Summary of Contents for NETGEAR DG834Gv4 - 54 Mbps Wireless ADSL Firewall Modem
Page 1
ADSL2+ Modem Wireless Router DG834G Reference Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10269-01 September 2007...
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Page 3
European Union Statement of Compliance Hereby, NETGEAR, Inc. declares that this modem router is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC. Èesky NETGEAR, Inc. 54 Mbps ADSL2+ Modem Wireless Router tímto prohlašuje, že tento...
Page 4
Nederlands NETGEAR, Inc. 54 Mbps ADSL2+ Modem Wireless Hierbij verklaart dat het toestel [Dutch] Router Model DG834G in overeenstemming is met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG. Malti NETGEAR, Inc. 54 Mbps ADSL2+ Modem Wireless Router...
Page 5
Refer to the Support Information Card that shipped with your 54 Mbps ADSL2+ Modem Wireless Router Model DG834G. World Wide Web NETGEAR maintains a World Wide Web home page that you can access at the universal resource locator (URL) http://www.netgear.com . A direct connection to the Internet and a Web browser such as Internet Explorer or Netscape are required.
Contents ADSL2+ Modem Wireless Router DG834G Reference Manual About This Manual Conventions, Formats, and Scope ..................i How to Use This Manual ....................ii How to Print this Manual ....................ii Chapter 1 Configuring Your Internet Connection Using the Setup Manual ....................1-1 What You Need Before You Begin ..................1-2 Logging In to the Modem Router ..................1-2 Auto-Detecting Your Internet Connection ...............1-4...
Page 8
Changing the Administrator Login Time-out .............3-2 Configuring Basic Firewall Services ................3-2 Blocking Keywords, Sites, and Services ..............3-3 Blocking Keywords and Sites ...................3-3 Firewall Rules .........................3-4 Instant Messaging (IM) Ports ...................3-5 Inbound Rules (Port Forwarding) ................3-6 Outbound Rules (Service Blocking) .................3-8 Order of Precedence for Rules ................3-10 Services ........................3-10 Defining Services ....................
Page 9
Setting Up a Client-to-Gateway VPN Configuration ............6-5 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the DG834G v4 ...6-6 Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC ...6-9 Setting Up a Gateway-to-Gateway VPN Configuration ..........6-18 VPN Tunnel Control ......................6-25 Activating a VPN Tunnel ..................6-25...
Page 10
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the VPN Router at the Employer’s Main Office ..................B-12 Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the Telecommuter’s Home Office ................B-14 Monitoring the VPN Tunnel (Telecommuter Example) ..........B-22...
Page 11
Viewing the PC Client’s Connection Monitor and Log Viewer ....... B-22 Viewing the VPN Router’s VPN Status and Log Information ........ B-23 Appendix C Related Documents v2.0, September 2007...
About This Manual The NETGEAR ® ADSL2+ Modem Wireless Router DG834G Reference Manual describes how to install, configure ,and troubleshoot the 54 Mbps ADSL2+ Modem Wireless Router Model DG834G. The information in this manual is intended for readers with intermediate computer and Internet skills.
• button to access the full NETGEAR, Inc. online knowledge base for the product model. • Links to PDF versions of the full manual and individual chapters.
Page 15
ADSL2+ Modem Wireless Router DG834G Reference Manual – Click the PDF of This Chapter link at the top left of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window. –...
“ADSL Settings” Using the Setup Manual For first-time installation of your modem router, refer to the NETGEAR Router Setup Manual. The Setup Manual explains how to launch the NETGEAR Smart Wizard on the DG834G ADSL2+ Modem Wireless Router Resource CD to step you through the procedure to connect your router, modem, and computers.
– Host and domain names • ASDL microfilters as explained in the NETGEAR Router Setup Manual. • Your computer must be set up to use DHCP to get its TCP/IP configuration from the modem router. This is usually the case. For help with DHCP, see the documentation that came with your computer, or see the link to the online document in “Preparing a Computer for Network...
Page 19
ADSL2+ Modem Wireless Router DG834G Reference Manual To log in to the modem router: 1. Type http://routerlogin.net or http://192.168.0.1 in the address field of an Internet browser. Figure 1-1 This login window opens: Figure 1-2 2. Enter admin for the user name and password for the password, both in lower case letters. 3.
In either case, use the configuration settings that your ISP provided to assure that the configuration for your Internet connection is correct. • Test. To test your Internet connection, click Test. If the NETGEAR website does not appear within 1 minute, see Chapter 7, “Troubleshooting”.
Page 21
ISP’s primary DNS server. If a secondary DNS server address is available, enter it also. • DNS servers are required to perform the function of translating www.netgear.com an Internet name such as to a numeric IP address. For a fixed IP address configuration, you must obtain DNS server addresses from your ISP and enter them manually here.
5. If no login is required, you can specify the MAC Address setting. 6. Click Apply to save your settings. 7. Click Test to test your Internet connection. If the NETGEAR website does not appear within one minute, refer to Chapter 7, “Troubleshooting”.
ADSL2+ Modem Wireless Router DG834G Reference Manual Understanding the Basic Settings Screen The fields on the Basic Settings screen depend on whether or not your Internet connection requires a login. ISP does not require login ISP does require login Figure 1-4 The following table explains the fields in the Basic Settings screen.
Page 24
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 1-2. Basic Settings screen fields Settings Description Does Your ISP Require a Login? • Yes • No These fields Account Name Enter the account name provided by your ISP. This might also appear only if no (If required) be called the host name.
