User's Manual

ManualsBrandsNetgear ManualsPC ComponentsNetgear FVM318

SM-FVM318NA-0

October 2002

NETGEAR, Inc.

4500 Great America Parkway

Santa Clara, CA 95054 USA

Phone 1-888-NETGEAR

Reference Manual for the

Model FVM318 Cable/DSL

ProSafe Wireless VPN

Security Firewall

Reference Manual

FVM318.book Page i Wednesday, September 18, 2002 5:20 PM

Summary of content (82 pages)

PAGE 1
FVM318.book Page i Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Reference Manual NETGEAR, Inc.
PAGE 2
FEDERAL COMMUNICATIONS COMMISSION INTERFERENCE STATEMENT This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
PAGE 3
FVM318.book Page ii Wednesday, September 18, 2002 5:20 PM © 2002 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and Auto Uplink are trademarks or registered trademarks of Netgear, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.
PAGE 4
FVM318.book Page iii Wednesday, September 18, 2002 5:20 PM Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß dasFVM318 Cable/DSL ProSafe Wireless VPN Security Firewall gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
PAGE 5
FVM318.
PAGE 6
FVM318.book Page v Wednesday, September 18, 2002 5:20 PM Contents Preface About This Manual Audience .......................................................................................................................1-xiii Typographical Conventions ..........................................................................................1-xiii Special Message Formats ........................................................................................... 1-xiv Technical Support ....................
PAGE 7
FVM318.book Page vi Wednesday, September 18, 2002 5:20 PM Using the Smart Wizard to Auto-Detect Your Internet Connection Type ..................2-8 Manually Configuring Your Internet Connection .....................................................2-14 Configuring Wireless Connectivity ................................................................................2-17 Testing Your Internet Connection ..................................................................................
PAGE 8
FVM318.book Page vii Wednesday, September 18, 2002 5:20 PM Dropped Packets ...............................................................................................5-7 Enabling Security Event E-mail Notification ...................................................................5-8 Backing Up, Restoring, or Erasing Your Settings ...........................................................5-9 Running Diagnostic Utilities and Rebooting the Router ................................................
PAGE 9
FVM318.book Page viii Wednesday, September 18, 2002 5:20 PM Troubleshooting the Web Configuration Interface ..........................................................8-4 Troubleshooting the ISP Connection ..............................................................................8-5 Troubleshooting a TCP/IP Network Using a Ping Utility .................................................8-6 Testing the LAN Path to Your Firewall ......................................................................
PAGE 10
FVM318.book Page ix Wednesday, September 18, 2002 5:20 PM Infrastructure Mode ........................................................................................ B-14 Extended Service Set Identification (ESSID) ........................................................ B-14 Authentication and WEP Encryption ..................................................................... B-15 Wireless Channel Selection ..................................................................................
PAGE 11
FVM318.
PAGE 12
FVM318.book Page xi Wednesday, September 18, 2002 5:20 PM List of Procedures Procedure 2-1: Record Your Internet Connection Information ......................................2-3 Procedure 2-2: Connecting the Firewall to Your LAN ....................................................2-4 Procedure 2-3: Auto-Detecting Your Internet Connection Type ....................................2-9 Procedure 2-4: Wizard-Detected Login Account Setup ...............................................
PAGE 13
FVM318.
PAGE 14
FVM318.book Page xiii Wednesday, September 18, 2002 5:20 PM Preface About This Manual Thank your for purchasing the NETGEAR™ FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall. This manual describes the features of the firewall and provides installation and configuration instructions. Audience This reference manual assumes that the reader has intermediate to advanced computer and Internet skills.
PAGE 15
FVM318.book Page xiv Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Special Message Formats This guide uses the following formats to highlight special messages: Note: This format is used to highlight information of importance or special interest. Procedure: This format is used to let you know that you are following a sequence of steps required to complete a task.
PAGE 16
FVM318.
PAGE 17
FVM318.
PAGE 18
FVM318.book Page 1 Wednesday, September 18, 2002 5:20 PM Chapter 1 Introduction This chapter describes the features of the NETGEAR FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall. About the FVM318 The FVM318 is a complete security solution that protects your network from attacks and intrusions.
PAGE 19
