NETGEAR FVS318v3 How to Check VPN Connections

Reference Manual for the ProSafe VPN Firewall FVS318v3

Advanced Virtual Private Networking 6-21

January 2005

How to Check VPN Connections

You can test connectivity and view VPN status information on the FVS318v3 (see also “VPN

Tunnel Control” on page 5-26).

Testing the Gateway A FVS318v3 LAN and the Gateway B LAN

1. Using our example, from a PC attached to the FVS318v3 on LAN A, on a Windows PC click

the Start button on the taskbar and then click Run.

2. Type ping -t 172.23.9.1, and then click OK.

3. This will cause a continuous ping to be sent to the LAN interface of Gateway B. Within two

minutes, the ping response should change from timed out to reply.

4. At this point the connection is established.

5. To test connectivity between the FVS318v3 Gateway A and Gateway B WAN ports, follow

these steps:

a. Using our example, log in to the FVS318v3 on LAN A, go to the main menu Maintenance

section and click the Diagnostics link.

b. To test connectivity to the WAN port of Gateway B, enter 22.23.24.25, and then click

Ping.

c. This causes a ping to be sent to the WAN interface of Gateway B. W ithin two minutes, the

ping response should change from timed out to reply. You may have to run this test several

times before you get the reply message back from the target FVS318v3.

d. At this point the connection is established.

Note: If you want to ping the FVS318v3 as a test of network connectivity, be sure the

FVS318v3 is confi gured to respo nd to a ping on the Internet WAN port by checking the check

box seen in Figure 4-2 on page 4-3. However , to preserve a high degree of security, you should

turn off this feature when you are finished with testing.

6. To view the FVS318v3 event log and status of Security Associations, follow these steps:

a. Go to the FVS318v3 main menu VPN section and click the VPN Status link.

b. The log screen displays a history of the VPN connections, and the IPSec SA and IKE SA

tables will report the status and data transmission statistics of the VPN tunnels for each

policy.