Page 25
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 1-2. Basic Settings screen fields (continued) Settings Description NAT (Net Address Translation) NAT automatically assigns private IP addresses (10.1.1.x) to LAN-connected devices. • Enable. Usually NAT is enabled. • Disable. This disables NAT, but leaves the firewall active. Disable NAT only if you are sure that you do not require it.
ADSL2+ Modem Wireless Router DG834G Reference Manual ADSL Settings Note: For information about how to install ADSL filters, see the NETGEAR Router Setup Manual. The default ADSL settings of your modem router work fine for most ISPs. However, some ISPs use a specific multiplexing method and virtual circuit number for the virtual path identifier (VPI) and virtual channel identifier (VCI).
Chapter 2 Wireless Configuration This chapter describes how to configure the wireless features of your ADSL2+ Modem Wireless Router. In planning your wireless network, consider the level of security required. You should also select the physical placement of your modem router to maximize the network speed. Note: If you are configuring the modem router from a wireless PC and you change the modem router’s SSID, channel, or wireless security settings, you will lose your wireless connection when you click Apply.
ADSL2+ Modem Wireless Router DG834G Reference Manual Wireless Placement and Range Guidelines The range of your wireless connection can vary significantly based on the physical placement of the modem router. The latency, data throughput performance, and notebook power consumption of wireless adapters also vary depending on your configuration choices.
Page 29
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. Select Wireless Settings from the main menu to display the Wireless Settings screen: Figure 2-1 The settings for this screen are explained in Table 2-1. 3. Select the region in which the modem router will operate. 4.
Page 30
Windows XP, but the data is still fully exposed to a determined snoop using specialized test equipment like wireless sniffers. For this reason NETGEAR recommends that you also enable wireless security. Wireless Isolation This feature is disabled by default.
Security Options • Disabled. You can use this setting to establish wireless connectivity before implementing wireless security. NETGEAR strongly recommends that you implement wireless security. • WEP (Wired Equivalent Privacy). WEP security uses encryption keys and data encryption for data security. You can select 64-bit or 128-bit encryption.
Page 32
ADSL2+ Modem Wireless Router DG834G Reference Manual There are several ways you can enhance the security of your wireless network: Figure 2-2 • Restrict Access Based on MAC Address. You can allow only trusted PCs to connect so that unknown PCs cannot wirelessly connect to the modem router. Restricting access by MAC address adds an obstacle against unwanted access to your network, but the data broadcast over the wireless link is fully exposed.
ADSL2+ Modem Wireless Router DG834G Reference Manual Wireless Station Access Control By default, any wireless PC that is configured with the correct SSID and wireless security settings is allowed access to your wireless network. You can use Wireless Access Point settings in the Wireless Setting screen to further restrict wireless access to your network: Figure 2-3 •...
ADSL2+ Modem Wireless Router DG834G Reference Manual Restricting Access by MAC Address For increased security, you can restrict access to the wireless network to allow only specific PCs based on their MAC addresses. You can restrict access to only trusted PCs so that unknown PCs cannot wirelessly connect to the ADSL2+ Modem Wireless Router.
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. Adjust the list as needed for your network. You can add devices to the Trusted Wireless Stations list using either of the following methods: • If the computer is in the Available Wireless Stations table, select the radio button of that computer to capture its MAC address.
Page 36
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. In the Security Options section, select the WEP (Wired Equivalent Privacy) radio button: Figure 2-5 4. Select the Authentication Type: Automatic, Open System, or Shared Key. The default is Open System. Note: The authentication scheme is separate from the data encryption. You can select an authentication scheme that requires a shared key but still leaves the data transmissions unencrypted.
ADSL2+ Modem Wireless Router DG834G Reference Manual • Key 1-Key4. These values are not case-sensitive. You can manually enter the four data encryption keys. These values must be identical on all computers and access points in your network. Enter 10 hexadecimal digits (any combination of 0 9, a f, or A –...
Page 38
ADSL2+ Modem Wireless Router DG834G Reference Manual • Radius Port. Port number of the Radius server. The default is 1812. • Shared Key. This is shared between the wireless access point and the Radius server during authentication. 7. To save your settings, click Apply. 2-12 Wireless Configuration v2.0, September 2007...
Note: The user name and password are not the same as a user name or password you might use to log in to your Internet connection. NETGEAR recommends that you change this password to a more secure password. The ideal password should contain no dictionary words from any language, and should be a mixture of both upper and lower case letters, numbers, and symbols.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. From the main menu, under the Maintenance heading, select Set Password to display the Set Password screen: Figure 3-2 3. To change the password, first enter the old password, and then enter the new password twice. 4.
ADSL2+ Modem Wireless Router DG834G Reference Manual Blocking Keywords, Sites, and Services The modem router provides a variety of options for blocking Internet-based content and communications services. With its content filtering feature, the modem router prevents objectionable content from reaching your PCs. You can control access to Internet content by screening for keywords within Web addresses.
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. To enable keyword blocking, select one of the following: • Per Schedule. Turn on keyword blocking according to the settings on the Schedule screen. • Always. Turn on keyword blocking all the time, independent of the setting in the Schedule screen.
ADSL2+ Modem Wireless Router DG834G Reference Manual You can define additional rules that will specify exceptions to the default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses, and time of day.
ADSL2+ Modem Wireless Router DG834G Reference Manual Inbound Rules (Port Forwarding) modem router Because the uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly access any of your local computers.
Page 45
ADSL2+ Modem Wireless Router DG834G Reference Manual • Action. Select when you want this type of traffic to be handled. You can block or allow always, or you can choose to block or allow according to the schedule you have defined in the Schedule screen.
