Integrated adsl modem and wireless router with voice (35 pages)
Summary of Contents for NETGEAR DG834GSP
Page 1
DG834GSP to FVL328 This appendix is a case study on how to configure a secure IPSec VPN tunnel from a NETGEAR DG834GSP to a FVL328. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html). Configuration Profile The configuration in this document follows the addressing and configuration mechanics defined by the VPN Consortium.
Page 2
Note: Product updates are available on the NETGEAR, Inc. web site at http://kbserver.netgear.com/DG834GSP.asp. Step-By-Step Configuration 1. Configure the DG834GSP as in the Gateway-to-Gateway procedures using the VPN Wizard (see “How to Set Up a Gateway-to-Gateway VPN Configuration” on page to use appropriate network addresses for the environment.
Page 3
Reference Manual for the ADSL Modem Wireless Router DG834GSP 10.5.6.1 toFVL328 Figure B-2 NETGEAR VPN Configuration Click VPN Policies under Advanced - VPN to invoke this screen 172.23.9.1 toFVL328 v1.0, June 2007 22.23.24.25 10 10...
Page 4
Reference Manual for the ADSL Modem Wireless Router DG834GSP 2. Configure the FVL328 as in the Gateway-to-Gateway procedures for the VPN Wizard (see “How to Set Up a Gateway-to-Gateway VPN Configuration” on page use appropriate network addresses for the environment.
Page 5
Reference Manual for the ADSL Modem Wireless Router DG834GSP toDG834 22.23.24.25 14.15.16.17 Click IKE Policies under VPN to invoke this screen toDG834 172.23.9.1 Click VPN Policies under VPN to invoke this screen Figure B-3 NETGEAR VPN Configuration 10.5.6.1 v1.0, June 2007 toDG834 22.23.24.25...
DG834GSP with FQDN to FVL328 This appendix is a case study on how to configure a VPN tunnel from a NETGEAR DG834GSP to a FVL328 using a Fully Qualified Domain Name (FQDN) to resolve the public address of one or both routers.
Page 7
FDQN 10.5.6.0/24 Network Interface Addressing Gateway A LAN IP 10.5.6.1 dg834g.dyndns.org DG834G Figure B-5 Note: Product updates are available on the NETGEAR, Inc. web site at http://kbserver.netgear.com/DG834GSP.asp. NETGEAR VPN Configuration VPNC Example Gateway B WAN IP WAN IP fvl328.dyndns.org (FQDN) (FQDN) v1.0, June 2007...
Page 8
Step-By-Step Configuration 1. Log in to the DG834GSP labeled Gateway A as in the illustration. Out of the box, the DG834GSP is set for its default LAN address of http://10.1.1.1 with its default user name of admin assume you have set the local LAN address as 10.5.6.1 for Gateway A and have set your own...
Page 9
Reference Manual for the ADSL Modem Wireless Router DG834GSP 3. On the DG834GSP, configure the Dynamic DNS settings. a. Browse to the Dynamic DNS Setup Screen (see Figure B-6 b. Configure this screen with appropriate account and hostname settings and then click Apply.
Page 10
Reference Manual for the ADSL Modem Wireless Router DG834GSP 4. On the FVL328, configure the Dynamic DNS settings. Assume a properly configured DynDNS account. a. Browse to the Dynamic DNS Setup Screen (see Figure B-8 b. Select the DynDNS.org radio button (see and hostname settings (see •...
Page 11
Reference Manual for the ADSL Modem Wireless Router DG834GSP Figure B-9 c. Click Show Status. The resulting screen should show Update OK: good (see Figure B-10). Figure B-10 NETGEAR VPN Configuration B-11 v1.0, June 2007...
Page 12
IP Address = 10.5.6.1 • Subnet Mask = 255.255.255.0 7. Test the VPN tunnel by pinging the remote network from a PC attached to the DG834GSP. a. Open the command prompt (Start -> Run -> cmd) b. ping 172.23.9.1 B-12 LAN Subnet Mask 255.255.255.0...
Page 13
Reference Manual for the ADSL Modem Wireless Router DG834GSP Figure B-11 Note: The pings may fail the first time. If this happens, try the pings a second time. NETGEAR VPN Configuration B-13 v1.0, June 2007...
Figure B-12 Setting Up the Client-to-Gateway VPN Configuration (Telecommuter Example) Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a network gateway involves the following two steps: • Step 1: Configuring the Client-to-Gateway VPN Tunnel on the VPN Router at the Employer’s Main Office.
