NETGEAR DGND3800B, User Manual

Page 1: ...350 East Plumeria Drive San Jose CA 95134 USA January 2012 202 10941 01 v1 0 N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B User Manual ...

Page 2: ...untries Check the list of phone numbers at http support netgear com app answers detail a_id 984 Trademarks NETGEAR the NETGEAR logo and Connect with Innovation are trademarks and or registered trademarks of NETGEAR Inc and or its subsidiaries in the United States and or other countries Information is subject to change without notice Other brand and product names are registered trademarks or tradem...

Page 3: ...ies for DHCP 17 Replace an Existing Router 17 Adapters and Security Settings 17 Gather ISP Information 17 Log In to the N600 Modem Router 18 Upgrade Router Firmware 19 Router Interface 20 Setup Wizard 21 Manual Setup Basic Settings 22 Basic Setting Screen Fields 23 ADSL Settings 25 Unsuccessful Internet Connection 27 Change Password and Login Time Out 27 Log Out Manually 28 Types of Logins 28 Chap...

Page 4: ...igure Port Forwarding to Local Servers 45 Configure Port Triggering 47 Set the Time Zone 49 Schedule Firewall Services 50 Email Logs and Alerts 51 Log the Network Activity 52 Chapter 5 Network Maintenance Upgrade the Router Firmware 55 Automatic Firmware Checking Off 55 Automatic Firmware Checking On 56 Manually Check for Firmware Upgrades 57 Manage Configuration File 58 Back Up 58 Restore 58 Eras...

Page 5: ...less Advanced Settings 84 WPS Settings 85 Wireless Repeating Networks 87 Set Up a Point to Point Bridge 88 Set Up a Multi Point Bridge 90 Repeater with Wireless Client Association 91 Remote Management 93 Static Routes 94 Static Route Example 94 Static Routes 95 Universal Plug and Play 96 Traffic Meter 97 Chapter 8 Virtual Private Networking Overview of VPN Configuration 100 Client to Gateway VPN T...

Page 6: ... Path from Your Computer to a Remote Device 141 Cannot Log In 141 Changes Not Saved 142 Firmware Needs to Be Reloaded 142 Incorrect Date or Time 143 Appendix A Supplemental Information Factory Settings 145 Technical Specifications 147 Appendix B VPN Configuration Configuration Profile 148 Step by Step Configuration 149 Modem Router with FQDN to Gateway B 151 Configuration Profile 151 Step by Step ...

Page 7: ...o a fiber cable modem NETGEAR green features Power On Off button 80 recycled packaging CEC California Efficiency RoHS WEEE If you have not already set up your new router using the installation guide that comes in the box this chapter walks you through the hardware setup Chapter 2 Router Internet Setup explains how to set up your Internet connection This chapter contains the following sections Unpa...

Page 8: ...elephone cable with RJ 11 connector Installation guide with cabling and router setup instructions If any of the parts are incorrect missing or damaged contact your NETGEAR dealer Keep the carton including the original packing materials in case you need to return the product for repair See Position Your Modem Router on page 12 for information about where to place and how to position your router Tel...

Page 9: ...er LAN ports DSL Internet 5 GHZ wireless USB port Wireless On Off button WPS On Off button 2 4 GHz wireless USB Figure 2 Front panel Front Panel Buttons and USB Port WPS button You can use this button to add a wireless computer or device to your network using Wi Fi Protected Setup The wireless computer or device has to support WPS see Wi Fi Protected Setup WPS Method on page 33 Wireless On Off but...

Page 10: ...ectivity Blinking blue Data is being sent or received over the 5 GHz wireless link Off There is no wireless connectivity You can still plug an Ethernet cable into one of the LAN ports to get wired connectivity 2 54 GHz Wireless Solid green There is wireless connectivity Blinking green Data is being sent or received over the 2 4 GHz wireless link Off There is no wireless connectivity You can still ...

Page 11: ...ear panel contains the following elements 1 RJ 11 asynchronous DSL ADSL port for connecting the modem router to an ADSL line Note An ADSL port is capable of sending data over an ADSL line at one speed and receiving it at another speed 2 Ethernet WAN port for connecting the modem router to a fiber cable modem Note You can use either the ADSL or Gigabit Ethernet port for WAN connectivity 3 Four Ethe...

Page 12: ...m router Near the center of the area where your computers and other devices operate and preferably within line of sight to your wireless devices So it is accessible to an AC power outlet and near Ethernet cables for wired computers In an elevated location such as a high shelf keeping the number of walls and ceilings between the modem router and your other devices to a minimum Away from electrical ...

Page 13: ...e to acquire the ADSL microfilter separately One Line ADSL Microfilter Not Included Plug the ADSL microfilter into the wall outlet and plug your phone equipment into the jack labeled Phone The modem router plugs directly into a separate ADSL line Plugging the modem router into the phone jack blocks the Internet connection If you do not have a separate ADSL line for the router the best thing to do ...

Page 14: ...t in splitter included Use to share an outlet with a phone and the modem router Cable Your Modem Router WARNING DO not stack equipment or place equipment in tight spaces or in drawers Be sure your equipment is surrounded by at least 2 inches of air space The unit should not be wall mounted The installation guide that came in the box includes a cabling diagram similar to the following figure Figure...

Page 15: ...ower LED is green when the modem router is turned on The LAN port is green when a computer is cabled to the router by an Ethernet cable The Wireless LEDs are lit when the modem router is turned on The DSL LED is green when you have an ADSL connection The Internet LED is red when there is no Internet connection Turn on your computer If software usually logs you in to your Internet connection do not...

Page 16: ...omplete Refer to this chapter if you want to become familiar with the router menus view or adjust the initial settings or change the router password and login time out This chapter contains the following sections Router Setup Preparation Log In to the N600 Modem Router Upgrade Router Firmware Router Interface Setup Wizard Manual Setup Basic Settings ADSL Settings Unsuccessful Internet Connection C...

Page 17: ...isconnect it completely from your network and set it aside before starting the router setup Adapters and Security Settings A wireless adapter is the wireless radio in your computer that lets the computer connect to a wireless network Most computers come with an adapter already installed but if it is outdated or slow you can purchase a USB adapter to plug into a USB port Make sure the wireless adap...

Page 18: ...l setup Virtual path identifier VPI and virtual channel identifier VCI parameters Multiplexing method Host and domain names Log In to the N600 Modem Router Log in to the modem router to view or change settings or to set up the modem router To log in 1 Type http 192 168 0 1 in the address field of your browser and press Enter to display the login window You can also enter either of these addresses ...

Page 19: ... connect your computer so that you can log in to the modem router Note If you cannot connect to the modem router check the Internet Protocol TCP IP properties in the Network Connections section of your computer Control Panel They should be set to obtain both IP and DNS server addresses automatically Upgrade Router Firmware When you log in and if you are connected to the Internet the Firmware Upgra...

Page 20: ...cify the language and location and automatically detect the Internet connection See Setup Wizard on page 21 Add WPS Client Add WPS compatible wireless devices and other equipment to your wireless network See Add Clients Devices to Your Network on page 33 Setup Menu Set upgrade and check the ISP and wireless network settings of your router See Manual Setup Basic Settings on page 22 and ADSL Setting...

Page 21: ...Web Support Go to the NETGEAR support site to get information help and product documentation These links work once you have an Internet connection Setup Wizard You have to log in to the modem router to set the country language and Internet connection To use the Setup Wizard 1 Select Setup Wizard from the top of the router menus to display the following screen 2 Select your country and language Cou...

