NETGEAR FVS124G - ProSafe VPN Firewall 25, Configuration Manual

Page 1: ...VPN Configuration Guide NETGEAR FVS124G...

Page 2: ...that the information in this manual is accurate equinux is not responsible for printing or clerical errors www equinux com Apple the Apple logo iBook Mac Mac OS MacBook PowerBook are trademarks of Ap...

Page 3: ...w Connection 14 Step 2 Configure the VPN Connection 15 Task 3 Test the VPN Connection 16 It s time to go out 16 Start your connection 16 Supporting Multiple Users 18 Using Mode Config for IP Address A...

Page 4: ...will show you how to configure VPN Tracker to easily connect to your newly created VPN tunnel Troubleshooting and Advanced Topics Troubleshooting and advanced topics are covered in the third part of...

Page 5: ...he latest VPN Tracker release can be obtained from http www vpntracker com You will need one VPN Tracker license for each Mac running VPN Tracker 5 Tip If you are setting up VPN on your device for the...

Page 6: ...rnet and can be accessed through a static IP address or a Dynamic DNS host name In our example setup we will be using a DNS host name vpn example com The NETGEAR device has a second network interface...

Page 7: ...int the settings on the other endpoint are considered to be remote while its own settings are considered to be local That means a local setting from VPN Tracker s perspective is a remote setting from...

Page 8: ...ked with red numbers to make it easier to reference it later You can print out this form to help keep track of the various configuration settings of your NETGEAR device Pre Shared Key NETGEAR s Local...

Page 9: ...already have VPN in use on your device you can use this chapter to verify your settings refer to the chapter VPN Settings Explained for more detailed information about the settings available on your...

Page 10: ...E policy Policy Name Enter a name for the connection Direction Type Select Responder Exchange Mode Select Aggressive Mode Local Identity Type Select Fully Qualified Domain Name Local Identity Data Ent...

Page 11: ...dress If you use Dynamic DNS for your device or if it has a DNS host name write down the host name instead LAN Port Write down the LAN IP Address Write down the LAN IP Subnet Mask Calculate your LAN N...

Page 12: ...Name and enter the same identifier here that you used as the Remote Identity in the IKE policy SA Life Time 3600 seconds 0 Kbytes IPsec PFS Keep IPsec PFS turned off PFS Key Group Keep the selected Gr...

Page 13: ...the LAN subnet mask you wrote down in Step 2 here 255 255 255 0 Remote IP Select Any AH Configuration Leave this setting turned off ESP Configuration Enable Encryption Turn on encryption Encryption Al...

Page 14: ...GEAR Step 1 Create a New Connection 14 Start VPN Tracker Click the button at the bottom of the connection list You will be asked to select a device profile for the new connection Select Netgear from t...

Page 15: ...ss and the subnet mask of the network that is being accessed through the VPN tunnel Separate the subnet mask with a forward slash Identifiers Make sure the types for both identifiers are set to Fully...

Page 16: ...nt location For example if you are setting up a VPN connection to your office test it from home If you are setting up a VPN connection to your home network test it from an Internet cafe or go visit a...

Page 17: ...ve the password in your keychain so you are not asked for it again when connecting the next time Click OK If the slider goes back to Off after starting the connection or after entering your pre shared...

Page 18: ...If multiple users connect using the same policy on your NETGEAR at the same time you must ensure that each of them uses a different Local Address in VPN Tracker by setting an individual Local Address...

Page 19: ...ou operate your own DNS server enter it here Otherwise these fields should remain empty Traffic Tunnel Security Level These settings correspond to the VPN Policy settings of the same name The screensh...

Page 20: ...removed before you can change the IKE policy to use Mode Config Go to VPN VPN Policies Select your VPN Policy Click Delete Go to VPN IKE Policies Select your IKE Policy Click Edit In the Remote sectio...

Page 21: ...nnecting if the device actually requires active mode config it will ensure that it works in both cases You can later try passive or active to see which mode your device and particular firmware revisio...

Page 22: ...have to ensure that there are no conflicts For the IKE policies make sure that the identifiers for each tunnel are different If you have more than one tunnel used by clients connecting from dynamic IP...

Page 23: ...check the VPN Status VPN VPN Status VPN Status to see which policies are in use If necessary selectively disable policies to see which policies are causing trouble 23 Note Please refer to your device...

Page 24: ...ntered all the required information VPN Tracker will highlight fields that are missing information On Off Slider goes back to Off after a while If the connection ON OFF slider goes back to OFF a while...

Page 25: ...DNS server in VPN Tracker Run the VPN Environment Manager In many local networks your Mac will be behind a router that performs Network Address Translation NAT For a VPN connection to be established t...

Page 26: ...website or in this guide and would like to contact Technical Support through our website please be sure to include at least the following information The manufacturer and model and firmware revision...

Page 27: ...lishing a VPN connection Many of the settings here correspond to settings located in VPN Tracker on the Basic tab or under Advanced Phase 1 General 27 Policy Name The policy name is used only for nami...

Page 28: ...the Local Identifier Type Basic Identifiers in VPN Tracker Remote Identity Data The remote identity data on the device must match the Local Identifier Basic Identifiers in VPN Tracker IKE SA Paramete...

Page 29: ...enough and contains a mix of letters and numbers but be aware that your Mac and your NETGEAR may not use the same character encoding so try to avoid accented characters Diffie Hellman DH Group The Dif...

Page 30: ...IKE policy will use this VPN policy the VPN policy lookup on this device is independent from the IKE policy and determined by the traffic selectors Remote VPN Endpoint This is the public IP address o...

Page 31: ...EAR s LAN 192 168 13 0 255 255 255 0 is the NETGEAR s LAN in our example The remote part should be set to Any AH Configuration Enable Authentication VPN Tracker uses Encapsulating Security Payload ESP...

Page 32: ...ensures that data sent through the VPN tunnel is authenticated It should always be turned on and must match the corresponding setting in VPN Tracker Advanced Phase 2 Authentication Algorithms Do not...

Page 33: ...rs use the VPN and you cannot use Mode Config see Supporting Multiple Users the NETGEAR device is not the default gateway router in the remote network Choosing the Local Address When connecting to a N...

Page 34: ...the default gateway My users connect from different places from different IPs Why do I still need to give them different Local Addresses In most cases the connecting Macs will be behind routers DSL ro...

Page 35: ...have to ensure that those computers and all other resources accessed through the VPN such as printers and NAS drives know where to send replies for VPN clients This is much easier if you know what IP...