Single IP Address Operation Using NAT | NETGEAR FVS124G guide

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

Single IP Address Operation Using NAT

In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP. This type of Internet account is more costly than a single-address account typically used by a single user with a modem, rather than a router. The FVS124G VPN Firewall employs an address-sharing method called Network Address Translation (NAT). This method allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your ISP.

The router accomplishes this address sharing by translating the internal LAN IP addresses to a single address that is globally unique on the Internet. The internal LAN IP addresses can be either private addresses or registered addresses. For more information about IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).

The following figure illustrates a single IP address operation.

192.168.0.2

192.168.0.3

Private IP addresses assigned by user

IP addresses assigned by ISP

192.168.0.1172.21.15.105

Internet

192.168.0.4

192.168.0.5

Figure 9-3: Single IP Address Operation Using NAT

B-8	Network, Routing, Firewall, and Basics

202-10085-01, March 2005

Image 184

NETGEAR FVS124G manual Single IP Address Operation Using NAT

Contents

202-10085-01, March Trademarks Statement of ConditionsEN 55 022 Declaration of Conformance Bestätigung des Herstellers/Importeurs Voluntary Control Council for Interference Vcci Statement Certificate of the Manufacturer/ImporterAdditional Copyrights 202-10085-01, March MD5 Product and Publication Details Contents Chapter Connecting the FVS124G to the Internet Chapter LAN Configuration Chapter Router and Network Management Chapter Troubleshooting Appendix C Preparing Your Network Appendix D Virtual Private Networking Glossary-5 Typographical Conventions Audience, Scope, Conventions, and FormatsManual Scope How to Use This Manual How to Print this Manual Printing a Page in the Html View About This Manual Key Features of the VPN Firewall Chapter Introduction Powerful, True Firewall with Content Filtering Security Autosensing Ethernet Connections with Auto Uplink Easy Installation and Management Extensive Protocol Support Package Contents Router’s Front Panel FVS124G Front Panel Router’s Rear Panel Object Activity Description Router’s IP Address, Login Name, and Password FVS124G Rear Panel Logging into the Router FVS124G Bottom Label Default Factory Settings Login screen on the Web browser Factory Default Settings Netgear Related Products Introduction Inbound Traffic Overview of the Planning ProcessVirtual Private Networks VPNs Ports Port rolls over, the VPN tunnel collapses and address That the public and enabled Inbound Traffic Always change at Virtual Private Networks VPNs IP addressing requirements for VPNs in dual WAN port systems Dual VPN Road Warrior Domain i.e., the IP Road Warrior Example Single WAN Port Road Warrior Example Dual WAN Ports, After Rollover Gateway Domain For Improved Reliability 13, either of the gateway WAN Gateway-to-Gateway Example Dual WAN Ports, After Rollover VPN Telecommuter Client-to-Gateway Through a NAT Router Gigabit LAN and Dual WAN Ports Address to establish or re-establish a VPN Remote PC Or WAN2 Connecting the FVS124G to the Internet What You Will Need to Do Before You Begin Customer premises Route diversity WAN port Physical facility Postulated WAN provisioning used in this document Internet Computer Network Configuration Requirements Cabling and Computer Hardware Requirements Internet Configuration Requirements Where Do I Get the Internet Configuration Parameters? Record Your Internet Connection Information Connect the firewall physically to your network required Physically Connect the VPN Firewall to Your Network Required Log in to the VPN Firewall Required Configure the Internet Connections to Your ISPs Required WAN1 and WAN2 Basic Settings and Setup Wizard Screens WAN1 screens WAN2 screens Internet connection methods Connection Method Data Required Connecting the FVS124G to the Internet Manually Configuring Your Internet Connection ISP Does Not Require Login Programming the Traffic Meter if Desired Traffic Meter screens Traffic meter Parameter Description Configure the WAN Mode Required for Dual WAN Rollover Setup WAN Mode screen for auto-rollover Load Balancing and Protocol Binding Setup WAN Mode screen for load balancing and protocol binding Connecting the FVS124G to