Page 22: ... 22 Manual Setup Basic Settings The Basic Settings screen displays when you select No I want to configure the Router myself in the Setup Wizard and is also available from the router menus It is where you view or change ISP information The fields that display vary depending on whether or not your Internet connection requires a login Note Check that the country and language are set as described Setu...

Page 23: ... is required you can specify the MAC Address setting 4 Click Apply to save your settings 5 Click Test to test your Internet connection If the NETGEAR website does not appear within 1 minute and see Troubleshooting on page 134 Basic Setting Screen Fields The following descriptions explain all of the possible fields in the Basic Settings screen Note that which fields appear in this screen depends on...

Page 24: ... reset setting This can be used to set the specific time that the modem router automatically disconnects from the Internet Internet IP Address When a login is required these fields display Get Dynamically from ISP Your ISP uses DHCP to assign your IP address Your ISP automatically assigns these addresses Use Static IP Address Enter the IP address IP subnet mask and the gateway IP address that your...

Page 25: ...ace card in your computer when your account is first opened They then accept traffic only from the MAC address of that computer This feature allows your modem router to use your computer s MAC address this is also called cloning Use Default Address Use the default MAC address Use Computer MAC Address The modem router captures and use the MAC address of the computer that you are now using You have ...

Page 26: ...to using ATM PTM is based on the Ethernet in the First Mile EFM IEEE802 3ah standard 4 Select the DSL mode The available settings depend on the selection in the Transfer Mode field If the Transfer Mode is ATM the DSL mode can be Auto ADSL ADSL2 or ADSL2 If the transfer mode is PTM the DSL mode is VDSL Very high bit rate digital subscriber line 5 In the Multiplexing Method drop down list select LLC...

Page 27: ... and Login Time Out For security reasons the modem router has its own user name and password that default to admin and password You can and should change this password to a secure password that is easy to remember The ideal password contains no dictionary words from any language and is a mixture of uppercase and lowercase letters numbers and symbols It can be up to 30 characters Note The router us...

Page 28: ...Logout command at the bottom of the router menus Log out when you expect to be away from your computer for a relatively long period of time Types of Logins There are three separate types of logins that have different purposes It is important that you understand the difference so that you know which login to use when Router login logs you in to the router interface See Log In to the N600 Modem Rout...

Page 29: ...ss Settings Protecting your wireless network This chapter contains the following sections Wireless Adapter Compatibility Preset Security Wireless Security Basics Add Clients Devices to Your Network Wireless Settings ...

Page 30: ...D passphrase and security option encryption protocol are preset in the factory You can find the preset SSID and passphrase on the bottom of the unit Wi Fi network name SSID identifies your network so devices can find it Passphrase controls access to your network Devices that know the SSID and the passphrase can find your wireless network and connect Note The preset SSID and passphrase are uniquely...

Page 31: ...ed to the modem router through Ethernet cables can still use the modem router Disable SSID Broadcast By default the modem router broadcasts its Wi Fi network name SSID so devices can find it If you change this setting to not allow the broadcast wireless devices cannot find your modem router unless they are configured with the same SSID See Wireless Access Point Settings on page 36 for the procedur...

Page 32: ... it is harder to decode This option uses a passphrase to perform the authentication and generate the initial data encryption keys Then it dynamically varies the encryption key WPA PSK uses Temporal Key Integrity Protocol TKIP data encryption implements most of the IEEE 802 11i standard and is designed to work with all wireless network interface cards but not all wireless access points It is supers...

Page 33: ...reless devices Wi Fi Protected Setup WPS Method Wi Fi Protected Setup WPS is a standard for easily adding computers and other devices to a home network while maintaining security To use WPS make sure that all wireless devices to be connected to the network are Wi Fi certified and support WPS During the connection process the client gets the security settings from the router so that every device in...

Page 34: ...t Add WPS Client select Setup Wireless Settings and make sure that WPS is selected 2 Click Next The following screen lets you select the method for adding the WPS client 3 Select either Push Button or PIN Number With either method the client wireless device attempts to detect the WPS signal from the modem router and establish a wireless connection in the time allotted The PIN method displays this ...

Page 35: ...an IP address by DHCP from the router as described in Use Standard TCP IP Properties for DHCP on page 17 Each computer or wireless adapter in your network supports the wireless mode bandwidth data rate and the security option you want to use To configure the wireless settings If you use a wireless connection to log in and change the wireless security settings you are disconnected when you click Ap...

Page 36: ...onnections or slow data transfers If this happens experiment with different channels to see which is the best Mode Up to 145 Mbps is the default and allows 802 11n and 802 11g wireless devices to join the network g b supports up to 54 Mbps Up to 65 Mbps supports up to 65 Mbps Wireless Access Point Settings Enable When this check box is selected the router accepts wireless clients When the check bo...

Page 37: ...ryption is available only when the Mode setting is Up to 54 Mbps 1 In the Security Options section select WEP to display the following screen 2 Select the authentication type The default is Automatic Other choices are Open System any client can authenticate itself to the network and Shared Key a passphrase and a four way challenge is needed for authentication 3 Select the encryption strength setti...

Page 38: ... WEP enter 26 hexadecimal digits any combination of 0 9 a f or A F 5 Select the radio button for the key you want to make active Make sure that you understand how the WEP key settings are configured in your wireless adapter Wireless adapter configuration utilities such as the one in Windows XP allow one key entry which has to match the default key you set in the modem router 6 Click Save to save y...

Page 39: ...em router to prevent objectionable content from reaching the computers and other devices connected to your network This chapter contains the following sections Keyword Blocking of HTTP Traffic Firewall Rules to Control Network Access Set the Time Zone Set the Time Zone Schedule Firewall Services Email Logs and Alerts Log the Network Activity ...

Page 40: ...e independent of the Schedule screen 3 In the Keyword field enter a keyword or domain click Add Keyword and click Apply The Keyword list supports up to 32 entries Here are some sample entries Specify XXX to block http www badstuff com xxx html Specify com if you want to allow only sites with domain suffixes such as edu or gov Enter a period to block all Internet browsing access Delete a Keyword or...

Page 41: ...figure Port Triggering Remote Computer Access Basics When a computer on your network needs to access a computer on the Internet your computer sends your router a message containing the source and destination address and process information Before forwarding your message to the remote computer your router has to modify the source information and create and track the communication session so that re...

Page 42: ...r for a web server process Destination address The public IP address of your router Destination port number 33333 5 Upon receiving the incoming message your router checks its session table to determine whether there is an active session for port number 33333 Finding an active session the router then modifies the message to restore the original address information replaced by NAT Your router sends ...

Page 43: ...r port triggering rule and having observed the destination port number of 6667 your router creates an additional session entry to send any incoming port 113 traffic to your computer 5 The IRC server sends a return message to your router using the NAT assigned source port as in the previous example let s say port 33333 as the destination port The IRC server also sends an identify message to your ro...

Page 44: ...ur router The remote computer composes a web page request message with the following destination information Destination address The IP address of www example com which is the address of your router Destination port number 80 which is the standard port number for a web server process The remote computer then sends this request message through the Internet to your router 2 Your router receives the ...

Page 45: ... be triggered Configure Port Forwarding to Local Servers Using the port forwarding feature you can allow certain types of incoming traffic to reach servers on your local network For example you might want to make a local web server FTP server or game server visible and available to the Internet Use the Port Forwarding screen to configure the router to forward specific incoming protocols to compute...

