NETGEAR, Inc. Technical Support Thank you for choosing NETGEAR. To register your product, get the latest product updates, get support online, or for more information about the topics covered in this manual, visit the Support website at http://support.netgear.com.
Contents Chapter 1 Hardware Setup Unpack Your New Router........8 Hardware Features.
Page 4
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Wireless Security Options ........32 Add Clients (Devices) to Your Network .
Page 5
Step 1: Configure the Client-to-Gateway VPN Tunnel ... . .103 Step 2: Configure the NETGEAR ProSafe VPN Client... . .106 Set Up a Gateway-to-Gateway VPN Configuration .
Page 6
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Use Auto Policy to Configure VPN Tunnels ..... 124 Use Manual Policy to Configure VPN Tunnels ....131 Chapter 9 Troubleshooting Troubleshooting with the LEDs .
Hardware Setup Getting to know your modem router The NETGEAR N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B offers dual-band technology and ensures top speeds and the greatest range for demanding applications, such as streaming HD video and multiplayer gaming. Complete with a built-in ADSL modem, it is compatible with all major ADSL Internet service providers.
Installation guide with cabling and router setup instructions • If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Hardware Features Before you cable your router, take a moment to become familiar with the label and the front and back panels. Pay particular attention to the LEDs on the front panel.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Front Panel LEDs The following table describe the LEDs on the front panel from top to bottom. Table 1. LED Descriptions Description • Solid green. You have an Internet connection. If this connection is dropped due to an idle time-out but the connection is still present, the light stays green.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Back Panel The back panel has the Power On/Off button and port connections shown in the figure: 1. ADSL line 2. Gigabit port for connecting to external cable/fiber modem 3. Gigabit Ethernet ports 4.
If you use multiple access points, set up adjacent access points with different radio frequency channels to reduce interference. NETGEAR recommends five channels of spacing for adjacent access points (for example, use Channels 1 and 6, or 6 and 11).
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B ADSL Microfilters If this is the first time you cable a modem router between an ADSL phone line and your computer, you might not be familiar with ADSL microfilters. If you are, you can skip this section and proceed to on page 14.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Summary One-line ADSL microfilter (not included). Use with a phone or fax machine. • Splitter (not included). Use with a one-line ADSL microfilter to share an outlet with a • phone and the modem router.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Verify the Cabling Verify that your router is cabled correctly by checking the modem router LEDs. Turn on the modem router by pressing the Power On/Off button on the back. The Power LED is green when the modem router is turned on.
Router Internet Setup Connecting to the network This chapter explains how to set up your Internet connection using one of two methods: Setup Wizard or manual setup. If you have already set up your router using one of these methods, the initial router setup is complete.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Router Setup Preparation You can set up your modem router with the Setup Wizard as described in Setup Wizard page 21 or manually as described in on page 22. However, Manual Setup (Basic Settings) before you start the setup process, you need to have your ISP information on hand and make sure the computers, and other devices in the network have the settings described here.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B longer need to launch the ISP’s login program on your computer to access the Internet. When you start an Internet application, your modem router automatically logs you in. Active Internet service provided by an ADSL account •...
URL, your computer might need a minute or two to recognize the LAN connection. Relaunch your browser and try again. If you are having trouble accessing the router wirelessly, NETGEAR recommends that during setup you use an Ethernet cable to connect your computer so that you can log in to the modem router.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Router Interface The router interface gives you access to the router’s current settings so you can view or change them (if needed). The left column has the router menus, and the right column provides online help.
Chapter 8, Virtual Private this menu requires a solid understanding of networking concepts. Web Support Go to the NETGEAR support site to get information, help, and product documentation. These links work once you have an Internet connection. Setup Wizard You have to log in to the modem router to set the country, language, and Internet connection.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B You are prompted to change the administrator password: Enter the current password, and then enter the new password and click Next. With automatic Internet detection, the Setup Wizard searches your Internet connection for servers and protocols to determine your ISP configuration.
If no login is required, you can specify the MAC Address setting. Click Apply to save your settings. Click Test to test your Internet connection. If the NETGEAR website does not appear within 1 minute, and see on page 134.
Page 24
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Domain Name (If required). Enter the domain name provided by your ISP. • When your ISP requires a login, these fields display: Encapsulation. Encapsulation is a method for enclosing multiple protocols. PPP stands for Point-to-Point Protocol.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B NAT (Network Address Translation). NAT automatically assigns private IP addresses (10.1.1.x) to LAN-connected devices. Enable. Usually NAT is enabled. • Disable. This disables NAT, but leaves the firewall active. Disable NAT only if you are •...
