{\rtf1{\fonttbl {\f2 Times New Roman Italic;} {\f3 Arial Rounded MT Bold;} {\f4 Arial Rounded MT Bold;} {\f5

Arial Rounded MT Bold;} {\f6 Times New Roman;} {\f7 Arial Rounded MT Bold;} {\f8 Times New Roman Italic;} {\f9 Arial Rounded MT Bold;} {\f10 Arial Rounded MT Bold;} {\f11 Times New Roman;} {\f12 Times New Roman;} {\f13 Arial Rounded MT Bold;} {\f14 Arial Italic;} {\f15 Courier New;} {\f16 Times New Roman Bold;} {\f17 Times New Roman Italic;} {\f18 Arial Italic;} {\f19 Times New Roman Italic;} {\f20 Arial Rounded MT Bold;} {\f21 Times New Roman;} {\f22 Times New Roman;} {\f23 Arial Rounded MT Bold;} {\f24 Arial Narrow Bold;} {\f25 Arial Narrow Bold;} {\f26 Times New Roman;} {\f27 Arial Rounded MT Bold;} {\f28 Arial Rounded MT Bold;} {\f29 Arial Rounded MT Bold;} {\f30 Arial Rounded MT Bold;} {\f31 Arial Rounded MT Bold;} {\f32 Arial Rounded MT Bold;} {\f33 Arial Rounded MT Bold;} {\f34 Arial Unicode MS;} {\f35 Arial Rounded MT Bold;} {\f36 Arial Rounded MT Bold;} {\f37 Times New Roman;} {\f38 Arial Black;} {\f39 Arial Rounded MT Bold;} {\f40 Arial Bold Italic;} {\f41 Times New Roman;} {\f42 Arial Rounded MT Bold;} {\f43 Arial Rounded MT Bold;} {\f44 Arial Unicode MS;} {\f45 Arial Unicode MS;} {\f46 Courier New Bold;} {\f47 Times New Roman Bold;} {\f48 Arial Rounded MT Bold;} {\f49 Arial Rounded MT Bold;} {\f50 Arial Black;} {\f51 Arial Rounded MT Bold;} {\f52 Times New Roman;} {\f53 Arial Rounded MT Bold;} {\f54 Times New Roman;} {\f55 Times New Roman;} {\f56 Arial;} {\f57 Arial Rounded MT Bold;} {\f58 Arial Rounded MT Bold;} {\f59 Arial Rounded MT Bold;} {\f60 Arial Rounded MT Bold;}

{\f61 Arial Unicode MS;} {\f62 Arial Rounded MT Bold;} {\f63 Times New Roman Bold;} {\f64 Times New Roman;} {\f65 Times New Roman;} {\f66 Times New Roman Bold;} {\f67 Times New Roman;} {\f68 Times New Roman;} {\f69 Times New Roman Bold;} {\f70 Times New Roman Bold;} {\f71 Times New Roman Bold;} {\f72 Arial Rounded MT Bold;} {\f73 Arial Unicode MS;} {\f74 Arial Rounded MT Bold;} {\f75 Arial Unicode MS;} {\f76 Arial Rounded MT Bold;} {\f77 Arial Rounded MT Bold;} {\f78 Times New Roman;} {\f79 Times New Roman Bold;} {\f1000000 Times New Roman;} }{\colortbl; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue255; \red0\green0\blue255; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue255; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue255; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red34\green31\blue31; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red34\green31\blue31; \red0\green0\blue0; \red0\green0\blue255; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0;

\red0\green0\blue0; \red34\green31\blue31; \red34\green31\blue31; \red34\green31\blue31; \red34\green31\blue31; \red0\green0\blue0; \red0\green0\blue0; \red34\green31\blue31; \red34\green31\blue31; \red34\green31\blue31; \red34\green31\blue31; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red34\green31\blue31; \red34\green31\blue31; \red34\green31\blue31; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red51\green51\blue51; \red51\green51\blue51; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue255; \red0\green0\blue0; \red34\green31\blue31; \red34\green31\blue31; \red34\green31\blue31; \red34\green31\blue31; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; \red0\green0\blue0; }\viewkind1\viewscale100\par\pard\ql \ul0\nosupersub\cf3\f4\fs51 Reference Manua l for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf 2\f3\fs18 NETGEAR, Inc. \par\pard\par\pard\ql 4500 Great America Parkway Santa C lara, CA 95054 USA \par\pard\par\pard\ql 202-10059-02 \par\pard\par\pard\ql Vers ion 3 \par\pard\par\pard\ql January 2005 \par\pard\par\pard\ql \ul0\nosupersub\c f1\f2\fs21 January 2005 \par\pard\par\pard\ql \ul0\nosupersub\cf5\f6\fs18 2005 b y NETGEAR, Inc. All rights reserved. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f 5\fs19 Trademarks \par\pard\par\pard\ql \ul0\nosupersub\cf5\f6\fs18 NETGEAR is a trademark of Netgear, Inc. \par\pard\par\pard\ql Microsoft, Windows, and Window s NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. \par \pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Statement of Conditions \par\pard\ par\pard\ql \ul0\nosupersub\cf5\f6\fs18 In the interest of improving internal de sign, operational function, and/or reliability, NETGEAR reserves the right to ma ke changes to the products described in this document without notice. \par\pard\ par\pard\ql NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein. \par \pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice \par\pard\par\pard\ql \ul0\nosup ersub\cf5\f6\fs18 This equipment has been tested and found to comply with the li mits for a Class B digital device, pursuant to \par part 15 of the FCC Rules

. These limits are designed to provide reasonable protection against harmful int erference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance wit h the instructions, may cause harmful interference to radio communications. Howe ver, there is no guarantee that interference will not occur in a particular inst allation. If this equipment does cause harmful interference to radio or televisi on reception, which can be determined by turning the equipment off and on, the u ser is encouraged to try to correct the interference by one or more of the follo wing measures: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf5\f6\fs18 \u8226?}\cell{\ul0\nosupersu b\cf5\f6\fs18 Reorient or relocate the receiving antenna.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf5\f6\fs18 \u8226?}\cell{\ul0\nosupersu b\cf5\f6\fs18 Increase the separation between the equipment and receiver.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf5\f6\fs18 \u8226?}\cell{\ul0\nosupersu b\cf5\f6\fs18 Connect the equipment into an outlet on a circuit different from t hat to which the receiver is connected.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf5\f6\fs18 \u8226?}\cell{\ul0\nosupersu b\cf5\f6\fs18 Consult the dealer or an experienced radio/TV technician for help. }\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 EN 55 022 Declaration of Conf ormance \par\pard\par\pard\ql \ul0\nosupersub\cf5\f6\fs18 This is to certify tha t the FVS318v3 ProSafe VPN Firewall is shielded against the generation of radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application \par of EN 55 022 Cla ss B (CISPR 22). \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 ii \par\pard\ par\pard\ql \ul0\nosupersub\cf1\f2\fs21 January 2005 \par\pard\par\pard\ql \ul0\ nosupersub\cf4\f5\fs19 Besttigung des Herstellers/Importeurs \par\pard\par\pard\q l \ul0\nosupersub\cf5\f6\fs18 Es wird hiermit besttigt, da das FVS318v3 ProS afe VPN Firewall gem der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgefhrten Bes timmungen entstrt ist. Das vorschriftsmige Betreiben einiger Gerte (z.B. Testsender) kann \par jedoch gewissen Beschrnkungen unterliegen. Lesen Sie dazu bitte die An merkungen in der Betriebsanleitung. Das Bundesamt fr Zulassungen in der Telekommu nikation wurde davon unterrichtet, da dieses Gert auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfllung der Vorschriften hin zu berprfen. \p ar\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Certificate of the Manufacturer/ Importer \par\pard\par\pard\ql \ul0\nosupersub\cf5\f6\fs18 It is hereby certifie d that the FVS318v3 ProSafe VPN Firewall has been suppressed in accordance with the conditions \par set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance w

ith the regulations may, however, be subject to certain restrictions. Please ref er to the notes in the operating instructions. \par\pard\par\pard\ql Federal Off ice for Telecommunications Approvals has been notified of the placing of this eq uipment on the market and has been granted the right to test the series for comp liance with the regulations. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 V oluntary Control Council for Interference (VCCI) Statement \par\pard\par\pard\ql \ul0\nosupersub\cf5\f6\fs18 This equipment is in the second category (in formation equipment to be used in a residential area or an adjacent area thereto ) and conforms to the standards set by the Voluntary Control Council for Interfe rence by Data Processing \par Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas. When used near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct handling. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 iii \pa r\pard\par\pard\ql \ul0\nosupersub\cf1\f2\fs21 January 2005 \par\pard\par\pard\q l \ul0\nosupersub\cf6\f7\fs24 Product and Publication Details \par\pard\par\pard { \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Model Number:}\cell{\ul0\nos upersub\cf2\f3\fs18 FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Publication Date:}\cell{\ul0 \nosupersub\cf2\f3\fs18 January 2005}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Product Family:}\cell{\ul0\n osupersub\cf2\f3\fs18 Router}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Product Name:}\cell{\ul0\nos upersub\cf2\f3\fs18 FVS318v3 ProSafe VPN Firewall}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Home or Business Product: { Business \par\pard\par\pard

\trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Language:}\cell{\ul0\nosuper sub\cf2\f3\fs18 English}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 iv \par\pard\par\pard\ql \ul0 \nosupersub\cf1\f2\fs21 January 2005 \par\pard\par\pard\ql \ul0\nosupersub\cf8\f 9\fs36 Contents \par\pard\par\pard\ql \ul0\nosupersub\cf9\f10\fs19 Chapter 1 \pa r\pard\par\pard\ql About This Manual \par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Audience, Scope, Convention s, and Formats ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .1-1}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 How to Use This Manual ... }\cell{\ul0\nosupersub\cf9\f10\fs19 ...1-2}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 How to Print this Manual .. .}\cell{\ul0\nosupersub\cf9\f10\fs19 .1-3}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Chapter 2}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Introduction}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Key Features of the VPN Fir ewall ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .2-1}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 A Powerful, True Firewall w ith Content Filtering ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...2-2}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Security ...}\cell{\ul0\no supersub\cf9\f10\fs19 ..2-2}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Autosensing Ethernet Connec tions with Auto Uplink ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..2-3}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Extensive Protocol Support ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..2-3}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Easy Installation and Manag ement ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..2-4}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Maintenance and Support ... }\cell{\ul0\nosupersub\cf9\f10\fs19 .2-4}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Package Contents ...}\cell {\ul0\nosupersub\cf9\f10\fs19 .2-5}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 The FVS318v3 Front Panel .. .}\cell{\ul0\nosupersub\cf9\f10\fs19 ..2-5}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 The FVS318v3 Rear Panel .. .}\cell{\ul0\nosupersub\cf9\f10\fs19 ..2-6}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 NETGEAR-Related Products . ..}\cell{\ul0\nosupersub\cf9\f10\fs19 ..2-7}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 NETGEAR Product Registratio n, Support, and Documentation ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .2-7}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Chapter 3}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Connecting the Firewall to the Internet}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Prepare to Install Your FVS 318v3 ProSafe VPN Firewall ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..3-1}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 First, Connect the FVS318v3 ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..3-1}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Now, Configure the FVS318v3 for Internet Access ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..3-4}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Troubleshooting Tips ...}\ cell{\ul0\nosupersub\cf9\f10\fs19 ...3-6}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Overview of How to Access t he FVS318v3 VPN Firewall ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .3-8}\cell \cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 How to Log On to the FVS318 v3 After}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Configuration Settings Have Been Applied ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..3-9}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 How to Bypass the Configura tion Assistant ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. 3-10}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Contents}\cell {}\cell{\ul0\nosupersub\cf4\f5\fs19 v}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Using the Smart Setup Wizar d ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . 3-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 How to Manually Configure Y our Internet Connection ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. 3-12}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Chapter 4}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Firewall Protection and}\ce ll \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Content Filtering}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Firewall Protection and Con tent Filtering Overview ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..4-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Block Sites ...}\cell{\ul0\ nosupersub\cf9\f10\fs19 .4-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Using Rules to Block or All ow Specific Kinds of Traffic ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..4-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Inbound Rules (Port Forward ing) ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..4-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Inbound Rule Example: A Loc al Public Web Server ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...4-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Inbound Rule Example: Allow ing a Videoconference from Restricted Addresses 4-6}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Considerations for Inbound Rules ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...4-6}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Outbound Rules (Service Blo cking) ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .4-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Outbound Rule Example: Bloc king Instant Messenger ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .4-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Order of Precedence for Rul es ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..4-8}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Default DMZ Server ...}\ce ll{\ul0\nosupersub\cf9\f10\fs19 .4-8}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Respond to Ping on Internet WAN Port ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .4-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Services ...}\cell{\ul0\nos upersub\cf9\f10\fs19 ...4-10}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Using a Schedule to Block o r Allow Specific Traffic ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... 4-12}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Time Zone ...}\cell{\ul0\n osupersub\cf9\f10\fs19 .. 4-13}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Getting E-Mail Notification s of Event Logs and Alerts ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. 4-14}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Viewing Logs of Web Access or Attempted Web Access ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... 4-16}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Syslog ...}\cell{\ul0\nosu persub\cf9\f10\fs19 .. 4-17}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Chapter 5}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Basic Virtual Private Netwo rking}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Overview of VPN Configurati on ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..5-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Client-to-Gateway VPN Tunne

ls ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...5-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Gateway-to-Gateway VPN Tunn els ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .5-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Planning a VPN ...}\cell{\ ul0\nosupersub\cf9\f10\fs19 ..5-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 VPN Tunnel Configuration .. .}\cell{\ul0\nosupersub\cf9\f10\fs19 .5-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 How to Set Up a Client-to-G ateway VPN Configuration ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .5-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Step 1: Configuring the Cli ent-to-Gateway VPN Tunnel on the FVS318v3 ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..5-6}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Step 2: Configuring the NET GEAR ProSafe VPN Client on the Remote PC ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..5-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Monitoring the Progress and Status of the VPN Client Connection ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..5 -16}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Transferring a Security Pol icy to Another Client ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . 5-18}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Exporting a Security Policy ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...5-18}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 vi}\cell{\ul0\nosupersub\cf4 \f5\fs19 Contents}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Importing a Security Policy ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...5-19}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 How to Set Up a Gateway-toGateway VPN Configuration ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... 5-20}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Procedure to Configure a Ga teway-to-Gateway VPN Tunnel ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. 5-21}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 VPN Tunnel Control ...}\cel l{\ul0\nosupersub\cf9\f10\fs19 ... 5-26}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Activating a VPN Tunnel .. .}\cell{\ul0\nosupersub\cf9\f10\fs19 . 5-26}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Start Using a VPN Tunnel to Activate It ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. 5-26}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Using the VPN Status Page t o Activate a VPN Tunnel ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...5-26}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Activate the VPN Tunnel by Pinging the Remote Endpoint ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. 5-27}\cel l \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Verifying the Status of a V PN Tunnel ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... 5-29}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Deactivating a VPN Tunnel ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... 5-30}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Using the Policy Table on t he VPN Policies Page to Deactivate a VPN Tunnel 5-30}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Using the VPN Status Page t o Deactivate a VPN Tunnel ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . 5-31}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Deleting a VPN Tunnel ...}\ cell{\ul0\nosupersub\cf9\f10\fs19 .5-32}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Chapter 6}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Advanced Virtual Private Ne tworking}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Overview of FVS318v3 Policy -Based VPN Configuration ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .6-1}\cell

