen. • The USB Control Center utility must be running for the computer to be able to print to the USB printer attached to the router. If you exit the utility, printing does not work. • Some firewall software, such as Comodo, blocks the ReadySHARE Print utility from accessing the USB printer.
PAGE 66
N300 Wireless ADSL2+ Modem Router DGN2200v3 USB Control Center Utility The USB Control Center Utility allows you to control a shared USB device from your computer that is connected to the USB port on your router. The utility allows you to control a printer, a scanner. You have to install the utility on each computer on your network from which you want to control the device. You can download this utility for PC and Mac at www.netgear.com/landing/en-us/readyshare.aspx.
PAGE 67
N300 Wireless ADSL2+ Modem Router DGN2200v3 Control Center Configuration Select Tools >Configuration to display the following screen: Automatically execute when logging on Windows. Enable this utility to start automatically when you are logged in to Windows. Timeout. Specify the timeout value for holding the USB resource when it is not in use. Language. Select the display language for this utility. USB Printer The first time you use a printer, click Connect.
PAGE 68
N300 Wireless ADSL2+ Modem Router DGN2200v3 Once the printer shows Available status, it is no longer grayed out in a Paused state in the Windows Printers window. This USB printer is ready. The utility does not need to hold the connection of this USB printer. Once there is any print job for this printer, the USB utility connects to this USB printer automatically then prints. After the print job is done, the printer status returns to the Paused state.
PAGE 69
7. Security Ke epi ng u nwante d c onte nt out of you r n et work 7 This chapter explains how to use the basic firewall features of the modem router to prevent objectionable content from reaching the computers and devices on your network.
PAGE 70
N300 Wireless ADSL2+ Modem Router DGN2200v3 Keyword Blocking of HTTP Traffic Use keyword blocking to prevent certain types of HTTP traffic from accessing your network. The blocking can be always or according to a schedule.  To set up keyword blocking: 1. Select Advanced > Security > Block Sites to display the following screen: 2. Select one of the keyword blocking options: • Per Schedule. Turn on keyword blocking according to the Schedule screen settings. • Always.
PAGE 71
N300 Wireless ADSL2+ Modem Router DGN2200v3 Firewall Rules to Control Network Access Your modem router has a firewall that blocks unauthorized access to your wireless network and permits authorized inbound and outbound communications. Authorized communications are established according to inbound and outbound rules. The firewall has the following two default rules. You can create custom rules to further restrict the outbound communications or more widely open the inbound communications: • Inbound.
PAGE 72
N300 Wireless ADSL2+ Modem Router DGN2200v3 Port Triggering to Open Incoming Ports Some application servers (such as FTP and IRC servers) send replies to multiple port numbers. Using the port triggering function of your router, you can tell the router to open additional incoming ports when a particular outgoing port originates a session. An example is Internet Relay Chat (IRC). Your computer connects to an IRC server at destination port 6667.
PAGE 73
N300 Wireless ADSL2+ Modem Router DGN2200v3 Port Forwarding to Permit External Host Communications In both of the preceding examples, your computer initiates an application session with a server computer on the Internet. However, you might need to allow a client computer on the Internet to initiate a connection to a server computer on your network. Normally, your router ignores any inbound traffic that is not a response to your own outbound traffic.
PAGE 74
N300 Wireless ADSL2+ Modem Router DGN2200v3 How Port Forwarding Differs from Port Triggering The following points summarize the differences between port forwarding and port triggering: • Port triggering can be used by any computer on your network, although only one computer can use it at a time. • Port forwarding is configured for a single computer on your network. • With port triggering, the router does not need to know the computer’s IP address in advance. The IP address is captured automatically.
PAGE 75
N300 Wireless ADSL2+ Modem Router DGN2200v3 2. Leave the Port Forwarding radio button selected as the service type. 3. Click Add, and the following screen displays: 4. From the Service list, select the service or game that you will host on your network. If the service does not appear in the list, see Add a Custom Service on page 75. 5. In the Send to LAN Server field, enter the last digit of the IP address of your local computer that will provide this service. 6. Click Apply.
PAGE 76
N300 Wireless ADSL2+ Modem Router DGN2200v3 7. In the Server IP Address field, enter the IP address of your local computer that will provide this service. 8. Click Apply. The service appears in the list in the Port Forwarding/Port Triggering screen. Edit or Delete a Port Forwarding Entry  To edit or delete a port forwarding entry: 1. In the table, select the radio button next to the service name. 2. Click Edit Service or Delete Service.
PAGE 77
N300 Wireless ADSL2+ Modem Router DGN2200v3 Note: If you use applications such as multiplayer gaming, peer-to-peer connections, real-time communications such as instant messaging, or remote assistance (a feature in Windows XP), you should also enable Universal Plug and Play (UPnP). To configure port triggering, you need to know which inbound ports the application needs, and the number of the outbound port that will trigger the opening of the inbound ports.
PAGE 78
N300 Wireless ADSL2+ Modem Router DGN2200v3 1. On the Port Triggering screen, click Add Service. The following screen displays: 2. In the Service Name field, type a descriptive service name. 3. In the Service User list, select Any (the default) to allow any computer on the Internet to use this service. Otherwise, select Single address, and enter the IP address of one computer to restrict the service to a particular computer. 4. Select the service type, either TCP or UDP or both (TCP/UDP).
PAGE 79
N300 Wireless ADSL2+ Modem Router DGN2200v3 2. Set up the schedule for blocking keywords and services. • Days to Block. Select days on which you want to apply blocking by selecting the appropriate check boxes, or select Every Day to select the check boxes for all days. • Time of Day to Block. Select a start and end time in 24-hour format, or select All Day for 24-hour blocking. 3. Select your time zone from the list.