Page 26
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To enter a multiplexing method or VPI/VCI number (if provided by the ISP): Select Setup > ADSL Settings to display the following screen: In the Internet Service Provider drop-down list, select your ISP.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Unsuccessful Internet Connection Review your settings to be sure you have selected the correct options and typed everything correctly. Contact your ISP to verify that you have the correct configuration information.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The administrator’s login to the modem router configuration times out after a period of inactivity to prevent someone else from accessing the router interface when you step away. Click Apply to save your changes.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Wireless Adapter Compatibility A wireless adapter is the wireless radio in your computer or wireless device that lets it connect to a wireless network. Most computers or wireless devices come with an adapter already installed, but if it is outdated or slow, you can purchase a USB adapter to plug into a USB port.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Wireless Security Basics Unlike wired network data, wireless data transmissions extend beyond your walls and can be received by any device with a compatible wireless adapter (radio). For this reason, it is very important to maintain the preset security and understand the other security features available to you.
Then it dynamically varies the encryption key. WPS-PSK + WPA2-PSK mixed mode is the preconfigured security mode on the modem router. NETGEAR recommends mixed mode because it provides broader support for all wireless clients. WPA2-PSK clients get higher speed and security, and WPA-PSK clients get decent speed and security.
WEP security does not support WPS. If you try to use WPS to connect a WEP device to your network, it cannot connect. 1. For a list of other Wi-Fi-certified products available from NETGEAR, go to http://www.wi-fi.org...
Page 34
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B WPS (Push Connect) Method If your wireless device supports WPS (Push 'N' Connect), follow these steps: Press the WPS button on the router front panel Within 2 minutes, press the WPS button on your wireless device, or follow the WPS instructions that came with the device.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Wireless Settings The Wireless Settings screen lets you view or configure the wireless network configuration. Once you have established basic wireless connectivity, you can enable security settings appropriate to your needs.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Make any changes that are needed, and click Apply when done to save your settings. The screen sections, settings, and procedures are explained in the following sections. After you finish adjusting settings and click Apply, configure and test your computers for wireless connectivity: a.
Page 37
To set up WEP: WEP is a legacy security setting. NETGEAR recommends that you use WPA2 or WPA security unless you have legacy wireless equipment that supports only WEP. WEP encryption is available only when the Mode setting is Up to 54 Mbps.
Page 38
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Manual. The number of hexadecimal digits that you enter depends on the encryption • strength setting: For 64-bit WEP, enter 10 hexadecimal digits (any combination of 0–9, a–f, or A–F). For 128-bit WEP, enter 26 hexadecimal digits (any combination of 0–9, a–f, or A–F).
Content Filtering Keeping unwanted content out of your network This chapter explains how to use the basic firewall features of the modem router to prevent objectionable content from reaching the computers and other devices connected to your network. This chapter contains the following sections: •...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Keyword Blocking of HTTP Traffic Use keyword blocking to prevent certain types of HTTP traffic from accessing your network. The blocking can be always or according to a scheduled. To set up keyword blocking: Select Content Filtering >...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To specify a trusted computer: In the Trusted IP Address field, enter the IP address. Click Apply to save your changes. Firewall Rules to Control Network Access By default your router blocks any inbound traffic from the Internet to your computers except for replies to your outbound traffic.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Your router creates an entry in its internal session table describing this communication session between your computer and the web server at www.example.com. Before sending the web page request message to www.example.com, your router stores the original...
Page 43
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B (such as FTP and IRC servers) send replies back to multiple port numbers. Using the port triggering function of your router, you can tell the router to open additional incoming ports when a particular outgoing port originates a session.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Port Forwarding to Permit External Host Communications In both of the preceding examples, your computer initiates an application session with a server computer on the Internet. However, you might need to allow a client computer on the Internet to initiate a connection to a server computer on your network.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B How Port Forwarding Differs from Port Triggering The following points summarize the differences between port forwarding and port triggering: Port triggering can be used by any computer on your network, although only one •...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Select the Port Forwarding radio button as the service type. From the Service Name list, select the service or game that you will host on your network. If the service does not appear in the list, see on page 46.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Application Example: Making a Local Web Server Public If you host a web server on your local network, you can use port forwarding to allow web requests from anyone on the Internet to reach your web server.