\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Using Policies to Manage VP N Traffic ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...6-2}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Using Automatic Key Managem ent ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..6-2}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 IKE Policies\u8217? Automat ic Key and Authentication Management ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..6 -3}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 VPN Policy Configuration fo r Auto Key Negotiation ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .6-5}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 VPN Policy Configuration fo r Manual Key Exchange ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..6-9}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Using Digital Certificates

for IKE Auto-Policy Authentication ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... 6 -13}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Certificate Revocation List (CRL) ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... 6-14}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Walk-Through of Configurati on Scenarios on the FVS318v3 ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... 6-14}\c ell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 VPN Consortium Scenario 1:} \cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Gateway-to-Gateway with Pre shared Secrets ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . 6-15}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 FVS318v3 Scenario 1: FVS318 v3 to Gateway B IKE and VPN Policies ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... 6-16}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880

\cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 How to Check VPN Connection s ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... 6-21}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Testing the Gateway A FVS31 8v3 LAN and the Gateway B LAN ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . 6-21}\ce ll \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 FVS318v3 Scenario 2: FVS318 v3 to FVS318v3 with RSA Certificates ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. 6 -22}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Chapter 7}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Maintenance}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Viewing VPN Firewall Status Information ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..7-1}\cell

\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Viewing a List of Attached Devices ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...7-5}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Upgrading the Firewall Soft ware ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...7-5}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Configuration File Manageme nt ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .7-7}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Contents}\cell {}\cell{\ul0\nosupersub\cf4\f5\fs19 vii}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Backing Up the Configuratio n ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .7-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Restoring the Configuration ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .7-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Erasing the Configuration . ..}\cell{\ul0\nosupersub\cf9\f10\fs19 ..7-8}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Changing the Administrator Password ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...7-8}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Chapter 8}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Advanced Configuration}\cel l \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 How to Configure Dynamic DN S ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...8-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Using the LAN IP Setup Opti ons ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...8-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Configuring LAN TCP/IP Setu p Parameters ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...8-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Using the Firewall as a DHC P server ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..8-4}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Using Address Reservation . ..}\cell{\ul0\nosupersub\cf9\f10\fs19 ..8-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Configuring Static Routes ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..8-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Static Route Example ...}\c ell{\ul0\nosupersub\cf9\f10\fs19 ..8-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Enabling Remote Management Access ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .8-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Chapter 9}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Troubleshooting}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Basic Functioning ...}\cel l{\ul0\nosupersub\cf9\f10\fs19 ..9-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Power LED Not On ...}\cell{ \ul0\nosupersub\cf9\f10\fs19 ...9-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 LEDs Never Turn Off ...}\ce ll{\ul0\nosupersub\cf9\f10\fs19 ...9-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 LAN or Internet Port LEDs N ot On ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...9-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Troubleshooting the Web Con figuration Interface ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .9-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Troubleshooting the ISP Con nection ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...9-4}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Troubleshooting a TCP/IP Ne twork Using a Ping Utility ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .9-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Testing the LAN Path to You r Firewall ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .9-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Testing the Path from Your PC to a Remote Device ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ...9-6}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Restoring the Default Confi guration and Password ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..9-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Problems with Date and Time ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ..9-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Appendix A \par\pard\par\pard\ql Technical Specifications Appendix B \par\pard\par\pard\ql Network, Routing, and Firewall Basics \par\par d\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf9\f10\fs19 Related Publications ...}\cell{\ul0\nosuper sub\cf9\f10\fs19 ... B-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf9\f10\fs19 Basic Router Concepts ...}\cell{\ul0\nosupe rsub\cf9\f10\fs19 .. B-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf9\f10\fs19 What is a Router? ...}\cell{\ul0\nosupersu b\cf9\f10\fs19 ... B-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf9\f10\fs19 Routing Information Protocol ...}\cell{\ul0 \nosupersub\cf9\f10\fs19 .. B-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf9\f10\fs19 IP Addresses and the Internet ...}\cell{\u l0\nosupersub\cf9\f10\fs19 ... B-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 viii}\cell {}\cell{\ul0\nosupersub\cf4\f5\fs19 Contents}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Netmask ...}\cell{\ul0\nosu persub\cf9\f10\fs19 ... B-4}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Subnet Addressing ...}\cell {\ul0\nosupersub\cf9\f10\fs19 .. B-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Private IP Addresses ...}\c ell{\ul0\nosupersub\cf9\f10\fs19 .. B-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Single IP Address Operation Using NAT ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. B-8}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 MAC Addresses and Address R esolution Protocol ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . B-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Related Documents ...}\cell {\ul0\nosupersub\cf9\f10\fs19 . B-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Domain Name Server ...}\cel l{\ul0\nosupersub\cf9\f10\fs19 . B-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 IP Configuration by DHCP .. .}\cell{\ul0\nosupersub\cf9\f10\fs19 . B-10}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Internet Security and Firew

alls ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... B-10}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 What is a Firewall? ...}\ce ll{\ul0\nosupersub\cf9\f10\fs19 .B-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Stateful Packet Inspection ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .B-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Denial of Service Attack . ..}\cell{\ul0\nosupersub\cf9\f10\fs19 .B-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Ethernet Cabling ...}\cell{ \ul0\nosupersub\cf9\f10\fs19 ..B-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Category 5 Cable Quality .. .}\cell{\ul0\nosupersub\cf9\f10\fs19 .. B-12}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Inside Twisted Pair Cables ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... B-13}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Uplink Switches, Crossover Cables, and MDI/MDIX Switching ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . B-14}\c ell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Appendix C}\cell \cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Virtual Private Networking} \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 What is a VPN? ...}\cell{\ ul0\nosupersub\cf9\f10\fs19 . C-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 What Is IPSec and How Does It Work? ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . C-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 IPSec Security Features .. .}\cell{\ul0\nosupersub\cf9\f10\fs19 .. C-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 IPSec Components ...}\cell {\ul0\nosupersub\cf9\f10\fs19 . C-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Encapsulating Security Payl oad (ESP) ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . C-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Authentication Header (AH) ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... C-4}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 IKE Security Association .. .}\cell{\ul0\nosupersub\cf9\f10\fs19 .. C-4}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Mode ...}\cell{\ul0\nosuper sub\cf9\f10\fs19 .. C-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Key Management ...}\cell{\u l0\nosupersub\cf9\f10\fs19 . C-6}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Understand the Process Befo re You Begin ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . C-6}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 VPN Process Overview ...}\ cell{\ul0\nosupersub\cf9\f10\fs19 . C-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Network Interfaces and Addr esses ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . C-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Interface Addressing ...}\c ell{\ul0\nosupersub\cf9\f10\fs19 .. C-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Firewalls ...}\cell{\ul0\n osupersub\cf9\f10\fs19 .. C-8}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 VPN Tunnel Between Gateways ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. C-8}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 VPNC IKE Security Parameter s ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . C-10}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 VPNC IKE Phase I Parameters ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. C-10}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Contents}\cell{\ul0\nosupers ub\cf4\f5\fs19 ix}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 VPNC IKE Phase II Parameter s ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . C-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Testing and Troubleshooting ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . C-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Additional Reading ...}\ce ll{\ul0\nosupersub\cf9\f10\fs19 ... C-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Appendix D}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Preparing Your Network}\cel l \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Preparing Your Computers fo r TCP/IP Networking ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . D-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Configuring Windows 95, 98, and Me for TCP/IP Networking ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... D-2}\ce ll {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Install or Verify Windows N etworking Components ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . D-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Enabling DHCP to Automatica lly Configure TCP/IP Settings ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... D-4}\c ell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Selecting Windows\u8217? In ternet Access Method ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . D-6}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Verifying TCP/IP Properties ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... D-6}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Configuring Windows NT4, 20 00 or XP for IP Networking ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. D-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Install or Verify Windows N etworking Components ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . D-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Enabling DHCP to Automatica lly Configure TCP/IP Settings ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... D-8}\c ell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 DHCP Configuration of TCP/I P in Windows XP ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. D-8}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 DHCP Configuration of TCP/I P in Windows 2000 ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... D-10}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 DHCP Configuration of TCP/I P in Windows NT4 ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. D-13}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Verifying TCP/IP Properties for Windows XP, 2000, and NT4 ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... D-15} \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Configuring the Macintosh f or TCP/IP Networking ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... D-16}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 MacOS 8.6 or 9.x ...}\cell {\ul0\nosupersub\cf9\f10\fs19 .. D-16}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 MacOS X ...}\cell{\ul0\nosu persub\cf9\f10\fs19 ... D-16}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Verifying TCP/IP Properties for Macintosh Computers ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. D-17}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Verifying the Readiness of Your Internet Account ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . D-18}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Are Login Protocols Used? ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. D-18}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 What Is Your Configuration Information? ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. D-18}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Obtaining ISP Configuration Information for Windows Computers ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. D19}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Obtaining ISP Configuration Information for Macintosh Computers ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... D-20}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Restarting the Network ... }\cell{\ul0\nosupersub\cf9\f10\fs19 ... D-21}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Appendix E}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 VPN Configuration of NETGEA R FVS318v3}\cell \cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Case Study Overview ...}\c ell{\ul0\nosupersub\cf9\f10\fs19 . E-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Gathering the Network Infor mation ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . E-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Configuring the Gateways .. .}\cell{\ul0\nosupersub\cf9\f10\fs19 ... E-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Activating the VPN Tunnel ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. E-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 The FVS318v3-to-FVS318v3 Ca se ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . E-6}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 x}\cell{\ul0\nosupersub\cf4\ f5\fs19 Contents}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Configuring the VPN Tunnel ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. E-6}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Viewing and Editing the VPN Parameters ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... E-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Initiating and Checking the VPN Connections ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .E-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 The FVS318v3-to-FVS318v2 Ca se ...}\cell{\ul0\nosupersub\cf9\f10\fs19 .. E-13}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Configuring the VPN Tunnel ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... E-13}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Viewing and Editing the VPN Parameters ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . E-16}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Initiating and Checking the VPN Connections ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... E-18}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 The FVS318v3-to-FVL328 Case ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... E-20}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Configuring the VPN Tunnel ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... E-20}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Viewing and Editing the VPN Parameters ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . E-23}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Initiating and Checking the VPN Connections ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... E-25}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 The FVS318v3-to-VPN Client Case ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . E-27}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Client-to-Gateway VPN Tunne l Overview ...}\cell{\ul0\nosupersub\cf9\f10\fs19 . E-27}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Configuring the VPN Tunnel ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... E-28}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Initiating and Checking the VPN Connections ...}\cell{\ul0\nosupersub\cf9\f10\fs19 ... E-36}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Glossary}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 List of Glossary Terms ... }\cell{\ul0\nosupersub\cf9\f10\fs19 ...G-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Numeric ...}\cell{\ul0\nos upersub\cf9\f10\fs19 .G-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 A ...}\cell{\ul0\nosupersu b\cf9\f10\fs19 ...G-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 B ...}\cell{\ul0\nosupersu b\cf9\f10\fs19 ...G-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 C ...}\cell{\ul0\nosupersu b\cf9\f10\fs19 ...G-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 D ...}\cell{\ul0\nosupersu b\cf9\f10\fs19 ...G-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 E ...}\cell{\ul0\nosupersu b\cf9\f10\fs19 ...G-4}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 G ...}\cell{\ul0\nosupersub \cf9\f10\fs19 ...G-4}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 I ...}\cell{\ul0\nosupersub \cf9\f10\fs19 ..G-4}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 L ...}\cell{\ul0\nosupersub \cf9\f10\fs19 .G-6}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 M ...}\cell{\ul0\nosupersub \cf9\f10\fs19 ...G-6}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 P ...}\cell{\ul0\nosupersu b\cf9\f10\fs19 ...G-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 Q ...}\cell{\ul0\nosupersub \cf9\f10\fs19 ...G-8}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 R ...}\cell{\ul0\nosupersu b\cf9\f10\fs19 ...G-8}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 S ...}\cell{\ul0\nosupersu b\cf9\f10\fs19 ...G-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 T ...}\cell{\ul0\nosupersu b\cf9\f10\fs19 ...G-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 U ...}\cell{\ul0\nosupersu b\cf9\f10\fs19 ...G-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf9\f10\fs19 W ...}\cell{\ul0\nosupersu b\cf9\f10\fs19 ..G-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Contents}\cell{\ul0\nosupers ub\cf4\f5\fs19 xi}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 xii}\cell{\ul0\nosupersub\cf 4\f5\fs19 Contents}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf8\f9\fs36 Chapter 1 \par\pard\par\pard\ql About This Man ual \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This chapter describes t he intended audience, scope, conventions, and formats of this manual. \par\pard\ par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Audience, Scope, Conventions, and Form ats \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This reference manual as sumes that the reader has basic to intermediate computer and Internet skills. Ho wever, basic computer network, Internet, firewall, and VPN technologies tutorial information is provided in the Appendices and on the NETGEAR Web site. \par\par d\par\pard\ql This guide uses the following typographical conventions: \par\pard \par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 1-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Typographical Conventions}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf13\f14\fs18 italics}\cell{\ul0\nosuper sub\cf2\f3\fs18 Emphasis, books, CDs, URL names}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 bold}\cell{\ul0\nosupersub\c f2\f3\fs18 User input}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf14\f15\fs18 fixed}\cell{\ul0\nosupersu b\cf2\f3\fs18 Screen text, file and server names, extensions, commands, IP addre sses}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 This guide uses the following formats to h ighlight special messages:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 This f ormat is used to highlight information of importance or special interest.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 This manual is written for the FVS318v3 VP N Firewall according to these specifications.:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 1-2.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Manual Scope}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Product Version}\cell{\ul0\n osupersub\cf2\f3\fs18 FVS318v3 ProSafe VPN Firewall}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Manual Publication Date}\cel l{\ul0\nosupersub\cf2\f3\fs18 January 2005}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note: \ul0\nosupersub\cf11\ f12\fs21 Product updates are available on the NETGEAR, Inc. Web site at \ul0\nos upersub\cf16\f17\fs21 http://kbserver.netgear.com/products/FVS318v3.asp\ul0\nosu persub\cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 About This Manual}\cell{\ul0 \nosupersub\cf4\f5\fs19 1-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 How to Use This M anual \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The HTML version of th is manual includes the following: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Buttons,}\cell{\ul0\nosupersub\cf11\f12\fs21 and}\cell{\ul0\no supersub\cf11\f12\fs21 , for browsing forwards or backwards through the manual o

