Manuals / Brands / Computer Equipment / Printer / NETGEAR / Computer Equipment / Printer

NETGEAR FWG114P v2 Understand the Process Before You Begin

1 296

Download 296 pages, 8.05 Mb

Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2

F-6 Virtual Private Networking

201-10301-02, May 2005

Key Management

IPSec uses the Internet Key Exchange (IKE) protocol to facilitate and automate the SA setup and

the exchange of keys between parties transferring data. Using keys ensures that only the sender

and receiver of a message can access it.

IPSec requires that keys be re-created, or refreshed, frequently, so that the parties can

communicate securely with each other. IKE manages the process of refreshing keys; however, a

user can control the key strength and the refresh frequency. Refreshing keys on a regular basis

ensures data confidentiality between sender and receiver.

Understand the Process Before You Begin

This document provides case studies on how to configure secure IPSec VPN tunnels. This

document assumes the reader has a working knowledge of NETGEAR management systems.

NETGEAR is a member of the VPN Consortium, a group formed to facilitate IPSec VPN vendor

interoperability. The VPN Consortium has developed specific scenarios to aid system

administrators in the often confusing process of connecting two different vendor implementations

of the IPSec standard. The case studies in this appendix follo w the addressing and configuration

mechanics defined by the VPN Consortium. Additional information regard ing inter-vendor

interoperability may be found at http://www.vpnc.org/interop.html.

It is a good idea to gather all the necessary informa t ion required to establish a VPN before you

begin the configurat ion process. You should understand whether the firmware is up to date, all of

the addresses that will be necessary, and all of the parameters that need to be set on both sides. T ry

to understand any incompatibilities before you begin, so that you minimize any potential

complications which may arise from normal firewall or WAN processes.

If you are not a full-time system administrator, it is a good idea to familiarize yourself with the

mechanics of a VPN. The brief description in this appendix will help. Other good sources include:

• The NETGEAR VPN Tutorial – http://www.netgear.com/planetvpn/pvpn_2.html

• The VPN Consortium – http://www.vpnc.org/

• The VPN bibliography in “Additional Reading“ on page F-11.