Page 46: ...groups When you have the port number information follow these steps 1 Select Content Filtering Port Forwarding Port Triggering 2 Select the Port Forwarding radio button as the service type 3 Click the Add Custom Service button to display the following screen 4 In the Service Name field enter a descriptive name 5 In the Protocol field select the protocol If you are unsure select TCP UDP 6 In the St...

Page 47: ...ul in these cases More than one local computer needs port forwarding for the same application but not simultaneously An application needs to open incoming ports that are different from the outgoing port When port triggering is enabled the router monitors outbound traffic looking for a specified outbound trigger port When the router detects outbound traffic on that port it remembers the IP address ...

Page 48: ...eck box is selected after you configure port triggering port triggering is disabled However any port triggering configuration information you added to the router is retained even though it is not used 4 In the Port Triggering Timeout field enter a value up to 9999 minutes This value controls the inactivity timer for the designated inbound ports The inbound ports close when the inactivity time expi...

Page 49: ...ort information in the Connection Type Starting Port and Ending Port fields 11 Click Apply The service appears in the Port Triggering Portmap table Set the Time Zone The modem router uses the Network Time Protocol NTP to obtain the current time and date from one of several network time servers on the Internet To set the time zone 1 Select Content Filtering Schedule to display the following screen ...

Page 50: ...occurs or when access is not restricted To schedule firewall services 1 Select Content Filtering Schedule to display the following screen 2 To block Internet services based on a schedule select Every Day or select one or more days If you want to limit access completely for the selected days select All Day Otherwise to limit access during certain times for the selected days enter times in the Start...

Page 51: ...messages are not sent by email Outgoing Mail Server Enter the name or IP address of your ISP s outgoing SMTP mail server such as mail myISP com You might be able to find this information in the configuration settings of your email program Enter the email address to which logs and alerts are sent This email address is also used as the From address If you leave this field blank log and alert message...

Page 52: ...ied email address After the log is sent it is cleared from the modem router s memory If the modem router cannot email the log file the log buffer might fill up In this case the modem router overwrites the log and discards its contents Log the Network Activity A log is a detailed record of the websites that users on your network have accessed or attempted to access If you have set up content filter...

Page 53: ...he Web based interface of this Router If selected connections are logged to this router rather than through this router to the Internet Router operation If selected router operations not covered by the preceding selections are logged Known DoS attacks and Port Scans If selected denial of service attacks as well as port scans are logged 3 The logs can be sent to a syslog server Enable one of the th...

Page 54: ...s the modem router has its own user name admin and its password that defaults to password You can and should update your password regularly See Change Password and Login Time Out on page 27 This chapter contains the following sections Upgrade the Router Firmware Manually Check for Firmware Upgrades Manage Configuration File View Router Status View Attached Devices Run Diagnostic Utilities ...

Page 55: ...m router do not interrupt the web browser by closing the window clicking a link or loading a new page If the browser is interrupted it could corrupt the firmware Automatic Firmware Checking Off You can turn the automatic firmware checking off and check for firmware updates manually if you prefer See Manually Check for Firmware Upgrades on page 57 To turn off the automatic firmware check at login T...

Page 56: ...outer to download and install the new firmware The upgrade process could take a few minutes When the upload is complete your modem router restarts 2 Go to the DGND3800B support page at http www netgear com support and read the new firmware release notes to determine whether you need to reconfigure the modem router after upgrading Note If you get a Firmware needs to be reloaded message it means a p...

Page 57: ...uter Status and make a note of the modem router firmware version number 2 Go to the DGND3800B support page on the NETGEAR website at http www netgear com support 3 If the firmware version on the NETGEAR website is newer than the firmware on your modem router download the file to your computer 4 Select Maintenance Router Upgrade to display the following screen 5 Click Browse and locate the firmware...

Page 58: ...ion to store the cfg file that is on a computer on your network Restore To restore a configuration file 1 Enter the full path to the file on your network or click the Browse button to find the file 2 When you have located the cfg file click the Restore button to upload the file to the modem router Upon completion the modem router reboots Erase Click the Erase button to reset the modem router to it...

Page 59: ...rmware settings and statistics for your router If something needs to be changed you have to change it on the relevant screen Account Name This is the account name that you entered in the Setup Wizard or Basic Settings screen Firmware Version This is the current software the router is using This changes if you upgrade your router Internet Port These are the current settings that you set in the Setu...

Page 60: ... is the version number of the low level ADSL firmware This is contained within the router firmware Modem Status The current state of the ADSL connection to your phone company DownStream Connection Speed The connection speed of the ADSL connection from the phone company to your router UpStream Connection Speed The connection speed of the ADSL connection from your router to the phone company VPI The...

Page 61: ...x B s The current line utilization percentage of current bandwidth used Rx B s The average line utilization Up Time The time elapsed since the last power cycle or reset ADSL Link Downstream or Upstream The statistics for the upstream and downstream link These statistics are of interest to your technical support representative if you have problems obtaining or maintaining a connection Connection Sp...

Page 62: ...ddress The IP address assigned to the WAN port by the ISP Obtaining Network Mask The network mask assigned to the WAN port by the ISP View Attached Devices The Attached Devices screen presents a table of all IP devices that the modem router has discovered on the local network Select Maintenance Attached Devices to view the following table For each device the table shows the IP address device name ...

Page 63: ... can reach a remote host Perform a DNS lookup to test if an Internet name resolves to an IP address to verify that the DNS server configuration is working Display the Routing table to identify what other modem routers the modem router is communicating with Reboot the modem router to enable new network configurations to take effect or to clear problems with the modem router s network connection Sel...

Page 64: ...rives Do not connect computers USB modems printers CD drives or DVD drives to the these USB ports Figure 12 USB ports front and rear panel This chapter includes the following sections USB Drive Requirements ReadySHARE Access File Sharing Scenarios USB Storage Basic Settings Edit a Network Folder USB Storage Advanced Settings Safely Remove USB Drive Media Server Settings Approved USB Devices Advanc...

Page 65: ...not attempt to use a USB hub attached to the USB port According to the USB 2 0 specification the maximum available power is 5V 0 5A Some USB devices might exceed this requirement in which case the device might not function or might function erratically Check the documentation for your USB device to be sure The modem router supports FAT FAT32 and NTFS read only file systems ReadySHARE Access Once y...

Page 66: ...n to and pay for an external photo sharing site To share files with your friends and family 1 Insert your USB drive into the USB port on the modem router either directly or with a USB cable Computers on your local area network LAN can automatically access this USB drive using a web browser or Microsoft Networking 2 If you want to specify read only access or to allow access from the Internet see Ap...

Page 67: ... account and enter any password FTP requires that you type something in the password field Be sure to select the FTP via Internet check box in the USB Storage Advanced Settings screen This option supports both downloading and uploading of files Note You can enable the HTTP via Internet option on the Advanced USB Storage screen to share large files This option supports downloading files only USB St...

Page 68: ...to change this setting Read Write Access Shows the network folder permissions and access controls All no password allows all users to access the network folder admin uses the same password that you use to log in to the modem router Edit You can click the Edit button to edit the Available Network folder settings See Edit a Network Folder on page 69 Safely Remove USB Device Click this button to safe...

Page 69: ...n to the modem router before you connected your USB device you might not see your USB device in the modem router screens until you log out and then log in again Edit a Network Folder You can use the Edit button on either the USB Storage Basic Settings or USB Storage Advanced Settings screen To edit a network folder 1 Select USB Advanced Settings The USB Storage Advanced Settings screen displays 2 ...

