Transcription

VPN Configuration of ProSafe Client and Netgear ProSafe Router:This document will guide you on how to create IKE and auto-VPN policies for your ProSafeNetgear Router, as well as how to configure the VPN Pro-Safe VPN client in order to allow aVirtual Private Network to be established over the internet.NOTE: This document assumes that your router is either receiving a public IP address on theWAN interface or that the gateway device(s) have the correct port forwarding or DMZ configuredso that port 500 UDP is open for the router, these gateway devices must also allow VPN passthrough.Version 1.1

Router Settings:As we configure the Netgear VPN Router, there will be information we’ll add which will later beused in the configuration of the ProSafe Client Software. This information will be marked with rednumbered circles. You can print this form to help keep track of this information.➊Pre-Shared Key:➋Remote Identifier Information:➌Local Identifier Information:➍Router’s LAN Network IP Address:➎Router’s LAN Network IP Mask:➏Router’s WAN IP Address:Version 1.1

Creation of the VPN Policy on the ProSafe Router: From the Router’s GUI, go to theVPN section and then select theVPN wizard. There, select the option for VPNClient.Now you will have the following fields available: Connection Name: The name canbe any alphanumeric string. Itidentifies your tunnel, but it bears norelevance to the connection.➊ Pre-Shared Key: The name can beany alphanumeric string from 8 to49 characters long.➊➋➌➋ Remote Identifier Information:The name can be any alphanumericstring. It is a name that identifies theremote peer in the VPN Connection(Client). You can leave the defaultor create your own identifier.➌ Local Identifier Information: Thename can be any alphanumericstring. It is a name that identifies thelocal peer in the VPN Connection(Router). You can leave the defaultor create your own identifier. WAN Interface: If your router hasmore than one WAN Interface, you’llbe prompted to select which interfaceto use for the VPN Tunnel.Version 1.1

Once you apply, you will see the policy we created in the list of VPN Policies. Make note of thefollowing:➍ Router’s LAN Network IPAddress: The firsts segment in the“Local” box. In our screenshotdescribed as 192.168.1.0 – but maychange depending on the setup ofyour router.➎ Router’s LAN Network IP Mask:The second segment in the “Local”box. In our screenshot described as255.255.255.0 – but may changedepending on the setup of yourrouter.NOTE: The values you used for the fields marked with red circles will be referenced them with thesame circled numbers while configuring the ProSafe VPN Client software.Version 1.1

Creation of the VPN Policy on the ProSafe Client:Before you start configuring the VPN Client, go through the following checklist and make sure youhave all this information. After installing the VPN ClientSoftware, right click in the tray iconfor the VPN Client and select theoption Security Policy Editor. Right click on “My Connections”and add a new connection. Thename does not have to be the sameone you used in your VPN Router,but it is advised you use the same tofacilitate identification of relatingpolicies. In this example the namewill be “VPN”.Version 1.1

Click on the name of your newcreated policy and change the IDType field to IP Subnet➎ The Subnet field will be the valueof your Router’s LAN Network IPAddress.➎➏➏The value of the Mask field will bethe value of your Router’s LANNetwork IP Mask. Next, tick the checkbox next toUse: Secure Gateway Tunnel.➌ The ID Type field will be the valueof your Local IdentifierInformation.➌➏➏ The value of the Gateway IPAddress will be the value of yourRouter’s WAN IP Address.Version 1.1

Click on the plus sign next to yourpolicy name and then on MyIdentity. Change the Select Certificate fieldfrom “Automatically during IKENegotiation” to “None”, and clickon the Pre-Shared Key button thatwill appear on the top right. On the box that will pop up, clickon the Enter Key button.Version 1.1

➋ Input the Pre-Shared Key that youhave used when creating the VPNPolicy on the Router and click on theOK Button. Next, change the ID Type to Domainname.➋ In the field that will open, add the valueof your Remote IdentifierInformation.Version 1.1

In the left box, click now onSecurity Policy. Select Aggressive Mode and tickthe Enable Perfect ForwardSecrecy (PFS) checkbox. Leave the PFS Key Group asDiffie-Hellman Group 2. For last, click on the Save buttonat the top left of the SecurityPolicy Editor:Version 1.1

Connecting:To connect, right click on the tray icon of the Netgear VPN client with your mouse, select connectand select the connection you just created. If your settings are correct you’ll receive a messageconfirming the connection.Version 1.1

Creation of the VPN Policy on the ProSafe Client: Before you start configuring the VPN Client, go through the following checklist and make sure you have all this information. After installing the VPN Client Software, right click in the tray icon for the VPN Client and select th