ne page}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql at a time \par\pard\u8226? \u8226? \u8226? A button that displays the table of contents and an button. Double-click on a link in the tabl e of contents or index to navigate directly to where the topic is described in t he manual.\par\par A button to access the full NETGEAR, Inc. online Knowledge Ba se for the product model. Links to PDF versions of the full manual and individua l chapters. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 1-2}\cell{\ul0\nosupersub\cf 4\f5\fs19 About This Manual}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 How to Print this Manual \par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 To print this manual you can choose one of the following several options, according to your needs.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Printing a Page in the HTML View\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Each page in the HTML version of the manual is dedicated to a major topic. Use the \ul0\nosupersub\cf18\f19\fs21 Print \ul0\nosupersub\cf 11\f12\fs21 button on the browser toolbar to print the page contents. \par\pard\ par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Printing a Chapter\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Use the \ul0\nosupersub\cf16\f17\fs21 PDF of This Chapter \ul0\nosupersub\cf11\f12\fs21 link at the top left of any page. \par\pard\par\p ard\ql - Click the \u8220?\ul0\nosupersub\cf16\f17\fs21 PDF of This Chapter\ul 0\nosupersub\cf11\f12\fs21 \u8221? link at the top right of any page in the chap ter you want \par to print. The PDF version of the chapter you were viewin

g opens in a browser window. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note\ul0\nosupersub\cf11\f12\fs21 : Your computer must have the free Adobe Acro bat reader installed in order to view and print PDF files. The Acrobat reader is available on the Adobe Web site at \ul0\nosupersub\cf16\f17\fs21 http://www.ado be.com\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql - Click the print icon in the upper left of the window. \par\pard\par\pard\ql \ul0\nosupersub\cf15 \f16\fs21 Tip\ul0\nosupersub\cf11\f12\fs21 : If your printer supports printing t wo pages on a single sheet of paper, you can save paper and printer ink by selec ting this feature. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Printing the Full Manual\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Use the \ul0\nosupersub\cf16\f17\fs21 Complete PDF Manual \ul0\nosupersub\cf11\f12\fs21 link at the top left of any page. \par\pard\par\p ard\ql - Click the \ul0\nosupersub\cf16\f17\fs21 Complete PDF Manual\ul0\nosup ersub\cf11\f12\fs21 link at the top left of any page in the manual. The PDF \pa r version of the complete manual opens in a browser window. \par\pard\par\ pard\ql - Click the print icon in the upper left of the window. \par\pard\par\ pard\ql \ul0\nosupersub\cf15\f16\fs21 Tip\ul0\nosupersub\cf11\f12\fs21 : If your printer supports printing two pages on a single sheet of paper, you can save pa per and printer ink by selecting this feature. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 About This Manual}\cell{\ul0 \nosupersub\cf4\f5\fs19 1-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 1-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 About This Manual}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf8\f9\fs36 Chapter 2 Introduction \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This chapter describes the features of the NETGEA R FVS318v3 ProSafe VPN Firewall. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\ fs30 Key Features of the VPN Firewall \par\pard\par\pard\ql \ul0\nosupersub\cf11 \f12\fs21 The FVS318v3 ProSafe VPN Firewall with eight-port switch connects your local area network (LAN) to the Internet through an external access device such as a cable modem or DSL modem. \par\pard\par\pard\ql The FVS318v3 is a complete security solution that protects your network from attacks and intrusions. Unlik e simple Internet sharing firewalls that rely on Network Address Translation (NA T) for security, the FVS318v3 uses stateful packet inspection for Denial of Serv ice attack (DoS) protection and intrusion detection. The FVS318v3 allows Interne t access for up to 253 users. The FVS318v3 VPN Firewall provides you with multip le Web content filtering options, plus browsing activity reporting and instant a lerts \u8212? both via e-mail. Parents and network administrators can establish

restricted access policies based on time-of-day, Web site addresses and address keywords, and share high-speed cable/DSL Internet access for up to 253 personal computers. In addition to NAT, the built-in firewall protects you from hackers. \par\pard\par\pard\ql With minimum setup, you can install and use the firewall w ithin minutes. The FVS318v3 VPN Firewall provides the following features: \par\p ard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Easy, Web-based setup for installation and management.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Content filtering and site blocking security.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Built-in eight-port 10/100 Mbps switch.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Ethernet connection to a WAN device, such as a cable modem or DSL modem.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Extensive protocol support.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Login capability.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Front panel LEDs for easy monitoring of status and activity.}\ cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Flash memory for firmware upgrade.}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Introduction}\cell{\ul0\nosu persub\cf4\f5\fs19 2-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 A Powerful, True Firewall with Content Filtering \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\f s21 Unlike simple Internet sharing NAT firewalls, the FVS318v3 is a true firewal l, using stateful packet inspection to defend against hacker attacks. Its firewa ll features include: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 DoS protection.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Automatically detects and thwarts DoS atta cks such as Ping of Death, SYN Flood, LAND}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Attack, and IP Spoofing.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Blocks unwanted traffic from the Internet to your LAN.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Blocks access from your LAN to Internet locations or services that you specify as off-limits.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper

sub\cf11\f12\fs21 Logs security incidents.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql The FVS318v3 logs security events such as blocked incomin g traffic, port scans, attacks, and administrator logins. You can configure the firewall to email the log to you at specified intervals. You can also configure the firewall to send immediate alert messages to your e-mail address or email pa ger whenever a significant event occurs. \par\pard\par\pard\ql \u8226? With its content filtering feature, the FVS318v3 prevents objectionable content from reac hing \par your PCs. The firewall allows you to control access to Internet content by screening for keywords within Web addresses. You can configure the fi rewall to log and report attempts to access objectionable Internet sites. \par\p ard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Security \par\pard\par\pard\ql \ul 0\nosupersub\cf11\f12\fs21 The FVS318v3 VPN Firewall is equipped with several fe atures designed to maintain security, as described in this section. \par\pard\pa r\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 PCs Hidden by NAT}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql NAT opens a temporary path to the Internet for requests o riginating from the local network. Requests originating from outside the LAN are discarded, preventing users outside the LAN from finding and directly accessing the PCs on the LAN. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Port Forwarding with NAT}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Although NAT prevents Internet locations from directly ac cessing the PCs on the LAN, the firewall allows you to direct incoming traffic t o specific PCs based on the service port number of the incoming request, or to o ne designated \u8220?DNS\u8221? host computer. You can specify forwarding of sin gle ports or ranges of ports. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 2-2}\cell{\ul0\nosupersub\cf 4\f5\fs19 Introduction}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Autosensing Ether net Connections with Auto Uplink \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\ fs21 With its internal eight-port 10/100 switch, the FVS318v3 can connect to eit her a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. Bot h the LAN and WAN interfaces are autosensing and capable of full-duplex or halfduplex operation. \par\pard\par\pard\ql The firewall incorporates Auto U

plink\ul0\nosupersub\cf20\f21\fs18 TM\ul0\nosupersub\cf11\f12\fs21 technology. Each Ethernet port automatically senses whether the Ethernet cable plugged into the port should have a normal connection such as to a PC or an uplink connection such as to a switch or hub. That port then configures itself to the correct con figuration. This feature also eliminates the need to worry about crossover cable s, as Auto Uplink will accommodate either type of cable to make the right connec tion. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Extensive Protocol Sup port \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The FVS318v3 VPN F irewall supports the Transmission Control Protocol/Internet Protocol (TCP/ IP) a nd Routing Information Protocol (RIP). For further information about TCP/IP, ref er to \par \ul0\nosupersub\cf21\f22\fs21 Appendix B, \u8220?Network, Routing, an d Firewall Basics\ul0\nosupersub\cf11\f12\fs21 .\u8221? \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 IP Address Sharing by NAT}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql The FVS318v3 VPN Firewall allows several networked PCs to share an Internet account using only a single IP address, which may be statical ly or dynamically assigned by your Internet service provider (ISP). This techniq ue, known as NAT, allows the use of an inexpensive single-user ISP account. \par \pard\par\pard\ql \u8226? Automatic Configuration of Attached PCs by DHCP \par\p ard\par\pard\ql The FVS318v3 VPN Firewall dynamically assigns network co nfiguration information, including IP, gateway, and Domain Name Server (DNS) add resses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your local netw ork. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 DNS Proxy}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql When DHCP is enabled and no DNS addresses are specified, the firewall provides its own address as a DNS server to the attached PCs. The f irewall obtains actual DNS addresses from the ISP during connection setup and fo rwards DNS requests from the LAN. \par\pard\par\pard\ql \u8226? Point-to-Point P rotocol over Ethernet (PPPoE) \par\pard\par\pard\ql PPPoE is a protocol for connecting remote hosts to the Internet over a DSL connection by simulating a di al-up connection. This feature eliminates the need to run a login program such \ par as Entersys or WinPOET on your PC. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Introduction}\cell{\ul0\nosu persub\cf4\f5\fs19 2-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Easy Installation and Management \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 You can inst all, configure, and operate the FVS318v3 ProSafe VPN Firewall within minutes aft er connecting it to the network. The following features simplify installation an

d management tasks: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Browser-based management}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Browser-based configuration allows you to easily configur e your firewall from almost any type of personal computer, such as Windows, Maci ntosh, or Linux. A user-friendly Setup Wizard is provided and online help docume ntation is built into the browser-based Web Management Interface. \par\pard\par\ pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Smart Wizard}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql The FVS318v3 VPN Firewall automatically senses the type o f Internet connection, asking you only for the information required for your typ e of ISP account. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Diagnostic functions}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql The firewall incorporates built-in diagnostic functions s uch as Ping, DNS lookup, and remote reboot. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Remote management}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql The firewall allows you to login to the Web Management In terface from a remote location on the Internet. For security, you can limit remo te management access to a specified remote IP address or range of addresses, and you can choose a nonstandard port number. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Visual monitoring}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql The FVS318v3 VPN Firewall\u8217?s front panel LEDs provid e an easy way to monitor its status and activity. \par\pard\par\pard\ql \ul0\nos upersub\cf19\f20\fs27 Maintenance and Support \par\pard\par\pard\ql \ul0\nosuper sub\cf11\f12\fs21 NETGEAR offers the following features to help you maximize you r use of the FVS318v3 VPN Firewall: \par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Flash memory for firmware upgrade.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Free technical support seven days a week, 24 hours a day.}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\ f12\fs21 The FVS318v3 firmware is not backward compatible with earlier versions of the \par FVS318 firewall. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 2-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 Introduction}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Package Contents \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The product package should c ontain the following items: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 FVS318v3 ProSafe VPN Firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 AC power adapter.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Category 5 (Cat 5) Ethernet cable.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Installation Guide.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf18\f19\fs21 Resource CD (240-10114-02) for ProSafe VPN Firewall\ul0\nosupe rsub\cf11\f12\fs21 , including:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8212? This guide. \par\pard\par\pard \u8212? Applica tion Notes and other helpful information. \u8226? Registration and Warranty Card . \par\pard\par\pard\ql If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing mat erials, in case you need to return the firewall for repair. \par\pard\par\pard\q l \ul0\nosupersub\cf19\f20\fs27 The FVS318v3 Front Panel \par\pard\par\pard\ql \ ul0\nosupersub\cf11\f12\fs21 The front panel of the FVS318v3 VPN Firewall contai ns the status LEDs described below. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 PWR}\cell{\ul0\nosupersub\cf 2\f3\fs18 Test}\cell{\ul0\nosupersub\cf2\f3\fs18 Internet}\cell{\ul0\nosupersub\ cf2\f3\fs18 LOCAL Ports}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 2-1: FVS318v3 front panel \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 You can use some of th e LEDs to verify connections. Viewed from left to right, \ul0\nosupersub\cf21\f2 2\fs21 Table 2-1 \par \ul0\nosupersub\cf11\f12\fs21 describes the LEDs on the front panel of the firewall. These LEDs are green when lit. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Introduction}\cell{\ul0\nosu persub\cf4\f5\fs19 2-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 2-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 LED Descriptions}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 LED Label}\cell{\ul0\nosuper sub\cf2\f3\fs18 Activity}\cell{\ul0\nosupersub\cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 PWR}\cell{\ul0\nosupersub\cf 2\f3\fs18 On}\cell{\ul0\nosupersub\cf2\f3\fs18 Power is supplied to the firewall .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 TEST}\cell{\ul0\nosupersub\c f2\f3\fs18 On}\cell{\ul0\nosupersub\cf2\f3\fs18 The system is initializing.}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 Off}\cell{\ul0\nosupersub\cf2\f3\fs18 The sy stem is ready and running.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 INTERNET}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 100 (100 Mbps)}\cell{\ul0\no supersub\cf2\f3\fs18 On}\cell{\ul0\nosupersub\cf2\f3\fs18 The Internet (WAN) por t is operating at 100 Mbps.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 Off}\cell{\ul0\nosupersub\cf2\f3\fs18 The In ternet (WAN) port is operating at 10 Mbps.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 LINK/ACT}\cell{\ul0\nosupers ub\cf2\f3\fs18 On}\cell{\ul0\nosupersub\cf2\f3\fs18 The Internet port has detect ed a link with an attached device.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 (Link/Activity)}\cell{\ul0\n osupersub\cf2\f3\fs18 Blinking}\cell{\ul0\nosupersub\cf2\f3\fs18 Data is being t ransmitted or received by the Internet port.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 LOCAL}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 100 (100 Mbps)}\cell{\ul0\no supersub\cf2\f3\fs18 On}\cell{\ul0\nosupersub\cf2\f3\fs18 The Local port is oper ating at 100 Mbps.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 Off}\cell{\ul0\nosupersub\cf2\f3\fs18 The Lo cal port is operating at 10 Mbps.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 LINK/ACT}\cell{\ul0\nosupers ub\cf2\f3\fs18 On}\cell{\ul0\nosupersub\cf2\f3\fs18 The Local port has detected a link with an attached device.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 (Link/Activity)}\cell{\ul0\n osupersub\cf2\f3\fs18 Blinking}\cell{\ul0\nosupersub\cf2\f3\fs18 Data is being t ransmitted or received by the Local port.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf19\f20\fs27 The FVS318v3 Rear Panel}\c ell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 The rear panel of the FVS3 18v3 VPN Firewall contains the port connections listed below.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 FACTORY DEFAULTS}\cell{\ul0\ nosupersub\cf2\f3\fs18 LOCAL}\cell{\ul0\nosupersub\cf2\f3\fs18 INTERNET}\cell{\u l0\nosupersub\cf2\f3\fs18 DC Power}\cell{\ul0\nosupersub\cf2\f3\fs18 ON/OFF}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Reset Button}\cell{\ul0\nosu persub\cf2\f3\fs18 Ports}\cell{\ul0\nosupersub\cf2\f3\fs18 Port}\cell {}\cell{\ul0\nosupersub\cf2\f3\fs18 Switch}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf4\f5\fs19 Figure 2-2: \cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 FVS318v3 rear panel}\cell

\cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Viewed from left to right, the rear panel contains the following features:}\cell \cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Factory default reset push button}\cell \cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Eight Ethernet LAN ports}\cell \cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Internet Ethernet WAN port for connecting the firewall to a ca ble or DSL modem}\cell \cell \cell

\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 2-6}\cell {}\cell {}\cell {}\cell{\ul0\nosupersub\cf4\f5\fs19 Introduction}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 DC power input}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 ON/OFF switch}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf12\f13\fs30 NETGEAR-Related Products}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 NETGEAR products related to the FVS318v3 a re listed in the following table:}\cell

\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 2-2.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 NETGEAR-Related Products}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Category}\cell{\ul0\nosupers ub\cf2\f3\fs18 Wireless}\cell{\ul0\nosupersub\cf2\f3\fs18 Wired}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Notebooks}\cell{\ul0\nosuper sub\cf2\f3\fs18 WAG511 108 Mbps Dual Band PC Card}\cell{\ul0\nosupersub\cf2\f3\f s18 FA511 CardBus Adapter}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 WG511T 108 Mbps PC Card}\cel l{\ul0\nosupersub\cf2\f3\fs18 FA120 USB 2.0 Adapter}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql WG511 54 Mbps PC Card WG111 54 Mbps USB 2.0 Adapter MA521 802.11b PC Card \par\pard\par\pard\ql MA111 802.11b USB Adapter \par\pard\par\p ard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Desktops}\cell{\ul0\nosupers ub\cf2\f3\fs18 WAG311 108 Mbps Dual Band PCI Adapter}\cell{\ul0\nosupersub\cf2\f 3\fs18 FA311 PCI Adapter}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl

{}\cell{\ul0\nosupersub\cf2\f3\fs18 WG311T 108 Mbps PCI Adapter}\cell{\ul0\nosup ersub\cf2\f3\fs18 FA120 USB 2.0 Adapter}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 WG311 54 Mbps PCI Adapter}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 WG111 54 Mbps USB 2.0 Adapter}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 MA111 802.11b USB Adapter}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 PDAs}\cell{\ul0\nosupersub\c f2\f3\fs18 MA701 802.11b Compact Flash Card}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Antennas and}\cell{\ul0\nosu persub\cf2\f3\fs18 ANT24O5 5 dBi Antenna}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Accessories}\cell{\ul0\nosup ersub\cf2\f3\fs18 ANT2409 Indoor/Outdoor 9 dBi Antenna}\cell

{}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql ANT24D18 Indoor/Outdoor 18 dBi Antenna Antenna Cables-1.5 , 3, 5, 10, and 30 m lengths VPN01L and VPN05L ProSafe VPN Client Software \par\ pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 NETGEAR Product Registration, Sup port, and Documentation \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Regi ster your product at \ul0\nosupersub\cf16\f17\fs21 http://www.NETGEAR.com/regist er\ul0\nosupersub\cf11\f12\fs21 . Registration is required before you can use ou r telephone support service. \par\pard\par\pard\ql Product updates and Web suppo rt are always available by going to: \ul0\nosupersub\cf16\f17\fs21 http://kbserv er.netgear.com\ul0\nosupersub\cf11\f12\fs21 . Documentation is available on the \ul0\nosupersub\cf18\f19\fs21 Resource CD\ul0\nosupersub\cf11\f12\fs21 and at \ ul0\nosupersub\cf16\f17\fs21 http://kbserver.netgear.com\ul0\nosupersub\cf11\f12 \fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Introduction}\cell{\ul0\nosu persub\cf4\f5\fs19 2-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 When the VPN fire wall router is connected to the Internet, click the \ul0\nosupersub\cf15\f16\fs2 1 Knowledge Base\ul0\nosupersub\cf11\f12\fs21 or the \ul0\nosupersub\cf15\f16\f s21 Documentation\ul0\nosupersub\cf11\f12\fs21 link under the Web Support menu to view support information or the \par documentation for the VPN firewall route r. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 2-8}\cell{\ul0\nosupersub\cf 4\f5\fs19 Introduction}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf8\f9\fs36 Chapter 3 \par\pard\par\pard\ql Connecting the Firewall to the Internet \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Th is chapter describes how to set up the firewall on your LAN, connect to the Inte rnet, perform basic configuration of your FVS318v3 ProSafe VPN Firewall using th e Setup Wizard, or how to manually configure your Internet connection. \par\pard \par\pard\ql Follow these instructions to set up your firewall. \par\pard\par\pa rd\ql \ul0\nosupersub\cf12\f13\fs30 Prepare to Install Your FVS318v3 ProSafe VPN Firewall \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 \u8226? \ul0\nosup ersub\cf18\f19\fs21 For Cable Modem Service\ul0\nosupersub\cf11\f12\fs21 : When you perform the VPN firewall router setup steps be sure to \par use the computer you first registered with your cable ISP. \par\pard\par\pard\ql \u8226? \ul0\no supersub\cf18\f19\fs21 For DSL Service\ul0\nosupersub\cf11\f12\fs21 : You may ne ed information such as the DSL login name/e-mail address and \par password in order to complete the VPN firewall router setup. \par\pard\par\pard\ql Befor e proceeding with the VPN firewall router installation, familiarize yourself wit h the contents of the \ul0\nosupersub\cf18\f19\fs21 Resource CD (240-10114-02) f

or ProSafe VPN Firewall\ul0\nosupersub\cf11\f12\fs21 , especially this manual an d the animated tutorials for configuring networking on PCs. \par\pard\par\pard\q l \ul0\nosupersub\cf12\f13\fs30 First, Connect the FVS318v3 \par\pard\par\pard\q l \ul0\nosupersub\cf23\f24\fs27 1. C\ul0\nosupersub\cf24\f25\fs22 ONNECT\ul0\no supersub\cf23\f24\fs27 \ul0\nosupersub\cf24\f25\fs22 THE\ul0\nosupersub\cf23\f2 4\fs27 \ul0\nosupersub\cf24\f25\fs22 CABLES\ul0\nosupersub\cf23\f24\fs27 \ul0\ nosupersub\cf24\f25\fs22 BETWEEN\ul0\nosupersub\cf23\f24\fs27 \ul0\nosupersub\c f24\f25\fs22 THE\ul0\nosupersub\cf23\f24\fs27 FVS318\ul0\nosupersub\cf24\f25\fs 22 V\ul0\nosupersub\cf23\f24\fs27 3, \ul0\nosupersub\cf24\f25\fs22 COMPUTER\ul0\ nosupersub\cf23\f24\fs27 , \ul0\nosupersub\cf24\f25\fs22 AND\ul0\nosupersub\cf23 \f24\fs27 \ul0\nosupersub\cf24\f25\fs22 MODEM \par \ul0\nosupersub\cf25\f26 \fs19 a.\ul0\nosupersub\cf11\f12\fs21 Turn off your computer. \par\pard\par\p ard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 Turn off the cable or DSL broadband modem. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Connecting the Firewall to t he Internet}\cell{\ul0\nosupersub\cf4\f5\fs19 3-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 c.\ul0\n osupersub\cf11\f12\fs21 Locate the Ethernet cable (Cable 1 in the diagram) th at connects your PC to the modem. \par\pard\par\pard\ql \ul0\nosupersub\cf27\f28 \fs24 &DEOH \par\pard\par\pard\ql \ul0\nosupersub\cf29\f30\fs48 A \par\pard\par\ pard\ql \ul0\nosupersub\cf28\f29\fs18 ,QWHUQHW \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf26\f27\fs20 &RPSXWHU}\cell{\ul0\nosupe rsub\cf26\f27\fs20 0RGHP}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 3-1: Disconnect the Ethernet cable from the computer \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\ fs19 d.\ul0\nosupersub\cf11\f12\fs21 Disconnect the cable at the computer end only, point \ul0\nosupersub\cf15\f16\fs21 A\ul0\nosupersub\cf11\f12\fs21 in th e diagram. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 e.\ul0\nosupersub \cf11\f12\fs21 Look at the label on the bottom of the VPN firewall router. Lo cate the Internet port. \par Securely insert the Ethernet cable from your mod em (Cable 1 in the diagram below) into the Internet port of the VPN firewall rou ter as shown in point \ul0\nosupersub\cf15\f16\fs21 B \ul0\nosupersub\cf11\f12\f s21 of the diagram. \par\pard\par\pard\ql \ul0\nosupersub\cf29\f30\fs48 B \par\p ard\par\pard\ql \ul0\nosupersub\cf32\f33\fs18 Internet \par\pard\par\pard\ql \ul 0\nosupersub\cf31\f32\fs27 Internet \par port \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf33\f34\fs20 Firewall}\cell{\ul0\nosupe rsub\cf31\f32\fs27 Cable 1}\cell{\ul0\nosupersub\cf30\f31\fs19 Modem}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 3-2: firewall router to the modem \par\pard\par\pard{ Connect the VPN

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 3-2}\cell{\ul0\nosupersub\cf 4\f5\fs19 Connecting the Firewall to the Internet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 f. \ul0\ nosupersub\cf11\f12\fs21 Securely insert the blue cable that came with your VPN firewall router (the blue \par NETGEAR cable in the diagram below) into a LOCAL port on the firewall such as LOCAL port 8 (point \ul0\nosupersub\cf15\f16\fs21 C \ul0\nosupersub\cf11\f12\fs21 in the diagram), and the other end into the Ethe rnet port of your computer (point \ul0\nosupersub\cf15\f16\fs21 D \ul0\nosupersu b\cf11\f12\fs21 in the diagram). \par\pard\par\pard\ql \ul0\nosupersub\cf34\f35\ fs18 Blue NETGEAR \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf29\f30\fs48 D}\cell{\ul0\nosupersub\cf 34\f35\fs18 Cable}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf32\f33\fs18 Internet \par\pard\par\pard { \trowd\trautofit1\intbl{\ul0\nosupersub\cf29\f30\fs48 C}\cell{\ul0\nosupersub\cf 33\f34\fs20 Firewall}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf30\f31\fs19 Computer \par\pard\par\pard \ql Modem \par\pard\par\pard\ql \ul0\nosupersub\cf34\f35\fs18 Local Ports \par\p ard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 3-3: Connect the computer t o the VPN firewall router \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12 \fs21 Your network cables are connected and you are ready to restart your networ k. \ul0\nosupersub\cf23\f24\fs27 2. R\ul0\nosupersub\cf24\f25\fs22 ESTART\ul0\n osupersub\cf23\f24\fs27 \ul0\nosupersub\cf24\f25\fs22 YOUR\ul0\nosupersub\cf23\ f24\fs27 \ul0\nosupersub\cf24\f25\fs22 NETWORK\ul0\nosupersub\cf23\f24\fs27 \u l0\nosupersub\cf24\f25\fs22 IN\ul0\nosupersub\cf23\f24\fs27 \ul0\nosupersub\cf2 4\f25\fs22 THE\ul0\nosupersub\cf23\f24\fs27 \ul0\nosupersub\cf24\f25\fs22 CORRE CT\ul0\nosupersub\cf23\f24\fs27 \ul0\nosupersub\cf24\f25\fs22 SEQUENCE \par\par d\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Warning:\ul0\nosupersub\cf11\f12\fs2 1 Failure to restart your network in the correct sequence could prevent you fro m connecting to the Internet. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs1 9 a.\ul0\nosupersub\cf11\f12\fs21 First, turn on the broadband modem and wait two minutes. \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 N ow, plug in the power cord to your VPN firewall router and wait one minute. \ul0 \nosupersub\cf25\f26\fs19 c.\ul0\nosupersub\cf11\f12\fs21 Last, turn on your computer. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note\ul0\nosupersu b\cf11\f12\fs21 : For DSL customers, if software logs you in to the Internet, \u l0\nosupersub\cf18\f19\fs21 do not\ul0\nosupersub\cf11\f12\fs21 run that softwa re. You may need to go to the Internet Explorer Tools menu, Internet Options, Co nnections tab page where you can select \u8220?Never dial a connection.\u8221? \ par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Connecting the Firewall to t he Internet}\cell{\ul0\nosupersub\cf4\f5\fs19 3-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Power}\cell{\ul0\nosupersub\ cf2\f3\fs18 Test}\cell{\ul0\nosupersub\cf2\f3\fs18 Internet}\cell{\ul0\nosupersu b\cf2\f3\fs18 Local Port 8}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Figure 3-4: \cell \cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf25\f26\fs19 d.\ul0\nosupersub\cf11\f12\fs21 he VPN firewall router status lights to verify the following:}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell {}\cell{\ul0\nosupersub\cf18\f19\fs21 PWR\ul0\nosupersub\cf11\f12\fs21 : The pow er light should turn solid green. If it does not, see \ul0\nosupersub\cf21\f22\f s21 \u8220?Troubleshooting}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 Status lights}