Page 70: ... from your computer Workgroup If you are using a Windows Workgroup rather than a domain the workgroup name is displayed here Access Method Network Connection Enabled by default this allows all users on the LAN to have access to the USB drive HTTP Disabled by default If you enable this setting you can type http readyshare to access the USB drive HTTP via Internet Disabled by default If you enable t...

Page 71: ...cess controls on the Network folder Selecting All no password allows all users to access the Network folder You are prompted to enter the same password that you use to log in to the modem router Create a Network Folder You can create a network folder on the USB device that is attached to the USB port on the rear panel of the modem router To create a network folder 1 From the USB Storage Advanced S...

Page 72: ...dia Server If this feature is enabled the DGN2200v3 can be located by compatible media adapters using the UPnP AV standard developed by Intel and its partners Media content on the DGN2200v3 in the Content Directories that you specify can then be accessed and played by the media adapters Server Name The name of the media server that is displayed on client devices Note that some special characters s...

Page 73: ...ect Advanced USB Settings 2 Click Approved Devices 3 On the USB Drive Approved Devices screen select the USB device from the Available USB Devices list 4 Click Add 5 Select the Allow only approved devices check box 6 Click Apply so that your change takes effect If you want to approve another USB device you have to first use the Safely Remove USB Device button to unmount the currently connected USB...

Page 74: ...account that has access rights to the USB drive The directories of the USB drive that your account has access to display for example share partition1 directory1 You can now read and copy files from the USB directory Connect to the USB Drive with Microsoft Network Settings You can access the USB drive from local computers on your home or office network using Microsoft network settings You have to b...

Page 75: ...operties File and Printer Sharing for Microsoft Windows should be listed If not click Add and follow the installation prompts Note If you have any questions about File and Printer Sharing contact Microsoft for assistance Configuring Windows 2000 and Windows XP Right click the network connection for your local area network File and Printer Sharing for Microsoft Windows should be listed If not click...

Page 76: ...o set the router up for unique situations such as when remote access from the Internet by IP or domain name is needed This chapter contains the following sections WAN Setup Dynamic DNS LAN Setup Set Up Quality of Service QoS Advanced Wireless Settings Wireless Repeating Networks Remote Management Static Routes Universal Plug and Play Traffic Meter Note The Advanced USB Settings feature is in Chapt...

Page 77: ...use Disable Port Scan and DOS Protection The firewall protects your LAN against port scans and denial of service DOS attacks This protection should be disabled only in special circumstances Default DMZ Server The default demilitarized zone DMZ server feature is helpful when you use online games and video conferencing applications that are incompatible with NAT The modem router is programmed to rec...

Page 78: ...s computer is called the default DMZ server To assign a computer or server to be a default DMZ server 1 In the WAN Setup screen select the Default DMZ Server check box 2 Type the IP address for that server and click Apply Respond to Ping on Internet Port If you want the modem router to respond to a ping from the Internet select this check box This should be used only as a diagnostic tool because i...

Page 79: ...ame linked with your IP address by public Domain Name Servers DNS However if your Internet account uses a dynamically assigned IP address you do not know in advance what your IP address is and the address can change frequently In this case use a commercial Dynamic DNS service that lets you register your domain to its IP address and forwards traffic directed at your domain to your frequently changi...

Page 80: ... 10 x x x the Dynamic DNS service does not work because private addresses are not routed on the Internet LAN Setup The LAN Setup screen allows configuration of LAN IP services such as DHCP and Routing Information Protocol RIP The modem router is shipped preconfigured to use private IP addresses on the LAN side and to act as a DHCP server The modem router s default LAN IP configuration is as follow...

Page 81: ...and which have to be reached through a gateway or modem router Use Router as DHCP Server By default the modem router functions as a Dynamic Host Configuration Protocol DHCP server allowing it to assign IP DNS server and default gateway addresses to all computers connected to the modem router s LAN The assigned default gateway address is the LAN address of the router IP addresses are assigned to th...

Page 82: ... address entry 1 Select the radio button next to the reserved address that you want to edit or delete 2 Click Edit or Delete Set Up Quality of Service QoS Quality of Service QoS is an advanced feature that can be used to prioritize some types of traffic ahead of others The modem router can provide QoS prioritization over the wireless link and on the Internet connection The modem router supports Wi...

Page 83: ...Access To specify prioritization of traffic you have to add or create a policy for the type of traffic To configure QoS for Internet access 1 Select Advanced QoS Setup 2 Click Setup QoS rule The QoS Priority Rule list displays 3 To change a rule select its radio button 4 Scroll down to the bottom of the screen ...

Page 84: ...ly Note that more settings are available in the Wireless Settings screen See Wireless Settings on page 35 Note The modem router is already configured with the optimum advance wireless settings Do not alter these settings unless directed by NETGEAR support Incorrect settings might disable the modem router unexpectedly Wireless Advanced Settings Enable Wireless Router Radio The wireless access point...

Page 85: ...less settings by using the modem router s PIN through WPS You can manually enable the PIN function by clearing the Disable Router s PIN check box Keep Existing Wireless Settings By default the Keep Existing Wireless Settings check box is selected This shows whether the router is in the WPS configured state If the Keep Existing Wireless Settings check box is not selected adding a new wireless clien...

Page 86: ...nnection you have to access the modem router from a wired computer or from a wireless computer that is on the access control list 4 If a wireless station that you want to add to the Trusted Wireless Stations list is connected to the network select it from the Available Wireless Stations list and click Add 5 If the wireless station is not currently connected you can enter its address manually The M...

Page 87: ...ss devices you can connect clients using their MAC addresses rather than IP addresses Here are some examples of wireless bridged configurations Point to point bridge The modem router communicates with another bridge mode wireless station See Set Up a Point to Point Bridge on page 88 Multi point bridge The modem router is the master for a group of bridge mode wireless stations Then all traffic is s...

Page 88: ...oint you are using Wireless Repeater If your modem router is the repeater select this check box Repeater IP Address If your modem router is the repeater enter the IP address of the other access point Base Station MAC Address If your modem router is the repeater enter the MAC address for the access point that is the base station Wireless Base Station If your modem router is the base station select ...

Page 89: ...Select the corresponding Disable Wireless Client Association check box d Enter the MAC address for the other access point in the bridge Depending on your selection in step a use either the Base Station MAC Address field or the Repeater MAC Address 1 field e Click Apply 2 Set up the other access point AP 2 on LAN Segment 2 in point to point bridge mode If your modem router is the repeater then set ...

Page 90: ... addresses of the access points that are repeaters Set up the other access points for wireless repeating as repeaters and specify the MAC address of the modem router as the base station Use wireless security to protect this traffic To set up the multi point bridge configuration In this example the modem router is AP 1 on LAN Segment 1 because it is in a central location 1 Set up your modem router ...

Page 91: ... setting is Obtain an IP address automatically DHCP Client in the Basic Settings screen All access points including your modem router use the same SSID channel authentication mode if any and WEP security settings if security is in use 5 Verify connectivity across the LANs A computer on any LAN segment should be able to connect to the Internet or share files and printers with any other PCs or serve...

Page 92: ...your modem router select the Enable Wireless Repeating Function check box b Select the Wireless Base Station radio button c Clear the corresponding Disable Wireless Client Association check box make sure it is not selected d Enter the MAC addresses for AP 2 and AP 3 in the Repeater MAC Address 1 and Repeater MAC Address 2 field e Click Apply 2 Set up AP 2 and AP 3 to be wireless repeaters a In the...

Page 93: ...e Remote Management screen lets you allow a user or users on the Internet to configure upgrade and check the status of your modem router To configure remote management 1 Select Advanced Remote Management to display this screen 2 Select the Turn Remote Management On check box 3 Specify the external addresses that can access remote management For security restrict access to as few external IP addres...

Page 94: ...re additional static routes You have to configure static routes only for unusual cases such as multiple routers or multiple IP subnets located on your network Static Route Example As an example of when a static route is needed consider the following case Your primary Internet access is through a cable modem to an ISP You have an ISDN router on your home network for connecting to the company where ...

Page 95: ...lect Advanced Static Routes to display the following screen 2 Click Add to open the following screen 3 Fill in the following fields Route Name Enter a route name for this static route This name is for identification purpose only Private Select this check box if you want to limit access to the LAN only The static route is not reported in RIP Active Select this check box to make this route effective...

Page 96: ...ng mapping of the modem router Advertisement Period The advertisement period is how often the modem router advertises broadcasts its UPnP information This value can range from 1 to 1440 minutes The default period is 30 minutes Shorter durations ensure that control points have current device status at the expense of additional network traffic Longer durations might compromise the freshness of the d...

Page 97: ...k Apply To disregard any unsaved changes click Cancel To update the portmap table and to show the active ports that are currently opened by UPnP devices click Refresh Traffic Meter Traffic metering allows you to monitor the volume of Internet traffic passing through your modem router s Internet port With the Traffic Meter utility you can set limits for traffic volume set a monthly limit and get a ...

Page 98: ...4 You can limit the amount of data traffic allowed per month By specifying how many Mbytes per month are allowed By specifying how many hours of traffic are allowed 5 Set the Traffic Counter to begin at a specific time and date 6 Set up traffic control to issue a warning message before the monthly limit of Mbytes or hours is reached You can select one of the following to occur when the limit is at...

Page 99: ...d tunnels VPN tunnels provide secure encrypted communications between your local network and a remote network or computer See Appendix B VPN Configuration This chapter is organized as follows Overview of VPN Configuration Plan a VPN VPN Tunnel Configuration Set Up a Client to Gateway VPN Configuration Set Up a Gateway to Gateway VPN Configuration VPN Tunnel Control Set Up VPN Tunnels in Special Ci...

Page 100: ...network VPN tunnel Computer with ProSafe VPN client software Figure 16 Telecommuter VPN tunnel A VPN client access allows a remote computer to connect to your network from any location on the Internet The remote computer is one tunnel endpoint running the VPN client software The modem router on your network is the other tunnel endpoint See Set Up a Client to Gateway VPN Configuration on page 103 f...

Page 101: ...rward Secrecy N A Enabled Disabled Encryption Protocol N A DES 3DES Authentication Protocol N A MD5 SHA 1 Diffie Hellman DH Group N A Group 1 Group 2 Key Life in seconds N A IKE Life Time in seconds N A VPN Endpoint Local IPSecID LAN IP Address Subnet Mask FQDN or Gateway IP WAN IP Address To set up a VPN connection you have to configure each endpoint with specific identification and connection in...

Page 102: ...by the VPNC and used in the VPN Wizard Parameter Factory Default Setting Secure Association Main Mode Authentication Method Pre Shared Key Encryption Method 3DES Authentication Protocol SHA 1 Diffie Hellman DH Group Group 2 1024 bit Key Life 8 hours IKE Life Time 1 hour What level of IPSec VPN encryption will you use DES The Data Encryption Standard DES processes input data that is 64 bits wide en...

Page 103: ...lient to Gateway VPN Configuration Setting up a VPN between a remote computer running the NETGEAR ProSafe VPN client and a network gateway involves two steps described in the following sections Step 1 Configure the Client to Gateway VPN Tunnel on page 103 describes how to use the VPN Wizard to configure the VPN tunnel between the remote computer and network gateway Step 2 Configure the NETGEAR Pro...

Page 104: ...N A MD5 SHA 1 Diffie Hellman DH Group N A Group 1 Group 2 Key Life in seconds 28800 8 hours N A IKE Life Time in seconds 3600 1 hour N A VPN Endpoint Local IPSecID LAN IP Address Subnet Mask FQDN or Gateway IP WAN IP Address Client toGateway N A N A Dynamic Gateway toClient 192 168 3 1 255 255 255 0 22 23 24 25 Virtual Private Networking 104 N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3...

Page 105: ...00B 2 Click Next to proceed 3 Fill in the Connection Name and pre shared key fields The connection name is for convenience and does not affect how the VPN tunnel functions 4 Select the radio button for the type of target end point and click Next 5 Enter the remote IP address and click Next ...

Page 106: ...owing that the new tunnel is enabled To view or modify the tunnel settings select its radio button and click Edit Note See Use Auto Policy to Configure VPN Tunnels on page 124 for information about how to enable the IKE keep alive capability on an existing VPN tunnel Step 2 Configure the NETGEAR ProSafe VPN Client This section describes how to configure the NETGEAR ProSafe VPN client on a remote c...

Page 107: ...remote computer and then reboot a Install the IPSec component You might have the option to install either the VPN adapter or the IPSec component or both The VPN adapter is not necessary If you do not have a modem or dial up adapter installed in your computer you might see the warning message stating The NETGEAR ProSafe VPN Component requires at least one dial up adapter be installed You can disreg...

Page 108: ...ecure ID Type Select IP Subnet Subnet In this example type 192 168 3 1 as the network address of the modem router Mask Enter 255 255 255 0 as the LAN subnet mask of the modem router Protocol Select All to allow all traffic through the VPN tunnel e Select the Connect using Secure Gateway Tunnel check box f In the ID Type drop down list select IP Address g Enter the public WAN IP address of the mode...

Page 109: ...provide information about the remote VPN client computer You have to provide the pre shared key that you configured in the modem router and either a fixed IP address or a fixed virtual IP address of the VPN client computer a In the Network Security Policy list on the left side of the Security Policy Editor window click My Identity b In the Select Certificate drop down list select None c In the ID ...

Page 110: ...sterisks are displayed in the field This field is case sensitive 5 Configure the VPN client authentication proposal In this step you provide the type of encryption DES or 3DES to be used for this connection This selection has to match your selection in the modem router configuration a In the Network Security Policy list on the left side of the Security Policy Editor window expand the Security Poli...

Page 111: ...l ESP check box e In the Encrypt Alg drop down list select the type of encryption that is configured for the encryption protocol in the modem router as listed in Table 3 on page 101 This example uses Triple DES f In the Hash Alg drop down list select SHA 1 g In the Encapsulation drop down list select Tunnel h Leave the Authentication Protocol AH check box cleared 7 Save the VPN client settings In ...

Page 112: ... t 192 168 3 1 and then click OK This causes a continuous ping to be sent to the first modem router After between several seconds and 2 minutes the ping response should change from timed out to reply Once the connection is established you can open a browser on the computer and enter the LAN IP address of the remote gateway After a short wait you should see the login screen of the modem router unle...

Page 113: ...he following figure In this example you can see these settings The modem router has a GW address public IP WAN address of 22 23 24 25 The modem router has a remote address LAN IP address of 192 168 3 1 The VPN client computer has a local address dynamically assigned address of 192 168 2 2 While the connection is being established the Connection Name field in this screen displays SA before the name...

