Table of ContentsPreviousNextIndexSearch Knowledge Base

Complete PDF manual
PDF of This Chapter

How to Set Up a Gateway-to-Gateway VPN Configuration
Note: This section uses the VPN Wizard to set up the VPN tunnel using the VPNC default parameters listed in Table 6-2.. If you have special requirements not covered by these VPNC-recommended parameters, refer to How to Set Up VPN Tunnels in Special Circumstances to set up the VPN tunnel.

Follow this procedure to configure a gateway-to-gateway VPN tunnel using the VPN Wizard.

Figure 6-20

Set the LAN IPs on each DG834 to different subnets and configure each properly for the Internet. The examples below assume the following settings:

Table 6-1. VPN Tunnel Configuration Worksheet
   
 
Connection Name:
GtoG
 
Pre-Shared Key:
12345678
 
Secure Association -- Main Mode or Manual Keys:
Main
 
Perfect Forward Secrecy -- Enabled or Disabled:
Disabled
 
NETBIOS -- Enabled or Disabled:
Enabled
 
Encryption Protocol -- DES or 3DES:
3DES
 
Authentication Protocol -- MD5 or SHA-1:
SHA-1
 
Diffie-Hellman (DH) Group -- Group 1 or Group 2:
Group 2
 
Key Life in seconds:
28800 (8 hours)
 
IKE Life Time in seconds:
3600 (1 hour)
           
 

VPN Endpoint

Local IPSec ID

LAN IP Address

Subnet Mask
FQDN or Gateway IP
(WAN IP Address)
 
DG834_A
GW_A
192.168.0.1
255.255.255.0
14.15.16.17
 
DG834_B
GW_B
192.168.3.1
255.255.255.0
22.23.24.25
       

Note: The LAN IP address ranges of each VPN endpoint must be different. The connection will fail if both are using the NETGEAR default address range of 192.168.0.x.

Follow this procedure to configure a gateway-to-gateway VPN tunnel using the VPN Wizard.

  1. Log in to the DG834 on LAN A at its default LAN address of http://192.168.0.1 with its default user name of admin and password of password. Click the VPN Wizard link in the main menu to display this screen. Click Next to proceed.

    Figure 6-21

  2. Fill in the Connection Name and the pre-shared key, select the type of target end point, and click Next to proceed.

    Figure 6-22

  3. Fill in the IP Address or FQDN for the target VPN endpoint WAN connection and click Next.

    Figure 6-23

  4. Identify the IP addresses at the target endpoint which can use this tunnel, and click Next.

    Figure 6-24

    5. The Summary screen below displays.

    Figure 6-25

    To view the VPNC recommended authentication and encryption settings used by the VPN Wizard, click the "here" link (see Figure 6-25). Click Back to return to the Summary screen.

    Figure 6-26

  5. Click Done on the Summary screen (see Figure 6-25) to complete the configuration procedure. The VPN Settings menu below displays showing that the new tunnel is enabled.

    Figure 6-27

    Note: Refer to Using Auto Policy to Configure VPN Tunnels to enable the IKE keepalive capability on an existing VPN tunnel.
  6. Repeat for the DG834 on LAN B and pay special attention to use the following network settings as appropriate.
    • WAN IP of the remote VPN gateway (e.g., 14.15.16.17)
    • LAN IP settings of the remote VPN gateway:
      • IP Address (e.g, 192.168.0.1)
      • Subnet Mask (e.g., 255.255.255.0)
    • Preshared Key (e.g., 12345678)
  7. Use the VPN Status screen to activate the VPN tunnel by performing the following steps:
    Note: The VPN Status screen is only one of three ways to active a VPN tunnel. See Activating a VPN Tunnel for information on the other ways.
    1. Open the DG834 management interface and click on VPN Status to get the VPN Status/Log screen (Figure 6-28).

      Figure 6-28

    2. Click on VPN Status (Figure 6-30) to get the Current VPN Tunnels (SAs) screen (Figure 6-29). Click on Connect for the VPN tunnel you want to activate.

      Figure 6-29

    3. Look at the VPN Status/Log screen (Figure 6-28) to verify that the tunnel is connected.
NETGEAR, Inc.
 http://www.netgear.com
Table of ContentsPreviousNextIndexSearch Knowledge Base 202-10133-01, November 2005