PAGE 80
N300 Wireless ADSL2+ Modem Router DGN2200v3 6. You can have email alerts sent immediately when someone attempts to visit a blocked site, and you can specify that logs are sent automatically. If you select the Weekly, Daily, or Hourly option and the log fills up before the specified period, the log is emailed to the specified email address. After the log is sent, the log is cleared from the modem router’s memory. If the modem router cannot email the log file, the log buffer might fill up.
PAGE 81
8. 8 Administration M a nagi ng your net work This chapter describes the modem router settings for administering and maintaining your modem router and home network. See Remote Management on page 98 for information about upgrading or checking the status of your modem router over the Internet. See Traffic Meter on page 101 for information about monitoring Internet traffic.
PAGE 82
N300 Wireless ADSL2+ Modem Router DGN2200v3 Upgrade the Modem Router Firmware The modem router firmware (routing software) is stored in flash memory. You can update the firmware from the Administration menu on the Advanced tab. You might see a message at the top of the genie screens when new firmware is available for your product. You can use the Check button on the Router Update screen to check and update to the latest firmware for your product if new firmware is available.
PAGE 83
N300 Wireless ADSL2+ Modem Router DGN2200v3 View Router Status  To view modem router status and usage information: Select Advanced Home or select Administration > Router Status to display the following screen: Scroll to view more settings Router Information Hardware Version. The modem router model. Firmware Version. The version of the modem router firmware. It changes if you upgrade the modem router firmware. GUI Language Version. The localized language of the user interface. LAN Port. • MAC Address.
PAGE 84
N300 Wireless ADSL2+ Modem Router DGN2200v3 IP Address. The IP address used by the Internet (WAN) port of the modem router. If no address is shown or the address is 0.0.0, the modem router cannot connect to the Internet. Connection. This shows if the modem router is using a fixed IP address on the WAN. If the value is DHCP Client, the modem router obtains an IP address dynamically from the ISP. IP Subnet Mask. The IP subnet mask used by the Internet (WAN) port of the modem router. Domain Name Server.
PAGE 85
N300 Wireless ADSL2+ Modem Router DGN2200v3 To stop the polling entirely, click Stop. Connection Status Button  To view the Internet connection status: On the Router Status screen in the Internet Connection pane, click the Connection Status button to view connection status information. The Release button returns the status of all items to 0. The Renew button refreshes the items. The Close Window button closes the Connection Status screen. IP Address. The IP address that is assigned to the modem router.
PAGE 86
N300 Wireless ADSL2+ Modem Router DGN2200v3 Mode. The wireless communication mode: Up to 54 Mbps, Up to 217 Mbps (default), and Up to 1300 Mbps. Wireless AP. Indicates whether the radio feature of the modem router is enabled. If this feature is not enabled, the Wireless LED on the front panel is off. Broadcast Name. Indicates whether the modem router is broadcasting its SSID. Wireless Isolation.
PAGE 87
N300 Wireless ADSL2+ Modem Router DGN2200v3 Manage the Configuration File The configuration settings of the modem router are stored within the modem router in a configuration file. You can back up (save) this file to your computer, restore it, or reset it to the factory default settings. Back Up Settings  To back up the modem router’s configuration settings: 1. Select Advanced > Administration > Backup Settings to display the following screen: 2.
PAGE 88
N300 Wireless ADSL2+ Modem Router DGN2200v3 You can use the Restore Factory Settings button on the back of the modem router (see Factory Settings on page 143), or you can click the Erase button in this screen. Erase sets the user name to admin, the password to password, and the LAN IP address to 192.168.1.1, and enables the modem router’s DHCP. Set Password This feature let you change the default password that is used to log in to the modem router with the user name admin.
PAGE 89
9. 9 Advanced Settings This chapter describes the advanced features of your modem router. The information is for readers with advanced networking knowledge who want to set the modem router up for unique situations such as when remote access from the Internet by IP or domain name is needed. Note: The Port Forwarding/Port Triggering screen can be accessed both through the Advanced Setup menu and through the Firewall Rules screen.
PAGE 90
N300 Wireless ADSL2+ Modem Router DGN2200v3 Advanced Wireless Settings  To go to the Advanced Wireless Settings screen: Select Advanced > Advanced Setup > Wireless Settings to display the following screen: The following settings are available in this screen: Enable Wireless Router Radio. You can completely turn off the wireless portion of the wireless modem router by clearing this check box. Select this check box again to enable the wireless portion of the modem router.
PAGE 91
N300 Wireless ADSL2+ Modem Router DGN2200v3 Restrict Wireless Access by MAC Address You can set up a list of computers and wireless devices that are allowed to join the wireless network. This list is based on the unique MAC address of each computer and device. Each network device has a MAC address, which is a unique 12-character physical address, containing the hexadecimal characters 0–9, a–f, or A–F only, and separated by colons (for example, 00:09:AB:CD:EF:01).
PAGE 92
N300 Wireless ADSL2+ Modem Router DGN2200v3 Wireless Repeating Function (WDS) You can set the N300 Wireless ADSL2+ Modem Router up to be used as a wireless access point (AP). Doing this enables the modem router to act as a wireless repeater. A wireless repeater connects to another wireless modem router as a client where the network to which it connects becomes the ISP service. Wireless repeating is a type of Wireless Distribution System (WDS).