Contents

Main Page January 2005 Page Contents Page Page Page Page Page Page Page Chapter 1 About This Manual Audience, Scope, Conventions, and Formats How to Use This Manual How to Print this Manual Page Chapter 2 Introduction Key Features of the VPN Firewall A Powerful, True Firewall with Content Filtering Security Autosensing Ethernet Connections with Auto Uplink Extensive Protocol Support Easy Installation and Management Maintenance and Support Package Contents The FVS318v3 Front Panel 2-6 Introduction The FVS318v3 Rear Panel The rear panel of the FVS318v3 VPN Firewall contains the port connections listed below. Figure 2-2: FVS318v3 rear panel Table 2-1. LED Descriptions NETGEAR-Related Products NETGEAR Product Registration, Support, and Documentation Page Chapter 3 Connecting the Firewall to the Internet Prepare to Install Your FVS318v3 ProSafe VPN Firewall First, Connect the FVS318v3 1. CONNECT THE CABLES BETWEEN THE FVS318V3, COMPUTER, AND MODEM &DEOH A B Cable 1 Internet port C D 2. RESTART YOUR NETWORK IN THE CORRECT SEQUENCE Now, Configure the FVS318v3 for Internet Access Page Troubleshooting Tips Page 3-8 Connecting the Firewall to the Internet Overview of How to Access the FVS318v3 VPN Firewall http://www.routerlogin.net/basicsetting.htm Table 3-1. Ways to access the firewall http://www.routerlogin.net http://www .r outerlogin.com How to Log On to the FVS318v3 After Configuration Settings Have Been Applied How to Bypass the Configuration Assistant Using the Smart Setup Wizard Page Page Page Chapter 4 Firewall Protection and Content Filtering Firewall Protection and Content Filtering Overview Block Sites Using Rules to Block or Allow Specific Kinds of Traffic Page Inbound Rules (Port Forwarding) Page Outbound Rules (Service Blocking) Order of Precedence for Rules Default DMZ Server Respond to Ping on Internet WAN Port Services Page Page Time Zone Getting E-Mail Notifications of Event Logs and Alerts Page Viewing Logs of Web Access or Attempted Web Access Syslog Page Chapter 5 Basic Virtual Private Networking Overview of VPN Configuration Client-to-Gateway VPN Tunnels 192.168.3.1 Gateway-to-Gateway VPN Tunnels FVS318 Planning a VPN VPN Gateway A VPN Gateway B Page VPN Tunnel Configuration How to Set Up a Client-to-Gateway VPN Configuration 192.168.3.1 FVS318v3 24.0.0.1 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS318v3 The Summary screen below displays. Page Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC Page Page Page Page Page Page Monitoring the Progress and Status of the VPN Client Connection Page Transferring a Security Policy to Another Client Page How to Set Up a Gateway-to-Gateway VPN Configuration AB Procedure to Configure a Gateway-to-Gateway VPN Tunnel 3. Fill in the IP Address or FQDN for the target VPN endpoint WAN connection and click Next. 4. Identify the IP addresses at the target endpoint that can use this tunnel, and click Next. Page Page Page VPN Tunnel Control Activating a VPN Tunnel Page Page Verifying the S tatus of a VPN Tunnel Deactivating a VPN Tunnel Page Deleting a VPN Tunnel Chapter 6 Advanced Virtual Private Networking Overview of FVS318v3 Policy-Based VPN Configuration Using Policies to Manage VPN Traffic Using Automatic Key Management Page 6-4 Advanced Virtual Private Networking The IKE Policy Configuration fields are defined in the following table. Table 6-1. IKE Policy Configuration fields Advanced Virtual Private Networking 6-5 VPN Policy Configuration for Auto Key Negotiation Table 6-1. IKE Policy Configuration fields Page Advanced Virtual Private Networking 6-7 The VPN Auto Policy field s are defined in the following table. Table 6-1. VPN Auto Policy Configuration Fields 6-8 Advanced Virtual Private Networking Table 6-1. VPN Auto Policy Configuration Fields VPN Policy Configuration for Manual Key Exchange Page Advanced Virtual Private Networking 6-11 The VPN Manual Policy fields are defined in the following table. Table 6-1. VPN Manual Policy Configuration Fields 6-12 Advanced Virtual Private Networking Table 6-1. VPN Manual Policy Configuration Fields Using Digital Certificates for IKE Auto-Policy Authentication Certificate Revocation List (CRL) Walk-Through of Configuration Scenarios on the FVS318v3 VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets FVS318v3 Scenario 1: FVS318v3 to Gateway B IKE and VPN Policies Page Page Page Page How to Check VPN Connections FVS318v3 Scenario 2: FVS318v3 to FVS318v3 with RSA Certificates Page Page Page Page Page Page Page This screen shows the following parameters: Page Click Show Statistics to display firewall usage statistics. This screen shows the following statistics: Viewing a List of Attached Devices Upgrading the Firewall Software Page Configuration File Management Backing Up the Configuration Restoring the Configuration Erasing the Configuration Changing the Administrator Password Chapter 8 Advanced Configuration How to Configure Dynamic DNS Using the LAN IP Setup Options Configuring LAN TCP/IP Setup Parameters Using the Firewall as a DHCP server Using Address Reservation Configuring Static Routes Page Static Route Example Enabling Remote Management Access Page Page Page Chapter 9 Troubleshooting Basic Functioning Power LED Not On LEDs Never Turn Off LAN or Internet Port LEDs Not On Troubleshooting the W e b Configuration Interface Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your Firewall Testing the Path from Your PC to a Remote Device Restoring the Default Configuration and Password Problems with Date and Time Page Appendix A Technical Specifications Page Appendix B Network, Routing, and Firewall Basics Related Publications Basic Router Concepts What is a Router? Routing Information Protocol IP Addresses and the Internet Page Netmask Subnet Addressing Page Private IP Addresses Single IP Address Operation Using NAT MAC Addresses and Address Resolution Protocol Related Documents Domain Name Server IP Configuration by DHCP Internet Security and Firewalls What is a Firewall? Ethernet Cabling Category 5 Cable Quality Inside Twisted Pair Cables Uplink Switches, Crossover Cables, and MDI/MDIX Switching Page Page Appendix C Virtual Private Networking What is a VPN? What Is IPSec and How Does It Work? IPSec Security Features IPSec Components Encapsulating Security Payload (ESP) Authentication Header (AH) IKE Security Association Page Key Management Understand the Process Before You Begin VPN Process Overview Network Interfaces and Addresses VPN Tunnel Between Gateways VPN Gateway A VPN Gateway B IPSec Security Association IKE VPN Tunnel Negotiation Steps VPNC IKE Security Parameters VPNC IKE Phase I Parameters VPNC IKE Phase II Parameters Testing and Troubleshooting Additional Reading Page Appendix D Preparing Your Network Preparing Your Computers for TCP/IP Networking Configuring Windows 95, 98, and Me for TCP/IP Networking Install or Verify Windows Networking Components Page Enabling DHCP to Automatically Configure TCP/IP Settings Locate your Network Neighborhood icon. Page Selecting Windows Internet Access Method Verifying TCP/IP Properties Configuring Windows NT4, 2000 or XP for IP Networking Install or Verify Windows Networking Components Enabling DHCP to Automatically Configure TCP/IP Settings DHCP Configuration of TCP/IP in Windows XP Page DHCP Configuration of TCP/IP in Windows 2000 Page Page DHCP Configuration of TCP/IP in Windows NT4 Page Verifying TCP/IP Properties for Windows XP, 2000, and NT4 Configuring the Macintosh for TCP/IP Networking MacOS 8.6 or 9.x MacOS X Verifying TCP/IP Properties for Macintosh Computers Verifying the Readiness of Your Internet Account Are Login Protocols Used? What Is Your Configuration Information? Obt aining ISP Configuration Information for W indows Computers Obtaining ISP Configuration Information for Macintosh Computers Restarting the Network Page Appendix E VPN Configuration of NETGEAR FVS318v3 Case Study Overview Gathering the Network Information Configuring the Gateways Page Page Activating the VPN Tunnel The FVS318v3-to-FVS318v3 Case Page Page Page Page Page VPN Status at Gateway B (FVS318v3) The FVS318v3-to-FVS318v2 Case Page Page Page Page Page Page The FVS318v3-to-FVL328 Case Page Page Page Page Page IPSec Connection Status at Gateway B (FVL328) VPN Configuration of NETGEAR FVS318v3 E-27 The FVS318v3-to-VPN Client Case Client-to-Gateway VPN Tunnel Overview Table E-4. Policy Summary Table E-5. Differences betwe en VPN tunnel types Scenario 1 Page Page Page Page Page Page Page Page Page Connection Monitor at Gateway B (remote VPN Client) Glossary List of Glossary Terms Use the list below to find definitions for technical terms used in this manual. Numeric A B C D E G I Page L M P Q R S T U W