Page 114: ...way VPN tunnel using the VPN Wizard Set the LAN IPs on each modem router to different subnets and configure each correctly for the Internet The subsequent examples assume the settings shown in the following table Table 6 Gateway to gateway VPN tunnel configuration worksheet Parameter Value to Enter Field Selection Connection Name GtoGr N A Pre Shared Key 12345678 N A Secure Association N A Main Mo...

Page 115: ...Wizard 1 Log in to Gateway A on LAN A Select Advanced VPN Wizard Click Next and the Step 1 of 3 screen displays 2 Fill in the Connection Name and pre shared key fields Select the radio button for the type of target endpoint and click Next and the Step 2 of 3 screen displays 3 Fill in the IP address or FQDN for the target VPN endpoint WAN connection and click Next and the Step 3 of 3 screen display...

Page 116: ...e See Use Auto Policy to Configure VPN Tunnels on page 124 for information about how to enable the IKE keep alive capability on an existing VPN tunnel 6 Repeat these steps for the gateway on LAN B and pay special attention to the following network settings WAN IP of the remote VPN gateway for example 14 15 16 17 LAN IP settings of the remote VPN gateway IP address for example 192 168 0 1 Subnet ma...

Page 117: ...e a VPN tunnel See Activate a VPN Tunnel on page 118 for information about the other ways a Select Advanced VPN Status The VPN Status Log screen displays b Click the VPN Status button to display the Current VPN Tunnels SAs screen c Click Connect for the VPN tunnel you want to activate View the VPN Status Log screen to verify that the tunnel is connected ...

Page 118: ...point Start using the VPN tunnel See Use Auto Policy to Configure VPN Tunnels on page 124 for information about how to enable the IKE keep alive capability on an existing VPN tunnel To use the VPN Status screen to activate a VPN tunnel 1 Select Advanced VPN Status The VPN Status Log screen displays 2 Click VPN Status to display the Current VPN Tunnels SAs screen 3 Click Connect for the VPN tunnel ...

Page 119: ...t To perform a ping test using our example start from the remote computer a Establish an Internet connection from the computer b On the Windows taskbar click the Start button and then select Run c Type ping t 192 168 3 1 and then click OK Running a ping test to the LAN from the computer This causes a continuous ping to be sent to the first N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND380...

Page 120: ...ange is covered by the policy for that VPN tunnel Verify the Status of a VPN Tunnel To use the VPN Status screen to determine the status of a VPN tunnel 1 Select Advanced VPN Status to display the VPN Status Log screen This log shows the details of recent VPN activity including the building of the VPN tunnel If there is a problem with the VPN tunnel refer to the log for information about what migh...

Page 121: ...ated by the IKE protocol Policy Name The VPN policy associated with this SA Remote Endpoint The IP address on the remote VPN endpoint Action Either a Drop or a Connect button SLifeTime Secs The remaining soft lifetime for this security association SA in seconds When the soft lifetime becomes 0 zero the SA is renegotiated HLifeTime Secs The remaining hard lifetime for this SA in seconds When the ha...

Page 122: ...ced VPN Policies to display the VPN Policies screen 2 In the Policy Table clear the Enable check box for the VPN tunnel that you want to deactivate and then click Apply To reactivate the tunnel select the Enable check box and then click Apply To deactivate a VPN tunnel 1 Select Advanced VPN Policies to display the VPN Policies screen ...

Page 123: ...are not appropriate for your circumstances use one of these alternatives Auto Policy For a typical automated Internet Key Exchange IKE setup see Use Auto Policy to Configure VPN Tunnels on page 124 Auto Policy uses the IKE protocol to define the authentication scheme and automatically generate the encryption keys Manual Policy For a manual keying setup in which you have to specify each phase of th...

Page 124: ...e of using Auto Policy see Example of Using Auto Policy on page 128 Configure VPN Network Connection Parameters All VPN tunnels on the modem router require that you configure several network parameters This section describes those parameters and how to access them The most common configuration scenarios use IKE to manage the authentication and encryption keys The IKE protocol performs negotiations...

Page 125: ...as narrow as possible to meet this objective Local LAN The remote VPN endpoint has to have these IP addresses entered as its remote addresses Subnet Mask The network mask Single Start IP Address Enter the IP address for a single address or the starting address for an address range A single address setting is used when you want to make a single server on your LAN available to remote users A range h...

Page 126: ...ndpoint IP Address The Internet IP address of the remote VPN endpoint Fully Qualified Domain Name The domain name of the remote VPN endpoint Fully Qualified User Name The name email address or other ID of the remote VPN endpoint Remote Identity Data Enter the data for the remote identity type that you selected If IP Address is selected no input is required Parameters Encryption Algorithm The encry...

Page 127: ... If the remote endpoint has a dynamic IP address select Dynamic IP address No address data input is required You can set up multiple remote dynamic IP policies but only one such policy can be enabled at a time Otherwise select an option IP address or domain name and enter the address of the remote VPN endpoint to which you want to connect IKE Keep Alive If you want to ensure that a connection is k...

Page 128: ...al Keys Perfect Forward secrecy N A Enabled Disabled Encryption Protocol N A DES 3DES Authentication Protocol N A MD5 SHA 1 Diffie Hellman DH Group N A Group 1 Group 2 Key Life in seconds 28800 8 hours N A IKE Life Time in seconds 3600 1 hour N A VPN Endpoint Local IPSecID LAN IP Address Subnet Mask FQDN or Gateway IP WAN IP Address Gateway_A GW_A 192 168 0 1 255 255 255 0 14 15 16 17 Gateway_B GW...

Page 129: ...The VPN Auto Policy screen displays 3 Enter these policy settings Auto Policy Field Description General Policy Name GtoG Remote VPN Endpoint Address Type Fixed Remote VPN Endpoint Address Data 22 23 24 25 Local LAN Use the default settings Remote LAN IP Address Select Subnet address from the drop down list Start IP Address 192 168 3 1 Subnet Mask 255 255 255 0 ...

Page 130: ...2 168 0 1 Subnet Mask for example 255 255 255 0 Pre shared Key for example 12345678 6 Use the VPN Status screen to activate the VPN tunnel Note The VPN Status screen is only one of three ways to active a VPN tunnel See Activate a VPN Tunnel on page 118 for information about the other ways IKE Direction Initiator and Responder Exchange Mode Main Mode Diffie Hellman DH Group Group 2 1024 Bit Local I...

Page 131: ...reen b Click Connect for the VPN tunnel that you want to activate Review the VPN Status Log screen Figure a on page 117 to verify that the tunnel is connected Use Manual Policy to Configure VPN Tunnels As an alternative to IKE you can use manual keying in which you have to specify each phase of the connection A manual VPN policy requires all settings for the VPN tunnel to be manually input at each...

Page 132: ...elds Policy Name Enter a unique name to identify this policy This name is not supplied to the remote VPN endpoint It is used only to help you manage the policies Remote VPN Endpoint The remote VPN endpoint has to have this VPN s gateway address entered as its remote VPN endpoint If the remote endpoint has a dynamic IP address select Dynamic IP Address No address data input is required You can set ...

Page 133: ...ng to access a server For a range of addresses enter the starting IP address This has to be an address range used on the remote LAN Any Any outgoing traffic from specified Local IP computers triggers an attempted VPN connection to the remote VPN endpoint Be sure you want this option before selecting it Finish IP Address Enter the finish IP address for a range of addresses This has to be an address...

