Do you have a question? Post it now! No Registration Necessary. Now with pictures!
February 3, 2007, 6:23 pm
rate this thread
information needs to be updated on this chat for those who still use
it. the last post was in 2003, so i am assuming everyone has figured
it out. but just in case there are a few lost souls out there, the
netgear site has perfect help on this. here is the link:
follow these instructions to the tee and it will be fine.
here they are in case the link changes.
Instructions to configure a VPN tunnel between a NETGEAR ProSafe VPN
Client and a FVS318 (or a FVM318) router. This works for either a dial-
up or a permanent Internet connection.
* This is tested with FVS318 router firmware 2.2 and Netgear VPN
client software version 10.
* This also tested with FVM318 firmware 1.1 and Netgear VPN client
software version 10.
* Earlier versions of these routers' firmware work similarly.
First collect this information:
* Your routers's WAN IP or the Fully Qualified Domain Name (FQDN)
of your router's WAN IP address. Find this by clicking Maintenance >
Router Status. If your router has a dynamic WAN IP address, configure
the Dynamic DNS setting under the Advanced menu. Otherwise, the next
time your router's WAN IP address changes, the VPN client won't
* The Local IP address of your LAN. E.g., 192.168.0.0 is the
factory default address of your LAN for the router. You can find the
LAN IP address of your router by selecting Advanced > LAN IP Setup.
* Remote IP address. This is the virtual IP address the VPN client
gets when connecting to the router. It can be any IP address other
than the LAN IP address.
To Configure the Router
1. Log in to the FVS318 (or FVM318) gateway.
2. Click Setup > VPN Setting. Choose one of the unassigned policies
and click Edit.
1. Enter a descriptive name for the policy in the Connection
Name textbox. It is only used to help you manage the VPN polices.
2. For "Local IPSEC Identifier", enter the WAN IP address or
the Fully Qualified Domain Name. If you select Fully Qualified Domain
Name, make sure your FQDN resolves to your WAN IP address.
3. For "Remote IPSec Identifier", enter any name. The same
name is used when you configure the VPN client software. (Step 12d in
the next section.)
4. In the "Tunnel can be accessed from" box, choose a subnet
of local address. For Local LAN start IP Address, enter your LAN's
starting IP address. For Local LAN IP Subnet mask, enter your LAN's
netmask. You can look it up from the LAN IP Setup menu.
5. In the Tunnel can access box, choose a single remote
6. For Remote LAN start IP address, enter an IP address
that's not in your LAN IP subnet. For this example, 192.168.100.1.
7. Leave the Remote WAN IP or FQDN box blank.
8. For "Secure Association", choose Aggressive Mode.
9. For "Perfect Forward Secrecy", check Enabled.
10. For "Encryption Protocol", choose an encryption algorithm.
In this example we'll choose 3DES. Use the same algorithm when
configuring the VPN client software. (Step 11c in the next section.)
11. For "Key Group", choose Diffie-Hellman Group2.
12. For "Pre-shared Key", enter a string of numbers or
letters. The same key needs to be entered when configuring the VPN
13. Enter 28800 seconds for Key Life.
14. Enter 86400 for IKE Life Time.
15. If you use Netbios, check NETABIOS Enable.
16. Click Apply.
To Configure the VPN Client Software
1. Install the NETGEAR VPN client.
2. Start the Security Policy Editor by right-clicking on the
NETGEAR VPN client icon on the system tray and choose Security Policy
3. Create a new VPN connection profile. Edit > Add > Connection.
This creates a new connection profile named New Connection. You can
rename the connection profile by double-clicking the name and typing
over a new one.
4. Click the new connection profile, the right panel displays the
1. For "Connection Security", choose Secure.
2. Under "Remote Party Identity and Addressing", choose IP
Subnet for ID Type.
3. For "Subnet" and "Mask", enter the same subnet and netmask
you defined in Step 2d of the of the router configuration. It is your
LAN IP subnet behind the router.
4. Choose All for Protocol.
5. Check Connect using.
6. Choose Secure Gateway tunnel.
7. For "ID Type", choose Any.
8. If, in Step 2b, you specified local IPSec identifier as
WAN IP Address, choose Gateway IP Address and enter the router's WAN
9. If, in Step 2b, you specified local IPSec identifier as
Fully Qualified Domain Name, choose Gateway Hostname and enter the
FQDN of your router's WAN IP.
5. On the Security Policy Editor menu, click Options > Global
Policy Settings. The Global Policy Setting dialog box opens.
1. Enter 45 for Retransmit Interval.
2. Enter 3 for Number of Retries.
3. Check Send status notifications to peer hosts.
4. Check Allow to Specify Internal Network Address.
5. Check Enable IPSEC logging.
6. Click OK.
6. Click Security Policy. In the right panel, choose Aggressive
Mode for Phase 1 Negotiation Mode.
7. Check Enable Perfect Forward Secrecy (PFS).
8. Choose Diffie-Hellman Group 2 for PFS Key Group.
9. Check Enable Replay Detection.
10. Expand Security Policy and expand Authentication (Phase 1),
click on Proposal 1.
1. In the right panel: For Authentication Method, choose Pre-
2. For Encrypt Alg, choose the same encryption algorithm you
chose in Step 2j of the previous section. In our example, we chose
Triple DES (3DES).
3. For Hash Alg, choose MD5 or SHA-1. SHA-1 is fine.
4. For SA Life, choose Unspecified.
5. For Key Group, choose Diffie-Hellman Group 2.
11. Expand Key Exchange and click Proposal 1.
1. In the right panel, under IPSec Protocols, choose
Unspecified for SA Life.
2. Choose None for Compression.
3. Check Encapsulation Protocol (ESP). Choose the same
encryption algorithm you chose in Step 2j of the previous section for
4. For Hash Alg., choose MD5 or SHA-1.
5. Choose Tunnel for Encapsulation.
12. Expand the connection profile and click My Identity.
1. In the right panel: For "Select Certificate", click None.
2. Click Preshared Key. The Preshared Key dialog box opens.
3. Click Enter Key and enter the same key as in Step 2l of
the previous section. (That's Step 2 lowercase L.)
4. For ID Type, choose Domain Name and enter the same name
you entered in Step 2c.
5. For "Virtual Adapter", choose Disabled.
6. For "Internal Network IP Address", enter the IP address in
Step 2f. In our example this was 192.168.100.1.
7. For "Internet Interface", choose Any for Name.
13. Save the configuration by selecting File > Save.
To test the VPN connection, right-click the Netgear VPN icon in the
System Tray, and click Connect. Choose the new connection you just
created. If you have been successful a pop-up box Manual Connection
Status reads "Successfully connected...."
Also test by pinging the IP address on the LAN subnet of your router.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum