How to configure a VPN connection between ProSafe VPN Client Software and FVS318v3?

Note: The following configuration was tested with NETGEAR FVS318v3 firmware version 3.0.21 NETGEAR ProSafe VPN Client Software version 10.5.1 (Build 8)

Configure FVS318v3:

1. Log into the FV318v3’s admin GUI.
2. Click on VPN Wizard on the left panel under VPN.
3. Click Next.
   
4. Enter a connection name and a value for the pre-shared key. The same name and pre-shared key have to be entered when configuring the ProSafe VPN client software. Select This VPN tunnel will connect to A remote VPN client. Click Next.
   
5. A summary of the VPN policy will be displayed. Click Done. If you do not click Done. The VPN policy won’t be created.
   
6. You can review the IKE policy and VPN policy by click on IKE Policies.
   
7. And the VPN policy. In most cases, you can just leave them as it.
   

Configure the ProSafe VPN Client Software

1. Right click on the ProSafe VPN client icon on the system tray and select Security Policy Editor.
2. Under the Edit menu, select Add and select Connection.
   
3. A new connection will be created. You can rename the connection name by double click on the name. On the right panel, under Remote Party Identity and Addressing, select IP Subnet as ID Type, enter the LAN subnet on the FVS318v3 as Subnet and enter the LAN subnet mask as Mask. Select All for Protocol. Check the box Connect using and select Secure Gateway Tunnel. For ID Type, select Domain Name and enter fvs_local under Domain Name. Select Gateway IP Address and enter the WAN IP address of the FVS318v3.
   
4. On the left panel, click on Security Policy. On the right panel, select Aggressive Mode under Phase 1 Negotiation Mode. Make sure Enable Perfect Forward Secrecy is unchecked. Leave Enable Replay Detection checked.
   
5. Click on My Identity on the left panel. On the right panel, select None under Select Certificate. For ID Type, select Domain Name and enter
   
   vpn_client<1-8>.fvs_remote_<policy name>
   
   where the policy name is the VPN policy name you entered when configure VPN Wizard on the FVS318. The number 1-8 is being used to distinguish between multiple VPN client users connected to the FVS318v3 at the same time. In our example, the domain name will be vpn_client<1-8>.fvs_remote_vpn_client. Another VPN client user can use vpn_client2.fvs_remote_vpn_client as domain name. etc. For Virtual Adapter, select Disabled. Select Any for Internet Interface. If you cannot find Domain Name under ID Type, you may not have select Aggressive mode under Security Policy as indicated on Step (4).
   
6. Click on the Pre-Shared Key button, and Click Enter Key. Enter the same pre-shared key you’ve entered when configure the FVS318v3. Click OK.
   
7. On the left panel, expand Security Policy and Authentication (Phrase 1) and click on Proposal 1. On the right panel, you can keep everything as default. Make sure they match the screen below.
   
8. On the left panel, expand on Key Exchange (Phrase 2) and click on Proposal 1. On the right panel, left everything as default. Make sure they mach the screen below.
   
9. Save the policy by click on the save button or choose File > Save.
10. To connect, right click on the ProSafe VPN client icon on the system tray and choose Connect, select the Connection Profile you just created.
    
11. A connection status window should be displayed and eventually, it should said Successfully connect to your connection profile.
    
12. You can test the VPN by pinging resources behind the FVS318v3.
13. If the VPN will not connect, double check the parameters in both the FVS318v3 and the VPN Client Policy, make sure they are matching on both side.
14. For more troubleshooting, you can review the VPN log on the FVS318v3 and the Log Viewer on the ProSafe VPN client by right click on the ProSafe VPN client icon on the system tray and select Log Viewer. A successful connection should appear as follow in the Log Viewer.
    

N101769.asp Jun.18, 2008