FVM318.book Page 2 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Logs security incidents The FVM318 will log security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the firewall to email the log to you at specified intervals. You can also configure the firewall to send immediate alert messages to your email address or email pager whenever a significant event occurs.
PAGE 20
FVM318.book Page 3 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Automatic Configuration of Attached PCs by DHCP The FVM318 dynamically assigns network configuration information, including IP, gateway, and domain name server (DNS) addresses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your local network.
PAGE 21
FVM318.book Page 4 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Remote management The firewall allows you to login to the Web Management Interface from a remote location via the Internet. For security, you can limit remote management access to a specified remote IP address or range of addresses, and you can choose a nonstandard port number.
PAGE 22
FVM318.
PAGE 23
FVM318.book Page 6 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall These LEDs are green when lit, except for the TEST LED, which is amber. Table 1-1: LED Descriptions Label Activity Description POWER On Power is supplied to the firewall. TEST On Off The system is initializing. The system is ready and running. MODEM On/Blinking The port detected a link with the Internet WAN connection or Remote Access Server.
PAGE 24
FVM318.book Page 1 Wednesday, September 18, 2002 5:20 PM Chapter 2 Connecting the Firewall to the Internet This chapter describes how to set up the firewall on your Local Area Network (LAN), connect to the Internet, perform basic configuration of your FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall using the Setup Wizard, or how to manually configure your Internet connection.
PAGE 25
FVM318.book Page 2 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall LAN Configuration Requirements For the initial connection to the Internet and configuration of your firewall, you will need to connect a computer to the firewall which is set to automatically get its TCP/IP configuration from the firewall via DHCP. Note: Please refer to Appendix C, "Preparing Your Network" for assistance with DHCP configuration.
PAGE 26
FVM318.book Page 3 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 2-1: Record Your Internet Connection Information 1. Print this page. Fill in the configuration parameters from your Internet Service Provider (ISP). ISP Login Name: The login name and password are case sensitive and must be entered exactly as given by your ISP. Some ISPs use your full e-mail address as the login name.
PAGE 27
FVM318.book Page 4 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Connecting the FVM318 firewall to Your LAN This section provides instructions for connecting the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall to your Local Area Network (LAN). Note: The Resource CD included with your firewall contains an animated Installation Assistant to help you through this procedure.
PAGE 28
FVM318.book Page 5 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall b. Disconnect the Ethernet cable (A) from your computer which connects to your Cable or DSL modem. A DSL modem Figure 2-1: Disconnect the Cable or DSL Modem c. Connect the Ethernet cable (A) from your Cable or DSL modem to the FR328S’s Internet port.
PAGE 29
FVM318.book Page 6 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall d. Connect the Ethernet cable (B) which came with the firewall from a Local port on the router to your computer. B FVS318 C bl /DSL P S f VPN Fi A Cable or DSL modem ll Figure 2-3: Connect the computers on your network to the firewall Note: The FVM318 firewall incorporates Auto UplinkTM technology.
PAGE 30
FVM318.book Page 7 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Now that the Cable or DSL Modem, firewall, and the computer are turned on, verify the following: • When power on the firewall was first turned on, the PWR light went on, the TEST light turned on within a few seconds, and then went off after approximately 10 seconds. • The firewall’s LOCAL LINK/ACT lights are lit for any computers that are connected to it.
PAGE 31
FVM318.book Page 8 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 3. Connect to the Internet Figure 2-6: Setup Wizard a. You are now connected to the firewall. If you do not see the menu above, click the Setup Wizard link on the upper left of the main menu. Click the Yes button in the Setup Wizard. b.
PAGE 32
FVM318.book Page 9 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 2-3: Auto-Detecting Your Internet Connection Type The Web Configuration Manager built in to the firewall contains a Setup Wizard that can automatically determine your network connection type. 1. If your firewall has not yet been configured, the Setup Wizard shown in Figure 2-7 should launch automatically.
PAGE 33
FVM318.book Page 10 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Next, the Setup Wizard will report which connection type it has discovered, and then display the appropriate configuration menu. If the Setup Wizard finds no connection, you will be prompted to check the physical connection between your firewall and the cable or DSL modem. When the connection is properly made, the firewall’s Internet LED should be on.
PAGE 34
FVM318.book Page 11 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Note: You will no longer need to launch the ISP’s login program on your PC in order to access the Internet. When you start an Internet application, your firewall will automatically log you in. 3.