ADSL2+ Modem Wireless Router DG834G Reference Manual Considerations for Inbound Rules If your external IP address is assigned dynamically by your ISP, the IP address might change periodically as the DHCP lease expires. Consider using the Dynamic DNS feature so that external users can always find your network.
Page 47
ADSL2+ Modem Wireless Router DG834G Reference Manual The following screen shows AIM selected in the Service list: Figure 3-7 The Outbound Services screen includes the following fields: • Service. Select the application or service from the drop-down list to be allowed or blocked. You can use the Add Custom Service feature to add any additional services or applications that are not in the list;...
ADSL2+ Modem Wireless Router DG834G Reference Manual Order of Precedence for Rules As you define new rules, they are added to the tables in the Firewall Rules screen, as shown: Figure 3-8 For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order shown in the rules table, beginning at the top and proceeding to the default rules at the bottom.
ADSL2+ Modem Wireless Router DG834G Reference Manual Defining Services To define a service: 1. Log in to the modem router at its default LAN address of http://192.168.0.1 with its default user name of admin default password of password, or using whatever password and LAN address you have chosen for the modem router.
Enabling daylight savings time causes 1 hour to be added to the standard time. 4. The modem router has a list of NETGEAR NTP servers. If you prefer to use a particular NTP server as the primary server, enter its IP address in the Use this NTP Server field.
ADSL2+ Modem Wireless Router DG834G Reference Manual Scheduling Firewall Services If you enabled services blocking in the Block Services screen or port forwarding in the Ports screen, you can set up a schedule for when blocking occurs or when access is not restricted. 1.
Page 52
ADSL2+ Modem Wireless Router DG834G Reference Manual 3-14 Protecting Your Network v2.0, September 2007...
Chapter 4 Managing Your Network This chapter describes how to perform network management tasks with your ADSL2+ Modem Wireless Router. Backing Up, Restoring, or Erasing Your Settings The configuration settings of the modem router are stored in a configuration file in the modem router.
The software of the modem router is stored in flash memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from the NETGEAR website. If the upgrade file is compressed (a .zip file), you must first extract the binary (.bin or .img) file before uploading it to the modem router.
ADSL2+ Modem Wireless Router DG834G Reference Manual Upgrading the Modem Router Firmware NETGEAR recommends that you back up your configuration before doing a firmware upgrade. After the upgrade is complete, you might need to restore your configuration settings. 1. Download and unzip the new software file from NETGEAR.
ADSL2+ Modem Wireless Router DG834G Reference Manual Network Management Information The modem router provides a variety of status and usage information which is discussed below. Viewing Modem Router Status and Usage Statistics From the main menu, below the Maintenance heading, select Router Status to view this screen. Figure 4-3 The Router Status screen provides status and usage information.
Page 57
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 4-1. Modem Router Status Fields (continued) Field Description ADSL Port MAC Address The Ethernet MAC address used by the ADSL port of the modem router. IP Address The IP address used by the ADSL port. If no address is shown, the modem router cannot connect to the Internet.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 4-1. Modem Router Status Fields (continued) Field Description Wireless Port Name (SSID) The service set ID, also known as the wireless network name. These are set in Region The country where the unit is set up for use. the Wireless Channel The current channel, which determines the operating...
ADSL2+ Modem Wireless Router DG834G Reference Manual This following table explains the statistic fields. Table 4-2. Router Statistics Fields Field Description WAN or LAN Port Status The link status of the port. The statistics for the TxPkts The number of packets transmitted on this port since reset or WAN (Internet) and manual clear.
ADSL2+ Modem Wireless Router DG834G Reference Manual This screen shows the following statistics: Table 4-3. Connection Status Fields for PPPoA Field Description Connection Time The time elapsed since the last connection to the Internet via the ADSL port. Connecting to The connection status.
ADSL2+ Modem Wireless Router DG834G Reference Manual Viewing, Selecting, and Saving Logged Information The modem router logs security-related events such as denied incoming service requests, hacker probes, and administrator logins. If you enabled content filtering in the Block Sites screen, the Logs screen can show you when someone on your network tries to access a blocked site.
Page 62
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 4-4. Security Log Entry Descriptions Field Description Source IP The IP address of the initiating device for this log entry. Source port and The service port number of the initiating device, and whether it interface originated from the LAN or WAN.
Following are examples of log messages. In all cases, the log entry shows the timestamp as: Day, Year-Month-Date Hour:Minute:Second. Activation and Administration Tue, 2002-05-21 18:48:39 - NETGEAR activated [This entry indicates a power-up or reboot with initial time entry.] Tue, 2002-05-21 18:55:00 - Administrator login successful - IP:192.168.0.2 Thu, 2002-05-21 18:56:58 - Administrator logout - IP:192.168.0.2...
ADSL2+ Modem Wireless Router DG834G Reference Manual Enabling Security Event E-mail Notification To receive logs and alerts by e-mail, you must provide your e-mail information in the E-mail screen: Figure 4-8 • Turn e-mail notification on. Select this check box if you want to receive e-mail logs and alerts from the modem router.
ADSL2+ Modem Wireless Router DG834G Reference Manual • Send alert immediately. Select the corresponding check box if you would like immediate notification of a significant security event, such as a known attack, port scan, or attempted access to a blocked site. •...
ADSL2+ Modem Wireless Router DG834G Reference Manual From the main menu, under the Maintenance heading, select Modem Router Diagnostics to display the Diagnostics screen: Figure 4-9 Enabling Remote Management Using the Remote Management screen, you can allow a user or users on the Internet to configure, upgrade, and check the status of your modem router.
