NETGEAR FVX538NA manual Virtual Private Networks VPNs

Page 202

ProSafe VPN Firewall 200 FVX538 Reference Manual

Virtual Private Networks (VPNs)

When implementing virtual private network (VPN) tunnels, a mechanism must be used for determining the IP addresses of the tunnel end points. The addressing of the firewall’s dual WAN port depends on the configuration being implemented:

Table C-2. IP addressing requirements for VPNs in dual WAN port systems

	Configuration and WAN IP address		Single WAN Port	Dual WAN Port Cases
			Single WAN Port
			(reference case)	Rollovera	Load Balancing
			(reference case)	Rollovera	Load Balancing

	VPN Road Warrior	Fixed	Allowed	FQDN required	Allowed
	(client-to-gateway)		(FQDN optional)		(FQDN optional)

		Dynamic	FQDN required	FQDN required	FQDN required

	VPN Gateway-to-Gateway	Fixed	Allowed	FQDN required	Allowed
			(FQDN optional)		(FQDN optional)

		Dynamic	FQDN required	FQDN required	FQDN required

	VPN Telecommuter	Fixed	Allowed	FQDN required	Allowed
	(client-to-gateway through		(FQDN optional)		(FQDN optional)
	a NAT router)
	a NAT router)	Dynamic	FQDN required	FQDN required	FQDN required
		Dynamic	FQDN required	FQDN required	FQDN required

a. All tunnels must be re-established after a rollover using the new WAN IP address.

For the single gateway WAN port case, the mechanism is to use a fully-qualified domain name (FQDN) when the IP address is dynamic and to use either an FQDN or the IP address itself when the IP address is fixed. The situation is different when dual gateway WAN ports are used in a rollover-based system.

•Rollover Case for Dual Gateway WAN Ports

Rollover (Figure C-7) for the dual gateway WAN port case is different from the single gateway WAN port case when specifying the IP address of the VPN tunnel end point. Only one WAN port is active at a time and when it rolls over, the IP address of the active WAN port always changes. Hence, the use of a fully-qualified domain name is always required, even when the IP address of each WAN port is fixed.

Note: Once the gateway router WAN port rolls over, the VPN tunnel collapses and must be re-established using the new WAN IP address.

