Private IP Addresses | NETGEAR FVS124G specs

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

Table 9-2. Netmask Formats

255.255.255.0 /24

255.255.255.128 /25

255.255.255.192 /26

255.255.255.224 /27

255.255.255.240 /28

255.255.255.248 /29

255.255.255.252 /30

255.255.255.254 /31

255.255.255.255 /32

Configure all hosts on a LAN segment to use the same netmask for the following reasons:

•So that hosts recognize local IP broadcast packets

When a device broadcasts to its segment neighbors, it uses a destination address of the local network address with all ones for the host address. In order for this scheme to work, all devices on the segment must agree on which bits comprise the host address.

•So that a local router or bridge recognizes which addresses are local and which are remote

Private IP Addresses

If your local network is isolated from the Internet (for example, when using NAT), you can assign any IP addresses to the hosts without problems. However, the IANA has reserved the following three blocks of IP addresses specifically for private networks:

10.0.0.0- 10.255.255.255

172.16.0.0- 172.31.255.255

192.168.0.0 - 192.168.255.255

Choose your private network number from this range. The DHCP server of the FVS124G VPN Firewall is preconfigured to automatically assign private addresses.

Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines explained here. For more information about address assignment, refer to RFC 1597, Address Allocation for Private Internets, and RFC 1466, Guidelines for Management of IP Address Space. The Internet Engineering Task Force (IETF) publishes RFCs on its Web site at www.ietf.org.