Page 67
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. Under the Advanced heading of the main menu, select Remote Management to display the Remote Management screen: Figure 4-10 3. Select the Turn Remote Management On check box. 4. Specify which external addresses will be allowed to access the modem router’s remote management.
Page 68
ADSL2+ Modem Wireless Router DG834G Reference Manual When accessing your modem router from the Internet, you will type your modem router WAN IP address in your Internet browser address or location field, followed by a colon (:) and the custom port number. For example, if your external address is 134.177.0.123 and you use port number 8080, enter: http://134.177.0.123:8080 Note: In this case, you must include http:// in the address.
Chapter 5 Advanced Configuration This chapter describes how to configure the advanced features of your ADSL2+ Modem Wireless Router. Advanced Settings The ADSL2+ Modem Wireless Router provides a variety of advanced features, such as the following: • WAN Setup. • LAN TCP/IP settings •...
Page 70
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. From the main menu, select WAN Setup to display the WAN Setup screen: Figure 5-1 3. Make the changes that you want, and then click Apply to save the settings. The WAN Setup fields are described in the following table: Table 5-1.
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 5-1. WAN Setup Settings Setting Description Respond to Pin on Internet If you want the modem router to respond to a ping from the Internet, WAN Port select this check box. This should be used only as a diagnostic tool, since it allows your modem router to be discovered.
ADSL2+ Modem Wireless Router DG834G Reference Manual LAN IP Settings The LAN IP Setup screen allows configuration of LAN IP services such as DHCP and RIP. These features can be found under the Advanced heading in the modem router main menu. The modem router is shipped preconfigured to use private IP addresses on the LAN side, and to act as a DHCP server.
Page 73
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. Change the settings. For more information, see Table 5-2, “DHCP Settings” on page 5-6 “Reserved IP Addresses” on page 5-7. 3. Click Apply to save the changes. The LAN TCP/IP Setup parameters are explained in the following table. Table 5-2.
ADSL2+ Modem Wireless Router DG834G Reference Manual DHCP Settings By default, the modem router functions as a Dynamic Host Configuration Protocol (DHCP) server, allowing it to assign IP, DNS server, and default gateway addresses to all computers connected to the modem router’s LAN. The assigned default gateway address is the LAN address of the router. IP addresses is assigned to the attached PCs from a pool of addresses specified in this screen.
ADSL2+ Modem Wireless Router DG834G Reference Manual Reserved IP Addresses When you specify a reserved IP address for a computer on the LAN, that computer always receives the same IP address each time it access the router’s DHCP server. Reserved IP addresses should be assigned to servers that require permanent IP settings.
ADSL2+ Modem Wireless Router DG834G Reference Manual The router contains a client that can connect to a Dynamic DNS service provider. To use this feature, you must select a service provider and obtain an account with them. After you have configured your account information in the router, whenever your ISP-assigned IP address changes, your router will automatically contact your Dynamic DNS service provider, log in to your account, and register your new IP address.
ADSL2+ Modem Wireless Router DG834G Reference Manual 6. Fill in the Host Name, User Name, and Password fields. The dynamic DNS service provider may call the host name a domain name. If your URL is myName.dyndns.org, then your host name is myName. The password can be a key for your dynamic DNS account.
ADSL2+ Modem Wireless Router DG834G Reference Manual In this example: • The Destination IP Address and IP Subnet Mask fields specify that this static route applies to all 134.177.x.x addresses. • The Modem Router IP Address fields specifies that all traffic for these addresses should be forwarded to the ISDN router at 192.168.0.100.
ADSL2+ Modem Wireless Router DG834G Reference Manual 4. Fill in or change the fields: • Route Name. The route name is for identification purposes only. • Private. Select this check box if you want to limit access to the LAN only. The static route will not be reported in RIP.
Page 80
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. Fill in the settings on the UPnP screen: • Turn UPnP On. UPnP can be enabled or disabled for automatic device configuration. The default setting for UPnP is enabled. If disabled, the modem router will not allow any device to automatically control the resources, such as port forwarding (mapping), of the modem router.
ADSL2+ Modem Wireless Router DG834G Reference Manual Wireless Bridging and Repeating You can build large bridged wireless networks by using the modem router to configure a wireless distribution system (WDS). Here are some examples of wireless bridged configurations: • Point-to-Point bridge. The modem router communicates with another bridge-mode wireless station.
ADSL2+ Modem Wireless Router DG834G Reference Manual Point-to-Point Bridge Configuration In Point-to-Point Bridge mode, the DG834G v4 modem router communicates as an access point with another bridge-mode wireless station. As a bridge, wireless client associations are disabled— only wired clients can be connected. You must enter the MAC address of the other bridge-mode wireless station in the field provided.
ADSL2+ Modem Wireless Router DG834G Reference Manual Multi-Point Bridge Configuration Multi-Point Bridge mode allows a modem router to bridge to multiple peer access points simultaneously. As a bridge, wireless client associations are disabled—only wired clients can be connected. Multi-Point Bridge mode configuration includes the following steps: •...
ADSL2+ Modem Wireless Router DG834G Reference Manual • Configure the access point (AP3) on LAN Segment 3 in Point-to-Point Bridge mode with the remote MAC address of the DG834G v4 modem router. 2. Disable the DHCP server on AP2 and AP3. AP1 will then be the DHCP server. 3.
Page 85
ADSL2+ Modem Wireless Router DG834G Reference Manual • You cannot configure a sequence of parent/child APs. You are limited to only one parent AP, although if the DG834G v4 is the parent AP it can connect with up to four child APs. The following figure shows an example of a Repeater Mode configuration.
Page 86
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. Verify connectivity across the LANs. A computer on any LAN segment should be able to connect to the Internet or share files and printers with any other PCs or servers connected to any of the three WLAN segments.