C-10	Network Planning for Dual WAN Ports

v1.0, August 2006

Image 202

Contents ProSafe VPN Firewall FVX538 Reference Manual EU Regulatory Compliance Statement TrademarksStatement of Conditions Bestätigung des Herstellers/ImporteursVoluntary Control Council for Interference Vcci Statement Additional CopyrightsAugust MD5 Product and Publication Details Contents Chapter LAN Configuration Chapter Virtual Private Networking Chapter Router and Network Management Chapter Troubleshooting Index About This Manual Conventions, Formats and ScopeHow to Use This Manual How to Print this ManualRevision History Xvi Key Features Chapter IntroductionPowerful, True Firewall with Content Filtering Autosensing Ethernet Connections with Auto Uplink Security FeaturesExtensive Protocol Support Easy Installation and Management Trend Micro IntegrationPackage Contents Router Front Panel Object DescriptionsWAN Router Rear Panel Router’s IP Address, Login Name, and Password Rack Mounting HardwareDefault Log In Settings Enter http//192.168.1.1 as the URLProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual Connecting the FVX538 to the Internet Logging into the VPN FirewallConfiguring the Internet Connections to Your ISPs Internet connection methods Connection Method Data RequiredInternet connection methods Setting the Router’s MAC Address Manually Configuring Your Internet ConnectionProSafe VPN Firewall 200 FVX538 Reference Manual Programming the Traffic Meter if Desired ProSafe VPN Firewall 200 FVX538 Reference Manual Traffic Meter Settings Parameter DescriptionConfiguring the WAN Mode Required for Dual WAN Setting Up Auto-Rollover Mode ProSafe VPN Firewall 200 FVX538 Reference Manual Setting Up Load Balancing ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring Dynamic DNS If Needed ProSafe VPN Firewall 200 FVX538 Reference Manual Ddns links Configuring the Advanced WAN Options If Needed ProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual Chapter LAN Configuration Using the Firewall as a Dhcp serverConfiguring the LAN Setup Options ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring Multi Home LAN IPs ProSafe VPN Firewall 200 FVX538 Reference Manual Managing Groups and Hosts LAN Groups Creating the Network DatabaseProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual Setting Up Address Reservation Configuring and Enabling the DMZ Port Check the Do you want to enable DMA Port? radio boxProSafe VPN Firewall 200 FVX538 Reference Manual Configuring Static Routes Static RoutesRouting Information Protocol RIP ProSafe VPN Firewall 200 FVX538 Reference Manual Enabling Trend Micro Antivirus Enforcement Static Route ExampleProSafe VPN Firewall 200 FVX538 Reference Manual Click Apply to submit your changes ProSafe VPN Firewall 200 FVX538 Reference Manual About Firewall Protection and Content Filtering Using Rules to Block or Allow Specific Kinds of TrafficServices-Based Rules Outbound Rules Service BlockingServices menu see Adding Customized Services on Outbound RulesInbound Rules Port Forwarding Inbound Rules Inbound Rules Setting LAN WAN Rules Order of Precedence for RulesProSafe VPN Firewall 200 FVX538 Reference Manual LAN WAN Outbound Services Rules Setting DMZ WAN Rules LAN WAN Inbound Services RulesProSafe VPN Firewall 200 FVX538 Reference Manual Setting LAN DMZ Rules LAN DMZ Outbound Services Rules LAN DMZ Inbound Services Rules Attack ChecksPptp Inbound Rules Examples LAN WAN Inbound Rule Hosting a Local Public Web ServerProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual LAN WAN or DMZ WAN Inbound Rule Specifying an Exposed Host Outbound Rules Example LAN WAN Outbound Rule Blocking Instant MessengerAdding Customized Services ProSafe VPN Firewall 200 FVX538 Reference Manual Setting Quality of Service QoS Priorities Setting a Schedule to Block or Allow Specific Traffic Setting Block Sites Content Filtering ProSafe VPN Firewall 200 FVX538 Reference Manual Enabling Source MAC Filtering Port Triggering ProSafe VPN Firewall 200 FVX538 Reference Manual Outgoing Trigger Port Range fields Mail Notifications of Event Logs and Alerts ProSafe VPN Firewall 200 FVX538 Reference Manual SysLog Facility Message Levels Numerical Code SeverityInformational Informational messages Administrator Tips Firewall Log Field DescriptionsProSafe VPN Firewall 200 FVX538 Reference Manual Dual WAN Port Systems IP Addressing for VPNs in Dual WAN Port SystemsRollover Mode Setup Screen Load Balancing Setup Screen Setting up a VPN Connection using the VPN Wizard Creating a VPN Tunnel to a Gateway ProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual Creating a VPN Tunnel Connection to a VPN Client ProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual VPN Tunnel Policies IKE PolicyManaging IKE Policies IKE Policy TableVPN Policy Managing VPN PoliciesVPN Tunnel Connection Status VPN Policy TableConfiguring the FVX538 Creating a VPN Gateway Connection Between FVX538 and FVS338ProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring the FVS338 Testing the Connection Creating a VPN Client Connection VPN Client to FVX538ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring the VPN Client Fvxlocal.com Home11.fvxremote.com ProSafe VPN Firewall 200 FVX538 Reference Manual Testing the Connection Certificate Authorities Generating a Self Certificate Request Generate Self Certificate Request, enter the required dataProSafe VPN Firewall 200 FVX538 Reference Manual Uploading a Trusted Certificate Managing your Certificate Revocation List CRLExtended Authentication Xauth Configuration UploadConfiguring Xauth for VPN Clients ProSafe VPN Firewall 200 FVX538 Reference Manual User Database Configuration Radius Client Configuration Enter the Primary Radius Server IP address Manually Assigning IP Addresses to Remote Users ModeConfig Mode Config OperationConfiguring the VPN Firewall ProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual Configuring the ProSafe VPN Client for ModeConfig ProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual ProSafe VPN Firewall 200 FVX538 Reference Manual Performance Management Bandwidth CapacityVPN Firewall Features That Reduce Traffic Service BlockingProSafe VPN Firewall 200 FVX538 Reference Manual Block Sites Source MAC FilteringVPN Firewall Features That Increase Traffic Port ForwardingPort Triggering DMZ Port Using QoS to Shift the Traffic MixVPN Tunnels Changing Passwords and Settings AdministrationTools for Traffic Management ProSafe VPN Firewall 200 FVX538 Reference Manual Enabling Remote Management Access Check Allow Remote Management radio boxUsing a Snmp Manager Https//134.177.0.1238080ProSafe VPN Firewall 200 FVX538 Reference Manual Settings Backup and Firmware Upgrade Backup and Restore Settings Click defaultRouter Upgrade Setting the Time Zone To upgrade router softwareMonitoring the Router Enabling the Traffic MeterProSafe VPN Firewall 200 FVX538 Reference Manual Setting Login Failures and Attacks Notification Monitoring Attached Devices Known PCs and Devices IP AddressViewing Port Triggering Status Port Triggering Status dataViewing Router Configuration and System Status Router Status FieldsMonitoring WAN Ports Status Monitoring VPN Tunnel Connection Status VPN Logs VPN Status dataPerforming Diagnostics Dhcp LogDiagnostics Diagnostics ProSafe VPN Firewall 200 FVX538 Reference Manual Power LED Not On Basic FunctionsLEDs Never Turn Off Troubleshooting the Web Configuration InterfaceLAN or Internet Port LEDs Not On ProSafe VPN Firewall 200 FVX538 Reference Manual Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your FirewallTesting the Path from Your PC to a Remote Device Ping -n 10 IP addressRestoring the Default Configuration and Password Problems with Date and TimeProSafe VPN Firewall 200 FVX538 Reference Manual Appendix a Default Settings and Technical Specifications Table A-1. VPN firewall Default Configuration SettingsTable A-2. VPN firewall Technical Specifications Feature Default BehaviorElectromagnetic Emissions ProSafe VPN Firewall 200 FVX538 Reference Manual Appendix B Related Documents ProSafe VPN Firewall 200 FVX538 Reference Manual Appendix C Network Planning for Dual WAN Ports What You Will Need to Do Before You BeginFigure C-1 InternetInternet Configuration Requirements Computer Network Configuration RequirementsCabling and Computer Hardware Requirements Where Do I Get the Internet Configuration Parameters? Internet Connection Information Form Inbound Traffic Overview of the Planning ProcessVirtual Private Networks VPNs Ports Dual WAN Ports Load BalancingInbound Traffic Requirements for exposed hosts in dual WAN port systemsAlways change at the IP addresses Virtual Private Networks VPNs Reference Manual Road Warrior Example Dual WAN Ports, Before Rollover But a fully-qualified WAN1 or WAN2 VPN Road Warrior DualVPN Gateway-to-Gateway Single Gateway WAN Ports Road Warrior Example Dual WAN Ports, Load BalancingGateway-to-Gateway Example Single WAN Ports WAN A2to establish or re Gateway-to-Gateway Example Dual WAN Ports, Load Balancing NAT Router Remote tunnel Remote PC or WAN2 Index Index-2 Index-3 Index-4 Index-5 Index-6 Index-7 Index-8 Index-9 Index-10

Related manuals

Manual 2 pages 62.01 Kb

Manual 3 pages 5.38 Kb