the Internet Configure Dynamic DNS If Needed Dynamic DNS screens Each DNS service provider requires its own parameters Figure Dynamic DNS service provider screens Configure the WAN Options If Needed 10 WAN Options Screens Connecting the FVS124G to the Internet Chapter LAN Configuration Using the LAN IP Setup Options Configuring LAN TCP/IP Setup Parameters LAN IP Setup menu LAN Configuration Using the Firewall as a Dhcp server Using Address Reservation Groups and Hosts Entry screen Configuring Static Routes Multi Home LAN IPs Static Routes Summary Table and Add screens LAN Configuration Firewall Protection and Content Filtering Overview Using Rules to Block or Allow Specific Kinds of Traffic Rules menu Firewall Protection and Content Filtering Services-Based Rules Add Inbound Service Rules screen Inbound Rules Port Forwarding Inbound Services Services menu see Customized Services on Inbound Rule Example a Local Public Web Server Inbound Rule Example One-to-One NAT Mapping Rule example one-to-one NAT mapping Rule example one-to-one NAT mapping on inbound services Inbound Rule Example Exposed Host Outbound Rules Service Blocking Add Outbound Service Rules screen Outbound Services Block or Allow Specific Traffic on QoS Priorities on Outbound Rule Example Blocking Instant Messenger Customized Services 10 Rules table with examples 11 Services and Add Custom Service screens Quality of Service QoS Priorities 12 Setting and Overriding QoS priorities Highest Default Lowest Managing Groups and Hosts 13 Groups and Hosts screens Using a Schedule to Block or Allow Specific Traffic Groups and hosts 14 Schedule menu Block Sites Time Zone Block Sites menu is shown in Figure 15 Block Sites menu Block Sites Filtering does not apply. See Managing Groups and Hosts on Source MAC Filtering 16 Source MAC Filter screens Port Triggering Source MAC address filter 17 Port Triggering screens Getting E-Mail Notifications of Event Logs and Alerts Port Triggering 18 Logs and E-mail screens Firewall Protection and Content Filtering Viewing Logs of Web Access or Attempted Web Access Syslog 19 Firewall Logs menu Log entry descriptions Administrator Information Log action buttons Firewall Protection and Content Filtering Rollover vs. Load Balancing Mode Dual WAN Port Systems Rollover Mode Setup Screen Fully Qualified Domain Names FVS124G Functional Block Diagram FVS124G Firewall Rest Functional operation of FVS124G WAN ports for rollover mode Load Configuring the FVX538 Creating a VPN Connection Between FVX538 and FVS124G Click Next WAN IP address of remote FVS124G IKE Policies FVX538 VPN Policies screen Configuring the FVS124G 10 FVX538-to-FVS124G VPN screen 11 VPN Wizard start 12 WAN IP address of remote FVX538 Testing the Connection Creating a VPN Connection Netgear VPN Client to FVS124G Configuring the VPN Client 14 VPN Wizard 15 New Client Connection screen Give the New Connection a name, such as toFVS 16 New connection named 17 Remote client info 18 My Identity screen Left frame, click on Security Policy 19 Pre-shared key 20 Client Security Policy screen 21 Client Authorization screen 22 Client Key Exchange screen 23 Client Connection Monitor screen Virtual Private Networking Performance Management Bandwidth Capacity VPN Firewall Features That Reduce Traffic Service Blocking Services Block Sites VPN Firewall Features That Increase TrafficSource MAC Filtering VPN tunnels Port Forwarding Port Triggering Tools for Traffic Management Using QoS to Shift the Traffic MixVPN Tunnels Administrator and Guest Access Authorization Changing the Passwords and Login Timeout Enabling Remote Management Access Remote Management screen Command Line Interface Https//134.177.0.1238080 WAN Port Rollover Event AlertsTraffic Limits Reached Login Failures and Attacks Traffic Limit Reached alert Logs and email screen Viewing VPN Firewall Status and Time Information MonitoringFirewall Status Router Status screen Time information is found on the Schedules screen Time InformationRouter Status Time information on the Schedule screen WAN Ports WAN Port Connection Status Dynamic DNS Status Internet Traffic Information LAN Ports and Attached Devices Known PCs and Devices 10 Network Database screen Known PCs and Devices table Dhcp Log Port Triggering Status You can view the log of the firewall activities FirewallPort Triggering Status data 13 Logs and email screen Invoke the Firewall Log screen from Logs and Email screen 14 Firewall