![Netgear DGND3300 [104/174] Example of using auto policy](/img/pdf.png)
Netgear DGND3300 [104/174] Example of using auto policy
![Netgear DGND3300 [104/174] Example of using auto policy](/views2/1205516/page104/bg68.png)
Virtual Private Networking
104
N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2
• Authentication Algorithm. The authentication algorithm used for both IKE and IPSec.
This setting has to match the setting used on the remote VPN gateway. Auto, MD5, and
SHA-1 are supported. Auto negotiates with the remote VPN endpoint and is not available
in responder-only mode.
- MD5. 128 bits, faster but less secure.
- SHA-1. 160
bits, slower but more secure. This is the default.
• Pre-share
d Key. The key has to be entered both here and on the remote VPN gateway.
• SA Life Time.
The time interval before the SA (security association) expires. (It is
automatically reestablished as required.) While using a short time period (or data amount)
increases security, it also degrades performance. It is common to use periods over an
hour (3600 seconds) for the SA life time. This setting applies to both IKE and IPSec SAs.
• Enable IPSec PFS (Perfect Forward Secrecy). If th
is check box is selected, security is
enhanced by ensuring that the key is changed at regular intervals. Also, even if one key is
broken, subsequent keys are no easier to break. (Each key has no relationship to the
previous key.)
This setting applies to both IKE and IPSec SAs. When configuring the remote endpoint to
matc
h this setting, you might have to specify the key group used. For this device, the key
group is the same as the DH Group setting in the IKE section.
Example of Using Auto Policy
Gateway A
Gateway B
VPN Tunnel
Internet
22.23.24.25
14.15.16.17
IP: 192.168.0.1
IP:192.168.3.1
Figure 6. Auto Policy
The following settings are assumed for this example:.
Table 5. Gateway-to-Gateway VPN Tunnel Configuration Worksheet
Parameter Value to Be Entered Field Selection
Connection Name GtoG N/A
Pre-Shared Key 12345678 N/A
Secure Association N/A Main Mode Manual Keys
Perfect Forward secrecy N/A Enabled Disabled
Содержание
- N300 wireless dual band adsl2 modem router dgnd3300v2 1
- User manual 1
- N300 wireless dual band adsl2 modem router dgnd3300v2 2
- Statement of conditions 2
- Technical support 2
- Trademarks 2
- Chapter 1 router internet setup 3
- Chapter 2 wireless settings 3
- Chapter 3 security settings 3
- Table of contents 3
- Chapter 4 network maintenance 4
- Chapter 5 usb storage 4
- Chapter 6 virtual private networking 4
- Appendix a troubleshooting 5
- Chapter 7 advanced settings part 1 5
- Chapter 8 advanced settings part 2 5
- Appendix b netgear vpn configuration 6
- Appendix c default configuration and technical specifications 6
- Appendix d notification of compliance 6
- Connect to the network 7
- Router internet setup 7
- Using the setup manual 7
- Log in to your n300 wireless modem router 8
- Use the setup wizard 9
- View or manually configure your isp settings 10
- Isp does not require login isp does require login 12
- N300 wireless dual band adsl2 modem router dgnd3300v2 12
- Router internet setup 12
- The fields displayed depend on whether or not your internet connection requires a login 12
- N300 wireless dual band adsl2 modem router dgnd3300v2 13
- Router internet setup 13
- Configure adsl settings 14
- Plan your wireless network 15
- Protect your network 15
- Wireless settings 15
- Wireless placement and range guidelines 16
- Wireless security options 17
- Manually configure your wireless settings 18
- N300 wireless dual band adsl2 modem router dgnd3300v2 19
- The settings for this screen are explained in the following table 19
- Wireless settings 19
- Configure and test your computers for wireless connectivity 20
- Configure wep wireless security 20
- For initial configuration and test leave the other settings unchanged 20
- N300 wireless dual band adsl2 modem router dgnd3300v2 20
- Note if you use a wireless computer to configure wireless security settings you will be disconnected when you click apply reconfigure your wireless computer to match the new settings or access the n300 wireless modem router from a wired computer to make further changes 20
- Program the wireless adapter of your computers to have the same ssid and wireless security settings as your n300 wireless modem router check that they have a wireless link and are able to obtain an ip address by dhcp from the n300 wireless modem router if there is interference adjust the channel 20
- Select the region in which the n300 wireless modem router will operate 20