Check t

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf21\f22\fs21 Tips\u8221? on page 3-6\ul0\nosupersub\cf1 1\f12\fs21 .}\cell {}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ul0\nosupersub\cf18\f19\fs21 \u8226? TEST:\ul0\nosupersub\cf 11\f12\fs21 The test light blinks when the firewall is first turned on then goe s off. If after \par two minutes it is still on, see \ul0\nosupersub\cf21\f22 \fs21 \u8220?Troubleshooting Tips\u8221? on page 3-6\ul0\nosupersub\cf11\f12\fs2 1 . \u8226? \ul0\nosupersub\cf18\f19\fs21 INTERNET\ul0\nosupersub\cf11\f12\fs21 : The Internet LINK light should be lit. If not, make sure the Ethernet cable \p ar is securely attached to the VPN firewall router Internet port and the mo dem, and the modem is powered on. \par\pard\par\pard\ql \u8226? \ul0\nosupersub\ cf18\f19\fs21 LOCAL\ul0\nosupersub\cf11\f12\fs21 : A LOCAL light should be lit. Green on the 100 line indicates your computer \par is communicating at 100 Mbps; off on the 100 line indicates 10 Mbps. If a LOCAL light is not lit, check that the Ethernet cable from the computer to the firewall is securely attached a t both ends, and that the computer is turned on. \par\pard\par\pard\ql \ul0\nosu persub\cf12\f13\fs30 Now, Configure the FVS318v3 for Internet Access \par\pard\p ar\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 From the Ethernet connected PC you just set up, open a browser such as Internet Explorer or}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Netscape Navigator.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 3-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 Connecting the Firewall to the Internet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 With the VPN firewall router in its factory default state, your browser will automatical ly \par display the NETGEAR Smart Wizard Configuration Assistant welcome page. \

par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 3-5: NETGEAR Smart Wiz ard Configuration Assistant welcome screen \par\pard\par\pard\ql \ul0\nosupersub \cf15\f16\fs21 Note\ul0\nosupersub\cf11\f12\fs21 : If you do not see this page, type \ul0\nosupersub\cf15\f16\fs21 http://www.routerlogin.net\ul0\nosupersub\cf1 1\f12\fs21 in the browser address bar and press \ul0\nosupersub\cf15\f16\fs21 E nter\ul0\nosupersub\cf11\f12\fs21 . If you still cannot see this screen, see \ul 0\nosupersub\cf21\f22\fs21 \u8220?How to Bypass the Configuration Assistant\u822 1? on page 3-10\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql If you cann ot connect to the VPN firewall router, verify your computer networking setup. It should be set to obtain \ul0\nosupersub\cf18\f19\fs21 both\ul0\nosupersub\cf11\ f12\fs21 IP and DNS server addresses automatically, which is usually so. For he lp with this, see \ul0\nosupersub\cf21\f22\fs21 Appendix D, \u8220?Preparing You r Network\ul0\nosupersub\cf11\f12\fs21 or the animated tutorials on the \ul0\no supersub\cf18\f19\fs21 Resource CD. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 . Follow the prompts to proceed with the Smart Wizard Configuration Assistant t o}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 connect to the Internet.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Connecting the Firewall to t he Internet}\cell{\ul0\nosupersub\cf4\f5\fs19 3-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Done\ul0\nosupersub\cf11\f12\fs 21 to finish. If you have trouble connecting to the Internet, see \ul0\nosupers ub\cf21\f22\fs21 \u8220?Troubleshooting}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf21\f22\fs21 Tips\u8221? on page 3-6\ul0\nosupersub\cf1 1\f12\fs21 to correct basic problems.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 3-6: NETGEAR Smart W izard Configuration Assistant success screen \par\pard\par\pard\ql \ul0\nosupers ub\cf15\f16\fs21 Note\ul0\nosupersub\cf11\f12\fs21 : The Smart Wizard Configurat ion Assistant only appears when the firewall is in its factory default state. Af ter you configure the VPN firewall router, it will not appear again. You can alw ays connect to the firewall to change its settings. To do so, open a browser suc h as Internet Explorer and go to \ul0\nosupersub\cf15\f16\fs21 http://www.router login.net\ul0\nosupersub\cf11\f12\fs21 . Then, when prompted, enter \ul0\nosuper sub\cf15\f16\fs21 admin\ul0\nosupersub\cf11\f12\fs21 as the user name and \ul0\ nosupersub\cf15\f16\fs21 password\ul0\nosupersub\cf11\f12\fs21 for the password both in lower case letters. \par\pard\par\pard\ql You are now connected to the Internet! \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Troubleshooting Ti ps \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Here are some tips for co rrecting simple problems you may have. \par\pard\par\pard\ql \ul0\nosupersub\cf1 5\f16\fs21 Be sure to restart your network in this sequence: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Turn off the VPN firewall router, shut down the computer, and unplu g and turn off the modem.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Turn on the modem and wait two minutes}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Turn on the VPN firewall router and wait one minute}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Turn on the computer.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 3-6}\cell{\ul0\nosupersub\cf 4\f5\fs19 Connecting the Firewall to the Internet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Make sure the Eth ernet cables are securely plugged in. \par\pard\par\pard\ql \ul0\nosupersub\cf11 \f12\fs21 \u8226? The Internet link light on the VPN firewall router will be lit

if the Ethernet cable to the VPN \par firewall router from the modem is plugge d in securely and the modem and VPN firewall router are turned on. \par\pard\par \pard\ql \u8226? For each powered on computer connected to the VPN firewall rout er with a securely plugged \par in Ethernet cable, the corresponding VPN firewal l router LOCAL port link light will be lit. The labels on the front and back of the VPN firewall router identify the number of each LOCAL port. \par\pard\par\pa rd\ql \ul0\nosupersub\cf15\f16\fs21 Make sure the network settings of the comput er are correct. \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 \u8226? LAN connected computers \ul0\nosupersub\cf18\f19\fs21 must\ul0\nosupersub\cf11\f12\f s21 be configured to obtain an IP address automatically via \par DHCP. Pl ease see \ul0\nosupersub\cf21\f22\fs21 Appendix D, \u8220?Preparing Your Network \ul0\nosupersub\cf11\f12\fs21 or the animated tutorials on the \ul0\nosupersub\ cf18\f19\fs21 Resource CD\ul0\nosupersub\cf11\f12\fs21 for help with this\ul0\n osupersub\cf18\f19\fs21 . \par\pard\par\pard\ul0\nosupersub\cf11\f12\fs21 \u8226 ? Some cable modem ISPs require you to use the MAC address of the computer regis tered on \par the account. If so, in the Router MAC Address section of the Bas ic Settings menu, select \u8220?Use this Computer\u8217?s MAC Address.\u8221? Th e firewall will then capture and use the MAC address of the computer that you ar e now using. You must be using the computer that is registered with the ISP. Cli ck \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs21 to save you r settings. Restart the network in the correct sequence. \ul0\nosupersub\cf15\f1 6\fs21 Use the status lights on the front of the FVS318v3 to verify correct fire wall operation. \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 If the FVS31 8v3 power light does not turn solid green or if the test light does not go off w ithin \par two minutes after turning the firewall on, reset the firewall ac cording to the instructions in \ul0\nosupersub\cf21\f22\fs21 \u8220?Backing Up t he Configuration\u8221? on page 7-7\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par \pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Connecting the Firewall to t he Internet}\cell{\ul0\nosupersub\cf4\f5\fs19 3-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Overview of How t o Access the FVS318v3 VPN Firewall \par\pard\par\pard\ql \ul0\nosupersub\cf11\f1 2\fs21 The table below describes how you access the VPN firewall router, dependi ng on the state of the VPN firewall router. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 3-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Ways to access the firewall}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Firewall State}\cell{\ul0\no supersub\cf2\f3\fs18 Access Options}\cell{\ul0\nosupersub\cf2\f3\fs18 Descriptio n}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Factory Default}\cell{\ul0\n osupersub\cf2\f3\fs18 Automatic Access via}\cell{\ul0\nosupersub\cf2\f3\fs18 Any time a browser is opened on any computer connected to}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 the Smart Wizard}\cell{\ul0\nosupersub\cf2\f 3\fs18 the VPN firewall router, the VPN firewall router will}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Note: The VPN}\cell{\ul0\nos upersub\cf2\f3\fs18 Configuration}\cell{\ul0\nosupersub\cf2\f3\fs18 automaticall y connect to that browser and display the}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 firewall router is}\cell{\ul 0\nosupersub\cf2\f3\fs18 Assistant}\cell{\ul0\nosupersub\cf2\f3\fs18 Configurati on Assistant welcome page.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 supplied in the}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 factory default state.}\cell {}\cell{\ul0\nosupersub\cf2\f3\fs18 There is no need to enter the VPN firewall r outer URL in the}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Also, the factory}\cell {}\cell{\ul0\nosupersub\cf2\f3\fs18 browser, or provide the login user name and password.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 default state is}\cell {}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 Manually enter a URL}\cell{\ul0\nosupersub\c f2\f3\fs18 You can bypass the Smart Wizard Configuration Assistant}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 restored when you}\cell {}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 to bypass the Smart}\cell{\ul0\nosupersub\cf 2\f3\fs18 feature by typing}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 use the factory reset}\cell {}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{

\trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 Wizard Configuration}\cell{\ul0\nosupersub\c f16\f17\fs21 http://www.routerlogin.net/basicsetting.htm}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 button. See}\cell {}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Assistant}\cell{\ul0\nosuper sub\cf2\f3\fs18 in the browser address bar and pressing Enter. You will not}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf35\f36\fs18 \u8220?Backing Up the \par\ pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 be prompted for a user name or pass word. \par\pard\par\pard\ql \ul0\nosupersub\cf35\f36\fs18 Configuration\u8221? o n \par\pard\par\pard\ql page 7-7\ul0\nosupersub\cf2\f3\fs18 for more \par\pard\ par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 This will enable you to manually configure t he VPN firewall}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 information on this}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 router even when it is in the factory defaul t state. When}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 feature.}\cell

{}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql manually configuring the firewall, you must complete the configuration by clicking Apply when you finish entering your \par settings. If you do not do so, a browser on any PC connected to the firewall will automatica lly display the firewall's Configuration Assistant welcome page rather than the browser\u8217?s home page. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Configuration}\cell{\ul0\nos upersub\cf2\f3\fs18 Enter the standard}\cell{\ul0\nosupersub\cf2\f3\fs18 Connect to the VPN firewall router by typing either of these}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Settings Have Been}\cell{\ul 0\nosupersub\cf2\f3\fs18 URL to access the}\cell{\ul0\nosupersub\cf2\f3\fs18 URL s in the address field of your browser, then press Enter:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Applied}\cell{\ul0\nosupersu b\cf2\f3\fs18 VPN firewall router}\cell{\ul0\nosupersub\cf16\f17\fs21 http://www .routerlogin.net}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql http://www.routerlogin.com \par\pard\par\pard\ql \ul0\nos upersub\cf2\f3\fs18 The VPN firewall router will prompt you to enter the user na me of admin and the password. The default password is password. \par\pardEnter t he IP address of the VPN firewall router Connect to the VPN firewall router by t yping the IP address of the VPN firewall router in the address field of your bro wser, then press Enter. 192.168.0.1 is the default IP address of the \par\pard\p ar\pard\ql VPN firewall router. The VPN firewall router will prompt you to enter the user name of admin and the password. The default password is password. \par \pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 3-8}\cell{\ul0\nosupersub\cf 4\f5\fs19 Connecting the Firewall to the Internet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 How to Log On to the FVS318v3 After Configuration Settings Have Been Applied \p

ar\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Connect to the VPN firewall router by typing \ul0\nosupersub\cf15\f 16\fs21 http://www.routerlogin.net\ul0\nosupersub\cf18\f19\fs21 \ul0\nosupersub \cf11\f12\fs21 in the address field}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 of your browser, then press \ul0\nosupersu b\cf15\f16\fs21 Enter\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 3-7: Login URL \par\ pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 2. \ul0\nosupersub\cf11\f12\fs21 For security reasons, the firewall has its own user name and password. When prom pted, enter \par \ul0\nosupersub\cf15\f16\fs21 admin\ul0\nosupersub\cf37\ f38\fs21 \ul0\nosupersub\cf11\f12\fs21 for the firewall user name and \ul0\nosu persub\cf15\f16\fs21 password\ul0\nosupersub\cf11\f12\fs21 for the firewall pas sword, both in lower case letters. To change the password, see \ul0\nosupersub\c f21\f22\fs21 \u8220?Changing the Administrator Password\u8221? on page 7-8 \par\ pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note: \ul0\nosupersub\cf11\f12\fs 21 The firewall user name and password are not the same as any user name or pass word you may use to log in to your Internet connection. \par\pard\par\pard\ql A login window like the one shown below opens: \par\pard\par\pard\ql \ul0\nosupers ub\cf4\f5\fs19 Figure 3-8: Login window \par\pard\par\pard\ql \ul0\nosupersub\ cf11\f12\fs21 Once you have entered your user name and password, your Web browse r should find the FVS318v3 VPN Firewall and display the home page as shown below . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Connecting the Firewall to t he Internet}\cell{\ul0\nosupersub\cf4\f5\fs19 3-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 3-9 : Login result: FVS318v3 home page \par\pard\par\pard\ql \ul0\nosupersub\cf11\f1 2\fs21 When the VPN firewall router is connected to the Internet, click the \ul0 \nosupersub\cf15\f16\fs21 Knowledge Base\ul0\nosupersub\cf11\f12\fs21 or the \u l0\nosupersub\cf15\f16\fs21 Documentation\ul0\nosupersub\cf11\f12\fs21 link und er the Web Support menu to view support information or the \par documentation fo r the VPN firewall router. \par\pard\par\pard\ql If you do not click \ul0\nosupe rsub\cf15\f16\fs21 Logout\ul0\nosupersub\cf11\f12\fs21 , the VPN firewall router will wait five minutes after there is no activity before it automatically logs you out. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 How to Bypass the C onfiguration Assistant \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 1. \u l0\nosupersub\cf11\f12\fs21 When the VPN firewall router is in the factory defau lt state, type \par \ul0\nosupersub\cf15\f16\fs21 http://www.routerlogin.net /basicsetting.htm\ul0\nosupersub\cf18\f19\fs21 \ul0\nosupersub\cf11\f12\fs21 in your browser, then press \ul0\nosupersub\cf15\f16\fs21 Enter\ul0\nosupersub\cf1