PAGE 93
N300 Wireless ADSL2+ Modem Router DGN2200v3 The DGN2200v3 modem router is always in dual band concurrent mode, unless you turn off one radio.If you enable the wireless repeater in either radio band, the wireless base station or wireless repeater cannot be enabled in the other radio band. However, if you enable the wireless base station in either radio band and use the other radio band as a wireless modem router or wireless base station, dual band concurrent mode is not affected.
PAGE 94
N300 Wireless ADSL2+ Modem Router DGN2200v3 Repeater IP Address. If your modem router is the repeater, enter the IP address of the other access point. Base Station MAC Address. If your modem router is the repeater, enter the MAC address for the access point that is the base station. • Wireless Base Station. If your modem router is the base station, select this check box. Repeater MAC Address (1 through 4). If your modem router is the base station, it can act as the “parent” of up to 4 other access points.
PAGE 95
N300 Wireless ADSL2+ Modem Router DGN2200v3 Note: If you are using the DGN2200v3 base station with a different router product as the repeater, you might need to change additional configuration settings. In particular, you should disable the DHCP server function on the wireless repeater AP.  To configure the modem router as a repeater unit: 1. Log in to the modem router that will be the repeater. Select Basic > Wireless Settings and verify that the wireless settings match the base unit exactly.
PAGE 96
N300 Wireless ADSL2+ Modem Router DGN2200v3  To set up Dynamic DNS: 1. Select Advanced > Advanced Setup > Dynamic DNS to display the following screen: 2. Register for an account with one of the Dynamic DNS service providers whose names appear in the Service Provider list. For example, for DynDNS.org, select www.dyndns.org. 3. Select the Use a Dynamic DNS Service check box. 4. Select the name of your Dynamic DNS service provider. 5.
PAGE 97
N300 Wireless ADSL2+ Modem Router DGN2200v3 In this case you have to define a static route, telling your modem router that 134.177.0.0 should be accessed through the ISDN modem router at 192.168.1.100. In this example:  • The Destination IP Address and IP Subnet Mask fields specify that this static route applies to all 134.177.x.x addresses. • The Gateway IP Address field specifies that all traffic for these addresses should be forwarded to the ISDN modem router at 192.168.1.100.
PAGE 98
N300 Wireless ADSL2+ Modem Router DGN2200v3 Remote Management The remote management feature lets you upgrade or check the status of your N300 Wireless ADSL2+ Modem Router over the Internet.  To set up remote management: 1. Select Advanced > Advanced Setup > Remote Management. Note: Be sure to change the modem router’s default login password to a secure password. The ideal password contains no dictionary words from any language and contains upper-case and lower-case letters, numbers, and symbols.
PAGE 99
N300 Wireless ADSL2+ Modem Router DGN2200v3 • To allow access from any IP address on the Internet, select Everyone. 4. Specify the port number for accessing the management interface. Normal web browser access uses the standard HTTP service port 80. For greater security, enter a custom port number for the remote web management interface. Choose a number from 1024 to 65535, but do not use the number of any common service port. The default is 8080, which is a common alternate for HTTP. 5.
PAGE 100
N300 Wireless ADSL2+ Modem Router DGN2200v3 Advertisement Period. The advertisement period is how often the modem router broadcasts its UPnP information. This value can range from 1 to 1440 minutes. The default period is 30 minutes. Shorter durations ensure that control points have current device status at the expense of additional network traffic. Longer durations can compromise the freshness of the device status, but can significantly reduce network traffic. Advertisement Time to Live.
PAGE 101
N300 Wireless ADSL2+ Modem Router DGN2200v3 Traffic Meter Traffic metering allows you to monitor the volume of Internet traffic that passes through your modem router’s Internet port. With the Traffic Meter utility, you can set limits for traffic volume, set a monthly limit, and get a live update of traffic usage.  To monitor Internet traffic: 1. Click Advanced > Advanced Setup > Traffic Meter to display the following screen: Scroll to view more settings 2.
PAGE 102
N300 Wireless ADSL2+ Modem Router DGN2200v3 Change the Device Mode The modem includes a built-in router. If you want to configure the modem as a “pure bridge” in Modem mode, first set up the Internet connection and then change the Device Mode setting to Modem mode. In Modem mode, the device acts as a “pure bridge” or DSL modem. When the device is in Modem mode, features that are not available are grayed out.  To change the device mode: 1. Select Advanced > Device Mode.
PAGE 103
10. Virtual Private Networking 10 This chapter describes how to use the virtual private networking (VPN) features of the modem router. VPN communications paths are called tunnels. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer. See Appendix B, VPN Configuration to learn more about VPNs.
PAGE 104
N300 Wireless ADSL2+ Modem Router DGN2200v3 Overview of VPN Configuration Two common scenarios for VPN tunnels are between a remote PC and a network gateway; and between two or more network gateways. The DGN2200v3 supports both types. The DGN2200v3 supports up to five concurrent tunnels. Client-to-Gateway VPN Tunnels Client-to-gateway VPN tunnels provide secure access from a remote PC, such as a telecommuter connecting to an office network.
PAGE 105
N300 Wireless ADSL2+ Modem Router DGN2200v3 A VPN between two or more NETGEAR VPN-enabled routers is a good way to connect branch or home offices and business partners over the Internet. VPN tunnels also enable access to network resources across the Internet. In this case, use gateways on each end of the tunnel to form the VPN tunnel end points. See Set Up a Gateway-to-Gateway VPN Configuration on page 117 for information about how to set up this configuration.