- To save your changes click apply 20
- Wireless settings 20
- Configure wpa wpa2 or mixed wpa2 wpa wireless security 22
- Use a wps button to add a wps client 24
- Use push n connect wps to configure your wireless network 24
- Use pin entry to add a wps client 25
- Configure advanced wps settings 27
- Connect additional wireless client devices after wps setup 27
- Add both wps and non wps clients 28
- Add more wps clients 28
- Restrict access to your n300 wireless modem router 29
- A wireless guest network allows you to provide guests access to your wireless network without prior authorization of each individual guest you can configure wireless guest networks and specify the security options for each wireless guest network 31
- N300 wireless dual band adsl2 modem router dgnd3300v2 31
- Restricting access by mac address you can use the wireless card access list to restrict access see restrict access by mac address on page 35 31
- The guest network settings screen that you see depends on the setting in the wireless mode field on the wireless settings screen and on which selection you make from the main menu the guest network selection is grayed out if it is not available the following table shows wireless modes menu selections and guest networks 31
- Wireless guest networks 31
- Wireless settings 31
- Flexible settings 33
- Live parental controls 33
- Minimal software installation 33
- Total home protection 33
- Web based interface 33
- Keep unwanted content out of your network 34
- Protect access to your n300 wireless modem router 34
- Security settings 34
- Change the built in password 35
- Restrict access by mac address 35
- Block access to internet sites 37
- Firewall rules 38
- Enter the settings to specify the service as explained in the following table 40
- From the service list select the service that you want to add or edit 40
- N300 wireless dual band adsl2 modem router dgnd3300v2 40
- Security settings 40
- To add or edit a rule from the firewall rules screen 40
- To edit a rule select its radio button to add a rule click add it does not matter which radio button is selected depending on your selection either the outbound services screen or inbound services screen is displayed 40
- Before starting you need to determine which type of service application or game you will provide and the local ip address of the computer that will provide the service be sure the computer s ip address never changes 41
- Click apply to have your changes take effect 41
- N300 wireless dual band adsl2 modem router dgnd3300v2 41
- Port forwarding 41
- Security settings 41
- The new rule will be listed in the table when you return to the firewall rules screen 41
- Use the port forwarding screen to configure the n300 wireless modem router to forward specific incoming protocols to computers on your local network in addition to servers for specific applications you can also specify a default dmz server to which all other incoming protocols are forwarded the dmz server is configured in the wan setup screen as discussed in configure the wan setup options on page 115 41
- Using the port forwarding feature you can allow certain types of incoming traffic to reach servers on your local network for example you might make a local web server ftp server or game server visible and available to the internet 41
- Add a custom port forwarding rule 42
- Add a pre set port forwarding rule 42
- Port triggering 43
- Block access to internet services 45
- Schedule blocking 46
- View logs of web access or attempted web access 46
- N300 wireless dual band adsl2 modem router dgnd3300v2 47
- Security settings 47
- The following information is provided in the logs 47
- To clear the log entries click the clear log button 47
- To e mail the log immediately click the send log button 47
- Configure email alert and web access log notifications 48
- Set the time 49
- Administer your network 50
- Network maintenance 50
- Upgrade the firmware 50
- Manually check for firmware upgrades 51
- View n300 wireless modem router status information 53
- N300 wireless dual band adsl2 modem router dgnd3300v2 54
- Network maintenance 54
- Click the connect button and the n300 wireless modem router attempts to connect to the internet 55
- Click the disconnect button to disconnect the n300 wireless modem router internet connection 55
- Connection status 55
- N300 wireless dual band adsl2 modem router dgnd3300v2 55
- Network maintenance 55
- To view the connection status on the router status screen click connection status l 55