Page 48
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To set up port triggering: Select Content Filtering > Port Forwarding/Port Triggering to display the following screen: Select the Port Triggering radio button to display the port triggering information. Clear the Disable Port Triggering check box.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B In the Service User field, select Any (the default) to allow this service to be used by any computer on the Internet. Otherwise, select Single address, and enter the IP address of one computer to restrict the service to a particular computer.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The modem router has a list of NETGEAR NTP servers. If you would prefer to use a particular NTP server as the primary server, select the Use this NTP Server check box, and enter its IP address.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Email Logs and Alerts To receive logs and alerts by email, provide your email information in the Email screen, and specify which alerts you want to receive and how often. ...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Send Logs According to this Schedule. Specifies how often to send the logs: Hourly, • Daily, Weekly, or When Full. Day for sending logs specifies which day of the week to send the log. This is relevant when the log is sent weekly.
Page 53
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B a. To delete all the log entries, click Clear Log. b. To see the most recent access attempts, click Refresh. c. To send the log file to your e-mail account, click Send Log. This feature is useful for testing your e-mail settings.
Network Maintenance Administering your network This chapter describes the modem router settings for administering and maintaining the router and home network. For security reasons, the modem router has its own user name Note: admin and its password that defaults to password. You can and should update your password regularly.
Upgrade the Router Firmware The modem router firmware (routing software) is stored in flash memory. By default, when you log in to your modem router, it checks the NETGEAR website for new firmware and alerts you if there is a newer version.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Automatic Firmware Checking On When automatic firmware checking is on, the modem router performs the check and notifies you if an upgrade is available or not as shown here. Figure 9. Firmware check notification screens ...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Manually Check for Firmware Upgrades You can use the Router Upgrade screen to manually check the NETGEAR website for newer versions of firmware for your product. WARNING! When uploading firmware to the modem router, do not interrupt the web browser by closing the window, clicking a link, or loading a new page.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Manage Configuration File The router configuration settings are stored in a configuration file (*.cfg). This file can be backed up to your computer, restored, or reverted to factory default settings. Back Up ...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B View Router Status Select Maintenance > Router Status to display the Router Status screen:. You can use the Router Status screen to check the current firmware, settings, and statistics for your router. If something needs to be changed, you have to change it on the relevant screen.
Page 60
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B MAC Address. The physical address of the router, as seen from the Internet. • IP Address. Current Internet IP address. If assigned dynamically, and no Internet • connection exists, this is blank or 0.0.0.0.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Show Statistics Button Click the Show Statistics button on the Router Status screen to display a screen similar to this: Figure 10. Router statistics screen Port. The statistics for the WAN (Internet), LAN (local), and wireless LAN (WLAN) ports.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Connection Status In the Router Status screen, click the Connection Status button to display a screen similar to this: Figure 11. Connection Status screen Connection Time. The time elapsed since the last connection to the Internet.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Run Diagnostic Utilities The modem router has a diagnostics feature that you can use to perform the following functions: Ping an IP address to test connectivity to see if you can reach a remote host.
USB Storage Adding removable storage to your network This chapter describes how to access and configure a USB storage drive attached to your modem router. The USB ports on the modem router can be used only to connect USB storage devices like flash drives or hard drives.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B USB Drive Requirements The modem router works with 1.0 and 1.1 (USB Full Speed) and 2.0 (USB High Speed) standards. The approximate USB bus speeds are shown in the following table.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B File-Sharing Scenarios You can share files on the USB drive for a wide variety of business and recreational purposes. The files can be any PC, Mac, or Linux file type including text files, Word, PowerPoint, Excel, MP3, pictures, and multimedia.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Sharing Large Files over the Internet Sending files that are larger than 5 MB can pose a problem for many email systems. The modem router allows you to share very large files such as PowerPoint presentations or .zip files over the Internet.