“Setting Up a Client-to-Gateway VPN Configuration” on page 6-5 provides the steps needed to configure a VPN tunnel between a remote PC and a network gateway using the VPN Wizard and the NETGEAR ProSafe VPN Client. • “Setting Up a Gateway-to-Gateway VPN Configuration” on page 6-18 provides the steps needed to configure a VPN tunnel between two network gateways using the VPN Wizard.
Figure 6-2 A VPN between two or more NETGEAR VPN-enabled routers is a good way to connect branch or home offices and business partners over the Internet. VPN tunnels also enable access to network resources across the Internet.
ADSL2+ Modem Wireless Router DG834G Reference Manual Planning a VPN When you set up a VPN, it is helpful to plan the network configuration and record the configuration parameters on a worksheet: Table 6-1. VPN Tunnel Configuration Worksheet Connection Name: Pre-Shared Key: Secure Association -- Main Mode or Manual Keys: Perfect Forward Secrecy -- Enabled or Disabled:...
Page 90
ADSL2+ Modem Wireless Router DG834G Reference Manual • Will either endpoint use fully qualified domain names (FQDNs)? FQDNs supplied by Dynamic DNS providers (see “Using a Fully Qualified Domain Name (FQDN)” on page B-7) can allow a VPN endpoint with a dynamic IP address to initiate or respond to a tunnel request. Otherwise, the side using a dynamic IP address must always be the initiator.
VPN Tunnel 22.23.24.25 0.0.0.0 DG834G 192.168.3.1 (Running NETGEAR ProSafe VPN Client) Figure 6-3 Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a network gateway involves these two steps: Virtual Private Networking v2.0, September 2007...
VPN Wizard to configure the VPN tunnel between the remote PC and network gateway. • “Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC” on page 6-9 shows how to configure the NETGEAR ProSafe VPN Client endpoint. Step 1: Configuring the Client-to-Gateway VPN Tunnel on the...
Page 93
ADSL2+ Modem Wireless Router DG834G Reference Manual 1. Log in to the modem router at its LAN address of http://192.168.0.1 with its default user name of admin and password of password. On the main menu, select VPN Wizard. The VPN Wizard screen displays: Figure 6-4 2.
Page 94
ADSL2+ Modem Wireless Router DG834G Reference Manual The Summary screen displays: Figure 6-6 To view the VPNC-recommended authentication and encryption settings used by the VPN Wizard, click the here link. You can click Back to return to the Summary screen. Figure 6-7 Virtual Private Networking v2.0, September 2007...
PC running the client has a dynamically assigned IP address. The PC must have the NETGEAR ProSafe VPN Client program installed that supports IPSec. Go to the NETGEAR website (http://www.netgear.com) for information about how to purchase the NETGEAR ProSafe VPN Client.
Page 96
ADSL2+ Modem Wireless Router DG834G Reference Manual If you do not have a modem or dial-up adapter installed in your PC, you might see the warning message stating “The NETGEAR ProSafe VPN Component requires at least one dial-up adapter be installed.” You can disregard this message.
Page 97
Figure 6-10. 3. Configure the security policy in the NETGEAR ProSafe VPN Client software: a. In the Network Security Policy list, expand the new connection by double-clicking its name or clicking the + symbol. My Identity and Security Policy subheadings appear below the connection name.
Page 98
ADSL2+ Modem Wireless Router DG834G Reference Manual c. In the Select Phase 1 Negotiation Mode section of the screen, select the Main Mode radio button. 4. Configure the VPN client identity. In this step, you provide information about the remote VPN client PC. You must provide the pre-shared key that you configured in the DG834G v4 and either a fixed IP address or a fixed virtual IP address of the VPN client PC.
Page 99
ADSL2+ Modem Wireless Router DG834G Reference Manual e. In the My Identity section of the screen, click the Pre-Shared Key button. The Pre-Shared Key screen displays: Figure 6-12 Click Enter Key. Enter the DG834G v4 pre-shared key, and then click OK. In this example, 12345678 is entered.
Page 100
ADSL2+ Modem Wireless Router DG834G Reference Manual c. In the Authentication Method drop-down list, select Pre-Shared key. d. In the Encrypt Alg drop-down list, select the type of encryption that is configured for the Encryption Protocol in the DG834G v4 in Table 6-3 on page 6-6.
Page 101
To check the VPN Connection, you can initiate a request from the remote PC to the DG834G v4 modem router’s network by using the Connect option in the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client reports the results of the attempt to connect. Since the remote PC has a dynamically assigned WAN IP address, it must initiate the request.
Page 102
You can view information about the progress and status of the VPN client connection by opening the NETGEAR ProSafe Log Viewer. To launch this function, click the Windows Start button, then select Programs > NETGEAR ProSafe VPN Client > Log Viewer. The Log Viewer screen for a successful connection is...
Page 103
ADSL2+ Modem Wireless Router DG834G Reference Manual 9. The Connection Monitor screen for this connection is shown in the following figure: Figure 6-18 In this example you can see these settings: • The DG834G v4 has a GW Address (public IP WAN address) of 22.23.24.25. •...
ADSL2+ Modem Wireless Router DG834G Reference Manual Setting Up a Gateway-to-Gateway VPN Configuration Note: This section describes how to use the VPN Wizard to set up the VPN tunnel using the VPNC default parameters listed in Table 6-2 on page 6-4.
Page 105
255.255.255.0 22.23.24.25 Note: The LAN IP address ranges of each VPN endpoint must be different. The connection will fail if both are using the NETGEAR default address range of 192.168.0.x. To configure a gateway-to-gateway VPN tunnel using the VPN Wizard:...