- Click the close window button to close the connection status screen 56
- N300 wireless dual band adsl2 modem router dgnd3300v2 56
- Network maintenance 56
- Statistics 56
- The following table describes the connection status settings 56
- To view statistics on the router status screen click show statistics 56
- View a list of attached devices 57
- Back up and restore the configuration 58
- Erase the configuration 58
- Manage the configuration file 58
- Run diagnostic utilities and reboot the router 59
- Enable remote management access 60
- Traffic meter 61
- Network storage to share files and back up data 64
- Usb storage 64
- File sharing scenarios 65
- Usb drive requirements 65
- Share large files with colleagues 66
- Share photos with friends and family 66
- Store files in a central location for printing 66
- Usb storage basic settings 67
- N300 wireless dual band adsl2 modem router dgnd3300v2 68
- Note if you logged in to the n300 wireless modem router before you connected your usb device you might not see your usb device in the n300 wireless modem router screens until you log out and then log back in again 68
- The following table explains the fields and buttons in this screen 68
- Usb storage 68
- You can also type readyshare in the address field of your web browser 68
- Edit a network folder 69
- Advanced settings the usb storage advanced settings screen displays 70
- Configure usb storage advanced settings 70
- N300 wireless dual band adsl2 modem router dgnd3300v2 70
- Usb storage 70
- You can use this screen to specify access to the usb storage device the following table explains the fields and buttons in the usb storage advanced settings screen 70
- Create a network folder 71
- Media server settings 72
- Unmount a usb drive 72
- Connect to the usb drive from a remote computer 73
- Specify approved usb devices 73
- Access the router s usb drive remotely using ftp 74
- Connect to the usb drive with microsoft network settings 74
- Enable file and printer sharing 74
- Locate the internet port ip address 74
- Configure windows 2000 and windows xp 75
- Configure windows 98se and windows me 75
- Virtual private networking 76
- A vpn client access allows a remote computer to connect to your network from any location on the internet the remote computer is one tunnel endpoint running the vpn client software the n300 wireless modem router on your network is the other tunnel endpoint see set up a client to gateway vpn configuration on page 80 77
- Client to gateway vpn tunnels 77
- Client to gateway vpn tunnels provide secure access from a remote computer such as a telecommuter connecting to an office network 77
- Figure 1 telecommuter vpn tunnel 77
- Figure 2 vpn tunnel between networks 77
- Gateway to gateway vpn tunnels 77
- Gateway to gateway vpn tunnels provide secure access between networks such as a branch or home office and a main office 77
- Overview of vpn configuration 77
- Two common scenarios for vpn tunnels are between a remote computer and a network gateway and between two or more network gateways the dgnd3300v2 supports both types the dgnd3300v2 supports up to five concurrent tunnels 77
- A vpn between two or more netgear vpn enabled routers is a good way to connect branch or home offices and business partners over the internet vpn tunnels also enable access to network resources across the internet in this case use gateways on each end of the tunnel to form the vpn tunnel end points see set up a gateway to gateway vpn configuration on page 90 for information about how to set up this configuration 78
- N300 wireless dual band adsl2 modem router dgnd3300v2 78
- Plan a vpn 78
- Table 1 vpn tunnel configuration worksheet 78
- This set of configuration information defines a security association sa between the two vpn endpoints when planning your vpn you have to make a few choices first 78
- To set up a vpn connection you need to configure each endpoint with specific identification and connection information describing the other endpoint you configure the outbound vpn settings on one end to match the inbound vpn settings on other end and vice versa 78
- Virtual private networking 78
- When you set up a vpn it is helpful to plan the network configuration and record the configuration parameters on a worksheet 78
- Will either endpoint use fully qualified domain names fqdns fqdns supplied by dynamic dns providers see use a fully qualified domain name fqdn on page 147 78
- Will the local end be any device on the lan a portion of the local network as defined by a subnet or by a range of ip addresses or a single computer 78