Contents

Main ii 201-10301-02, May 2005 Trademarks Statement of Conditions Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice FCC Caution Product and Publication Details Page Contents Page Page Page Page Page Page Page Page Page Chapter 1 About This Manual Audience, Scope, Conventions, and Formats How to Use This Manual How to Print this Manual Page Chapter 2 Introduction Key Features of the FWG114P v2 Full Routing on Both the Broadband and Serial Ports 802.11g and 802.11b Wireless Networking Virtual Private Networking Wireless Multimedia (WMM) Support A Powerful, True Firewall with Content Filtering Security Autosensing Ethernet Connections with Auto Uplink Extensive Protocol Support Easy Installation and Management NETGEAR Related Products Package Contents The FWG114P v2 Front Panel 2-8 Introduction The FWG114P v2 Rear Panel Table 2-1. LED Descriptions Page Page Chapter 3 Connecting the FWG114P v2 to the Internet What You Will Need Before You Begin Cabling and Computer Hardware Requirements Computer Network Configuration Requirements Internet Configuration Requirements Where Do I Get the Internet Configuration Parameters? Record Your Internet Connection Information Connecting the FWG114P v2 Wireless Firewall/Print Server A Verify That Basic Requirements Are Met B Internet Port Local Port 4 DC Page Page Page 4. RUN THE SETUP WIZARD TO CONNECT TO THE INTERNET Basic Setup Troubleshooting Tips FWG114P v2 Setup Wizard Auto Detection Wizard-Detected Login Account Setup Page Wizard-Detected Dynamic IP Account Setup Wizard-Detected Fixed IP Account Setup How to Configure the Serial Port as the Primary Internet Connection Page Testing Your Internet Connection Page How to Manually Configure the Primary Internet Connection Page Chapter 4 Wireless Configuration Observing Performance, Placement, and Range Guidelines Implementing Appropriate Wireless Security :LUHOHVV'DWD 6HFXULW\2SWLRQV 5DGLXV8SWR)HHW FWG114P Understanding Wireless Settings Page Page Default Factory Settings Before You Change the SSID and WEP Settings How to Set Up and Test Basic Wireless Connectivity How to Restrict Wireless Access by MAC Address How to Configure WEP Page How to Configure WPA with Radius Page How to Configure WPA2 with Radius Page How to Configure WPA and WPA2 with Radius Page How to Configure WPA-PSK Page How to Configure WPA2-PSK How to Configure WPA-PSK and WPA2-PSK Page Chapter 5 Serial Port Configuration Configuring a Serial Port Modem Basic Requirements for Serial Port Modem Configuration How to Configure a Serial Port Modem Configuring Auto-Rollover Basic Requirements for Auto-Rollover How to Configure Auto-Rollover Configuring Dial-in on the Serial Port Basic Requirements for Dial-in How to Configure Dial-in 5-6 Serial Port Configuration 201-10301-02, May 2005M-10207- 01, Reference Manual v2 Configuring LAN-to-LAN Settings LAN-to-LAN enables direct communications between two FWG114P v2 wireless firewall/print servers. 6HULDO&RQQHFWLRQ Page Page Chapter 6 Firewall Protection and Content Filtering Firewall Protection and Content Filtering Overview Using the Block Sites Menu to Screen Content Page Services and Rules Regulate Inbound and Outbound Traffic Defining a Service Using Inbound/Outbound Rules to Block or Allow Services Page Examples of Using Services and Rules to Regulate Traffic Inbound Rules (Port Forwarding) Page Page Outbound Rules (Service Blo cking or Port Filtering) Other Rules Considerations Order of Precedence for Rules Rules Menu Options Using a Schedule to Block or Allow Content or Traffic Setting the Time Zone Getting E-Mail Notifications of Event Logs and Alerts Page Page Viewing Logs of Web Access or Attempted Web Access What to Include in the Event Log Page Chapter 7 Print Server Printing Options For Windows XP and 2000, Use TCP/IP LPR Printing Page Page Page For Windows 95/98/Me, Use the Netgear Printer Port Driver Page Page Printing from the Macintosh Windows Printer Port Management Page Troubleshooting the Print Server Page Page Page Page Virtual Private Networking 8-1 Chapter 8 Virtual Private Networking #OMPUTERS Figure 8-1: Secure access through FWG114P v2 VPN routers Overview of FWG114P v2 Policy-Based VPN Configuration 931WXQQHOV HQFU\SWGDWD Using Policies to Manage VPN Traffic Using Automatic Key Management Page 8-4 Virtual Private Networking The IKE Policy Configuration fields are defined in the following table. Table 8-1. IKE Policy Configuration Fields Virtual Private Networking 8-5 Table 8-1. IKE Policy Configuration Fields Page Virtual Private Networking 8-7 The VPN Auto Poli cy fields ar e defined in the following table. 8-8 Virtual Private Networking Virtual Private Networking 8-9 VPN Policy Configuration for Manual Key Exchange Page Virtual Private Networking 8-11 The VPN Manual Policy fields are defined in the following table. 