Page 68
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Folder Name. Full path of the used by the Network folder. • Volume Name. Volume name from the storage device (either USB drive or HDD). • Total/Free Space. Shows the current utilization of the storage device.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To access your USB device, click the share name or type \\readyshare in the address field of your Web browser. Network/device name: \\readyshare Share name: \\readyshare\USB_Storage If you logged in to the modem router before you connected your USB device, you might not see your USB device in the modem router screens until you log out and then log in again.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B USB Storage Advanced Settings To view or change advanced USB settings, select USB > Advanced Settings. The USB Storage (Advanced Settings) screen displays: You can use this screen to specify access to the USB storage device. The settings are as follows: Network Device Name.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Available Network Folders Folder Name. Full path of the Network folder. • Volume Name. Volume name from the storage device (either USB drive or HDD). • Total Free Space. The space currently available on the storage device.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Safely Remove USB Drive To unmount a USB disk drive so that no users can access it, from the USB Settings screen, click the Safely Remove USB button. This takes the drive offline.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Approved USB Devices (Advanced USB Settings) You can specify which USB devices are approved for use when connected to the modem router. To allow only approved USB devices to be accessed: Select Advanced >...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Connect to the USB Drive from a Remote Computer To connect to the USB drive from remote computers using a Web browser, you use the modem router’s Internet port IP address.
Page 75
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Configuring Windows 98SE and Windows ME The easiest way to get to your network properties is to go to your desktop, right-click Network Neighborhood and then select Properties. File and Printer Sharing for Microsoft Windows should be listed.
Advanced Settings Configuring for unique situations This chapter describes the advanced features of your modem router. The information is for users with a solid understanding of networking concepts who want to set the router up for unique situations such as when remote access from the Internet by IP or domain name is needed. This chapter contains the following sections: •...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B WAN Setup To make changes to the WAN setup: Select Advanced > WAN Setup to display the following screen: Enter the LAN Setup configuration and click Apply to save your changes.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B For security reasons, you should avoid using the default DMZ server Note: feature. When a computer is designated as the default DMZ server, it loses much of the protection of the firewall and is exposed to many exploits from the Internet.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B NAT Filtering This option determines how the router deals with inbound traffic. The Secured option provides a secured firewall to protect the computers on LAN from attacks from the Internet, but it might cause some Internet games, point-to-point applications, and multimedia applications no work.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Type the host name that your Dynamic DNS service provider gave you. The Dynamic DNS service provider might call this the domain name. If your URL is myName.dyndns.org, then your host name is myName.
Page 81
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To change the LAN settings: Select Advanced > LAN Setup. Enter the LAN Setup configuration and click Apply to save your changes. The default DHCP and TCP/IP values work for most users.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To reserve an IP address: Select Advanced > LAN Setup and click the Add button. In the IP Address field, type the IP address to assign to the computer or server. Choose an IP address from the router’s LAN subnet, such as 192.168.0.x.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Configure QoS for Internet Access To specify prioritization of traffic, you have to add or create a policy for the type of traffic. To configure QoS for Internet access: Select Advanced > QoS Setup.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To edit a rule, click Edit. To add a custom rule, click Add Priority Rule. Click Apply to save this rule to the QoS Policy list and return to the QoS Setup screen.
SSID and security key. NETGEAR does not recommend this. In addition, if this option is selected, some external registrars (e.g., Network Explorer on Vista Windows) might not see the router.
Page 86
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Wireless Station Access List Settings The Wireless Stations Access List lets you restrict access to your network to a specific list of devices based on their MAC addresses. This section explains how to set up the list.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Wireless Repeating Networks If you want to use the Wireless Repeating feature, you have to go to Note: the Wireless Settings screen and change the wireless security setting of the router to WEP or None, and you have to change the Channel field to a different setting than Auto, which is the default.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Enable Wireless Repeating Function. Select this check box if you want to use the • wireless repeating function. Disable Wireless Client Association. If your modem router is the repeater, selecting •...
Page 89
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Only wired clients can be connected. Use wireless security to protect this communication. The following figure shows an example of point-to-point bridge mode. Both access points (APs) are in point-to-point bridge mode.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Set Up a Multi-Point Bridge Multi-point bridge mode allows a router to bridge to multiple peer access points simultaneously. Wireless client associations are disabled. Only wired clients can be connected. DGND3800...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B e. Click Apply. Set up AP 2 and AP 3 to be wireless repeaters. a. In the Wireless Repeating Function screen for AP 2 and AP 3, select the Enable Wireless Repeating Function check box.