PAGE 35
FVM318.book Page 12 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 1. Enter your Account Name (may also be called Host Name) and Domain Name. These parameters may be necessary to access your ISP’s services such as mail or news servers. If you leave the Domain Name field blank, the firewall will attempt to learn the domain automatically from the ISP. If this is not successful, you may need to enter it manually. 2.
PAGE 36
FVM318.book Page 13 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 2-6: Wizard-Detected Fixed IP (Static) Account Setup If the Setup Wizard determines that your Internet service account uses Fixed IP assignment, you will be directed to the menu shown in Figure 2-10 below: Figure 2-10: Setup Wizard menu for Fixed IP address 1.
PAGE 37
FVM318.book Page 14 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Manually Configuring Your Internet Connection You can manually configure your firewall using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section.
PAGE 38
FVM318.book Page 15 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 1. Select whether your Internet connection requires a login. Select Broadband with Login if you normally must launch a login program such as Enternet or WinPOET in order to access the Internet. Note: If you are a Telstra BigPond cable modem customer, or if you are in an area such as Austria that uses PPTP, login is required.
PAGE 39
FVM318.book Page 16 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 7. Click Apply to save your settings. 8. Click on the Test button to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 8, Troubleshooting.
PAGE 40
FVM318.book Page 17 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Configuring Wireless Connectivity Use the procedure below to configure an Internet connection via the serial port of your firewall. Procedure 2-8: Serial Port Internet Connection Configuration There are three steps to configuring the serial port of your firewall for an Internet connection: 1. 2. 3.
PAGE 41
FVM318.book Page 18 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 2. Configure the Serial Port of the Firewall. Note: To connect to the firewall, your computer needs to be configured to obtain an IP address automatically via DHCP. If you need instructions on how to do this, please refer to Appendix C, "Preparing Your Network". a. Use a browser to log in to the firewall at http://192.168.0.
PAGE 42
FVM318.book Page 19 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall c. d. e. Choose the type of Serial Port Usage: • Auto-rollover with a wait time in minutes • Primary Internet connection Fill in the ISP Internet configuration parameters as appropriate: • For a Dial-up Account, enter the Account/User Name, Password, the Telephone number to dial, an Alternative Telephone number if available.
PAGE 43
FVM318.book Page 20 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Select the Modem Type Figure 2-15: Modem Properties menu • f. 3. If you are using the “Generic Modem” selection and configuring your own modem stings, fill in the Modem Properties settings.
PAGE 44
FVM318.book Page 21 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Testing Your Internet Connection After completing the Internet connection configuration, your can test your Internet connection. Log in to the firewall, then, from the Setup Basic Settings link, click on the Test button. If the NETGEAR website does not appear within one minute, refer to Chapter 8, Troubleshooting.
PAGE 45
FVM318.
PAGE 46
FVM318.book Page 1 Wednesday, September 18, 2002 5:20 PM Chapter 3 Protecting Your Network This chapter describes how to use the basic firewall features of the FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall to protect your network. Protecting Access to Your FVM318 firewall For security reasons, the firewall has its own user name and password. Also, after a period of inactivity for a set length of time, the administrator login will automatically disconnect.
PAGE 47
FVM318.book Page 2 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 3-1: Changing the Built-In Password 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the firewall. Figure 3-1: Log in to the firewall 2.
PAGE 48
FVM318.book Page 3 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 3-1: Changing the Administrator Login Timeout For security, the administrator's login to the firewall configuration will timeout after a period of inactivity. To change the login timeout period: 1. In the Set Password menu, type a number in ‘Administrator login times out’ field.The suggested default value is 5 minutes. 2.
PAGE 49
FVM318.book Page 4 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Blocks unwanted traffic from the Internet to your LAN. • Blocks access from your LAN to Internet locations that you specify as off-limits. The section below explains how to configure your firewall to perform these functions.
PAGE 50
FVM318.book Page 5 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 3. To block ActiveX, Java, Cookies, or Web Proxy functions for all Internet sites, click the check box next to the function and then click Apply. 4. To enable keyword blocking, check “Turn keyword blocking on”, enter a keyword or domain in the Keyword box, click Add Keyword, then click Apply.
PAGE 51
FVM318.book Page 6 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 3-3: Block Services 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the firewall. 2.
