Table of ContentsPreviousNextIndexSearch Knowledge Base

Complete PDF manual
PDF of This Chapter

Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC

This procedure describes how to configure the NETGEAR ProSafe VPN Client. We will assume the PC running the client has a dynamically assigned IP address.

The PC must have the NETGEAR ProSafe VPN Client program installed that supports IPSec. Go to the NETGEAR website (http://www.netgear.com) and select VPN01L_VPN05L in the Product Quick Find drop-down menu for information on how to purchase the NETGEAR ProSafe VPN Client.
Note: Before installing the NETGEAR ProSafe VPN Client software, be sure to turn off any virus protection or firewall software you may be running on your PC.

  1. Install the NETGEAR ProSafe VPN Client on the remote PC and reboot.
    • You may need to insert your Windows CD to complete the installation.
    • If you do not have a modem or dial-up adapter installed in your PC, you may see the warning message stating "The NETGEAR ProSafe VPN Component requires at least one dial-up adapter be installed." You can disregard this message.
    • Install the IPSec Component. You may have the option to install either the VPN Adapter or the IPSec Component or both. The VPN Adapter is not necessary.
    • The system should show the ProSafe icon () in the system tray after rebooting.
    • Double-click the system tray icon to open the Security Policy Editor.
  2. Add a new connection as follows:
    1. Run the NETGEAR ProSafe Security Policy Editor program and, using the VPN Tunnel Configuration Worksheet, create a VPN Connection.
    2. From the Edit menu of the Security Policy Editor, click Add, then Connection. A "New Connection" listing appears in the list of policies. Rename the "New Connection" so that it matches the Connection Name you entered in the VPN Settings of the DG834 on LAN A.
      Note: In this example, the Connection Name used on the client side of the VPN tunnel is toDG834 and it does not have to match the RoadWarrior Connection Name used on the gateway side of the VPN tunnel (see Figure 6-5) because Connection Names are arbitrary to how the VPN tunnel functions.

      Tip: Choose Connection Names that make sense to the people using and administrating the VPN.

      3. Figure 6-9

      Figure 6-10

    3. Select the Secure in the Connection Security check box.
    4. Select IP Subnet in the ID Type menu.
    5. In this example, type 192.168.3.1 in the Subnet field as the network address of the DG834.
    6. Enter 255.255.255.0 in the Mask field as the LAN Subnet Mask of the DG834.
    7. Select All in the Protocol menu to allow all traffic through the VPN tunnel.
    8. Select the Connect using Secure Gateway Tunnel check box.
    9. Select IP Address in the ID Type menu below the check box.
    10. Enter the public WAN IP Address of the DG834 in the field directly below the ID Type menu. In this example, 22.23.24.25 would be used.
    11. The resulting Connection Settings are shown in Figure 6-10.
  3. Configure the Security Policy in the NETGEAR ProSafe VPN Client software:
    1. In the Network Security Policy list, expand the new connection by double clicking its name or clicking on the "+" symbol. My Identity and Security Policy subheadings appear below the connection name.
    2. Click on the Security Policy subheading to show the Security Policy menu.

      Figure 6-11

    3. Select the Main Mode in the Select Phase 1 Negotiation Mode check box.
  4. Configure the VPN Client Identity.

    5. In this step, you will provide information about the remote VPN client PC. You will need to provide the Pre-Shared Key that you configured in the DG834 and either a fixed IP address or a "fixed virtual" IP address of the VPN client PC.

    1. In the Network Security Policy list on the left side of the Security Policy Editor window, click on My Identity.

      Figure 6-12

    2. Choose None in the Select Certificate menu.
    3. Select IP Address in the ID Type menu. If you are using a virtual fixed IP address, enter this address in the Internal Network IP Address box. Otherwise, leave this box empty.
    4. In the Internet Interface box, select the adapter you use to access the Internet. Select PPP Adapter in the Name menu if you have a dial-up Internet account. Select your Ethernet adapter if you have a dedicated Cable or DSL line. You may also choose Any if you will be switching between adapters or if you have only one adapter.
    5. Click the Pre-Shared Key button. In the Pre-Shared Key dialog box, click the Enter Key button. Enter the DG834's Pre-Shared Key and click OK. In this example, 12345678 is entered. This field is case sensitive.