Network, Routing, Firewall, and Basics

B-7

202-10085-01, March 2005

Image 183

NETGEAR FVS124G manual Private IP Addresses

Contents

202-10085-01, March Bestätigung des Herstellers/Importeurs TrademarksStatement of Conditions EN 55 022 Declaration of Conformance Certificate of the Manufacturer/Importer Voluntary Control Council for Interference Vcci StatementAdditional Copyrights 202-10085-01, March MD5 Product and Publication Details Contents Chapter Connecting the FVS124G to the Internet Chapter LAN Configuration Chapter Router and Network Management Chapter Troubleshooting Appendix C Preparing Your Network Appendix D Virtual Private Networking Glossary-5 Audience, Scope, Conventions, and Formats Typographical ConventionsManual Scope How to Use This Manual Printing a Page in the Html View How to Print this Manual About This Manual Chapter Introduction Key Features of the VPN Firewall Powerful, True Firewall with Content Filtering Autosensing Ethernet Connections with Auto Uplink Security Extensive Protocol Support Easy Installation and Management Package Contents FVS124G Front Panel Router’s Front Panel Object Activity Description Router’s Rear Panel FVS124G Rear Panel Router’s IP Address, Login Name, and Password FVS124G Bottom Label Logging into the Router Login screen on the Web browser Default Factory Settings Netgear Related Products Factory Default Settings Introduction Overview of the Planning Process Inbound TrafficVirtual Private Networks VPNs Port rolls over, the VPN tunnel collapses and address Ports Inbound Traffic That the public and enabled Always change at IP addressing requirements for VPNs in dual WAN port systems Virtual Private Networks VPNs VPN Road Warrior Dual Road Warrior Example Single WAN Port Domain i.e., the IP Road Warrior Example Dual WAN Ports, After Rollover Domain Gateway 13, either of the gateway WAN For Improved Reliability Gateway-to-Gateway Example Dual WAN Ports, After Rollover VPN Telecommuter Client-to-Gateway Through a NAT Router Gigabit LAN and Dual WAN Ports Address to establish or re-establish a VPN Remote PC Or WAN2 What You Will Need to Do Before You Begin Connecting the FVS124G to the Internet Postulated WAN provisioning used in this document Internet Customer premises Route diversity WAN port Physical facility Cabling and Computer Hardware Requirements Computer Network Configuration Requirements Where Do I Get the Internet Configuration Parameters? Internet Configuration Requirements Record Your Internet Connection Information Connect the firewall physically to your network required Log in to the VPN Firewall Required Physically Connect the VPN Firewall to Your Network Required Configure the Internet Connections to Your ISPs Required WAN1 screens WAN2 screens WAN1 and WAN2 Basic Settings and Setup Wizard Screens Connection Method Data Required Internet connection methods Connecting the FVS124G to the Internet ISP Does Not Require Login Manually Configuring Your Internet Connection Traffic Meter screens Programming the Traffic Meter if Desired Parameter Description Traffic meter Configure the WAN Mode Required for Dual WAN WAN Mode screen for auto-rollover Rollover Setup Load Balancing and Protocol Binding Setup WAN Mode screen for load balancing and protocol binding Connecting the FVS124G to the Internet Configure Dynamic DNS If Needed Dynamic DNS screens Dynamic DNS service provider screens Each DNS service provider requires its own parameters Figure 10 WAN Options Screens Configure the WAN Options If Needed Connecting the FVS124G to the Internet Using the LAN IP Setup Options Chapter LAN Configuration LAN IP Setup menu Configuring LAN TCP/IP Setup Parameters LAN Configuration Using the Firewall as a Dhcp server Groups and Hosts Entry screen Using Address Reservation Multi Home LAN IPs Configuring Static Routes Static Routes Summary Table and Add screens LAN Configuration Using Rules to Block or Allow Specific Kinds of Traffic Firewall Protection and Content Filtering Overview Rules menu Firewall Protection and Content Filtering Services-Based Rules Inbound Rules Port Forwarding Add Inbound Service Rules screen Services menu see Customized Services on Inbound Services Inbound Rule Example a Local Public Web Server Inbound Rule Example One-to-One NAT Mapping Rule example one-to-one NAT mapping Rule example one-to-one NAT mapping on inbound services Inbound Rule Example Exposed Host Add Outbound Service Rules screen Outbound Rules Service Blocking Block or Allow Specific Traffic on Outbound Services QoS Priorities on Outbound Rule Example Blocking Instant Messenger 10 Rules table with examples Customized Services 11 Services and Add Custom Service screens 12 Setting and Overriding QoS priorities Quality of Service QoS Priorities Highest Default Lowest Managing Groups and Hosts 13 Groups and Hosts screens Groups and hosts Using a Schedule to Block or Allow Specific Traffic 14 Schedule menu Time Zone Block Sites 15 Block Sites menu Block Sites menu is shown in Figure Filtering does not apply. See Managing Groups and Hosts on Block Sites 16 Source MAC Filter screens Source MAC Filtering Source MAC address filter Port Triggering 17 Port Triggering screens Port Triggering Getting E-Mail Notifications of Event Logs and Alerts 18 Logs and E-mail screens Firewall Protection and Content Filtering Syslog Viewing Logs of Web Access or Attempted Web Access 19 Firewall Logs menu Log entry descriptions Log action buttons Administrator Information Firewall Protection and Content Filtering Dual WAN Port Systems Rollover vs. Load Balancing Mode Fully Qualified Domain Names Rollover Mode Setup Screen Functional operation of FVS124G WAN ports for rollover mode FVS124G Functional Block Diagram FVS124G Firewall Rest Load Creating a VPN Connection Between FVX538 and FVS124G Configuring the FVX538 WAN IP address of remote FVS124G Click Next IKE Policies FVX538 VPN Policies screen 10 FVX538-to-FVS124G VPN screen Configuring the FVS124G 12 WAN IP address of remote FVX538 11 VPN Wizard start Creating a VPN Connection Netgear VPN Client to FVS124G Testing the Connection 14 VPN Wizard Configuring