- Will the remote end be any device on the remote lan a portion of the remote network as defined by a subnet or by a range of ip addresses or a single computer 78
- Vpn tunnel configuration 79
- Set up a client to gateway vpn configuration 80
- Step 1 configure the client to gateway vpn tunnel 80
- Fill in the connection name and pre shared key fields 81
- N300 wireless dual band adsl2 modem router dgnd3300v2 81
- Table 3 vpn tunnel configuration worksheet 81
- The connection name is for convenience and does not affect how the vpn tunnel functions 81
- The following worksheet identifies the parameters used in this procedure which are highlighted in blue for a blank worksheet see plan a vpn on page 78 81
- To configure a client to gateway vpn tunnel using the vpn wizard 81
- Virtual private networking 81
- Vpn wizard the following screen displays click next 81
- Step 2 configure the netgear prosafe vpn client 83
- Set up a gateway to gateway vpn configuration 90
- Figure 5 gateway to gateway vpn tunnel 91
- Follow this procedure to configure a gateway to gateway vpn tunnel using the vpn wizard 91
- N300 wireless dual band adsl2 modem router dgnd3300v2 91
- Set the lan ips on each n300 wireless modem router to a different subnet and configure each correctly for the internet the subsequent examples assume the settings shown in the following table 91
- Table 4 gateway to gateway vpn tunnel configuration worksheet 91
- The lan ip address ranges of each vpn endpoint has to be different the connection will fail if both are using the netgear default address range of 192 68 x 91
- Virtual private networking 91
- Activate a vpn tunnel 94
- Vpn tunnel control 94
- Use the vpn status screen to activate a vpn tunnel 95
- Activate the vpn tunnel by pinging the remote endpoint 96
- Start using a vpn tunnel to activate it 97
- Verify the status of a vpn tunnel 97
- Deactivate a vpn tunnel 98
- Use the policy table on the vpn policies screen to deactivate a vpn tunnel 99
- Use the vpn status screen to deactivate a vpn tunnel 99
- Delete a vpn tunnel 100
- Set up vpn tunnels in special circumstances 100
- Configure vpn network connection parameters 101
- Use auto policy to configure vpn tunnels 101
- Vpn auto policy general settings 102
- Vpn auto policy local lan settings 102
- Vpn auto policy remote lan settings 102
- Vpn auto policy ike settings 103
- Vpn auto policy parameters 103
- Example of using auto policy 104
- N300 wireless dual band adsl2 modem router dgnd3300v2 105
- Set the lan ips on each n300 wireless modem router to different subnets and configure each correctly for the internet 105
- Table 5 gateway to gateway vpn tunnel configuration worksheet continued 105
- The vpn auto policy screen displays 105
- To use auto policy 105
- Virtual private networking 105
- Vpn policies and click the add auto policy button 105
- Click apply the vpn policies screen displays 106
- Enter these policy settings 106
- Ip address for example 192 68 106
- N300 wireless dual band adsl2 modem router dgnd3300v2 106
- Remote lan start ip address 106
- Repeat these steps for the dgnd3300v2 on lan b pay special attention to the following network settings general remote address data for example 14 5 6 7 106
- Subnet mask for example 255 55 55 106
- Virtual private networking 106
- Use manual policy to configure vpn tunnels 107
- Vpn manual policy general settings 108
- Vpn manual policy local lan settings 108
- Vpn manual policy esp settings 109
- Vpn manual policy remote lan settings 109
- Advanced settings part 1 110
- Configure for unique situations 110
- Use the lan setup options 110
- Advanced settings part 1 112
- By default the n300 wireless modem router functions as a dhcp server allowing it to assign ip dns server and default gateway addresses to all computers connected to the n300 wireless modem router s lan the assigned default gateway address is the lan address of the n300 wireless modem router the n300 wireless modem router assigns ip addresses to 112
- N300 wireless dual band adsl2 modem router dgnd3300v2 112
- Use the n300 wireless modem router as a dhcp server 112
- Address reservation 113
- Use a dynamic dns service 114
- Configure the wan setup options 115
- Advanced settings part 1 116
- From the main menu under advanced click wan setup to view the wan setup screen 116
- N300 wireless dual band adsl2 modem router dgnd3300v2 116
- The wan setup fields are described in the following table 116
- To configure the wan setup options 116
- Set up a default dmz server 117
- Configure qos for internet access 118