PAGE 106
N300 Wireless ADSL2+ Modem Router DGN2200v3 tunnel request. Otherwise, the side using a dynamic IP address has to always be the initiator. • Which method will you use to configure your VPN tunnels? - The VPN Wizard using VPNC defaults (see Table 5, Parameters Recommended by the VPNC and Used in the VPN Wizard on page 106). - The typical automated Internet Key Exchange (IKE) setup (see Use Auto Policy to Configure VPN Tunnels on page 125).
PAGE 107
N300 Wireless ADSL2+ Modem Router DGN2200v3 • See Use Manual Policy to Configure VPN Tunnels on page 132 when the VPN Wizard and its VPNC defaults are not appropriate for your special circumstances and you have to specify each phase of the connection. You manually enter all the authentication and key parameters.
PAGE 108
N300 Wireless ADSL2+ Modem Router DGN2200v3 The following worksheet identifies the parameters used in this procedure, which are highlighted in blue. For a blank worksheet, see Plan a VPN on page 105. Table 6.
PAGE 109
N300 Wireless ADSL2+ Modem Router DGN2200v3 2. Click Next. 3. Fill in the Connection Name and pre-shared key fields. The connection name is for convenience and does not affect how the VPN tunnel functions. 4. Select the radio button for A remote VPN client (single PC), and click Next. 5. Enter the remote IP address and subnet mask, and click Next. The Summary screen displays: Note: To view the VPNC-recommended authentication and encryption settings used by the VPN Wizard, click the here link.
PAGE 110
N300 Wireless ADSL2+ Modem Router DGN2200v3 6. Click Done. The VPN Policies screen displays, showing that the new tunnel is enabled: To view or modify the tunnel settings, select its radio button and click Edit. See Use Auto Policy to Configure VPN Tunnels on page 125 for information about how to enable the IKE keep-alive capability on an existing VPN tunnel. Step 2: Configure the NETGEAR ProSafe VPN Client This section describes how to configure the NETGEAR ProSafe VPN Client on a remote PC.
PAGE 111
N300 Wireless ADSL2+ Modem Router DGN2200v3 b. From the Edit menu of the Security Policy Editor, select Add, and then click Connection. A New Connection listing appears in the list of policies. c. Rename the new connection so that it matches the Connection Name field in the VPN Settings screen of the modem router on LAN A. Choose connection names that make sense to the people using and administering the VPN.
PAGE 112
N300 Wireless ADSL2+ Modem Router DGN2200v3 3. Configure the security policy in the NETGEAR ProSafe VPN Client software: a. In the Network Security Policy list, expand the new connection by double-clicking its name or clicking the + symbol. My Identity and Security Policy subheadings appear below the connection name. b. Click the Security Policy subheading to view the Security Policy settings. Security Policy settings, Client-to-Gateway A c.
PAGE 113
N300 Wireless ADSL2+ Modem Router DGN2200v3 c. In the ID Type drop-down list, select IP Address. If you are using a virtual fixed IP address, enter this address in the Internal Network IP Address field. Otherwise, leave this field empty. d. In the Internet Interface section of the screen, select the adapter that you use to access the Internet. If you have a dial-up Internet account, select PPP Adapter in the Name field. If you have a dedicated cable or DSL line, select your Ethernet adapter.
PAGE 114
N300 Wireless ADSL2+ Modem Router DGN2200v3 c. In the Authentication Method drop-down list, select Pre-Shared key. d. In the Encrypt Alg drop-down list, select the type of encryption that is configured for the Encryption Protocol in the modem router in Table 4 on page 105. This example uses Triple DES. e. In the Hash Alg drop-down list, select SHA-1. f. In the SA Life drop-down list, select Unspecified. g. In the Key Group drop-down list, select Diffie-Hellman Group 2. 6.
PAGE 115
N300 Wireless ADSL2+ Modem Router DGN2200v3 8. Check the VPN connection. To check the VPN connection, you can initiate a request from the remote PC to the modem router’s network by using the Connect option in the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client reports the results of the attempt to connect. Since the remote PC has a dynamically assigned WAN IP address, it has to initiate the request. To perform a ping test using our example, start from the remote PC: a.
PAGE 116
N300 Wireless ADSL2+ Modem Router DGN2200v3 To launch this function, click the Windows Start button, then select Programs > NETGEAR ProSafe VPN Client > Log Viewer. The Log Viewer screen for a successful connection is shown in this figure: Note: Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel. 9.
PAGE 117
N300 Wireless ADSL2+ Modem Router DGN2200v3 Set Up a Gateway-to-Gateway VPN Configuration This section describes how to use the VPN Wizard to set up the VPN tunnel using the VPNC default parameters listed in Table 5 on page 106. If you have special requirements not covered by these VPNC-recommended parameters, see Set Up VPN Tunnels in Special Circumstances on page 125 for information about how to set up the VPN tunnel.
PAGE 118
N300 Wireless ADSL2+ Modem Router DGN2200v3 The LAN IP address ranges of each VPN endpoint have to be different. The connection will fail if both are using the NETGEAR default address range of 192.168.0.x.  To configure a gateway-to-gateway VPN tunnel using the VPN Wizard: 1. Log in to Gateway A on LAN A. 2. Select Advanced > Advanced - VPN > VPN Wizard. 3. Click Next. 4. Fill in the Connection Name field and pre-shared key fields. Select the radio button for A remote VPN Gateway, and click Next.
PAGE 119
N300 Wireless ADSL2+ Modem Router DGN2200v3 5. Fill in the IP address or FQDN for the target VPN endpoint WAN connection, and click Next. The Step 3 screen displays. 6. Fill in the IP Address and Subnet Mask fields for the target endpoint that can use this tunnel, and click Next. 7. Specify the local LAN address and subnet mask, and click Next. The VPN Wizard Summary screen displays: To view the VPNC-recommended authentication and encryption settings used by the VPN Wizard, click the here link. 8.
PAGE 120
N300 Wireless ADSL2+ Modem Router DGN2200v3 9. The VPN Policies screen displays, showing that the new tunnel is enabled. Note: See Use Auto Policy to Configure VPN Tunnels on page 125 for information about how to enable the IKE keepalive capability on an existing VPN tunnel. 10. Repeat these steps for the gateway on LAN B, and pay special attention to the following network settings: • WAN IP of the remote VPN gateway (for example, 14.15.16.
PAGE 121
N300 Wireless ADSL2+ Modem Router DGN2200v3 VPN Tunnel Control Activate a VPN Tunnel There are three ways to activate a VPN tunnel: • Use the VPN Status screen. • Ping the remote endpoint. • Start using the VPN tunnel. Note: See Use Auto Policy to Configure VPN Tunnels on page 125 for information about how to enable the IKE keep-alive capability on an existing VPN tunnel. Use the VPN Status Screen to Activate a VPN Tunnel 1.
PAGE 122
N300 Wireless ADSL2+ Modem Router DGN2200v3 To perform a ping test using our example, start from the remote PC: a. Establish an Internet connection from the PC. b. On the Windows taskbar, click the Start button, and then select Run. c. Type ping -t 192.168.3.1, and then click OK. Running a ping test to the LAN from the PC This causes a continuous ping to be sent to the first DGN2200v3. Within 2 minutes, the ping response should change from timed out to reply.
PAGE 123
N300 Wireless ADSL2+ Modem Router DGN2200v3 Start Using a VPN Tunnel to Activate It To use a VPN tunnel, use a Web browser to go to a URL whose IP address or range is covered by the policy for that VPN tunnel. Verify the Status of a VPN Tunnel 1. Select Advanced > Advanced - VPN > VPN Status. The VPN Status/Log screen displays: This log shows the details of recent VPN activity, including the building of the VPN tunnel.
PAGE 124
N300 Wireless ADSL2+ Modem Router DGN2200v3 • HLifeTime (Secs). The remaining hard lifetime for this SA in seconds. When the hard lifetime becomes 0 (zero), the SA (security association) is terminated. (It is re-established if required.) Deactivate a VPN Tunnel Sometimes a VPN tunnel has to be deactivated for testing purposes. You can deactivate a VPN tunnel from two places:  • Policy table on VPN Policies screen • VPN Status screen To use the Policy Table to deactivate a VPN tunnel: 1.
PAGE 125
N300 Wireless ADSL2+ Modem Router DGN2200v3 Delete a VPN Tunnel  To deactivate a VPN tunnel: 1. Select Advanced > Advanced - VPN > VPN Policies to display the VPN Policies screen. 2. In the Policy Table, select the radio button for the VPN tunnel to be deleted and click Delete. Set Up VPN Tunnels in Special Circumstances When the VPN Wizard and its VPNC defaults (see Table 5 on page 106) are not appropriate for your circumstances, use one of these alternatives: • Auto Policy.
PAGE 126
N300 Wireless ADSL2+ Modem Router DGN2200v3 Select Advanced > Advanced - VPN > VPN Policies, and click the Add Auto Policy button to display the VPN - Auto Policy screen: The DGN2200v3 VPN tunnel network connection fields are defined in the following sections. VPN Auto Policy General Settings • Policy Name. Enter a unique name. This name is not supplied to the remote VPN endpoint. It is used only to help you manage the policies. • Remote VPN Endpoint.
PAGE 127
N300 Wireless ADSL2+ Modem Router DGN2200v3 • Single/Start IP Address. Enter the IP address for a single address, or the starting address for an address range. A single address setting is used when you want to make a single server on your LAN available to remote users. A range has to be an address range used on your LAN. Any. The remote VPN endpoint might be at any IP address. • Finish IP Address. For an address range, enter the finish IP address. This needs to be an address range used on your LAN.
PAGE 128
N300 Wireless ADSL2+ Modem Router DGN2200v3 • Remote Identity Type. Select the option that matches the Local Identity Type setting on the remote VPN endpoint. - IP Address. The Internet IP address of the remote VPN endpoint. - Fully Qualified Domain Name. The domain name of the remote VPN endpoint. - Fully Qualified User Name. The name, email address, or other ID of the remote VPN endpoint. - Remote Identity Data. Enter the data for the remote identity type that you selected.
PAGE 129
N300 Wireless ADSL2+ Modem Router DGN2200v3 Example of Using Auto Policy IP:192.168.3.1 IP: 192.168.0.1 VPN Tunnel 14.15.16.17 22.23.24.25 Gateway A Gateway B Internet Figure 13. Auto Policy for a Gateway-to-Gateway tunnel The following settings are assumed for this example:. Table 8.
PAGE 130
N300 Wireless ADSL2+ Modem Router DGN2200v3 The VPN Auto Policy screen displays: 3. Enter these policy settings: Auto Policy Field Description General Policy Name GtoG Remote VPN Endpoint Address Type Fixed IP Address Remote VPN Endpoint Address Data 22.23.24.25 Local LAN Remote LAN IKE Parameters Use the default settings. IP Address Select Subnet address from the drop-down list. Single/Start IP Address 192.168.3.1 Subnet Mask 255.255.255.