Page 92
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The following figure shows an example of a repeater mode configuration. Wireless computer associated with AP 1 Wireless computer associated with AP 2 AP 2 in repeater mode 192.168.0.1 Wireless PC...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The access points are on the same LAN. That is, the LAN IP addresses for the • access points are in the same network. If you are using DHCP, access point devices are set to Obtain an IP address •...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Web browser access usually uses the standard HTTP service port 80. For greater security, you can change it so the remote router interface uses a custom port by entering that number in the field provided. Choose a number between 1024 and 65535, but do not use the number of any common service port.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The Destination IP Address and IP Subnet Mask fields specify that this static route • applies to all 134.177.x.x addresses. The Gateway IP Address field specifies that all traffic for these addresses are to be •...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Click Apply to save your changes. The Static Routes table is updated to show the new entry. Universal Plug and Play Universal Plug and Play (UPnP) helps devices, such as Internet appliances and computers, access the network and connect to other devices as needed.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B and external) that device has opened. The UPnP Portmap Table also displays what type of port is opened and if that port is still active for each IP address. To save, cancel your changes, or refresh the table: To save the new settings to the modem router, click Apply.
Page 98
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B If you would like to record and restrict the volume of Internet traffic, select the Traffic volume control by radio button. You can select one of the following options for controlling the traffic volume: No Limit.
Virtual Private Networking Setting up secure encrypted communications This chapter describes how to use the virtual private networking (VPN) features of the modem router. VPN communications paths are called tunnels. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer. See Appendix B, VPN Configuration.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Overview of VPN Configuration Two common scenarios for VPN tunnels are between a remote computer and a network gateway, and between two or more network gateways. The modem router supports both types.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B A VPN between two or more NETGEAR VPN-enabled routers is a good way to connect branch or home offices and business partners over the Internet. VPN tunnels also enable access to network resources across the Internet. In this case, use gateways on each end of the tunnel to form the VPN tunnel endpoints.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Will either endpoint use fully qualified domain names (FQDNs)? FQDNs supplied by • Dynamic DNS providers (see on page 152) Use a Fully Qualified Domain Name (FQDN) can allow a VPN endpoint with a dynamic IP address to initiate or respond to a tunnel request.
Set Up a Client-to-Gateway VPN Configuration Setting up a VPN between a remote computer running the NETGEAR ProSafe VPN client and a network gateway involves two steps, described in the following sections: on page 103 describes how to use •...
Page 104
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Table 5. VPN tunnel configuration worksheet Parameter Value to Be Field Selection Entered Connection Name RoadWarrior Pre-Shared Key 12345678 Secure Association Main Mode Manual Keys Perfect Forward secrecy Enabled Disabled Encryption Protocol...
Page 105
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Click Next to proceed. Fill in the Connection Name and pre-shared key fields. The connection name is for convenience and does not affect how the VPN tunnel functions. Select the radio button for the type of target end point, and click Next.
VPN tunnel. Step 2: Configure the NETGEAR ProSafe VPN Client This section describes how to configure the NETGEAR ProSafe VPN client on a remote computer. These instructions assume that the computer running the client has a dynamically assigned IP address.
Page 107
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The computer has to have the NETGEAR ProSafe VPN Client program installed, which supports IPSec. Go to the NETGEAR website (http://www.netgear.com) for information about how to purchase the NETGEAR ProSafe VPN client.
Page 108
ID Type drop-down list. In this example, 22.23.24.25 is used. The resulting connection settings are shown in the figure that follows. Configure the security policy in the NETGEAR ProSafe VPN Client software: a. In the Network Security Policy list, expand the new connection by double-clicking its name or clicking the + symbol.
Page 109
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B b. Click the Security Policy subheading to view the Security Policy settings. Figure 19. Security Policy settings, Client-to-Gateway A c. In the Select Phase 1 Negotiation Mode section of the screen, select the Main Mode radio button.
Page 110
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B d. In the Internet Interface section of the screen, select the adapter that you use to access the Internet. If you have a dial-up Internet account, in the Name list, select PPP Adapter.
Page 111
To check the VPN connection, you can initiate a request from the remote computer to the modem router’s network by using the Connect option in the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client reports the results of the attempt to connect. Since the Virtual Private Networking...
Page 112
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B remote computer has a dynamically assigned WAN IP address, it has to initiate the request. To perform a ping test using our example, start from the remote computer: a. Establish an Internet connection from the computer.
Page 113
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To launch this function, click the Windows Start button, then select Programs > NETGEAR ProSafe VPN Client > Log Viewer. The VPN Status/Log screen for a successful connection is shown in the following figure:...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Set Up a Gateway-to-Gateway VPN Configuration This section describes how to use the VPN Wizard to set up the VPN tunnel using the VPNC default parameters listed in on page 102. If you have special requirements not...