Log screen invoked from Logs and Email screen VPN Tunnels You can view the status of the VPN tunnels Diagnostics 16 Snmp Configuration screens 17 Diagnostics screen Configuration File Management DiagnosticsOptions are described in the following sections Be careful how you use these Restoring and Backing Up the Configuration Upgrading the Firewall Software Erasing the Configuration Factory Defaults Reset Be careful how you use this Router and Network Management Power LED Not On Basic Functioning LEDs Never Turn Off LAN or Internet Port LEDs Not On Troubleshooting the Web Configuration Interface Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your FirewallClick on OK You should see a message like this one If the path is working, you see this message Testing the Path from Your PC to a Remote Device If the path is not working, you see this message Restoring the Default Configuration and Password Problems with Date and Time Troubleshooting Data and Routing Protocols Dimensions 15 x 7.5 x 4.75 WeightVoltage and amperage 12 VDC, 1.2A 10BASE-T or 100BASE-Tx, RJ-45 Interface Specifications10BASE-T or 100BASE-Tx Appendix B Network, Routing, Firewall, and Basics Related Publications Basic Router Concepts What is a Router? IP Addresses and the InternetRouting Information Protocol Is normally written as Three Main Address Classes Combined with NetmaskEquals Subnet Addressing Example of Subnetting a Class B Address Netmask Notation Translation Table for One Octet Netmask Formats Private IP Addresses Single IP Address Operation Using NAT Single IP Address Operation Using NAT MAC Addresses and Address Resolution Protocol Related Documents Internet Security and Firewalls IP Configuration by DhcpDomain Name Server What is a Firewall? Denial of Service AttackEthernet Cabling Stateful Packet Inspection Table B-1 UTP Ethernet cable wiring, straight-through Category 5 Cable Quality Inside Twisted Pair Cables Figure B-1illustrates straight-through twisted pair cable Uplink Switches, Crossover Cables, and MDI/MDIX Switching Network, Routing, Firewall, and Basics Network, Routing, Firewall, and Basics Appendix C Preparing Your Network Preparing Your Computers for TCP/IP Networking Configuring Windows 95, 98, and Me for TCP/IP Networking Install or Verify Windows Networking Components Preparing Your Network Enabling Dhcp to Automatically Configure TCP/IP Settings Locate your Network Neighborhood icon Primary Network Logon is set to Windows logon Verifying TCP/IP Properties Selecting Windows’ Internet Access MethodClick OK to continue Restart the PC Configuring Windows NT4, 2000 or XP for IP Networking Dhcp Configuration of TCP/IP in Windows XP Locate your Network Neighborhood icon Preparing Your Network Dhcp Configuration of TCP/IP in Windows Preparing Your Network Obtain an IP address automatically is selected Dhcp Configuration of TCP/IP in Windows NT4 Preparing Your Network Verifying TCP/IP Properties for Windows XP, 2000, and NT4 TCP/IP Properties dialog box now displays Configuring the Macintosh for TCP/IP Networking Default gateway is Type exitMacOS 8.6 or MacOS Verifying TCP/IP Properties for Macintosh Computers What Is Your Configuration Information? Are Login Protocols Used?Verifying the Readiness of Your Internet Account Select the Gateway tab Preparing Your Network Restarting the Network Preparing Your Network What is a VPN? Appendix D Virtual Private Networking What Is IPSec and How Does It Work? IPSec Security FeaturesIPSec Components IPSec contains the following elements Encapsulating Security Payload ESP Authentication Header AH IKE Security Association Original packet and packet with IPSec ESP in Tunnel mode Mode Understand the Process Before You Begin Key Management Interfaces and Addresses VPN Process OverviewVpnc Example Network Interface Addressing Setting Up a VPN Tunnel Between Gateways FirewallsWAN Internet/Public and LAN Internal/Private Addressing Subnet Addressing Exchange IPSec Security Association IKE VPN Tunnel Negotiation Steps Vpnc IKE Phase I Parameters Vpnc IKE Security Parameters Vpnc IKE Phase II Parameters Testing and TroubleshootingAdditional Reading Virtual Private Networking List of Glossary Terms Numeric Adsl Packet sent to all devices on a network DSL See Internet Control Message Protocol Internet service provider Megabits per second Set of rules for communication between devices on a network See Quality of Service See Wide Area Network Wins Glossary