- Set up quality of service qos 118
- Qos for applications and online gaming 119
- Qos for a router lan port 120
- Configure static routes 121
- Edit or delete an existing qos policy 121
- Qos for a mac address 121
- Wireless repeating also called wds 123
- Set up the base station 125
- Wireless repeating function 125
- Set up a repeater unit 126
- Advanced settings part 2 128
- Common connection types 128
- Fine tune your network 128
- Assess your speed requirements 129
- A media center in one room streaming high definition video from a server in another room 130
- A storage device that is used for backing up your computers 130
- Advanced settings part 2 130
- As your network grows it might consist of several segments of different networking technologies each providing different throughput in planning your network you should first consider which devices will have the heaviest traffic flow between them examples are 130
- N300 wireless dual band adsl2 modem router dgnd3300v2 130
- Next consider the throughput of your network devices where possible make the heaviest traffic connections using higher speed technologies with no lower speed bottlenecks in the path 130
- Optimize your network bandwidth 130
- Optimize wireless performance 131
- Change the mtu size 132
- Universal plug and play 133
- A troubleshooting 135
- Diagnose and solve problems 135
- Quick tips 135
- Troubleshooting 135
- After approximately 10 seconds verify that 136
- After you turn on power to the n300 wireless modem router the following sequence of events should occur 136
- N300 wireless dual band adsl2 modem router dgnd3300v2 136
- The adsl link led is lit indicating that a link has been established to the connected device 136
- The lan port leds are lit for any local ports that are connected if a lan port is connected to a 100 mbps device verify that the port s led is green if the port is 10 mbps the led is amber 136
- The power led is green 136
- The wireless leds are lit 136
- To troubleshoot with the leds 136
- Troubleshoot with the leds 136
- Troubleshooting 136
- When power is first applied verify that the power led 136
- If any of the conditions in step 2 on page 136 does not occur see the following table 137
- N300 wireless dual band adsl2 modem router dgnd3300v2 137
- Troubleshooting 137
- Cannot access the n300 wireless modem router menu 138
- Cannot access the internet 139
- Check the configuration 139
- Check the wan ip address 139
- Test the lan path to your router 140
- Troubleshoot a network using the ping utility 140
- Test the path from your computer to a remote device 141
- Problems with date and time 142
- Wireless connectivity 142
- View available networks 143
- B netgear vpn configuration 144
- Configuration profile 144
- Netgear vpn configuration 144
- The configuration in this appendix follows the addressing and configuration mechanics defined by the vpn consortium gather necessary information before you begin configuration verify that the firmware is up to date and that you have all the addresses and parameters to be set on both sides check that there are no firewall restrictions 144
- This appendix is a case study on how to configure a secure ipsec vpn tunnel from a netgear dgnd3300v2 to a fvl328 this case study follows the vpn consortium interoperability profile guidelines found at http www vpnc org interopprofiles interop 01 html 144
- Step by step configuration 145
- A dynamic dns ddns service allows a user whose public ip address is dynamically assigned to be located by a host or domain name it provides a central public database where information such as e mail addresses host names and ip addresses can be stored 147
- Configuration profile 147
- Many isps provide connectivity to their customers using dynamic instead of static ip addressing this means that a user s ip address does not remain constant over time which presents a challenge for gateways attempting to establish vpn connectivity 147
- N300 wireless modem router with fqdn to gateway b 147
- The configuration in this section follows the addressing and configuration mechanics defined by the vpn consortium gather the necessary information before you begin configuration verify that the firmware is up to date and that you have all the addresses and parameters to be set on both sides check that there are no firewall restrictions 147
- This section is a case study on how to configure a vpn tunnel from a netgear n300 wireless modem router to a gateway using a fully qualified domain name fqdn to resolve the public address of one or both routers this case study follows the vpn consortium interoperability profile guidelines found at http www vpnc org interopprofiles interop 01 html 147
