Downloads   Registration   Customer Service    Service Offerings    Discussion Forums    Support Home    NETGEAR Home    
FVS338, FVX538, or FVS124G Router to VPN Client Connection

FVS338, FVX538, or FVS124G Router to VPN Client Connection

This describes how to configure a VPN connection between a Windows computer and the FVX538 VPN Firewall. The procedure also applies to the FVS338 VPN Firewall.

You can use the FVX538's VPN Wizard to create a single policy set (IKE and VPN policies) to allow up to 50 remote users to connect from mobile locations or locations whose IP addresses are not permanently assigned. These computers may be directly connected to the Internet or they may be behind NAT routers, but we will assume that they are using temporary IP addresses such as would be assigned by typical home or hotel Internet service.

If more than 50 remote computers are to be connected, an additional client policy must be created. Each computer uses NETGEAR's ProSafe VPN Client. Since the remote computer's IP address is assumed to be unknown, the computer must always be the connection initiator.

This was tested using:

  • NETGEAR FVX538 VPN Firewall with version 1.6.11 firmware
  • NETGEAR VPN Client version 10.3.5 (Build 6)
  • NAT router: NETGEAR FR114P with version 1.5_09 firmware

Configuring the FVX538

  1. Select the VPN Wizard. The VPN Wizard window appears (shown below).
  2. Give the client connection a name, such as home.
  3. Enter a value for the pre-shared key.
  4. Select a remote VPN client.

  5. Click Next to go to the summary page.
  6. Click Done to create the 'home' IKE and VPN policies.

Configuring the VPN client

  1. Right-click the VPN client icon in the Windows toolbar and select Security Policy Editor.
  2. In the upper left of the Policy Editor window, click the New Document icon to open a New Connection.



  3. Give the New Connection a name, such as to_FVX.

  4. In the Remote Party Identity section, select ID Type of IP Subnet.
    • Enter the LAN IP Subnet Address and Subnet Mask of the FVX538's LAN.
    • Select Connect using Secure Gateway Tunnel.
    • Under ID Type, select Domain Name and also Gateway IP Address.
    • For Domain Name, enter fvx_local.com and enter the WAN IP Address of the FVX538.

  5. In the left frame, click My Identity.
  6. Select Certificate = None.
  7. Under ID Type, select Domain Name.
    The value entered under Domain Name will be of the form '<name><number>.fvx_remote.com', where each user must use a different variation on the Domain Name entered here. The <name> is the policy name used in the FVX538 configuration. In this example, it is 'home'. The <number> is a number from 1 to 50 (For FVS124G, use a number from 1 to 10), chosen for each user. In this example, we have entered home11.fvx_remote.com. Up to fifty users can be served by one client policy.
  8. Set Virtual Adapter to Disabled or Preferred. Although your connection will work with Virtual Adapter disabled, if another user behind another NAT router has the same private IP address as yours (for example, 192.168.0.2), your connection could be disrupted. We recommend setting Virtual Adapter to Preferred (not Required), and choosing a private IP address that is not used anywhere in your network for Internal Network IP Address.
  9. For Internet Interface, select your computer's network adapter. Your current IP address appears.

  10. Before leaving the My Identity menu, click Pre-Shared Key.
    Click Enter Key, type your preshared key, and click OK. This key will be shared by all users of the FVX538 policy "home".
  11. In the left frame, click Security Policy.
    • Select Phase 1 Negotiation Mode = Aggressive Mode.
    • Disable PFS.
    • Enable Replay Detection.
  12. In the left frame, expand Authentication and select Proposal 1.
       The settings should be: Pre-Shared Key, Triple DES, SHA-1, Unspecified, D-H Group 2.
  13. In the left frame, expand Key Exchange and select Proposal 1.
       The settings should be: Unspecified, None, ESP-Enabled, Triple DES, SHA-1, Tunnel, AH-Disabled.
  14. In the upper left of the window, click the disk icon to save the policy.

Testing Your Connection

  1. Right-click the VPN client icon in the Windows toolbar and select Connect, then My Connections\to_FVX.
  2. Within 30 seconds the message "Successfully connected to My Connections\to_FVX" displays and the VPN client icon in the toolbar reads On.
For status and troubleshooting information, right-click the VPN client icon in the Windows toolbar and select "Connection Monitor" or "Log Viewer", or view the VPN log and status menu in the FVX538.

Doc: N101437.asp Jan. 17, 2005

  
   


Support Knowledgebase
Manuals
Sales and Company Information
                © 1998-2006 NETGEAR | Contact Us | Configure Your Network | Home