Page 106
ADSL2+ Modem Wireless Router DG834G Reference Manual 1. Log in to the DG834G v4 on LAN A at its default LAN address of http://192.168.0.1 with its default user name of admin and password of password. Select VPN Wizard on the main menu.
Page 107
ADSL2+ Modem Wireless Router DG834G Reference Manual 3. Fill in the connection name and pre-shared key fields. Select the radio button for the type of target end point, and then click Next to proceed. The Step 2 of 3 screen displays: Enter the WAN IP address of the remote VPN gateway: (for example, 22.23.24.25) Figure 6-22...
Page 108
ADSL2+ Modem Wireless Router DG834G Reference Manual The VPN Wizard Summary screen displays: Figure 6-24 To view the VPNC-recommended authentication and encryption settings used by the VPN Wizard, click the here link (see Figure 6-24). You can click Back to return to the Summary screen.
Page 109
ADSL2+ Modem Wireless Router DG834G Reference Manual 6. Click Done on the Summary screen (see Figure 6-24) to complete the configuration procedure. The VPN Policies screen displays, showing that the new tunnel is enabled. Figure 6-26 Note: See “Using Auto Policy to Configure VPN Tunnels” on page 6-32 information about how to enable the IKE keepalive capability on an existing VPN tunnel.
Page 110
ADSL2+ Modem Wireless Router DG834G Reference Manual a. On the DG834G v4 main menu, select VPN Status. The VPN Status/Log screen displays: Figure 6-27 b. Click the VPN Status button to get the Current VPN Tunnels (SAs) screen: Figure 6-28 c.
ADSL2+ Modem Wireless Router DG834G Reference Manual VPN Tunnel Control Activating a VPN Tunnel There are three ways to activate a VPN tunnel: • Use the VPN Status screen. • Activate the VPN tunnel by pinging the remote endpoint. • Start using the VPN tunnel.
Page 112
PC to the DG834G v4’s network by using the Connect option in the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client reports the results of the attempt to connect. Since the remote PC has a dynamically assigned WAN IP address, it must initiate the request.
Page 113
ADSL2+ Modem Wireless Router DG834G Reference Manual c. Type ping -t 192.168.3.1, and then click OK. Running a ping test to the LAN from the PC Figure 6-31 This causes a continuous ping to be sent to the first DG834G v4. Within two minutes, the ping response should change from timed out to reply.
ADSL2+ Modem Wireless Router DG834G Reference Manual b. Type ping 192.168.3.1. Figure 6-33 Note: The pings may fail the first time. If so, then try the pings a second time. Start Using a VPN Tunnel to Activate It To use a VPN tunnel, use a Web browser to go to a URL whose IP address or range is covered by the policy for that VPN tunnel.
Page 115
ADSL2+ Modem Wireless Router DG834G Reference Manual This log shows the details of recent VPN activity, including the building of the VPN tunnel. If there is a problem with the VPN tunnel, refer to the log for information about what might be the cause of the problem.
ADSL2+ Modem Wireless Router DG834G Reference Manual Deactivating a VPN Tunnel Sometimes a VPN tunnel must be deactivated for testing purposes. You can deactivate a VPN tunnel from two places: • Policy table on VPN Policies screen • VPN Status screen Using the Policy Table on the VPN Policies Screen to Deactivate a VPN Tunnel To use the VPN Policies screen to deactivate a VPN tunnel: 1.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. On the main menu, select VPN Policies to display the VPN Policies screen. Figure 6-37 3. Click VPN Status. The Current VPN Tunnels (SAs) screen displays: Figure 6-38 4. Click Drop for the VPN tunnel that you want to deactivate. Deleting a VPN Tunnel To delete a VPN tunnel: 1.
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. On the main menu, select VPN Policies to display the VPN Policies screen. In the Policy Table, select the radio button for the VPN tunnel to be deleted, and then click Delete. Figure 6-39 Setting Up VPN Tunnels in Special Circumstances When the VPN Wizard and its VPNC defaults (see...
Page 119
ADSL2+ Modem Wireless Router DG834G Reference Manual Configuring VPN Network Connection Parameters All VPN tunnels on the modem router requires taht you configure several network parameters. This section describes those parameters and how to access them. The most common configuration scenarios will use IKE to manage the authentication and encryption keys.
Page 120
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 6-5. VPN-Auto Policy Screen Settings Fields and Settings Description General Policy Name Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. It is used only to help you manage the policies.
Page 121
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 6-5. VPN-Auto Policy Screen Settings (continued) Fields and Settings Description Remote LAN IP Address Single PC - no Subnet. Select this option if there is no LAN (only a The remote single PC) at the remote endpoint. If this option is selected, no VPN endpoint additional data is required.
Page 122
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 6-5. VPN-Auto Policy Screen Settings (continued) Fields and Settings Description Parameters Encryption The encryption algorithm used for both IKE and IPSec. This setting Algorithm must match the setting used on the remote VPN Gateway. DES and 3DES are supported.
Page 123
ADSL2+ Modem Wireless Router DG834G Reference Manual Example of Using Auto Policy Figure 6-41 To use Autho Policy: 1. Set the LAN IPs on each DG834G v4 modem router to different subnets and configure each properly for the Internet. The following settings are assumed for this example: Table 6-6.
Page 124
ADSL2+ Modem Wireless Router DG834G Reference Manual 2. On the main menu, select VPN Policies to display the VPN Policies screen: Figure 6-42 3. Click Add Auto Policy. The VPN Auto Policy screen displays: Figure 6-43 6-38 Virtual Private Networking v2.0, September 2007...