- Use a fully qualified domain name fqdn 147
- Step by step configuration 148
- Configuration summary telecommuter example 150
- Figure 9 telecommuter example 151
- N300 wireless dual band adsl2 modem router dgnd3300v2 151
- Netgear vpn configuration 151
- On page 153 describes configuring the netgear prosafe vpn client endpoint 151
- Set up client to gateway vpn configuration telecommuter example 151
- Setting up a vpn between a remote computer running the netgear prosafe vpn client and a network gateway involves two steps 151
- Step 1 configure gateway a the netgear vpn router at the main office on page 152 151
- Step 2 configure gateway b the n300 wireless modem router at the regional office 151
- Verify that the firmware is up to date and make sure you have all the addresses and parameters to be set on both sides assure that there are no firewall restrictions 151
- Click apply when you are finished to display the vpn policies screen 152
- Log in to the vpn router select vpn policies to display the vpn policies screen click add auto policy to proceed and enter the information 152
- N300 wireless dual band adsl2 modem router dgnd3300v2 152
- Netgear vpn configuration 152
- Step 1 configure gateway a the netgear vpn router at the main office 152
- To configure the vpn tunnel 152
- Step 2 configure gateway b the n300 wireless modem router at the regional office 153
- Monitor the vpn tunnel telecommuter example 159
- View the vpn router s vpn status and log information 160
- C default configuration and technical specifications 161
- Default configuration and technical 161
- Restore the factory configuration settings 161
- Specifications 161
- Use the restore factory settings button 161
- Default configuration and technical specifications 162
- N300 wireless dual band adsl2 modem router dgnd3300v2 162
- Release the restore factory settings button and wait for the router to reboot the power led blinks red three times and then turns green when the default configuration settings have been restored 162
- Default configuration and technical specifications 163
- N300 wireless dual band adsl2 modem router dgnd3300v2 163
- Default configuration and technical specifications 164
- N300 wireless dual band adsl2 modem router dgnd3300v2 164
- Technical specifications 164
- D notification of compliance 165
- Europe eu declaration of conformity 165
- Netgear wireless routers gateways aps 165
- Notification of compliance 165
- Regulatory compliance information 165
- N300 wireless dual band adsl2 modem router dgnd3300v2 166
- Notification of compliance 166
- Fcc caution 167
- Fcc declaration of conformity 167
- Fcc guidelines for human exposure 167
- Fcc information to user 167
- Fcc radio frequency interference warnings instructions 167
- Fcc requirements for operation in the united states 167
- N300 wireless dual band adsl2 modem router dgnd3300v2 167
- Notification of compliance 167
- Canadian department of communications radio interference regulations 168
- Caution 168
- Gpl license agreement 168
- Important note radiation exposure statement 168
- Industry canada 168
- N300 wireless dual band adsl2 modem router dgnd3300v2 168
- Note importante déclaration d exposition aux radiations 168
- Notification of compliance 168
- Interference reduction table 169
- N300 wireless dual band adsl2 modem router dgnd3300v2 169
- Notification of compliance 169
- Numerics 170
- N300 wireless dual band adsl2 modem router dgnd3300v2 171
- N300 wireless dual band adsl2 modem router dgnd3300v2 172
- N300 wireless dual band adsl2 modem router dgnd3300v2 173
- N300 wireless dual band adsl2 modem router dgnd3300v2 174
Похожие устройства
- Netgear WNR1000 Инструкция по эксплуатации
- Netgear DGN3500 Инструкция по эксплуатации
- Netgear DGN2200 Инструкция по эксплуатации
- Nec V230X Инструкция по эксплуатации
- Nec M230X Инструкция по эксплуатации
- Nec V260X Инструкция по эксплуатации
- Nec PA550W Инструкция по эксплуатации
- Nec U250X Инструкция по эксплуатации
- Nec U300X Инструкция по эксплуатации
- Nec M420X Инструкция по эксплуатации
- Nec PA600X Инструкция по эксплуатации
- Nec V260 Инструкция по эксплуатации
- Nec M300XS Инструкция по эксплуатации
- Nec P420X Инструкция по эксплуатации
- Nec M350XS Инструкция по эксплуатации
- Nec U310W Инструкция по эксплуатации
- Nec M350X Инструкция по эксплуатации
- Nec M260WS Инструкция по эксплуатации
- Nec P350W Инструкция по эксплуатации
- Nec V300W Инструкция по эксплуатации