PAGE 131
N300 Wireless ADSL2+ Modem Router DGN2200v3 4. Click Apply. The VPN Policies screen displays: 5. Repeat these steps for the DGN2200v3 on LAN B. Pay special attention to the following network settings: • General, Remote Address Data (for example, 14.15.16.17) • Remote LAN, Start IP Address - IP Address (for example, 192.168.0.1) - Subnet Mask (for example, 255.255.255.0) - Pre-shared Key (for example, 12345678) 6.
PAGE 132
N300 Wireless ADSL2+ Modem Router DGN2200v3 Use Manual Policy to Configure VPN Tunnels As an alternative to IKE, you can use manual keying, in which you need to specify each phase of the connection. A manual VPN policy requires all settings for the VPN tunnel to be manually input at each end (both VPN endpoints).
PAGE 133
N300 Wireless ADSL2+ Modem Router DGN2200v3 • Single/Start IP Address. The IP address for a single address, or the starting address for an address range used on the LAN. If you want to make a single server on your LAN available to remote users, use a single address Any settings. The remote VPN endpoint can be at any IP address. • Finish IP Address. For an address range, enter the finish IP address. This has to be an address range used on your LAN. • Subnet Mask. Enter the network mask.
PAGE 134
11. Troubleshooting D ia g nos i n g a nd Solvi n g P roblem s 11 This chapter provides information to help you diagnose and solve problems you might have with your modem router. If you do not find the solution here, check the NETGEAR support site at http://support.netgear.com for product and contact information.
PAGE 135
N300 Wireless ADSL2+ Modem Router DGN2200v3 Troubleshooting with the LEDs When you turn the power on, the power, LAN, and DSL LEDs should light as described here. If they do not, refer to the sections that follow for help. 1. When power is first applied, the Power LED lights. 2. After approximately 10 seconds, the LAN and DSL LEDs light as follows: a. The LAN port LEDs light for any local ports that are connected. b. The DSL link LED lights to indicate that there is a link to the connected device. c.
PAGE 136
N300 Wireless ADSL2+ Modem Router DGN2200v3 If the Power LED turns red to indicate a modem router fault, turn the power off and on to see if the modem router recovers. If the power LED is still red 1 minute after power-up: • Turn the power off and on one more time to see if the modem router recovers. • Clear the modem router’s configuration to factory defaults as explained in Factory Settings on page 143. This sets the modem router’s IP address to 192.168.0.1.
PAGE 137
N300 Wireless ADSL2+ Modem Router DGN2200v3 Troubleshooting the Internet Connection If your modem router is unable to access the Internet, check the ADSL connection, then the WAN TCP/IP connection. ADSL Link If your modem router is unable to access the Internet, first determine whether you have an ADSL link with the service provider. The state of this connection is indicated with the Internet LED. ADSL Link LED Is Green If your ADSL link LED is green, then you have a good ADSL connection.
PAGE 138
N300 Wireless ADSL2+ Modem Router DGN2200v3 Internet LED Is Red If the Internet LED is red, the device was unable to connect to the Internet. Verify the following: • Check that your login credentials are correct, or that the information you entered on the Basic Settings screen is correct. • Check with your ISP to verify that the multiplexing method, VPI, and VCI settings on the ADSL settings screen are correct.
PAGE 139
N300 Wireless ADSL2+ Modem Router DGN2200v3 3. Click the Connection Status button. 4. If all of the steps indicate OK, then your PPPoE or PPPoA connection is up and working. 5. If any of the steps indicates Failed, you can attempt to reconnect by clicking Connect. The modem router continues to attempt to connect indefinitely. If you cannot connect after several minutes, you might be using an incorrect service name, user name, or password. There also might be a provisioning problem with your ISP.
PAGE 140
N300 Wireless ADSL2+ Modem Router DGN2200v3 2. In the field provided, type ping followed by the IP address of the modem router, as in this example: ping 192.168.0.1 3. Click OK.
PAGE 141
N300 Wireless ADSL2+ Modem Router DGN2200v3 • If your ISP assigned a host name to your PC, enter that host name as the account name in the Basic Settings screen. • Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many broadband ISPs restrict access by allowing traffic only from the MAC address of your modem, but some additionally restrict access to the MAC address of a single PC connected to that modem.
PAGE 142
A. Supplemental Information A This appendix includes the factory default settings and technical specifications for the N300 Wireless ADSL2+ Modem Router DGN2200v3, and instructions for wall-mounting the unit.
PAGE 143
N300 Wireless ADSL2+ Modem Router DGN2200v3 Factory Settings You can return the modem router to its factory settings. On the bottom of the modem router, use the end of a paper clip or some other similar object to press and hold the Restore Factory Settings button for at least 7 seconds. The modem router resets, and returns to the factory settings. Your device will return to the factory configuration settings shown in the following table. Table 9.
PAGE 144
N300 Wireless ADSL2+ Modem Router DGN2200v3 Table 9. Factory Default Settings (Continued) Feature Wireless Default Behavior Wireless communication Enabled SSID name Can be found on the label on the bottom of the unit. Security Can be found on the label on the bottom of the unit.
PAGE 145
N300 Wireless ADSL2+ Modem Router DGN2200v3 Specifications Specification Description Network protocol and standards compatibility TCP/IP, RIP-1, RIP-2, DHCP, PPPoE or PPPoA, RFC 1483 Bridged or Routed Ethernet, and RFC 1577 Classical IP over ATM Power adapter North America: 120V, 60 Hz, input UK, Australia: 240V, 50 Hz, input Europe: 230V, 50 Hz, input All regions (output): 12V @ 1A output Physical Dimensions: 6.80 in. x 5.03 in. x 1.28 in. (173 mm x 128 mm x 33 mm) Weight: 0.65 lbs.