Page 134: ...r modem router If you do not find the solution here check the NETGEAR support site at http support netgear com for product and contact information This chapter contains the following sections Troubleshooting with the LEDs No ISP Connection TCP IP Network Not Responding Cannot Log In Changes Not Saved Firmware Needs to Be Reloaded Incorrect Date or Time ...

Page 135: ...ected b The 2 4 GHz and 5 GHz Wireless LEDs light c The DSL LED lights when there is a link through the ADSL phone lines d The Internet LED lights to indicate a connection to the ISP Power LAN ports DSL Internet 5 GHZ Wireless USB port Wireless On Off button WPS On Off button 2 4 GHz Wireless USB Figure 21 Front panel LEDs Power LED Is Off If the Power and other LEDs are off when your router is tu...

Page 136: ...8 0 1 If the error persists you could have a hardware problem and should contact NETGEAR technical support LAN LED Is Off If the LAN LED does not light when the Ethernet connection is made check the following The Ethernet cable connections are secure at the modem router and at the hub or workstation The power is turned on to the connected hub or workstation Wireless LEDs Are Off If the 2 4 GHz and...

Page 137: ...ephone as described in ADSL Microfilters on page 13 If you connect the microfilters correctly you should be able to connect all your telephones If disconnecting telephones does not result in a green DSL LED there might be a problem with your wiring If the telephone company has tested the ADSL signal at your network interface device NID you might have poor quality wiring in your house DSL LED Is Of...

Page 138: ... IP address from the ISP You can determine whether the request was successful as follows 1 Access the router menus at http 192 168 0 1 and log in 2 Under Maintenance select Router Status and check that an IP address shows for the WAN port If 0 0 0 0 shows your modem router has not obtained an IP address from your ISP If your router cannot obtain an IP address from the ISP the problem might be one ...

Page 139: ...ly the modem router does not authenticate with PPPoE or PPPoA until data is transmitted to the network Cannot Load an Internet Web Page If your modem router can obtain an IP address but your browser cannot load any Internet web pages Your computer might not recognize any DNS server addresses A DNS server is a host on the Internet that translates Internet names such as www addresses to numeric IP a...

Page 140: ...1 3 Click OK You should see a message like this one Pinging IP address with 32 bytes of data If the path is working you see this message Reply from IP address bytes 32 time NN ms TTL xxx If the path is not working you see this message Request timed out If the path is not functioning correctly you could have one of the following problems Wrong physical connections Make sure that the LAN port LED is...

Page 141: ...ting the Ethernet MAC addresses of all but one of your computers Many broadband ISPs restrict access by allowing traffic only from the MAC address of your modem but some additionally restrict access to the MAC address of a single computer connected to that modem In this case configure your router to clone or spoof the MAC address from the authorized computer Cannot Log In If you cannot log in to t...

Page 142: ... make in the router interface check the following When entering configuration settings always click the Apply button before moving to another screen or tab or your changes are lost Click the Refresh or Reload button in the web browser The changes might have occurred but the old settings might be in the web browser s cache Firmware Needs to Be Reloaded When you attempt to connect to the Internet th...

Page 143: ...om one of several network time servers on the Internet Each entry in the log is stamped with the date and time of day Problems with the date and time function can include the following Date shown is January 1 2000 This means the router has not yet successfully reached a network time server Check that your Internet access is configured correctly If you have just completed configuring the router wai...

Page 144: ...the factory default settings and technical specifications for the N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B and instructions for wall mounting the unit This appendix contains the following sections Factory Settings Technical Specifications ...

Page 145: ...hown in the following table Table 10 Factory settings description Feature Default Behavior Router Login User Login URL http www routerlogin net or http www routerlogin com User Name case sensitive admin Login Password case sensitive password Internet Connection WAN MAC Address Use default address WAN MTU Size 1492 Port Speed AutoSense Local Network LAN Lan IP 192 168 0 1 Subnet Mask 255 255 255 0 ...

Page 146: ...he unit Broadcast SSID Enabled Transmission Speed Auto1 Country Region United States in North America otherwise varies by region RF Channel Auto Operating Mode Up to 145 Mbps Data Rate Best Output Power Full Access Point Enabled Authentication Type Pre Shared Key Wireless Card Access List All wireless stations allowed 1 Maximum wireless signal rate derived from IEEE Standard 802 11 specifications ...

Page 147: ...ope 230V 50 Hz input All regions output 12V AC 2 5A output Dimensions 6 80 in x 5 03 in x 1 28 in 172 7 mm x 127 7 mm x 32 5 mm Weight 0 61 lbs 0 275 kg Operating temperature 0 to 40 C 32º to 104º F Operating humidity 10 to 90 relative humidity noncondensing Storage temperature 20 to 70 C 4º to 158º F Storage humidity 5 to 95 relative humidity noncondensing Meets requirements of FCC Part 15 Class ...

Page 148: ...nnel Telecommuter Example Configuration Profile The configuration in this appendix follows the addressing and configuration mechanics defined by the VPN Consortium Gather necessary information before you begin configuration Verify that the firmware is up to date and that you have all the addresses and parameters to be set on both sides Check that there are no firewall restrictions Table 12 Wireles...

Page 149: ...used in this example are as follows Unit WAN IP LAN IP LAN Subnet Mask DGND3800B 14 15 16 17 10 5 6 1 255 255 255 0 FVL328 22 13 24 25 172 23 9 1 255 255 255 0 a For the connection name enter toGW_B b For the remote WAN s IP address enter 22 23 24 25 c Enter the following IP Address 172 23 9 1 Subnet Mask 255 255 255 0 d In the Summary screen click Done 2 Use the VPN Wizard to configure the Gatewa...

Page 150: ...E Policy Configuration screen toGW_A 14 15 16 17 22 23 24 25 4 On Gateway B router menu under VPN select VPN Policies and click the Edit button to display the VPN Auto Policy screen toGW_A toGW_A 172 23 9 10 5 6 1 14 15 16 17 toGW_A toGW_A 5 Test the VPN tunnel by pinging the remote network from a computer attached to Gateway A modem router a Open the command prompt select Start Run cmd ...

Page 151: ...n this section follows the addressing and configuration mechanics defined by the VPN Consortium Gather the necessary information before you begin configuration Verify that the firmware is up to date and that you have all the addresses and parameters to be set on both sides Check that there are no firewall restrictions Gateway A WAN IP Internet 10 506 0 24 DGND3700 LAN IP 10 5 6 1 example org WAN I...

Page 152: ...s iego net In this example Gateway A is configured using a sample FQDN provided by a DDNS service provider In this case the hostname dgnd3800 dyndns org for Gateway A was provided using the DynDNS service Gateway B uses the DDNS service provider when establishing a VPN tunnel To establish VPN connectivity Gateway A has to be configured to use Dynamic DNS and Gateway B has to be configured to use a...

Page 153: ...ervice check box In the Host Name field type dgnd3800 dyndns org In the User Name field enter the account user name In the Password field enter the account password c Click Apply d Click Show Status The resulting screen should show Update OK good 3 On NETGEAR Gateway B configure the Dynamic DNS settings Assume a correctly configured DynDNS account a Select Dynamic DNS b Select the DynDNS org radio...

Page 154: ...ser Name field enter the account user name In the Password field enter the account password d Click Apply e Click Show Status The resulting screen should show Update OK good 4 Configure the N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B as in the gateway to gateway procedures using the VPN Wizard see Set Up a Gateway to Gateway VPN Configuration on page 114 being certain to use appro...