Page 125
ADSL2+ Modem Wireless Router DG834G Reference Manual 4. Enter these policy settings: Auto Policy Field Setting General Policy Name GtoG Remote VPN Endpoint Fixed Address Type Remote VPN Endpoint 22.23.24.25 Address Data Local LAN Use the default settings. Remote LAN IP Address Select Subnet address from the drop-down list.
Page 126
ADSL2+ Modem Wireless Router DG834G Reference Manual 6. Repeat these steps for the DG834G v4 on LAN B. Pay special attention to the following network settings: • General, Remote Address Data (for example, 14.15.16.17) • Remote LAN, Start IP Address –...
ADSL2+ Modem Wireless Router DG834G Reference Manual Using Manual Policy to Configure VPN Tunnels As an alternative to IKE, you may use manual keying, in which you must specify each phase of the connection. A manual VPN policy requires all settings for the VPN tunnel to be manually input at each end (both VPN endpoints).
Page 128
ADSL2+ Modem Wireless Router DG834G Reference Manual he following table explains the fields in the VPN Manual Policy screen. Table 6-7. VPN Manual Policy Fields and Settings Fields and Settings Description General Policy Name Enter a unique name to identify this policy. This name is not The DG834G v4 VPN supplied to the remote VPN endpoint.
Page 129
ADSL2+ Modem Wireless Router DG834G Reference Manual Table 6-7. VPN Manual Policy Fields and Settings (continued) Fields and Settings Description Remote LAN IP Address Single PC - no Subnet. Select this option if there is no LAN The remote VPN (only a single PC) at the remote endpoint.
Chapter 7 Troubleshooting This chapter gives information about troubleshooting your ADSL2+ Modem Wireless Router. After each problem description, instructions are provided to help you diagnose and solve the problem. For the common problems listed, go to the section indicated. • Is the router on? •...
• Check that you are using the 12V DC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should contact technical support.
ADSL2+ Modem Wireless Router DG834G Reference Manual Troubleshooting Access to the Modem Router Main Menu If you are unable to access the modem router main menu from a computer on your local network, check the following: • If you are using an Ethernet-connected computer, check the Ethernet connection between the computer and the router as described in the previous section.
ADSL2+ Modem Wireless Router DG834G Reference Manual Troubleshooting the ISP Connection ADSL Link If your router is unable to access the Internet, you should first determine whether you have a DSL link with the service provider. The state of this connection is indicated with the DSL LED. ADSL Link If your router is unable to access the Internet, you should first determine whether you have an ADSL link with the service provider.
ISP. You can determine whether the request was successful using the browser interface. To check the WAN IP address from the browser interface: 1. Launch your browser, and select an external site such as www.netgear.com. 2. Access the modem router main menu at http://192.168.0.1.
ADSL2+ Modem Wireless Router DG834G Reference Manual – Configure your router to spoof your computer’s MAC address. This can be done in the Basic Settings screen. Troubleshooting PPPoE or PPPoA The PPPoA or PPPoA connection can be debugged as follows: 1.
ADSL2+ Modem Wireless Router DG834G Reference Manual Troubleshooting a TCP/IP Network Using the Ping Utility Most TCP/IP terminal devices and routers contain a ping utility that sends an echo request packet to the designated device. The device then responds with an echo reply. Troubleshooting a TCP/IP network is made very easy by using the ping utility in your computer.
ADSL2+ Modem Wireless Router DG834G Reference Manual Testing the Path from Your Computer to a Remote Device After verifying that the LAN path works correctly, test the path from your PC to a remote device. 1. From the Windows toolbar, click the Start button, and select Run. 2.
ADSL2+ Modem Wireless Router DG834G Reference Manual Using the Reset Button To restore the factory default configuration settings without knowing the administration password or IP address, you must use the reset button on the rear panel of the router. 1. Press and hold the reset button until the Power LED turns red (about 6 seconds). 2.
Appendix A Technical Specifications This appendix provides technical specifications for the 54 Mbps ADSL2+ Modem Wireless Router Model DG834G. Network Protocol and Standards Compatibility Data and Routing Protocols: TCP/IP, RIP-1, RIP-2, DHCP, PPPoE, PPPoA, or PPTP, RFC 1483 Bridged or Routed Ethernet, and RFC 1577 Classical IP over ATM Power Adapter North America: 120V AC, 60 Hz, input...
NETGEAR VPN Configuration DG834G v4 to FVL328 This appendix is a case study on how to configure a secure IPSec VPN tunnel from a NETGEAR DG834G v4 to a FVL328. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html).
Page 144
10.5.6.1 172.23.9.1 FVL328 DG834G Figure B-1 Note: Product updates are available on the NETGEAR website at http://www.netgear.com. Step-By-Step Configuration 1. Configure the DG834G v4 as in the gateway-to-gateway procedures using the VPN Wizard (see “Setting Up a Gateway-to-Gateway VPN Configuration” on page 6-18), being certain to use appropriate network addresses for the environment.
Page 145
ADSL2+ Modem Wireless Router DG834G Reference Manual Click VPN Policies under the Advanced - VPN heading to display this screen. 10.5.6.1 172.23.9.1 toFVL328 toFVL328 22.23.24.25 10 10 Figure B-2 NETGEAR VPN Configuration v2.0, September 2007...
Page 146
Enter the following: • IP Address: 10.5.6.1 • Subnet Mask: 255.255.255.0 toDG834 toDG834 22.23.24.25 14.15.16.17 22.23.24.25 Select IKE Policies under the VPN heading to display the IKE Policy Configuration screen. 14.15.16.17 Figure B-3 NETGEAR VPN Configuration v2.0, September 2007...