PAGE 52
FVM318.book Page 7 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall The parameters are: • Service From this list, select the application or service to be allowed or blocked. The list already displays many common services, but you are not limited to these choices. Use the Add Services menu to add any additional services or applications that do not already appear.
PAGE 53
FVM318.book Page 8 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 1. Log in to the firewall at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the firewall. 2. Click on the Schedule link of the Security menu to display menu shown below. Figure 3-6: Schedule Services menu 3.
PAGE 54
FVM318.book Page 9 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 3-5: Scheduling Firewall Services If you enabled services blocking in the Block Services menu or Port forwarding in the Ports menu, you can set up a schedule for when blocking occurs or when access isn't restricted. 1. Log in to the firewall at its default LAN address of http://192.168.0.
PAGE 55
FVM318.
PAGE 56
FVM318.book Page 1 Wednesday, September 18, 2002 5:20 PM Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVM318 firewall. VPN communications paths are called tunnels. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer.
PAGE 57
FVM318.book Page 2 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall access to network resources when NAT is enabled and remote computers have been assigned private IP addresses. • Secure access from a remote PC, such as a telecommuter connecting to an office network. VPN client access allows a remote PC to connect to your network from any location on the Internet.
PAGE 58
FVM318.book Page 3 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • • • At least one side must have a fixed IP address. If one side has a dynamic IP address, the side with a dynamic IP address must always be the initiator of the connection.
PAGE 59
FVM318.book Page 4 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 4-1: Configuring a Network to Network VPN Tunnel Follow this procedure to configure a VPN tunnel between two LANs via a FVS318 at each end. A B Figure 4-2: LAN to LAN VPN access through an FVS318 to an FVS318 1. Set up the two LANs to have different IP address ranges.
PAGE 60
FVM318.book Page 5 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall b. Click the LAN IP Setup link from the Advanced section of the main menu to display the menu shown in Figure 4-4. Figure 4-4: Configuring the Local LAN (A) via the LAN IP Setup Menu c. Change the settings as follows: • IP Address to 192.168.3.1 • DHCP Starting Address to 192.168.3.2 • DHCP Ending Address to 192.168.3.
PAGE 61
FVM318.book Page 6 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall d. Click Apply. Because you changed the firewall’s IP address, you are now disconnected. e. Reboot all PCs on network A. The network configuration should now look like this: A B 192.168.0.1 192.168.3.1 Figure 4-5: Local LAN (A) configuration 2. Configure the VPN Settings of the FVS318 firewall (A) on the local LAN. a.
PAGE 62
FVM318.book Page 7 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall c. Click the button next to an unused tunnel profile in the table and click Edit. The VPN Settings - Main Mode window opens as shown in Figure 4-7 below: Figure 4-7: LAN A VPN Settings - Main Mode IKE Edit menu d. Fill in the Connection Name VPN settings. • In the Connection Name box, type the name for the Security Association of LANs A and B.
PAGE 63
FVM318.book Page 8 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Enter the Remote Gateway IP Address which is the WAN IP Address for the second FVS318 (B). In this example, use 10.0.0.1 for the Gateway IP Address. You can look up the Remote Gateway IP Address by viewing the WAN Status screen of the second FVS318 (B). When FVS318 (B) is connected to the Internet, log in, go go to its Maintenance menu Router Status link.
PAGE 64
FVM318.book Page 9 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 3. Configure the VPN Settings of the FVS318 firewall (B) on the remote LAN. To configure the second FVS318 (B), refer to the configuration worksheet and do the following: a. Log in to the FVS318 router (B) at its default LAN address of http://192.168.0.
PAGE 65
FVM318.book Page 10 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • Enter the Remote IP Address and the Remote IP Subnet Mask. In this example, 192.168.3.1 is the Remote network address, which is the LAN network address of the first FVS318 (A), and 255.255.255.0 is the Subnet Mask. • Type the Remote Gateway IP Address, which is the WAN IP address of the first FVS318 (A). In this example, 24.0.0.1 is the Remote Gateway.
PAGE 66
FVM318.book Page 11 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Procedure 4-2: Check the VPN Connection To check the VPN Connection, you can initiate a request from one network to the other. If one FVS318 has a dynamically assigned WAN IP address, you must initiate the request from that FVS318’s network. The simplest method is to ping the LAN IP address of the other FVS318. 1.
PAGE 67
FVM318.book Page 12 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Configuring a Remote PC to Network VPN This procedure describes linking a remote PC and a LAN. The LAN will connect to the Internet using an FVS318 with a fixed IP address. The PC can be connected to the Internet through dialup, cable or DSL modem, or other means, and we will assume it has a dynamically assigned IP address.