Page 115
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The LAN IP address ranges of each VPN endpoint has to be Note: different. The connection fails if both are using the NETGEAR default address range of 192.168.0.x. To configure a gateway-to-gateway VPN tunnel using the VPN Wizard: Log in to Gateway A on LAN A.
Page 116
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The VPN Wizard Summary screen displays: To view the VPNC-recommended authentication and encryption settings used by the VPN Wizard, click the here link. Click Done on the Summary screen. The VPN Policies screen displays, showing that the new tunnel is enabled.
Page 117
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The VPN Status screen is only one of three ways to active a VPN Note: tunnel. See on page 118 for information Activate a VPN Tunnel about the other ways. a. Select Advanced > VPN Status. The VPN Status/Log screen displays: b.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B VPN Tunnel Control Activate a VPN Tunnel There are three ways to activate a VPN tunnel: Use the VPN Status screen. • Ping the remote endpoint. • Start using the VPN tunnel.
Page 119
Connect option in the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client reports the results of the attempt to connect. Since the remote computer has a dynamically assigned WAN IP address, it has to initiate the request.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B b. Type ping 192.168.3.1. The pings might fail the first time. If they do, then try the pings a Note: second time. Start Using a VPN Tunnel to Activate It To use a VPN tunnel, use a web browser to go to a URL whose IP address or range is covered by the policy for that VPN tunnel.
Page 121
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B On the VPN Status/Log screen, click VPN Status to display the Current VPN Tunnels (SAs) screen. This table lists the following data for each active VPN tunnel. SPI. Each SA has a unique SPI (security parameter index) for traffic in each direction.
Page 122
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To deactivate a VPN tunnel: Select Advanced > VPN Policies to display the VPN Policies screen: In the Policy Table, clear the Enable check box for the VPN tunnel that you want to deactivate, and then click Apply.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Click VPN Status. The Current VPN Tunnels (SAs) screen displays: Click Drop for the VPN tunnel that you want to deactivate. To delete a VPN tunnel: Select Advanced > VPN Policies to display the VPN Policies screen.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B between your modem router and the corresponding VPN endpoint gateway or client workstation. Use Auto Policy to Configure VPN Tunnels You need to configure matching VPN settings on both VPN endpoints. The outbound VPN settings on one end has to match to the inbound VPN settings on other end, and vice versa.
Page 125
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The DGND3800B VPN tunnel network connection fields are defined in the following table. Table 7. VPN - Auto Policy screen settings Fields and Settings Description General Policy Name Enter a unique name. This name is not supplied to the remote VPN endpoint.
Page 126
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Table 7. VPN - Auto Policy screen settings (Continued) Fields and Settings Description Direction This setting is used when the router determines if the IKE policy matches the current traffic. Select an option.
Page 127
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Table 7. VPN - Auto Policy screen settings (Continued) Fields and Settings Description Parameters SA Life Time The time interval before the SA (security association) expires. (It is (Continued) automatically reestablished as required.) While using a short time period (or data amount) increases security, it also degrades performance.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Example of Using Auto Policy The following settings are assumed for this example: Table 8. Gateway-to-gateway VPN tunnel configuration worksheet Parameter Value to Be Field Selection Entered Connection Name GtoG Pre-Shared Key...
Page 129
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Select Advanced > VPN Policies and click the Add Auto Policy button. The VPN - Auto Policy screen displays: Enter these policy settings: Auto Policy Field Description General Policy Name GtoG...
Page 130
Click Apply. The VPN Policies screen displays: Repeat these steps for the N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B on LAN B. Pay special attention to the following network settings: General, Remote Address Data (for example, 14.15.16.17) •...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B a. Select Advanced > VPN Status to display the VPN Status/Log screen. Then click VPN Status to display the Current VPN Tunnels (SAs) screen: b. Click Connect for the VPN tunnel that you want to activate. Review the VPN...
Page 132
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Select Advanced > VPN Policies, and then click the Add Manual Policy radio button to display the VPN - Manual Policy screen: The following table explains the fields in the VPN - Manual Policy screen.
Page 133
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Table 9. VPN Manual Policy fields and settings (Continued) Fields and Settings Description Local LAN IP Address Subnet Mask Enter the network mask. Single computer Select this option if there is no LAN (only a single computer) at the...
Diagnosing and solving problems This chapter provides information to help you diagnose and solve problems you might have with your modem router. If you do not find the solution here, check the NETGEAR support site at for product and contact information.