Page 155: ...teway VPN Configuration on page 114 being certain to use appropriate network addresses for the environment a For the connection name enter toDGND3800 b For the remote WAN s IP address enter dgnd3800 dyndns org c Enter the following IP Address 10 5 6 1 Subnet Mask 255 255 255 0 6 Test the VPN tunnel by pinging the remote network from a computer attached to the modem router a Open the command prompt...

Page 156: ...ly qualified domain name FQDN Client Dynamic Gateway A main office Gateway B LAN IP 192 168 0 1 192 168 0 1 24 FQDN ntgr dyndns org from_GW_A WAN IP Internet WAN IP 0 0 0 0 toGW_A IP 192 168 2 3 regional office Client PC running NETGEAR ProSafe VPN client Figure 25 Telecommuter example Set Up Client to Gateway VPN Telecommuter Example Setting up a VPN between a remote computer running the NETGEAR ...

Page 157: ...nformation toGW_A com in this example fromGW_A com in this example fromGW_A in the example 192 168 2 3 in this example IKE Keep Alive is optional has to match Remote LAN IP Address when enabled remote computer has to respond to pings Remote NAT router has to have Address Reservation set and VPN Passthrough enabled 2 Click Apply when you are finished to display the VPN Policies screen To view or mo...

Page 158: ... the installation b If you do not have a modem or dial up adapter installed in your computer you might see the warning message stating The NETGEAR ProSafe VPN Component requires at least one dial up adapter be installed You can disregard this message c Install the IPSec component You might have the option to install either the VPN adapter or the IPSec component or both The VPN adapter is not neces...

Page 159: ...A e In the ID Type drop down list select IP Subnet f In this example in the Subnet field type 192 168 0 1 as the network address of the modem router g In the Mask field enter 255 255 255 0 as the LAN subnet mask of the modem router h In the Protocol drop down list select All to allow all traffic through the VPN tunnel i Select the Connect using Secure Gateway Tunnel check box j In the ID Type drop...

Page 160: ...creen c In the Select Phase 1 Negotiation Mode group select the Main Mode radio button 4 Configure the VPN client identity In this step you provide information about the remote VPN client computer You have to provide the pre shared key that you configured in the modem router and either a fixed IP address or a fixed virtual IP address of the VPN client computer a In the Network Security Policy list...

Page 161: ...h the screen shows asterisks This field is case sensitive 5 Configure the VPN Client Authentication Proposal In this step you provide the type of encryption DES or 3DES to be used for this connection This selection has to match your selection in the VPN router configuration a In the Network Security Policy list on the left side of the Security Policy Editor window expand the Security Policy headin...

Page 162: ...wn list select Unspecified c In the Compression drop down list select None d Select the Encapsulation Protocol ESP check box e In the Encrypt Alg drop down list select the type of encryption In this example use Triple DES f In the Hash Alg drop down list select SHA 1 g In the Encapsulation drop down list select Tunnel h Leave the Authentication Protocol AH check box cleared 7 Save the VPN client s...

Page 163: ...request a Right click the system tray icon to open the pop up menu b Select Connect to open the My Connections list c Select toDGND3800 The modem router reports the results of the attempt to connect Once the connection is established you can access resources of the network connected to the VPN router Right click the system tray icon to open the pop up menu My Connections DGD3300v2 To perform a pin...

Page 164: ...ement interface open Note You can use the VPN router diagnostics to test the VPN connection from the VPN router to the client computer To do this log in to the modem router and select Maintenance Diagnostics Monitoring the VPN Tunnel Telecommuter Example To view information about the progress and status of the VPN client connection open the Log Viewer In Windows click Start and select Programs N60...

Page 165: ...nected to a remote LAN through a VPN you might not have normal Internet access If this is the case you need to close the VPN connection to have normal Internet access View the VPN Router s VPN Status and Log Information To view information about the status of the VPN client connection open the VPN router s VPN Status screen To view status and log information 1 Select Maintenance Router Status and ...

Page 166: ... 328 2 4Ghz EN301 489 17 EN301 893 5Ghz EN60950 1 For complete DoC please visit the NETGEAR EU Declarations of Conformity website at http support netgear com app answers detail a_id 11621 EDOC in Languages of the European Community Language Statement Cesky Czech NETGEAR Inc tímto prohlašuje že tento Radiolan je ve shode se základními požadavky a dalšími príslušnými ustanoveními smernice 1999 5 ES ...

Page 167: ...n overeenstemming is met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999 5 EG Malti Maltese Hawnhekk NETGEAR Inc jiddikjara li dan Radiolan jikkonforma mal htigijiet essenzjali u ma provvedimenti ohrajn relevanti li hemm fid Dirrettiva 1999 5 EC Magyar Hungarian Alulírott NETGEAR Inc nyilatkozom hogy a Radiolan megfelel a vonatkozó alapvetõ követelményeknek és az 1999 5 EC...

Page 168: ...ause harmful interference and This device must accept any interference received including interference that may cause undesired operation FCC Radio Frequency Interference Warnings Instructions This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful...

Page 169: ...have priority of 5250 5350 MHz and 5650 5850 MHz and these radars could cause interference and or damage to LE LAN devices Ce dispositif est conforme à la norme CNR 210 d Industrie Canada applicable aux appareils radio exempts de licence Son fonctionnement est sujet aux deux conditions suivantes 1 le dispositif ne doit pas produire de brouillage préjudiciable et 2 ce dispositif doit accepter tout ...

Page 170: ... 40 box contents 8 bridged networks 87 C case study setting up VPN 148 changes not saved router 142 clients adding to network 33 client to gateway VPN tunnels 100 103 compliance 166 configuration file 58 connecting USB drive 74 connecting wirelessly 12 connection status 62 content filtering 39 custom service port forwarding 46 D date and time 143 daylight savings time 49 143 deactivating VPN tunne...

Page 171: ...ort forwarding port triggering Internet port 22 Internet port no connection 27 Internet Relay Chat IRC 43 Internet Service Provider ISP See ISP Internet traffic statistics 98 IP address 74 IP addresses DHCP 17 LAN service 80 reserved 81 IP setup LAN 80 ISP account information 17 Basic Settings screen 23 DSL settings 25 DSL synchronization 10 ISP login 18 K keep alive IKE 125 keywords blocking 40 L...

Page 172: ...ower adapter AC 11 preset security 30 37 pre shared key 32 primary DNS addresses 24 printing files and photos 66 Push N Connect See WPS Q Quality of Service QoS 82 83 R RADIUS server 32 range of wireless connections 12 ReadySHARE access 65 remote access 41 remote management 74 93 removing USB drive 72 repeater mode with wireless client association 91 replacing existing router 17 reserved IP addres...

Page 173: ... virtual channel identifier VCI 25 virtual path identifier VPI 25 VPN Auto Policy 124 128 129 VPN client 106 VPN Log Viewer 112 164 VPN Manual Policy 131 VPN network connections 124 VPN tunnels activating 118 119 client to gateway 100 103 configuring 151 control 118 gateway to gateway 100 114 monitoring 164 special setup 123 status 120 VPN Wizard 115 116 VPNs 100 overview 100 pinging 163 planning ...

Page 174: ... Router DGND3800B WPA2 PSK encryption 32 WPA 802 1x encryption 32 RADIUS servers 32 WPA PSK encryption 32 WPA PSK WPA2 PSK mixed mode 32 WPS button 34 WPS capable devices 33 WPS PSK encryption 32 WPS PSK WPA2 PSK encryption 32 wrong date or time 143 ...

Page 175: ...175 N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B ...