Reference Manual for the ADSL Modem Wireless Router DG834GSP • Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter’s Home Office Step 1: Configuring the Client-to-Gateway VPN Tunnel on the VPN Router at the Employer’s Main Office Follow this procedure to configure a client-to-gateway VPN tunnel by filling out the VPN Auto Policy screen.
Page 16
Reference Manual for the ADSL Modem Wireless Router DG834GSP Figure B-13 B-16 fromDG834GSP (in the example) Dynamic IP address IKE Keep Alive is optional; must match Remote LAN IP Address when enabled (remote PC must respond to pings) Subnet address 192.168.0.1 (in this example)
Page 17
Reference Manual for the ADSL Modem Wireless Router DG834GSP 2. Click Apply when done to get the VPN Policies screen. Figure B-14 To view or modify the tunnel settings, select the radio button next to the tunnel entry and click Edit.
This procedure describes how to configure the 54 Mbps ADSL Modem Wireless Router Model DG834GSP. We will assume the PC running the client has a dynamically assigned IP address. The PC must have a VPN client program installed that supports IPSec (in this case study, the NETGEAR VPN ProSafe Client is used).
Page 19
From the Edit menu of the Security Policy Editor, click Add, then Connection. A New Connection listing appears in the list of policies. Rename the New Connection so that it matches the Connection Name you entered in the VPN Settings of the DG834GSP on Gateway A.
Page 20
In this example, type 10.1.1.1 in the Subnet field as the network address of the DG834GSP. Enter 255.255.255.0 in the Mask field as the LAN Subnet Mask of the DG834GSP. g. Select All in the Protocol menu to allow all traffic through the VPN tunnel.
Page 21
In this step, you will provide information about the remote VPN client PC. You will need to provide the Pre-Shared Key that you configured in the DG834GSP and either a fixed IP address or a “fixed virtual” IP address of the VPN client PC.
Page 22
Reference Manual for the ADSL Modem Wireless Router DG834GSP a. In the Network Security Policy list on the left side of the Security Policy Editor window, click My Identity. Figure B-18 b. Choose None in the Select Certificate menu. c. Select Domain Name in the ID Type menu and enter toDG834G.com (in this example) in the box below it.
Page 23
Reference Manual for the ADSL Modem Wireless Router DG834GSP e. Click the Pre-Shared Key button. Figure B-19 In the Pre-Shared Key dialog box, click the Enter Key button. Enter the DG834GSP's Pre-Shared Key and click OK. In this example, 12345678 is entered. This field is case sensitive.
Page 24
Reference Manual for the ADSL Modem Wireless Router DG834GSP Figure B-20 c. In the Authentication Method menu, select Pre-Shared key. d. In the Encrypt Alg menu, select the type of encryption. In this example, use Triple DES. e. In the Hash Alg menu, select SHA-1.
Page 25
Reference Manual for the ADSL Modem Wireless Router DG834GSP a. Expand the Key Exchange subheading by double clicking its name or clicking on the “+” symbol. Then select Proposal 1 below Key Exchange. Figure B-21 b. In the SA Life menu, select Unspecified.
Page 26
Select Connect to open the My Connections list. c. Choose toDG834G. The 54 Mbps ADSL Modem Wireless Router Model DG834GSP will report the results of the attempt to connect. Once the connection is established, you can access resources of the network connected to the VPN router.
Page 27
Reference Manual for the ADSL Modem Wireless Router DG834GSP c. Type ping -t 10.1.1.1, and then click OK. Figure B-23 This will cause a continuous ping to be sent to the VPN router. After between several seconds and two minutes, the ping response should change from timed out to reply.
1. To launch this function, click on the Windows Start button, then select Programs, then 54 Mbps ADSL Modem Wireless Router Model DG834GSP, then Log Viewer. Note: Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel.
Reference Manual for the ADSL Modem Wireless Router DG834GSP While the connection is being established, the Connection Name field in this menu will show SA before the name of the connection. When the connection is successful, the SA will change to the yellow key symbol.
Page 30
Reference Manual for the ADSL Modem Wireless Router DG834GSP 2. To view the VPN tunnels status, click the VPN Status link on the right side of the main menu. Figure B-27 B-30 NETGEAR VPN Configuration v1.0, June 2007...
Page 31
Reference Manual for the ADSL Modem Wireless Router DG834GSP NETGEAR VPN Configuration B-31 v1.0, June 2007...
Page 32
Reference Manual for the ADSL Modem Wireless Router DG834GSP B-32 NETGEAR VPN Configuration v1.0, June 2007...