Page 147
3. Test the VPN tunnel by pinging the remote network from a PC attached to the DG834G v4. a. Open the command prompt (Start > Run > cmd) b. Type ping 172.23.9.1 Figure B-5 Note: The pings might fail the first time. If this happens, try the pings a second time. NETGEAR VPN Configuration v2.0, September 2007...
DG834G v4 with FQDN to FVL328 This section is a case study on how to configure a VPN tunnel from a NETGEAR DG834G v4 to a FVL328 using a fully qualified domain name (FQDN) to resolve the public address of one or both routers.
ADSL2+ Modem Wireless Router DG834G Reference Manual Note: Product updates are available on the NETGEAR website at http://www.netgear.com. Using a Fully Qualified Domain Name (FQDN) Many ISPs (Internet Service Providers) provide connectivity to their customers using dynamic instead of static IP addressing. This means that a user’s IP address does not remain constant over time, which presents a challenge for gateways attempting to establish VPN connectivity.
Page 150
• In the User Name field enter the account user name. • In the Password field enter the account password. c. Click Show Status. The resulting screen should show Update OK: good: Figure B-8 NETGEAR VPN Configuration v2.0, September 2007...
Page 151
Configure the appropriate account and host name settings, and then click Apply. • In the Host and Domain Name field enter fvl328.dyndns.org. • In the User Name field enter the account user name. • In the Password field enter the account password. NETGEAR VPN Configuration v2.0, September 2007...
Page 152
Enter toDG834 for the Connection Name. b. Enter dg834g.dyndns.org for the remote WAN's IP address. c. Enter the following: • IP Address: 10.5.6.1 • Subnet Mask: 255.255.255.0 B-10 NETGEAR VPN Configuration v2.0, September 2007...
Figure B-13 Setting Up the Client-to-Gateway VPN Configuration (Telecommuter Example) Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a network gateway involves two steps: • Step 1: Configuring the Client-to-Gateway VPN Tunnel on the VPN Router at the Employer’s Main Office.
Page 155
Address Reservation set and VPN Passthrough enabled) Main Mode Fully Qualified Domain Name fromDG834G.com (in this example) Fully Qualified Domain Name toDG834G.com (in this example) 3DES 12345678 (in this example) 3600 Figure B-14 NETGEAR VPN Configuration B-13 v2.0, September 2007...
The PC must have a VPN client program installed that supports IPSec (in this case study, the NETGEAR VPN ProSafe Client is used). Go to the NETGEAR website (http://www.netgear.com) for information about how to purchase the NETGEAR ProSafe VPN Client.
Page 157
Double-click the system tray icon to open the Security Policy Editor. 2. Add a new connection. a. Run the NETGEAR ProSafe Security Policy Editor program, and create a VPN Connection. b. From the Edit menu of the Security Policy Editor, click Add, and then click Connection.
Page 158
3. Configure the Security Policy in the ADSL2+ Modem Wireless Router software. a. In the Network Security Policy list, expand the new connection by double-clicking its name or clicking on the + symbol. My Identity and Security Policy appear below the connection name. B-16 NETGEAR VPN Configuration v2.0, September 2007...
Page 159
In this step, you provide information about the remote VPN client PC. You must provide the pre-shared key that you configured in the DG834G v4 and either a fixed IP address or a fixed virtual IP address of the VPN client PC. NETGEAR VPN Configuration B-17 v2.0, September 2007...
Page 160
Click the Pre-Shared Key button. Figure B-20 In the Pre-Shared Key screen, click Enter Key. Enter the DG834G v4’s pre-shared key and click OK. In this example, 12345678 is entered. This field is case-sensitive. B-18 NETGEAR VPN Configuration v2.0, September 2007...
Page 161
6. Configure the VPN Client Key Exchange Proposal. In this step, you provide the type of encryption (DES or 3DES) to be used for this connection. This selection must match your selection in the VPN router configuration. NETGEAR VPN Configuration B-19 v2.0, September 2007...
Page 162
After you have configured and saved the VPN client information, your PC automatically opens the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router’s LAN. B-20 NETGEAR VPN Configuration v2.0, September 2007...
Page 163
To perform a ping test using this example, start from the remote PC: a. Establish an Internet connection from the PC. b. On the Windows taskbar, click the Start button, and then click Run. c. Type ping -t 192.168.0.1, and then click OK. Figure B-24 NETGEAR VPN Configuration B-21 v2.0, September 2007...
ADSL2+ Modem Wireless Router Model DG834G > Log Viewer. Note: Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel. B-22 NETGEAR VPN Configuration v2.0, September 2007...
Page 165
Internet access. Viewing the VPN Router’s VPN Status and Log Information To view information about the status of the VPN client connection, open the VPN router’s VPN Status screen by following these steps: NETGEAR VPN Configuration B-23 v2.0, September 2007...
Page 166
1. On the modem router main menu, select Router Status, and then click the VPN Status button. The VPN Status/Log screen for a connection is shown below: Figure B-27 2. To view the VPN tunnels status, click VPN Status. Figure B-28 B-24 NETGEAR VPN Configuration v2.0, September 2007...
Page 167
Appendix C Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and TCP/IP http://documentation.netgear.com/reference/enu/tcpip/index.htm Addressing Wireless Communications http://documentation.netgear.com/reference/enu/wireless/index.htm Preparing a Computer for http://documentation.netgear.com/reference/enu/wsdhcp/index.htm...
Page 168
ADSL2+ Modem Wireless Router DG834G Reference Manual Related Documents v2.0, September 2007...