Check that the power cord is correctly connected to your router and the power supply • adapter is correctly connected to a functioning power outlet. Check that you are using the 12V DC power adapter supplied by NETGEAR for this • product.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B If the error persists, you could have a hardware problem and should contact NETGEAR technical support. Power LED Is Red When the router is turned on, it performs a power-on self-test. If the Power LED turns red after a few seconds or at any other time during normal operation, there is a fault within the router.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B No ISP Connection If your router cannot access the Internet, first check the ADSL connection, and then check the WAN TCP/IP connections. See on page 135 for the location Figure 21, Front panel LEDs of the LEDs.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Internet LED Is Red If the Internet LED is red, the device could not connect to the Internet. Verify the following: Check that your login credentials are correct. See • Log In to the N600 Modem Router page 18 for more information.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Debug PPPoE or PPPoA Debug the PPPoE or PPPoA connection as follows: Access the router menus at and log in. http://192.168.0.1 Under Maintenance, select Router Status. Click the Connection Status button.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B TCP/IP Network Not Responding Most TCP/IP terminal devices and routers have a ping utility for sending an echo request packet to the designated device. The device responds with an echo reply to tell whether a TCP/IP network is responding to requests.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Test the Path from Your Computer to a Remote Device After you verify that the LAN path works correctly, test the path from your computer to a remote device. In the Windows Run screen, type: ping -n 10 IP address where IP address is the IP address of a remote device such as your ISP’s DNS server.
To reload the firmware: If you already have the firmware file on your computer, go directly to step 2. If you do not have the firmware file on your computer, obtain the firmware from the NETGEAR support site at through another working Internet http://www.netgear.com/support...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Click Upgrade. A progress bar displays. The reload takes about 5 minutes to complete. When the firmware recovery is complete, the login screen displays so you can log in. Incorrect Date or Time Select Security >...
Supplemental Information This appendix includes the factory default settings and technical specifications for the N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B, and instructions for wall-mounting the unit. This appendix contains the following sections: • Factory Settings • Technical Specifications...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Factory Settings You can return the modem router to its factory settings. On the bottom of the modem router, use the end of a paper clip or some other similar object to press and hold the Restore Factory Settings button for at least 7 seconds.
Page 146
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Table 10. Factory settings description (Continued) Feature Default Behavior Firewall Inbound (communications coming in from Disabled (except traffic on port 80, the HTTP port) the Internet) Outbound (communications going out to...
VPN Configuration Case study on how to set up a VPN This appendix is a case study on how to configure a secure IPSec VPN tunnel from your modem router to a FVL328. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html).
Figure 23. VPNC example, network interface addressing Step-by-Step Configuration To configure a VPN tunnel: Use the VPN Wizard to configure Gateway A (DGND3800B) for a gateway-to-gateway tunnel (see on page 114), being Set Up a Gateway-to-Gateway VPN Configuration certain to use appropriate network addresses for the environment.
Page 150
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B On the Gateway B router menu, under VPN, select IKE Policies, and click the Edit button to display the IKE Policy Configuration screen: toGW_A 22.23.24.25 14.15.16.17 On Gateway B router menu, under VPN, select VPN Policies, and click the Edit button to...
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B b. Type ping 172.23.9. If the pings fail the first time, try the pings a second time. Modem Router with FQDN to Gateway B This section is a case study on how to configure a VPN tunnel from your modem router to a gateway using a fully qualified domain name (FQDN) to resolve the public address of one or both routers.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Table 13. Wireless modem router with FQDN to Gateway B profile summary (Continued) VPN Consortium Scenario Scenario 1 Gateway A Fully qualified domain name (FQDN) Gateway B FQDN Use a Fully Qualified Domain Name (FQDN) Many ISPs provide connectivity to their customers using dynamic instead of static IP addressing.
Page 153
• c. Click Apply. d. Click Show Status. The resulting screen should show Update OK: good: On NETGEAR Gateway B, configure the Dynamic DNS settings. Assume a correctly configured DynDNS account. a. Select Dynamic DNS. b. Select the DynDNS.org radio button.