1\f12\fs21 . \par\pard\par\pard\ql When the VPN firewall router is in the factor y default state, a user name and password are not required. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 The browser then displays the FVS318v3 settings home page shown in \ul0\nosupersub\cf21\f22\fs21 \u8220?Login result:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf21\f22\fs21 FVS318v3 home page\u8221? on page 3-10\ul0 \nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 3-10}\cell{\ul0\nosupersub\c f4\f5\fs19 Connecting the Firewall to the Internet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 If you do not click \ul0\nosupersub\cf15\f16\fs21 Logout\ul0\nosupersub\cf11\f12\fs21 , th e VPN firewall router waits five minutes after there is no activity before it au tomatically logs you out. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Us ing the Smart Setup Wizard \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Y ou can use the Smart Setup Wizard to assist with manual configuration or to veri fy the Internet connection. The Smart Setup Wizard is not the same as the Smart Wizard Configuration Assistant (as illustrated in \ul0\nosupersub\cf21\f22\fs21 Figure 3-5\ul0\nosupersub\cf11\f12\fs21 ) that only appears when the firewall is in its factory default state. After you configure the VPN firewall router, the Smart Wizard Configuration Assistant will not appear again. \par\pard\par\pard\q l To use the Smart Setup Wizard to assist with manual configuration or to verify the Internet connection settings, follow this procedure. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Connect to the VPN firewall router by typing \ul0\nosupersub\cf15\f 16\fs21 http://www.routerlogin.net\ul0\nosupersub\cf18\f19\fs21 \ul0\nosupersub \cf11\f12\fs21 in the address field}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 of your browser, then press \ul0\nosupersu b\cf15\f16\fs21 Enter\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 2. \ul0\nosupersub\cf11\f12 \fs21 For security reasons, the firewall has its own user name and password. Whe n prompted, enter \par \ul0\nosupersub\cf15\f16\fs21 admin\ul0\nosupersub\cf37\ f38\fs21 \ul0\nosupersub\cf11\f12\fs21 for the firewall user name and \ul0\nosu persub\cf15\f16\fs21 password\ul0\nosupersub\cf11\f12\fs21 for the firewall pas sword, both in lower case letters. To change the password, see \ul0\nosupersub\c f21\f22\fs21 \u8220?Changing the Administrator Password\u8221? on page 7-8 \par\ pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note: \ul0\nosupersub\cf11\f12\fs 21 The firewall user name and password are not the same as any user name or pass word you may use to log in to your Internet connection. \par\pard\par\pard\ql On ce you have entered your user name and password, your Web browser should find th e FVS318v3 VPN Firewall and display the home page as shown in \ul0\nosupersub\cf 21\f22\fs21 Figure 3-9\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Setup Wizard\ul0\nosupersub\cf1 1\f12\fs21 on the upper left of the main menu.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Next\ul0\nosupersub\cf11\f12\fs 21 to proceed. Input your ISP settings, as needed.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 5. \ul0\nosupersub\cf11\f12 \fs21 At the end of the Setup Wizard, click the \ul0\nosupersub\cf15\f16\fs21 Te st\ul0\nosupersub\cf11\f12\fs21 button to verify your Internet connection. If y ou \par have trouble connecting to the Internet, use the Troubleshooting Tips \u l0\nosupersub\cf21\f22\fs21 \u8220?Troubleshooting Tips\u8221? on page 3-6\ul0\n osupersub\cf11\f12\fs21 to correct basic problems, or refer to \ul0\nosupersub\ cf21\f22\fs21 Chapter 9, \u8220?Troubleshooting\ul0\nosupersub\cf11\f12\fs21 .\u 8221? \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Connecting the Firewall to t he Internet}\cell{\ul0\nosupersub\cf4\f5\fs19 3-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 How to Manually Configure Your Internet Connection \par\pard\par\pard\ql \ul0\n osupersub\cf11\f12\fs21 You can manually configure your firewall using the menu below, or you can allow the Setup Wizard to determine your configuration as desc ribed in the previous section. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf38\f39\fs21 ISP \ul0\nosupersub\cf39\f 40\fs21 Does\ul0\nosupersub\cf38\f39\fs21 \ul0\nosupersub\cf39\f40\fs21 Not\ul0 \nosupersub\cf38\f39\fs21 Require Login}\cell{\ul0\nosupersub\cf38\f39\fs21 ISP \ul0\nosupersub\cf39\f40\fs21 Does\ul0\nosupersub\cf38\f39\fs21 Require Login} \cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 3-10: Browser-based co nfiguration Basic Settings menu \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 3-12}\cell{\ul0\nosupersub\c f4\f5\fs19 Connecting the Firewall to the Internet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 You can manually configure the firewall using the Basic Settings menu shown in \ul0\nosupersub\cf 21\f22\fs21 Figure 3-10 \ul0\nosupersub\cf11\f12\fs21 using these steps: \par\pa rd\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Log in to the firewall at its default address of \ul0\nosupersub\cf 15\f16\fs21 http://www.routerlogin.net\ul0\nosupersub\cf18\f19\fs21 \ul0\nosupe rsub\cf11\f12\fs21 using a browser like}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Internet Explorer or Netscape\ul0\nosupers ub\cf40\f41\fs18 \ul0\nosupersub\cf11\f12\fs21 Navigator.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click the \ul0\nosupersub\cf15\f16\fs21 Basic Settings\ul0\nosupers ub\cf11\f12\fs21 link under the \ul0\nosupersub\cf15\f16\fs21 Setup\ul0\nosuper sub\cf11\f12\fs21 section of the main menu.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 3. \ul0\nosupersub\cf11\f12 \fs21 If your Internet connection does not require a login, click \ul0\nosupersu b\cf15\f16\fs21 No\ul0\nosupersub\cf11\f12\fs21 at the top of the \ul0\nosupers ub\cf15\f16\fs21 Basic Settings \par \ul0\nosupersub\cf11\f12\fs21 menu and f ill in the settings according to the instructions below. If your Internet connec tion does require a login, click \ul0\nosupersub\cf15\f16\fs21 Yes\ul0\nosupersu b\cf11\f12\fs21 , and skip to step 4. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 a.}\cell{\ul0\nosupersub\c f11\f12\fs21 Account:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Enter your Account Name (may also be called Host Name) an d Domain Name. These parameters may be necessary to access your ISP\u8217?s serv ices such as mail or news servers. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 b.}\cell{\ul0\nosupersub\c f11\f12\fs21 Internet IP Address:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql If your ISP has assigned you a permanent, fixed (static) IP address for your PC, select \u8220?Use static IP address\u8221?. Enter the IP address that your ISP assigned. Also enter the netmask and the Gateway IP addre ss. The Gateway is the ISP\u8217?s firewall to which your firewall will connect. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 c. \ul0\nosupersub\cf11\f12 \fs21 Domain Name Server (DNS) Address: \par\pard\par\pard\ql If you know that y our ISP does not automatically transmit DNS addresses to the firewall during log in, select \u8220?Use these DNS servers\u8221? and enter the IP address of your ISP\u8217?s Primary DNS Server. If a Secondary DNS Server address is available, enter it also. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note: \ul0\no supersub\cf11\f12\fs21 After completing the DNS configuration, restart the compu ters on your network so that these settings take effect. \par\pard\par\pard\ql \ ul0\nosupersub\cf25\f26\fs19 d. \ul0\nosupersub\cf11\f12\fs21 Firewall\u8217?s M AC Address: \par\pard\par\pard\ql This section determines the Ethernet MAC addre ss that will be used by the firewall on the Internet port. Some ISPs will regist er the Ethernet MAC address of the network interface card in your PC when your a ccount is first opened. They will then only accept traffic from the MAC address of that PC. This feature allows your firewall to masquerade as that PC by \u8220 ?cloning\u8221? its MAC address. \par\pard\par\pard\ql To change the MAC address , select \u8220?Use this Computer\u8217?s MAC address.\u8221? The firewall will then capture and use the MAC address of the PC that you are now using. You must be using the one PC that is allowed by the ISP. Or, select \u8220?Use this MAC a ddress\u8221? and enter it. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 e. \ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\n osupersub\cf11\f12\fs21 to save your settings. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Connecting the Firewall to t he Internet}\cell{\ul0\nosupersub\cf4\f5\fs19 3-13}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 4. \ul0\ nosupersub\cf11\f12\fs21 If your Internet connection does require a login, fill in the settings according to the instructions \par below. Select Yes if you normally must launch a login program such as Enternet or WinPOET in order to ac cess the Internet. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note:\ul0 \nosupersub\cf11\f12\fs21 After you finish setting up your firewall, you will n o longer need to launch the ISP\u8217?s login program on your PC in order to acc ess the Internet. When you start an Internet application, your firewall will aut omatically log you in. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul 0\nosupersub\cf11\f12\fs21 For connections that require a login using protoco ls such as PPPoE, PPTP, Telstra Bigpond \par Cable broadband connections, sel

ect your Internet service provider from the drop-down list. \par\pard\par\pard\q l \ul0\nosupersub\cf4\f5\fs19 Figure 3-11: Basic Settings ISP list \par\pard\par \pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 The sc reen will change according to the ISP settings requirements of the ISP you selec t. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 c.\ul0\nosupersub\cf11\f1 2\fs21 Fill in the parameters for your ISP according to the Wizard-detected p rocedures starting on \par \ul0\nosupersub\cf21\f22\fs21 page 3-11\ul0\nosu persub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 d.\ul 0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosu persub\cf11\f12\fs21 to save your settings. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 3-14}\cell{\ul0\nosupersub\c f4\f5\fs19 Connecting the Firewall to the Internet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf8\f9\fs36 Chapter 4 \par\pard\par\pard\ql Firewall Prote ction and \par\pard\par\pard\ql Content Filtering \par\pard\par\pard\ql \ul0\nos upersub\cf11\f12\fs21 This chapter describes how to use the content filtering fe atures of the FVS318v3 ProSafe VPN Firewall to protect your network. These featu res can be found by clicking on the \ul0\nosupersub\cf15\f16\fs21 Security \ul0\ nosupersub\cf11\f12\fs21 heading in the main menu of the browser interface. \par \pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Firewall Protection and Content Filtering Overview \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The FVS31 8v3 ProSafe VPN Firewall provides you with Web content filtering options, plus b rowsing activity reporting and instant alerts via e-mail. Parents and network ad ministrators can establish restricted access policies based on time-of-day, Web addresses and Web address keywords. You can also block Internet access by applic ations and services, such as chat or games. \par\pard\par\pard\ql A firewall is a special category of router that protects one network (the trusted network, suc h as your LAN) from another (the untrusted network, such as the Internet), while allowing communication between the two. A firewall incorporates the functions o f a NAT (Network Address Translation) router, while adding features for dealing with a hacker intrusion or attack, and for controlling the types of traffic that can flow between the two networks. Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet inspection to protect your netw ork from attacks and intrusions. NAT performs a very limited stateful inspection in that it considers whether the incoming packet is in response to an outgoing request, but true stateful packet inspection goes far beyond NAT. \par\pard\par\ pard\ql To configure these features of your firewall, click on the subheadings u nder the \ul0\nosupersub\cf15\f16\fs21 Security\ul0\nosupersub\cf11\f12\fs21 he ading in the main menu of the browser interface. The subheadings are described b elow: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Firewall Protection and Cont ent Filtering}\cell{\ul0\nosupersub\cf4\f5\fs19 4-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Block Si tes \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The FVS318v3 allows you to restrict access based on Web addresses and Web address keywords. Up to 255 en tries are supported in the Keyword list. The Block Sites menu is shown in \ul0\n

osupersub\cf21\f22\fs21 Figure 4-1\ul0\nosupersub\cf11\f12\fs21 : \par\pard\par\ pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 4-1: Block Sites menu \par\pard\par \pard\ql \ul0\nosupersub\cf11\f12\fs21 To enable keyword blocking, check \ul0\no supersub\cf15\f16\fs21 Turn keyword blocking on\ul0\nosupersub\cf11\f12\fs21 , t hen click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs21 . To add a keyword or domain, type it in the Keyword box, click \ul0\nosupersub\cf15\ f16\fs21 Add Keyword\ul0\nosupersub\cf11\f12\fs21 , then click \ul0\nosupersub\c f15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs21 . To delete a keyword or domain, select it from the list, click \ul0\nosupersub\cf15\f16\fs21 Delete Keyword\ul0 \nosupersub\cf11\f12\fs21 , then click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\n osupersub\cf11\f12\fs21 . Keyword application examples: \par\pard\u8226? If the keyword "XXX" is specified, the URL <http://www.badstuff.com/xxx.html> is blocke d, as is the newsgroup alt.pictures.XXX. \u8226? If the keyword \u8220?.com\u822 1? is specified, only Web sites with other domain suffixes (such as .edu or .gov ) can be viewed. \u8226?\par\par If you wish to block all Internet browsing acce ss, enter the keyword \u8220?.\u8221?. \ul0\nosupersub\cf4\f5\fs19 4-2 Firewall Protection and Content Filtering \par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs 19 January 2005 \par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Ref erence Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\n osupersub\cf11\f12\fs21 To specify a Trusted User, enter that PC\u8217?s IP addr ess in the \ul0\nosupersub\cf15\f16\fs21 Trusted User\ul0\nosupersub\cf11\f12\fs 21 box and click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs 21 . \par\pard\par\pard\ql You may specify one Trusted User, which is a PC that will be exempt from blocking and logging. Since the Trusted User will be identif ied by an IP address, you should configure that PC with a fixed or reserved IP a ddress. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Using Rules to Block or Allow Specific Kinds of Traffic \par\pard\par\pard\ql \ul0\nosupersub\cf11\f 12\fs21 Firewall rules are used to block or allow specific traffic passing throu gh from one side to the other. Inbound rules (WAN to LAN) restrict access by out siders to private resources, selectively allowing only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine what outside r esources local users can have access to. \par\pard\par\pard\ql A firewall has tw o default rules, one for inbound traffic and one for outbound. The default rules of the FVS318v3 are: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Inbound: Block all access from outside except responses to req uests from the LAN side.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Outbound: Allow all access from the LAN side to the outside.}\ cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql These default rules are shown in the Rules table of the R ules menu in \ul0\nosupersub\cf21\f22\fs21 Figure 4-2\ul0\nosupersub\cf11\f12\fs 21 : \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 4-2: Rules menu \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Firewall Protection and Cont ent Filtering}\cell{\ul0\nosupersub\cf4\f5\fs19 4-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 You may define ad ditional rules that specify exceptions to the default rules. By adding custom ru les, you can block or allow access based on the service or application, source o r destination IP addresses, and time of day. You can also choose to log traffic that matches or does not match the rule you have defined. \par\pard\par\pard\ql To create a new rule, click the \ul0\nosupersub\cf15\f16\fs21 Add\ul0\nosupersub \cf11\f12\fs21 button. \par\pard\par\pard\ql To edit an existing rule, select i ts button on the left side of the table and click \ul0\nosupersub\cf15\f16\fs21 Edit\ul0\nosupersub\cf11\f12\fs21 . To delete an existing rule, select its butto n on the left side of the table and click \ul0\nosupersub\cf15\f16\fs21 Delete\u l0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql To move an existing rule to a different position in the table, select its button on the left side of the tab le and click \ul0\nosupersub\cf15\f16\fs21 Move\ul0\nosupersub\cf11\f12\fs21 . A t the script prompt, enter the number of the desired new position and click \ul0 \nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\q l An example of the menu for defining or editing a rule is shown in \ul0\nosuper sub\cf21\f22\fs21 Figure 4-3\ul0\nosupersub\cf11\f12\fs21 . The parameters are: \par\pard\par\pard\qc \u8226? \ul0\nosupersub\cf15\f16\fs21 Service\ul0\nosupers ub\cf11\f12\fs21 . From this list, select the application or service to be allow ed or blocked. The list already displays many common services, but you are not l imited to these choices. Use the Services menu to add any additional services or applications that do not already appear. \par\pard\par\pard\ql \u8226? \ul0\nos upersub\cf15\f16\fs21 Action\ul0\nosupersub\cf11\f12\fs21 . Choose how you would like this type of traffic to be handled. You can block or allow \par always, or you can choose to block or allow according to the schedule you have defined i n the Schedule menu. \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf15\f16\fs21 Source Address\ul0\nosupersub\cf11\f12\fs21 . Specify traffic originating on th e LAN (outbound) or the WAN (inbound), \par and choose whether you would lik e the traffic to be restricted by source IP address. You can select Any, a Singl e address, or a Range. If you select a range of addresses, enter the range in th e start and finish boxes. If you select a single address, enter it in the start box. \par\pard\u8226? \u8226? must enter a Single LAN address in the start box.\ par\par \ul0\nosupersub\cf15\f16\fs21 Log\ul0\nosupersub\cf11\f12\fs21 . You can select whether the traffic will be logged. The choices are: \u8226? Never \u821 2? no log entries will be made for this service. \u8226? \ul0\nosupersub\cf15\f1 6\fs21 Destination Address\ul0\nosupersub\cf11\f12\fs21 .The Destination Address will be assumed to be from the opposite (LAN or WAN) of the Source Address. As with the Source Address, you can select Any, a Single address, or a Range unless NAT is enabled and the destination is the LAN. In that case, you \par Match \u 8212? traffic of this type that matches the parameters and action will be logged . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 4-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 Firewall Protection and Content Filtering}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Inbound Rules (Port Forwarding) \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Beca use the FVS318v3 uses Network Address Translation (NAT), your network presents o nly one IP address to the Internet, and outside users cannot directly address an