PAGE 146
B. B VPN Configuration I PS ec V P N tu n nel This appendix is a case study on how to configure a secure IPSec VPN tunnel from a NETGEAR DGN2200v3 to a FVL328. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html). Configuration Profile The configuration in this appendix follows the addressing and configuration mechanics defined by the VPN Consortium. Gather necessary information before you begin configuration.
PAGE 147
N300 Wireless ADSL2+ Modem Router DGN2200v3 Step-by-Step Configuration 1. Use the VPN Wizard to configure Gateway A (DGN2200v3) for a gateway-to-gateway tunnel (see Set Up a Gateway-to-Gateway VPN Configuration on page 117), being certain to use appropriate network addresses for the environment. The LAN addresses used in this example are as follows: Unit WAN IP LAN IP LAN Subnet Mask DGN2200v3 14.15.16.17 10.5.6.1 255.255.255.0 FVL328 22.13.24.25 172.23.9.1 255.255.255.0 a.
PAGE 148
N300 Wireless ADSL2+ Modem Router DGN2200v3 4. On Gateway B router menu, under VPN, select VPN Policies, and click the Edit button to display the VPN Auto Policy screen: 5. Test the VPN tunnel by pinging the remote network from a PC attached to Gateway A (modem router). a. Open the command prompt (Start > Run > cmd). b. Type ping 172.23.9. If the pings fail the first time, try the pings a second time.
PAGE 149
N300 Wireless ADSL2+ Modem Router DGN2200v3 Modem Router with FQDN to Gateway B This section is a case study on how to configure a VPN tunnel from a NETGEAR modem router to a gateway using a fully qualified domain name (FQDN) to resolve the public address of one or both routers. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html).
PAGE 150
N300 Wireless ADSL2+ Modem Router DGN2200v3 To use DDNS, you need to register with a DDNS service provider. Some DDNS service providers include: • DynDNS: www.dyndns.org • TZO.com: netgear.tzo.com • ngDDNS: ngddns.iego.net In this example, Gateway A is configured using a sample FQDN provided by a DDNS service provider. In this case we established the hostname dg834g.dyndns.org for Gateway A using the DynDNS service. Gateway B uses the DDNS service provider when establishing a VPN tunnel.
PAGE 151
N300 Wireless ADSL2+ Modem Router DGN2200v3 d. Click Show Status. The resulting screen should show Update OK: good: 3. On Gateway B, configure the Dynamic DNS settings. Assume a correctly configured DynDNS account. a. From the main menu, select Dynamic DNS. b. Select the DynDNS.org radio button to display the following screen: c. Fill in the fields with the account and host name settings. • In the Host and Domain Name field enter fvl328.dyndns.org. • In the User Name field, enter the account user name.
PAGE 152
N300 Wireless ADSL2+ Modem Router DGN2200v3 The resulting screen should show Update OK: good: 4. Configure the DGN2200v3 as in the gateway-to-gateway procedures using the VPN Wizard (see Set Up a Gateway-to-Gateway VPN Configuration on page 117), being certain to use appropriate network addresses for the environment. The LAN addresses used in this example are as follows: Device LAN IP Address LAN Subnet Mask DGN2200v3 10.5.6.1 255.255.255.0 FVL328 172.23.6.1 255.255.255.0 a.
PAGE 153
N300 Wireless ADSL2+ Modem Router DGN2200v3 b. Type ping 172.23.9.1 If the pings fail the first time, try the pings a second time. Configuration Summary (Telecommuter Example) The configuration in this section follows the addressing and configuration mechanics defined by the VPN Consortium. Gather the necessary information before you begin configuration. Verify that the firmware is up to date, and make sure you have all the addresses and parameters to be set on both sides.
PAGE 154
N300 Wireless ADSL2+ Modem Router DGN2200v3 Setting Up Client-to-Gateway VPN Configuration Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a network gateway involves two steps: • Step 1: Configure Gateway A (Router at the Main Office) on page 154. • Step 2: Configure Gateway B (Router at the Regional Office) on page 155 describes configuring the NETGEAR ProSafe VPN Client endpoint. Step 1: Configure Gateway A (Router at the Main Office) 1. Log in to the VPN router.
PAGE 155
N300 Wireless ADSL2+ Modem Router DGN2200v3 3. Click Apply when you are finished to display the VPN Policies screen. 4. To view or modify the tunnel settings, select the radio button next to the tunnel entry, and then click Edit. Step 2: Configure Gateway B (Router at the Regional Office) This procedure assumes that the PC running the client has a dynamically assigned IP address.
PAGE 156
N300 Wireless ADSL2+ Modem Router DGN2200v3 e. Double-click the system tray icon to open the Security Policy Editor. toGW_A 2. Add a new connection. a. Run the NETGEAR ProSafe Security Policy Editor program, and create a VPN Connection. b. From the Edit menu of the Security Policy Editor, select Add > Connection. A New Connection listing appears in the list of policies. c. Rename the new connection to match the connection name you entered in the VPN settings of Gateway A.
PAGE 157
N300 Wireless ADSL2+ Modem Router DGN2200v3 f. In this example, type 192.168.0.1 in the Subnet field as the network address of the modem router. g. Enter 255.255.255.0 in the Mask field as the LAN subnet mask of the modem router. h. Select All in the Protocol drop-down list to allow all traffic through the VPN tunnel. i. Select the Connect using Secure Gateway Tunnel check box. j. Select Domain Name in the ID Type drop-down list, and enter fromGW_A.com (in this example). k.