the VPN Client 15 New Client Connection screen 16 New connection named Give the New Connection a name, such as toFVS 17 Remote client info 18 My Identity screen 19 Pre-shared key Left frame, click on Security Policy 20 Client Security Policy screen 21 Client Authorization screen 22 Client Key Exchange screen 23 Client Connection Monitor screen Virtual Private Networking Bandwidth Capacity Performance Management Service Blocking VPN Firewall Features That Reduce Traffic Services VPN Firewall Features That Increase Traffic Block SitesSource MAC Filtering Port Forwarding VPN tunnels Port Triggering Using QoS to Shift the Traffic Mix Tools for Traffic ManagementVPN Tunnels Changing the Passwords and Login Timeout Administrator and Guest Access Authorization Remote Management screen Enabling Remote Management Access Https//134.177.0.1238080 Command Line Interface Event Alerts WAN Port RolloverTraffic Limits Reached Traffic Limit Reached alert Login Failures and Attacks Logs and email screen Monitoring Viewing VPN Firewall Status and Time InformationFirewall Status Router Status screen Time Information Time information is found on the Schedules screenRouter Status Time information on the Schedule screen WAN Port Connection Status WAN Ports Internet Traffic Information Dynamic DNS Status Known PCs and Devices LAN Ports and Attached Devices Known PCs and Devices table 10 Network Database screen Port Triggering Status Dhcp Log Firewall You can view the log of the firewall activitiesPort Triggering Status data 13 Logs and email screen 14 Firewall Log screen invoked from Logs and Email screen Invoke the Firewall Log screen from Logs and Email screen You can view the status of the VPN tunnels VPN Tunnels 16 Snmp Configuration screens Diagnostics 17 Diagnostics screen Be careful how you use these Configuration File ManagementDiagnostics Options are described in the following sections Upgrading the Firewall Software Restoring and Backing Up the Configuration Be careful how you use this Erasing the Configuration Factory Defaults Reset Router and Network Management Basic Functioning Power LED Not On LAN or Internet Port LEDs Not On LEDs Never Turn Off Troubleshooting the Web Configuration Interface Troubleshooting the ISP Connection If the path is working, you see this message Troubleshooting a TCP/IP Network Using a Ping UtilityTesting the LAN Path to Your Firewall Click on OK You should see a message like this one If the path is not working, you see this message Testing the Path from Your PC to a Remote Device Problems with Date and Time Restoring the Default Configuration and Password Troubleshooting Dimensions 15 x 7.5 x 4.75 Weight Data and Routing ProtocolsVoltage and amperage 12 VDC, 1.2A Interface Specifications 10BASE-T or 100BASE-Tx, RJ-4510BASE-T or 100BASE-Tx Related Publications Basic Router Concepts Appendix B Network, Routing, Firewall, and Basics Is normally written as What is a Router?IP Addresses and the Internet Routing Information Protocol Three Main Address Classes Netmask Combined withEquals Example of Subnetting a Class B Address Subnet Addressing Netmask Formats Netmask Notation Translation Table for One Octet Private IP Addresses Single IP Address Operation Using NAT Single IP Address Operation Using NAT Related Documents MAC Addresses and Address Resolution Protocol IP Configuration by Dhcp Internet Security and FirewallsDomain Name Server Stateful Packet Inspection What is a Firewall?Denial of Service Attack Ethernet Cabling Category 5 Cable Quality Table B-1 UTP Ethernet cable wiring, straight-through Figure B-1illustrates straight-through twisted pair cable Inside Twisted Pair Cables Uplink Switches, Crossover Cables, and MDI/MDIX Switching Network, Routing, Firewall, and Basics Network, Routing, Firewall, and Basics Preparing Your Computers for TCP/IP Networking Appendix C Preparing Your Network Install or Verify Windows Networking Components Configuring Windows 95, 98, and Me for TCP/IP Networking Preparing Your Network Locate your Network Neighborhood icon Enabling Dhcp to Automatically Configure TCP/IP Settings Primary Network Logon is set to Windows logon Selecting Windows’ Internet Access Method Verifying TCP/IP PropertiesClick OK to continue Restart the PC Configuring Windows NT4, 2000 or XP for IP Networking Locate your Network Neighborhood icon Dhcp Configuration of TCP/IP in Windows XP Preparing Your Network Dhcp Configuration of TCP/IP in Windows Preparing Your Network Obtain an IP address automatically is selected Dhcp Configuration of TCP/IP in Windows NT4 Preparing Your Network TCP/IP Properties dialog box now displays Verifying TCP/IP Properties for Windows XP, 2000, and NT4 MacOS Configuring the Macintosh for TCP/IP NetworkingDefault gateway is Type exit MacOS 8.6 or Verifying TCP/IP Properties for Macintosh Computers Are Login Protocols Used? What Is Your Configuration Information?Verifying the Readiness of Your Internet Account Select the Gateway tab Preparing Your Network Restarting the Network Preparing Your Network Appendix D Virtual Private Networking What is a VPN? IPSec contains the following elements What Is IPSec and How Does It Work?IPSec Security Features IPSec Components Encapsulating Security Payload ESP IKE Security Association Authentication Header AH Mode Original packet and packet with IPSec ESP in Tunnel mode Key Management Understand the Process Before You Begin VPN Process Overview Interfaces and AddressesVpnc Example Network Interface Addressing Subnet Addressing Setting Up a VPN Tunnel Between GatewaysFirewalls WAN Internet/Public and LAN Internal/Private Addressing IPSec Security Association IKE VPN Tunnel Negotiation Steps Exchange Vpnc IKE Security Parameters Vpnc IKE Phase I Parameters Testing and Troubleshooting Vpnc IKE Phase II ParametersAdditional Reading Virtual Private Networking Numeric List of Glossary Terms Adsl Packet sent to all devices on a network DSL See Internet Control Message Protocol Internet service provider Megabits per second Set of rules for communication between devices on a network See Quality of Service See Wide Area Network Wins Glossary