y of your local computers. However, by defining an inbound rule you can make a l ocal server (for example, a Web server or game server) visible and available to the Internet. The rule tells the firewall to direct inbound traffic for a partic ular service to one local server based on the destination port number. This is a lso known as port forwarding. \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23 \fs21 Note: \ul0\nosupersub\cf11\f12\fs21 Some residential broadband ISP account s do not allow you to run any server processes (such as a Web or FTP server) fro m your location. Your ISP may periodically check for servers and may suspend you r account if it discovers any active services at your location. If you are unsur e, refer to the Acceptable Use Policy of your ISP. \par\pard\par\pard\ql Remembe r that allowing inbound services opens holes in your FVS318v3 VPN Firewall. Only enable those ports that are necessary for your network. Following are two appli cation examples of inbound rules: \par\pard\par\pard\ql \ul0\nosupersub\cf38\f39 \fs21 Inbound Rule Example: A Local Public Web Server \par\pard\par\pard\ql \ul0 \nosupersub\cf11\f12\fs21 If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day. This rule is sh own in \ul0\nosupersub\cf21\f22\fs21 Figure 4-3\ul0\nosupersub\cf11\f12\fs21 : \ par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 4-3: Rule example: a l ocal public Web server \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Firewall Protection and Cont ent Filtering}\cell{\ul0\nosupersub\cf4\f5\fs19 4-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf38\f39\fs21 Inbound Rule Example: Allowing a Videoconference from Restricted Addresses \par\pard\par \pard\ql \ul0\nosupersub\cf11\f12\fs21 If you want to allow incoming vide oconferencing to be initiated from a restricted range of outside IP addresses, s uch as from a branch office, you can create an inbound rule. In the example show n in \ul0\nosupersub\cf21\f22\fs21 Figure 4-4\ul0\nosupersub\cf11\f12\fs21 , CUSEEME connections are allowed only from a specified range of external IP \par ad dresses. In this case, we have also specified logging of any incoming CU-SeeMe r equests that do not match the allowed parameters. \par\pard\par\pard\ql \ul0\nos upersub\cf4\f5\fs19 Figure 4-4: Rule example: a videoconference from restricte d addresses \par\pard\par\pard\ql \ul0\nosupersub\cf38\f39\fs21 Considerations f or Inbound Rules \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 \u8226? If your external IP address is assigned dynamically by your ISP, the IP address may change \par periodically as the DHCP lease expires. Consider using the Dyami c DNS feature in the Advanced menus so that external users can always find your network. \par\pard\par\pard\ql \u8226? If the IP address of the local server PC is assigned by DHCP, it may change when the PC is \par rebooted. To avoid this, use the Reserved IP address feature in the LAN IP menu to keep the PC\u8217?s I P address constant. \par\pard\par\pard\ql \u8226? Each local PC must access the local server using the PC\u8217?s local LAN address (192.168.0.99 in \par this example). Attempts by local PCs to access the server using the external WAN IP address will fail. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 4-6}\cell{\ul0\nosupersub\cf 4\f5\fs19 Firewall Protection and Content Filtering}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Outbound Rules (Service Blocking) \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Th e FVS318v3 allows you to block the use of certain Internet services by PCs on yo ur network. This is called service blocking or port filtering. You can define an outbound rule to block Internet access from a local PC based on: \par\pard\par\ pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 IP address of the local PC (source address)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 IP address of the Internet site being contacted (destination a ddress)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Time of day}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Type of service being requested (service port number)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Following is an application example of an outbound rule: \par\pard\par\pard\ql \ul0\nosupersub\cf38\f39\fs21 Outbound Rule Example: Block ing Instant Messenger \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 If you want to block Instant Messenger usage by employees during working hours, you ca n create an outbound rule to block that application from any internal IP address to any external address according to the schedule that you have created in the Schedule menu. You can also have the firewall log any attempt to use Instant Mes senger during that blocked period. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\ fs19 Figure 4-5: Rule example: blocking Instant Messenger \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Firewall Protection and Cont ent Filtering}\cell{\ul0\nosupersub\cf4\f5\fs19 4-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Order of Precedence for Rules \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 As you define new rules, they are added to the tables in the Rules table, as shown bel

ow: \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 4-6: Rules table with examples \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 For any traffi c attempting to pass through the firewall, the packet information is subjected t o the rules in the order shown in the Rules table, beginning at the top and proc eeding to the default rules at the bottom. In some cases, the order of precedenc e of two or more rules may be important in determining the disposition of a pack et. The Move button allows you to relocate a defined rule to a \par new posi tion in the table. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Default D MZ Server \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Incoming traffic f rom the Internet is normally discarded by the firewall unless the traffic is a r esponse to one of your local computers or a service for which you have configure d an inbound rule. Instead of discarding this traffic, you can have it forwarded to one computer on your network. This computer is called the Default DMZ Server . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 4-8}\cell{\ul0\nosupersub\cf 4\f5\fs19 Firewall Protection and Content Filtering}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The Default DMZ S erver feature is helpful when using some online games and videoconferencing appl ications that are incompatible with NAT. The firewall is programmed to recognize some of these applications and to work properly with them, but there are other applications that may not function well. In some cases, one local PC can run the application properly if that PC\u8217?s IP address is entered as the Default DM Z Server. \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0 \nosupersub\cf11\f12\fs21 For security, NETGEAR strongly recommends that you avo id using the Default DMZ Server feature. When a computer is designated as the De fault DMZ Server, it loses much of the protection of the firewall, and is expose d to many exploits from the Internet. \par If compromised, the computer can be u sed to attack your network. \par\pard\par\pard\ql To assign a computer or server to be a Default DMZ server: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Default DMZ Server\ul0\nosupers ub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Type the IP address for that server.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\f s21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11 \f12\fs21 In this application, the use of the term \u8220?DMZ\u8221? has become common, although it is a misnomer. In traditional firewalls, a DMZ is actually a separate physical network port. A true DMZ port is for connecting servers that require greater access from the outside, and will therefore be provided with a d ifferent level of security by the firewall. A better term for our application is Exposed Host. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Respond to Pi ng on Internet WAN Port \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 If y ou want the firewall to respond to a ping from the Internet, click the \ul0\nosu persub\cf15\f16\fs21 Respond to Ping on Internet WAN Port\ul0\nosupersub\cf11\f1 2\fs21 check box. This should only be used as a diagnostic tool, since it allow s your firewall to be discovered. Don't check this box unless you have a specifi c reason to do so. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Firewall Protection and Cont ent Filtering}\cell{\ul0\nosupersub\cf4\f5\fs19 4-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Services \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Services are functions perf ormed by server computers at the request of client computers. For example, Web s ervers serve Web pages, time servers serve time and date information, and game h osts serve data about other players\u8217? moves. When a computer on the Interne t sends a request for service to a server computer, the requested service is ide ntified by a service or port number. This number appears as the destination port number in the transmitted IP packets. For example, a packet that is sent with d estination port number 80 is an HTTP (Web server) request. \par\pard\par\pard\ql The service numbers for many common protocols are defined by the Internet Engin eering Task Force (IETF) and published in RFC1700, \u8220?Assigned Numbers.\u822 1? Service numbers for other applications are typically chosen from the range 10 24 to 65535 by the authors of the application. \par\pard\par\pard\ql Although th e FVS318v3 already holds a list of many service port numbers, you are not limite d to these choices. Use the Services menu to add additional services and applica tions to the list for use \par in defining firewall rules. The Services menu sh ows a list of services that you have defined, as shown in \ul0\nosupersub\cf21\f 22\fs21 Figure 4-7\ul0\nosupersub\cf11\f12\fs21 : \par\pard\par\pard\ql \ul0\nos upersub\cf4\f5\fs19 Figure 4-7: Services menu \par\pard\par\pard\ql \ul0\nosup ersub\cf11\f12\fs21 To define a new service, first you must determine which port number or range of numbers is used by the application. This information can usu ally be determined by contacting the publisher of the application or from user g roups of newsgroups. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 4-10}\cell{\ul0\nosupersub\c f4\f5\fs19 Firewall Protection and Content Filtering}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 To add a service: \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 1. \ul0\nosupersub \cf11\f12\fs21 When you have the port number information, go the Services menu a

nd click on the \ul0\nosupersub\cf15\f16\fs21 Add \par Custom Service\ul0\nosup ersub\cf11\f12\fs21 button. The \ul0\nosupersub\cf15\f16\fs21 Add Services\ul0\ nosupersub\cf11\f12\fs21 menu appears as shown in \ul0\nosupersub\cf21\f22\fs21 Figure 4-8\ul0\nosupersub\cf11\f12\fs21 : \par\pard\par\pard\ql \ul0\nosupersub \cf4\f5\fs19 Figure 4-8: Add Custom Service menu \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Enter a descriptive name for the service so that you will remember what it is.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Select whether the service uses TCP or UDP as its transport protoco l.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 If you can\u8217?t determine which is used , select both.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Enter the lowest port number used by the service.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 5.}\cell{\ul0\nosupersub\c f11\f12\fs21 Enter the highest port number used by the service.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql If the service only uses a single port number, enter the same number in both fields. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 6.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\f s21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql The new service now appears in the Services menu, and in the Service name selection box in the Rules menu. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Firewall Protection and Cont ent Filtering}\cell{\ul0\nosupersub\cf4\f5\fs19 4-11}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Using a Schedule to Block or Allow Specific Traffic \par\pard\par\pard\ql \ul0\nosupersu b\cf11\f12\fs21 If you enabled content filtering in the Block Sites menu, or if you defined an outbound rule to use a schedule, you can set up a schedule for wh en blocking occurs or when access is restricted. The firewall allows you to spec ify when blocking will be enforced by configuring the Schedule page shown below: \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 4-9: Schedule page \ par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 4-12}\cell{\ul0\nosupersub\c f4\f5\fs19 Firewall Protection and Content Filtering}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 To block keywords or Internet domains based on a schedule, select Every Day or select one or more days. If you want to limit access completely for the selected days, select All Day. Otherwise, If you want to limit access during certain times for the selecte d days, type a Start Blocking time and an End Blocking time. \par\pard\par\pard\ ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 Enter the values as 24-hour time. For example, to specify 10:30 am, enter 10 hours and 30 minutes; for 10:30 pm, enter 22 hours and 30 minutes. \par\pard\par\pard\ql Be sure to click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs2 1 when you have finished configuring this page. \par \ul0\nosupersub\cf19\f20 \fs27 Time Zone \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The FVS318v3 VPN Firewall uses the Network Time Protocol (NTP) to obtain the current time an d date from one of several Network Time Servers on the Internet. In order to loc alize the time for your log entries, you must specify your Time Zone: \par\pard\ u8226? Time Zone. Select your local time zone. This setting will be used for the blocking schedule and for time-stamping log entries. \u8226? Daylight Savings T ime. Check this box for daylight savings time. \par\pard\par\pard\ql \ul0\nosupe rsub\cf15\f16\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 If your region uses Dayli ght Savings Time, you must manually select Adjust for Daylight Savings Time on t he first day of Daylight Savings Time, and unselect it at the end. Enabling Dayl ight Savings Time will add one hour to the standard time. \par\pard\par\pard\ql Be sure to click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs2 1 when you have finished configuring this menu. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Firewall Protection and Cont ent Filtering}\cell{\ul0\nosupersub\cf4\f5\fs19 4-13}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Getting E-Mail Notifications of Event Logs and Alerts \par\pard\par\pard\ql \ul0\nosuper