PAGE 158
N300 Wireless ADSL2+ Modem Router DGN2200v3 a. In the Network Security Policy list on the left side of the Security Policy Editor window, click My Identity. b. Select None in the Select Certificate field. c. Select Domain Name in the ID Type field, and enter toGW_A.com (in this example). Select Disabled in the Virtual Adapter field. d.
PAGE 159
N300 Wireless ADSL2+ Modem Router DGN2200v3 b. Expand the Authentication subheading by double-clicking its name or clicking the + symbol. Then select Proposal 1 below Authentication. c. In the Authentication Method drop-down list, select Pre-Shared Key. d. In the Encrypt Alg drop-down list, select the type of encryption. In this example, use Triple DES. e. In the Hash Alg drop-down list, select SHA-1. f. In the SA Life drop-down list, select Unspecified. g.
PAGE 160
N300 Wireless ADSL2+ Modem Router DGN2200v3 d. Select the Encapsulation Protocol (ESP) check box. e. In the Encrypt Alg drop-down list, select the type of encryption. In this example, use Triple DES. f. In the Hash Alg drop-down list, select SHA-1. g. In the Encapsulation drop-down list, select Tunnel. h. Leave the Authentication Protocol (AH) check box cleared. 7. Save the VPN Client settings. From the File menu at the top of the Security Policy Editor window, select Save.
PAGE 161
N300 Wireless ADSL2+ Modem Router DGN2200v3 To perform a ping test using this example, start from the remote PC: a. Establish an Internet connection from the PC. b. On the Windows taskbar, click the Start button, and then select Run. c. Type ping -t 192.168.0.1, and then click OK. This causes a continuous ping to be sent to the VPN router. Within 2 minutes, the ping response should change from timed out to reply.
PAGE 162
N300 Wireless ADSL2+ Modem Router DGN2200v3 The Connection Monitor screen displays: While the connection is being established, the connection name listed in this screen shows SA before the name of the connection. When the connection is successful, the SA changes to the yellow key symbol. Note: While your PC is connected to a remote LAN through a VPN, you might not have normal Internet access. If this is the case, you need to close the VPN connection to have normal Internet access.
PAGE 163
N300 Wireless ADSL2+ Modem Router DGN2200v3 2. To view the VPN tunnels status, click VPN Status.
PAGE 164
C. Notification of Compliance NETG EAR Wireless Routers, G ateways, APs C Regulatory Compliance Information This section includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices. Failure of the end-user to comply with the applicable requirements may result in unlawful operation and adverse action against the end-user by the applicable National regulatory authority.
PAGE 165
N300 Wireless ADSL2+ Modem Router DGN2200v3 FCC Radio Frequency Interference Warnings & Instructions This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
PAGE 166
N300 Wireless ADSL2+ Modem Router DGN2200v3 NOTE IMPORTANTE: Déclaration d'exposition aux radiations: Cet équipement est conforme aux limites d'exposition aux rayonnements IC établies pour un environnement non contrôlé. Cet équipement doit être installé et utilisé avec un minimum de 20 cm de distance entre la source de rayonnement et votre corps.
PAGE 167
Index A configuring DMZ server 43 Dynamic DNS 96 NAT 42 port triggering 76 QoS 48 repeater unit 95 connecting wirelessly 12 CTS/RTS Threshold 90 custom service (port forwarding) 75 access remote 98 viewing logs 86 access control turning on 91 access points 92 adding custom service 75 priority rules 49 address reservation 47 ADSL microfilter filter, described 13 advertisement period 100 alerts, emailing 79 Application Level Gateway (ALG), disabling 43 applications, QoS for online gaming 49 approved USB dev
PAGE 168
N300 Wireless ADSL2+ Modem Router DGN2200v3 F reserved 47 IP subnet mask 84 ISP DSL synchronization 11 factory default settings, restoring 87 factory settings list of 143 resetting 9 file sharing 53 firewalls IM ports 71 rules 71 firmware version 83 firmware, upgrading 22, 82 fragmentation length 90 fragmented data packets 43 front panel 10 LEDs described 10 fully qualified domain name (FQDN), configuring VPN tunnels using 149 K keywords 70 L games, online, QoS for 49 gateway IP address 28 gateway-to-
PAGE 169
N300 Wireless ADSL2+ Modem Router DGN2200v3 ReadySHARE access 53, 56 recovering admin password 88 releasing connection status 85 remote management 98 renewing connection status 85 repeater units 94 reserved IP adresses 47 restore factory settings button 143 restoring configuration file 87 default factory settings 87 router interface, described 22 Network Time Protocol (NTP) 141 networks controlling access 71 troubleshooting 139 networks, guest 36 O On/Off LED 11 one-line ADSL microfilter 13 outgoing mail
PAGE 170
N300 Wireless ADSL2+ Modem Router DGN2200v3 VPN Wizard 118, 119 VPNs 104 overview 104 planning 105 port triggering 77 trademarks 2 traffic metering 101 troubleshooting 134 date or time incorrect 141 Internet browsing 139 Internet connection 137, 138 LEDs 135, 136, 138 log in access 136 network 139 PPPoA or PPPoE 138 router changes not saved 141 router not on 135 trusted host 70 two-line ADSL microfilter 13 W WAN setup 42 Wi-Fi Protected Setup (WPS) 23, 40 Wireless Card Access List 91 wireless channel 35