PAGE 68
FVM318.book Page 13 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Note: If your situation is different, for example, if your remote PC is connected through a simple cable/DSL router, or if you wish to use different VPN client software, please refer to NETGEAR's web site for additional VPN applications information. Procedure 4-3: Configuring a Remote PC to Network VPN A 192.168.3.1 1.
PAGE 69
FVM318.book Page 14 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall b. Click the button next to an unused profile in the table and click Edit. The VPN Settings - IKE window opens as shown in Figure 4-12 below: Figure 4-12: VPN Edit menu for connecting with a VPN client c. Choose Main Mode for IKE automated method for establishing a shared security policy and authenticated keys. d.
PAGE 70
FVM318.book Page 15 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall h. Since the remote network is a single PC, enter 255.255.255.255 for the Subnet Mask. i. Since the remote PC has a dynamically assigned IP address, enter 0.0.0.0 as the Remote Gateway IP Address. Note: Only one side may have a dynamic IP address, and that side must always initiate the connection. j.
PAGE 71
FVM318.book Page 16 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 3. Configure the SafeNet software via its Security Policy Editor a. Run the SafeNet Security Policy Editor program and, using the “Sample PC to Network IKE VPN Tunnel Settings Configuration Worksheet” on page 4-12, create a VPN Connection.
PAGE 72
FVM318.book Page 17 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall • 4. Enter the public (WAN) IP Address of the FVS318 in the field directly below the ID Type menu. In this example, 24.0.0.1 would be used. Configure the Security Policy in the SafeNet VPN Client Software. a. In the Network Security Policy list, expand the new connection by double clicking its name or clicking on the “+” symbol.
PAGE 73
FVM318.book Page 18 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall g. From the Options menu at the top of the Security Policy Editor window, select Global Policy Settings. Figure 4-15: Security Policy Editor Global Policy Options 5. h. Increase the Retransmit Interval period to 45 seconds. i. Check the Allow to Specify Internal Network Address checkbox and click OK.
PAGE 74
FVM318.book Page 19 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall a. In the Network Security Policy list on the left side of the Security Policy Editor window, click on My Identity. Figure 4-16: Security Policy Editor My Identity b. In the Select Certificate menu, choose None. c. In the ID Type menu, select IP Address. d.
PAGE 75
FVM318.book Page 20 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall 6. 7. Configure VPN Client Authentication Proposal. These settings do not depend on your network information. a. In the Network Security Policy list on the left side of the Security Policy Editor window, expand the Security Policy heading by double clicking its name or clicking on the “+” symbol. b.
PAGE 76
FVM318.book Page 21 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Check the VPN Connection To check the VPN Connection, you can initiate a request from the remote PC to the FVS318’s network. Since the remote PC has a dynamically assigned WAN IP address, it must initiate the request. The simplest method is to ping from the remote PC to the LAN IP address of the FVS318. Using our example, start from the remote PC: 1.
PAGE 77
FVM318.book Page 22 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall This will cause a continuous ping to be sent to the first FVS318. After between several seconds and two minutes, the ping response should change from “timed out” to “reply.” Figure 4-18: Ping test results Once the connection is established, you can open the browser of the remote PC and enter the LAN IP Address of the remote FVS318.
PAGE 78
FVM318.book Page 23 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall The Connection Monitor screen for this connection is shown below: Figure 4-20: Connection Monitor screen In this example: • • • • The FVS318 has a public IP WAN address of 134.177.100.11 The FVS318 has a LAN IP address of 192.168.0.1 The VPN client PC has a dynamically assigned address of 12.236.5.
PAGE 79
FVM318.book Page 24 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Manual Keying As an alternative to IKE, you may use Manual Keying, in which you must specify each phase of the connection. Follow the steps to configure Manual Keying. Procedure 4-4: Using Manual Keying as an Alternative to IKE 1. When editing the VPN Settings, you may select manual keying.
PAGE 80
FVM318.book Page 25 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall The SPI should be a string of hexadecimal [0-9,A-F] characters, and should not be used in any other Security Association. Tip: For simplicity or troubleshooting, the Incoming and Outgoing SPI can be identical. 4. 5. For Encryption Protocol, select one: a. Null - Fastest, but no security. b. DES - Faster but less secure than 3DES. c.
PAGE 81
FVM318.book Page 26 Wednesday, September 18, 2002 5:20 PM Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall Blank VPN Tunnel Configuration Worksheets The blank configuration worksheets below are provided to aid you in collecting and recording the parameters used in the VPN configuration procedure.
PAGE 82
FVM318.