Page 154
Click Apply. e. Click Show Status. The resulting screen should show Update OK: good: Configure the N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B as in the gateway-to-gateway procedures using the VPN Wizard (see Set Up a on page 114), being certain to use appropriate Gateway-to-Gateway VPN Configuration network addresses for the environment.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B The LAN addresses used in this example are as follows: Table 14. Device LAN IP Address LAN Subnet Mask DGND3800B 10.5.6.1 255.255.255.0 FVL328 172.23.6.1 255.255.255.0 a. For the connection name, enter toFVL328.
ProSafe VPN client) Figure 25. Telecommuter example Set Up Client-to-Gateway VPN (Telecommuter Example) Setting up a VPN between a remote computer running the NETGEAR ProSafe VPN client and a network gateway involves two steps, described in the following sections: on page 157.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Step 1: Configure Gateway A (VPN Router at Main Office) To configure a VPN tunnel: Log in to the VPN router. Select VPN Policies to display the VPN Policies screen. Click Add Auto Policy to proceed and enter the information.
The computer has to have a VPN client program installed that supports IPSec (in this case study, the NETGEAR VPN ProSafe Client is used). Go to the NETGEAR website (www.netgear.com) for information about how to purchase the NETGEAR ProSafe VPN Client.
Page 159
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Note: In this example, the connection name on the client side of the VPN tunnel is toGW_A. It does not have to match the VPN_client connection name used on the gateway side of the VPN tunnel because connection names do not affect how the VPN tunnel functions.
Page 160
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B a. In the Network Security Policy list, expand the new connection by double-clicking its name or clicking the + symbol. My Identity and Security Policy appear below the connection name. b. Click Security Policy to show the Security Policy screen.
Page 161
Click the Pre-Shared Key button. g. In the Pre-Shared Key screen, click Enter Key. Enter the N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B’s pre-shared key and click OK. In this example, 12345678 is entered, though the screen shows asterisks. This field is case-sensitive.
Page 162
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B g. In the Key Group drop-down list, select Diffie-Hellman Group 2. Configure the VPN Client Key Exchange Proposal. In this step, you provide the type of encryption (DES or 3DES) to be used for this connection.
Page 163
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B To check the VPN connection, you can initiate a request from the remote computer to the VPN router’s network by using the Connect option in the modem router screen: Right-click the system tray icon to open the pop-up menu.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B This causes a continuous ping to be sent to the VPN router. Within 2 minutes, the ping response should change from timed out to reply. Once the connection is established, you can open the browser on the computer and enter the LAN IP address of the VPN router.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B While the connection is being established, the connection name listed in this screen shows SA before the name of the connection. When the connection is successful, the SA changes to the yellow key symbol.
European Union (1999/5/EC). This equipment meets the following conformance standards: EN300 328 (2.4Ghz), EN301 489-17, EN301 893 (5Ghz), EN60950-1 For complete DoC please visit the NETGEAR EU Declarations of Conformity website at: http://support.netgear.com/app/answers/detail/a_id/11621/ EDOC in Languages of the European Community...
Page 167
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B Español [Spanish] Por medio de la presente NETGEAR Inc. declara que el Radiolan cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE. Ελληνική [Greek] ΜΕ...
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. FCC Declaration of Conformity We, NETGEAR, Inc., 350 East Plumeria Drive, San Jose, CA 95134, declare under our sole responsibility that the N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B complies with Part 15 Subpart B of FCC CFR47 Rules.
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B For product available in the USA market, only channel 1~11 can be operated. Selection of other channels is not • possible. This device and its antenna(s) must not be co-located or operation in conjunction with any other antenna or •...
Page 170
Index clients, adding to network client-to-gateway VPN tunnels AC power adapter input compliance access, controlling configuration file accessing connecting USB drive remote computer connecting wirelessly adapter, wireless connection status adding content filtering clients to network custom service (port forwarding) custom service guest devices addresses, DNS ADSL microfilters...
Page 171
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B IP addresses DHCP email notices LAN service encryption algorithm reserved encryption types IP setup, LAN erasing configuration file account information external hosts, allowing communication with Basic Settings screen DSL settings DSL synchronization...
Page 172
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B metric, number of routers mixed mode security options Quality of Service (QoS) multi-point bridge mode RADIUS server NETGEAR ProSafe VPN Client range of wireless connections Network Address Translation (NAT) ReadySHARE access...
Page 173
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B VPN client VPN Log Viewer TCP/IP VPN Manual Policy network troubleshooting VPN network connections no Internet connection VPN tunnels technical specifications activating technical support client-to-gateway telecommuter example configuring Temporal Key Integrity Protocol (TKIP)