8-12 Virtual Private Networking Virtual Private Networking 8-13 Using Digital Certificates for IKE Auto-Policy Authentication Certificate Revocation List (CRL) Walk-Through of Configuration Scenarios on the FWG114P v2 How to Use the VPN Wizard to Configure a VPN Tunnel Page Page Page VPNC Scenario 1: Gateway to Gateway with Preshared Secrets Scenario 1: FWG114P v2 to FWG114P v2 with Preshared Secrets Page Page Page How to Check VPN Connections VPNC Scenario 2: Gateway-to-Gateway with Certificates Scenario 2: FWG114P v2 to FWG114P v2 with Certificates Page Page Page Page Page Netgear VPN Client to FWG114P v2 Configuration Profile Step-By-Step Configuration of FWG114P v2 Gateway 1HWZRUN$GGUHVVHV Page Page Page Page Step-By-Step Configuration of the Netgear VPN Client Page Page Page Page Page Page Testing the VPN Connection From the Client PC to the FWG114P v2 From the FWG114P v2 to the Client PC Monitoring the PC VPN Connection Viewing the FWG114P v2 VPN Status and Log Information Page Page Page Maintenance 9-3 Table 9-1. Status Fields Click WAN Status to display the WAN connection status. This screen shows the following statistics:. Log action buttons are described in Table 9-2. Click Show Statistics to display router usage statistics. This screen shows the following statistics: Viewing a List of Attached Devices Upgrading the Router Software Configuration File Management Restoring and Backing Up the Configuration Erasing the Configuration Changing the Administrator Password Page Chapter 10 Advanced Configuration Using the WAN Setup Options Page How to Configure Dynamic DNS Page Using the LAN IP Setup Options Configuring LAN TCP/IP Setup Parameters Page Using the Router as a DHCP server Using Address Reservation Configuring Static Routes Page Enabling Remote Management Access Using Universal Plug and Play (UPnP) Advanced Wireless Settings Page Page Chapter 11 Troubleshooting Basic Functioning Power LED Not On LEDs Never Turn Off LAN or Internet Port LEDs Not On Troubleshooting the W e b Configuration Interface Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your Router Testing the Path from Your Computer to a Remote Device Restoring the Default Configuration and Password Problems with Date and Time Page Appendix A Technical Specifications Page Appendix B Networks, Routing, and Firewall Basics Related Publications Basic Router Concepts What is a Router? Routing Information Protocol IP Addresses and the Internet Page Netmask Subnet Addressing Page Page Private IP Addresses Single IP Address Operation Using NAT Page MAC Addresses and Address Resolution Protocol Related Documents Domain Name Server IP Configuration by DHCP Internet Security and Firewalls What is a Firewall? Stateful Packet Inspection Denial of Service Attack Ethernet Cabling Category 5 Cable Quality Inside Twisted Pair Cables Uplink Switches, Crossover Cables, and MDI/MDIX Switching Page Page Appendix C Preparing Your Network Preparing Your Computers for TCP/IP Networking Configuring Windows 95, 98, and Me for TCP/IP Networking Install or Verify Windows Networking Components Page Enabling DHCP to Automatically Configure TCP/IP Settings Verifying TCP/IP Properties Configuring Windows NT, 2000 or XP for IP Networking Installing or Verifying Windows Networking Components Verifying TCP/IP Properties Configuring the Macintosh for TCP/IP Networking MacOS 8.6 or 9.x MacOS X Verifying TCP/IP Properties for Macintosh Computers Verifying the Readiness of Your Internet Account Are Login Protocols Used? What Is Your Configuration Information? Obt aining ISP Configuration Information for W indows Computers Obtaining ISP Configuration Information for Macintosh Computers Page Firewall Log Formats D-1 Appendix D Firewall Log Formats Action List Outgoing packets that match the Firewall rules are logged. Field List Outbound Log Inbound Log Incoming packets that match the Firewall rules are logged. Some special packets matching the Firewall rules, like VPN connection, etc. are logged. Other IP Traffic Firewall Log Formats D-3 Router Operation Operations that the router initiates are logged. D-4 Firewall Log Formats Other Connections and Traffic to this Router DoS Attack/Scan Common attacks and scans are logged. Firewall Log Formats D-5 Access Block Site All Web Sites and News Groups Visited System Admin Sessions Firewall Log Formats D-7 Policy Administration LOG Page Appendix E Wireless Networking Basics Wireless Networking Overview Infrastructure Mode Ad Hoc Mode (Peer-to-Peer Workgroup) Network Name: Extended Service Set Identification (ESSID) Authentication and WEP Data Encryption 802.11 Authentication Open System Authentication Shared Key Authentication 2SHQ6\VWHP $XWKHQWLFDWLRQ6WHSV Overview of WEP Parameters 6KDUHG.H\ $XWKHQWLFDWLRQ6WHSV Key Size WEP Configuration Options Wireless Channels WPA Wireless Security How Does WPA Compare to WEP? How Does WPA Compare to IEEE 802.11i? What are the Key Features of WPA Security? Page Wired Network with Optional 802.1x Port Based Network Access Control Wireless LAN Page Page Page Is WPA Perfect? Product Support for WPA Page Page Appendix F Virtual Private Networking What is a VPN? What is IPSec and How Does It Work? IPSec Security Features IPSec Components Encapsulating Security Payload (ESP) Authentication Header (AH) IKE Security Association Page Key Management Understand the Process Before You Begin VPN Process Overview Network Interfaces and Addresses Setting Up a VPN Tunnel Between Gateways AB IPSec Security Association IKE VPN Tunnel Negotiation Steps VPNC IKE Security Parameters VPNC IKE Phase I Parameters VPNC IKE Phase II Parameters Testing and Troubleshooting Additional Reading Page Appendix G NETGEAR VPN Configuration FVS318 or FVM318 to FWG114P v2 Configuration Template S tep-By-Step Configuration of FVS318 or FVM318 Gateway A Page Page Step-By-Step Configuration of FWG114P Gateway B Page Page Page Test the VPN Connection Page Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 Configuration Template Using DDNS and Fully Qualified Domain Names (FQDN) S tep-By-Step Configuration of FVS318 or FVM318 Gateway A Page Page Page Step-By-Step Configuration of FVS328 Gateway B Page Page Page Test the VPN Connection Page Glossary Use the list below to find definitions for technical terms used in this manual.