      Figure 6-13

  5. Configure the VPN Client Authentication Proposal.

    6. In this step, you will provide the type of encryption (DES or 3DES) to be used for this connection. This selection must match your selection in the DG834 configuration.

    1. In the Network Security Policy list on the left side of the Security Policy Editor window, expand the Security Policy heading by double clicking its name or clicking on the "+" symbol.
    2. Expand the Authentication subheading by double clicking its name or clicking on the "+" symbol. Then select Proposal 1 below Authentication.

      Figure 6-14

    3. In the Authentication Method menu, select Pre-Shared key.
    4. In the Encrypt Alg menu, select the type of encryption to correspond with what was configured for the Encryption Protocol in the DG834 in Table 6-1.. In this example, use Triple DES.
    5. In the Hash Alg menu, select SHA-1.
    6. In the SA Life menu, select Unspecified.
    7. In the Key Group menu, select Diffie-Hellman Group 2.
  6. Configure the VPN Client Key Exchange Proposal.

    7. In this step, you will provide the type of encryption (DES or 3DES) to be used for this connection. This selection must match your selection in the DG834 configuration.

    1. Expand the Key Exchange subheading by double clicking its name or clicking on the "+" symbol. Then select Proposal 1 below Key Exchange.

      Figure 6-15

    2. In the SA Life menu, select Unspecified.
    3. In the Compression menu, select None.
    4. Check the Encapsulation Protocol (ESP) checkbox.
    5. In the Encrypt Alg menu, select the type of encryption to correspond with what was configured for the Encryption Protocol in the DG834 in Table 6-1.. In this example, use Triple DES.
    6. In the Hash Alg menu, select SHA-1.
    7. In the Encapsulation menu, select Tunnel.
    8. Leave the Authentication Protocol (AH) checkbox unchecked.
  7. Save the VPN Client Settings.

    8. From the File menu at the top of the Security Policy Editor window, select Save.

    After you have configured and saved the VPN client information, your PC will automatically open the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router's LAN.

  8. Check the VPN Connection.

    9. To check the VPN Connection, you can initiate a request from the remote PC to the DG834's network by using the "Connect" option in the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client will report the results of the attempt to connect. Since the remote PC has a dynamically assigned WAN IP address, it must initiate the request.

    To perform a ping test using our example, start from the remote PC:

    1. Establish an Internet connection from the PC.
    2. On the Windows taskbar, click the Start button, and then click Run.
    3. Type  ping -t 192.168.3.1 , and then click OK.

      Figure 6-16

      4. This will cause a continuous ping to be sent to the first DG834. After between several seconds and two minutes, the ping response should change from "timed out" to "reply."

      Figure 6-17

Once the connection is established, you can open the browser of the PC and enter the LAN IP address of the remote DG834. After a short wait, you should see the login screen of the Modem Router (unless another PC already has the DG834 management interface open).

Information on the progress and status of the VPN client connection can be viewed by opening the NETGEAR ProSafe Log Viewer.

  1. To launch this function, click on the Windows Start button, then select Programs, then NETGEAR ProSafe VPN Client, then Log Viewer.
  2. The Log Viewer screen for a successful connection is shown below:

    Figure 6-18

    Note: Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel.
  3. The Connection Monitor screen for this connection is shown below:

    Figure 6-19

In this example you can see the following:

While the connection is being established, the Connection Name field in this menu will say "SA" before the name of the connection. When the connection is successful, the "SA" will change to the yellow key symbol shown in the illustration above.
Note: While your PC is connected to a remote LAN through a VPN, you might not have normal Internet access. If this is the case, you will need to close the VPN connection in order to have normal Internet access.

NETGEAR, Inc.
 http://www.netgear.com
Table of ContentsPreviousNextIndexSearch Knowledge Base 202-10133-01, November 2005