sub\cf11\f12\fs21 In order to receive logs and alerts by e-mail, you must provid e your e-mail information in the Send \par alerts and logs by e-mail area: \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 4-10: E-mail menu \pa r\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Turn e-mail notification on.\ul0\nosupersub\cf11\f12\fs21 Che ck this box if you wish to receive e-mail logs and alerts from}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 the firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf15\f16\fs21 Send alerts and log s by e-mail.\ul0\nosupersub\cf11\f12\fs21 If your enable e-mail notification, t hese boxes cannot be \par blank. Enter the name or IP address of your ISP\ u8217?s outgoing (SMTP) mail server (such as mail.myISP.com). You may be able to find this information in the configuration menu of your e-mail program. Enter t he e-mail address to which logs and alerts are sent. This e-mail address will al so be used as the From address. If you leave this box blank, log and alert messa ges will not be sent via e-mail. \par\pard\par\pard\ql \u8226? \ul0\nosupersub\c f15\f16\fs21 Send E-mail alerts immediately.\ul0\nosupersub\cf11\f12\fs21 You c an specify that logs are immediately sent to the \par specified e-mail address when any of the following events occur: \par\pard\par\pard\ql - If a Denial o f Service attack is detected. \par\pard\par\pard\ql - If a Port Scan is detect ed. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 4-14}\cell{\ul0\nosupersub\c f4\f5\fs19 Firewall Protection and Content Filtering}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 - If a user on your LAN attempts to access a Web site that you blocked using the Block Sites \p ar menu. \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf15\f16\fs21 Send l ogs according to this schedule.\ul0\nosupersub\cf11\f12\fs21 You can specify th at logs are sent to you according to a \par schedule. Select whether you wou ld like to receive the logs None, Hourly, Daily, Weekly, or When Full. Depending on your selection, you may also need to specify: \par\pard\par\pard\ql - Day for sending log \par\pard\par\pard\ql Relevant when the log is sent weekly or da ily. \par\pard\par\pard\ql - Time for sending log \par\pard\par\pard\ql Releva nt when the log is sent daily or weekly. \par\pard\par\pard\ql If the Weekly, Da ily or Hourly option is selected and the log fills up before the specified perio d, the log is automatically e-mailed to the specified e-mail address. After the log is sent, the log is cleared from the firewall\u8217?s memory. If the firewal l cannot e-mail the log file, the log buffer may fill up. In this case, the fire wall overwrites the log and discards its contents. \par\pard\par\pard\ql Be sure to click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs21 when you have finished configuring this menu. \par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Firewall Protection and Cont ent Filtering}\cell{\ul0\nosupersub\cf4\f5\fs19 4-15}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Viewing Logs of Web Access or Attempted Web Access \par\pard\par\pard\ql \ul0\nosupersub \cf11\f12\fs21 The firewall logs security-related events such as denied incoming and outgoing service requests, hacker probes, and administrator logins. If you enable content filtering in the Block Sites menu, the Log page will also show yo u when someone on your network tried to access a blocked site. If you enabled email notification, you'll receive these logs in an e-mail message. If you don't have e-mail notification enabled, you can view the logs here. An example is show n in \ul0\nosupersub\cf21\f22\fs21 Figure 4-11\ul0\nosupersub\cf11\f12\fs21 : \p ar\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 4-11: Logs menu \par\pa rd\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 4-16}\cell{\ul0\nosupersub\c f4\f5\fs19 Firewall Protection and Content Filtering}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firew all FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 Log entries are described in \ul0\nosupersub\cf21\f22\fs21 Table 4-1}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 4-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Log entry descriptions}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Date and Time}\cell{\ul0\nos upersub\cf2\f3\fs18 The date and time the log entry was recorded.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Description or}\cell{\ul0\no supersub\cf2\f3\fs18 The type of event and what action was taken if any.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Action}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Source IP}\cell{\ul0\nosuper sub\cf2\f3\fs18 The IP address of the initiating device for this log entry.}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Source port and}\cell{\ul0\n osupersub\cf2\f3\fs18 The service port number of the initiating device, and whet her it}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 interface}\cell{\ul0\nosuper sub\cf2\f3\fs18 originated from the LAN or WAN.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Destination}\cell{\ul0\nosup ersub\cf2\f3\fs18 The name or IP address of the destination device or Web site.} \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Destination port and}\cell{\ ul0\nosupersub\cf2\f3\fs18 The service port number of the destination device, an d whether it\u8217?s on}\cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 interface}\cell{\ul0\nosuper sub\cf2\f3\fs18 the LAN or WAN.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Log action buttons are described in \ul0\n osupersub\cf21\f22\fs21 Table 4-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 4-2.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Log action buttons}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Button}\cell{\ul0\nosupersub \cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Refresh}\cell{\ul0\nosupersu b\cf2\f3\fs18 Refresh the log screen.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Clear Log}\cell{\ul0\nosuper sub\cf2\f3\fs18 Clear the log entries.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Send Log}\cell{\ul0\nosupers ub\cf2\f3\fs18 Email the log immediately.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Syslog \par\pard\par\pard\q l \ul0\nosupersub\cf11\f12\fs21 You can configure the firewall to send system lo gs to an external PC that is running a syslog logging program. Enter the IP addr ess of the logging PC and click the \ul0\nosupersub\cf15\f16\fs21 Enable Syslog\

ul0\nosupersub\cf11\f12\fs21 check box. \par\pard\par\pard\ql Logging programs are available for Windows, Macintosh, and Linux computers. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Firewall Protection and Cont ent Filtering}\cell{\ul0\nosupersub\cf4\f5\fs19 4-17}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 4-18}\cell{\ul0\nosupersub\c f4\f5\fs19 Firewall Protection and Content Filtering}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf8\f9\fs36 Chapter 5 \par\pard\par\pard\ql Basic Virtual Private Networking \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This chap ter describes how to use the virtual private networking (VPN) features of the FV S318v3 VPN Firewall. VPN communications paths are called tunnels. VPN tunnels pr ovide secure, encrypted communications between your local network and a remote n etwork or computer. \par\pard\par\pard\ql The VPN information is organized as fo llows: \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf21\f22\fs21 \u8220?Overvi ew of VPN Configuration\u8221? on page 5-2\ul0\nosupersub\cf11\f12\fs21 provide s an overview of the two most \par common VPN configurations: client-to-gat eway and gateway-to-gateway. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf21\f22\fs21 \u8220?Planning a VPN\u8221? on page 5-3\ul0\nosupersub\cf11\f 12\fs21 provides the VPN Committee (VPNC) recommended default}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 parameters set by the VPN Wizard.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf21\f22\fs21 \u8220?VPN Tunnel C onfiguration\u8221? on page 5-5\ul0\nosupersub\cf11\f12\fs21 summarizes the two ways to configure a VPN \par tunnel: VPN Wizard (recommended for most situati ons) and Advanced (see \ul0\nosupersub\cf21\f22\fs21 Chapter 6, \u8220?Advanced Virtual Private Networking\ul0\nosupersub\cf11\f12\fs21 ). \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf21\f22\fs21 \u8220?How to Set Up a Client-to-Gateway VPN Configuration\u8221? on page 5-5\ul0\nosupersub\cf11\f12\fs21 provides the steps \par needed to configure a VPN tunnel between a remote PC and a netwo rk gateway using the VPN Wizard and the NETGEAR ProSafe VPN Client. \par\pard\pa r\pard\ql \u8226? \ul0\nosupersub\cf21\f22\fs21 \u8220?How to Set Up a Gateway-t o-Gateway VPN Configuration\u8221? on page 5-20\ul0\nosupersub\cf11\f12\fs21 pr ovides the steps \par needed to configure a VPN tunnel between two network gat

eways using the VPN Wizard. \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf21\f 22\fs21 \u8220?VPN Tunnel Control\u8221? on page 5-26\ul0\nosupersub\cf11\f12\fs 21 provides the step-by-step procedures for activating, \par verifying, deact ivating, and deleting a VPN tunnel once the VPN tunnel has been configured. \par \pard\par\pard\ql \u8226? \ul0\nosupersub\cf21\f22\fs21 Chapter 6, \u8220?Advanc ed Virtual Private Networking\ul0\nosupersub\cf11\f12\fs21 \u8221? provides the steps needed to configure \par VPN tunnels when there are special circumstances and the VPNC recommended defaults of the VPN Wizard are inappropriate. \par\par d\par\pard\ql \u8226? \ul0\nosupersub\cf21\f22\fs21 Appendix C, \u8220?Virtual P rivate Networking\ul0\nosupersub\cf11\f12\fs21 \u8221? discusses Virtual Private Networking (VPN) \par Internet Protocol security (IPSec). IPSec is one of the most complete, secure, and commercially available, standards-based protocols dev eloped for transporting data. \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf21 \f22\fs21 Appendix E, \u8220?VPN Configuration of NETGEAR FVS318v3\ul0\nosupersu b\cf11\f12\fs21 \u8221? presents a case study on how to \par configure a secu re IPSec VPN tunnel from a NETGEAR FVS318v3 to a FVL328. This case study follows the VPN Consortium interoperability profile guidelines (found at \ul0\nosupersu b\cf16\f17\fs21 http://www.vpnc.org/InteropProfiles/Interop-01.html\ul0\nosupers ub\cf11\f12\fs21 ). \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Overview of VPN C onfiguration \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Two common scen arios for configuring VPN tunnels are between a remote personal computer and a n etwork gateway and between two or more network gateways. The FVS318v3 supports b oth of these types of VPN configurations. The FVS318v3 VPN Firewall supports up to eight concurrent tunnels. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Client-to-Gateway VPN Tunnels \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs 21 Client-to-gateway VPN tunnels provide secure access from a remote PC, such as a telecommuter connecting to an office network (see \ul0\nosupersub\cf21\f22\fs 21 Figure 5-1\ul0\nosupersub\cf11\f12\fs21 ). \par\pard\par\pard\ql \ul0\nosuper sub\cf41\f42\fs36 VPN Tunnel \par\pard\par\pard\ql \ul0\nosupersub\cf42\f43\fs28 FVS318 \par\pard\par\pard\ql \ul0\nosupersub\cf27\f28\fs24 24.0.0.1 \par\pard\p ar\pard\ql 192.168.3.1 \par\pard\par\pard\ql \ul0\nosupersub\cf43\f44\fs18 PCs \ par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-1: Client-to-gateway VPN tunnel \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 A VPN client acc ess allows a remote PC to connect to your network from any location on the Inter net. In this case, the remote PC is one tunnel endpoint, running the VPN client software. The FVS318v3 VPN Firewall on your network is the other tunnel endpoint . See \ul0\nosupersub\cf21\f22\fs21 \u8220?How to Set Up a Client-to-Gateway VPN Configuration\u8221? on page 5-5\ul0\nosupersub\cf11\f12\fs21 to set up this c onfiguration. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Gateway-to-Gat eway VPN Tunnels \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Gateway-to-gateway VPN tunnels provide secure access between n etworks, such as a branch}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 or home office and a main office (see \ul0 \nosupersub\cf21\f22\fs21 Figure 5-2\ul0\nosupersub\cf11\f12\fs21 ).}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-2}\cell{\ul0\nosupersub\cf 4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf41\f42\fs36 VPN Tunnel \par\p ard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf27\f28\fs24 VPN Gateway A}\cell{\ul0\n osupersub\cf27\f28\fs24 VPN Gateway B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf43\f44\fs18 PCs}\cell{\ul0\nosupersub\ cf43\f44\fs18 PCs}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-2: Gateway-to-gate way VPN tunnel \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 A VPN between two or more NETGEAR VPN-enabled firewalls is a good way to connect branch or ho me offices and business partners over the Internet. VPN tunnels also enable acce ss to network resources across the Internet. In this case, use FVS318v3s on each end of the tunnel to form the VPN tunnel end points. See \ul0\nosupersub\cf21\f 22\fs21 \u8220?How to Set Up a Gateway-to-Gateway VPN Configuration\u8221? on pa ge 5-20\ul0\nosupersub\cf11\f12\fs21 to set up this configuration. \par\pard\pa r\pard\ql \ul0\nosupersub\cf12\f13\fs30 Planning a VPN \par\pard\par\pard\ql \ul 0\nosupersub\cf11\f12\fs21 To set up a VPN connection, you must configure each e ndpoint with specific identification and connection information describing the o ther endpoint. You must configure the outbound VPN settings on one end to match the inbound VPN settings on other end, and vice versa. \par\pard\par\pard\ql Thi s set of configuration information defines a security association (SA) between t he two VPN endpoints. When planning your VPN, you must make a few choices first: \par\pard\par\pard\ql \u8226? Will the local end be any device on the LAN, a po rtion of the local network (as defined by a \par subnet or by a range of IP addresses), or a single PC? \par\pard\par\pard\ql \u8226? Will the remote end be any device on the remote LAN, a portion of the remote network (as \par defined by a subnet or by a range of IP addresses), or a single PC? \par\pard\pa r\pard\ql \u8226? Will either endpoint use Fully Qualified Domain Names (FQDNs)? Many DSL accounts are \par provisioned with DHCP addressing, where the IP a

ddress of the WAN port can change from time to time. Under these circumstances, configuring the WAN port with a dynamic DNS (DynDNS) service provider simplifies the configuration task. When DynDNS is configured on the WAN port, configure th e VPN using FDQN. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 FQDNs supplied by Dynamic DNS providers can allow a VPN endpoint with a dynamic IP address to ini tiate or respond to a tunnel request. Otherwise, the side using a dynamic IP add ress must always be the initiator. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 What method will you use to configure your VPN tunnels?}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8212? The VPN Wizard using VPNC default s (see \ul0\nosupersub\cf21\f22\fs21 Table 5-1\ul0\nosupersub\cf11\f12\fs21 )}\c ell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8212? Advanced methods (see \ul0\nosupe rsub\cf21\f22\fs21 Chapter 6, \u8220?Advanced Virtual Private Networking\ul0\nos upersub\cf11\f12\fs21 \u8221?)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 5-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Parameters recommended by the VPNC and used in the VPN Wizard}\ cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Parameter}\cell{\ul0\nosuper sub\cf2\f3\fs18 Factory Default}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Secure Association}\cell{\ul

0\nosupersub\cf2\f3\fs18 Main Mode}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Authentication Method}\cell{ \ul0\nosupersub\cf2\f3\fs18 Pre-shared Key}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Encryption Method}\cell{\ul0 \nosupersub\cf2\f3\fs18 3DES}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Authentication Protocol}\cel l{\ul0\nosupersub\cf2\f3\fs18 SHA-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Diffie-Hellman (DH) Group}\c ell{\ul0\nosupersub\cf2\f3\fs18 Group 2 (1024 bit)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Key Life}\cell{\ul0\nosupers ub\cf2\f3\fs18 8 hours}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 IKE Life Time}\cell{\ul0\nos upersub\cf2\f3\fs18 24 hours}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETBIOS}\cell{\ul0\nosupersu b\cf2\f3\fs18 Enabled}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 What level of IPSec VPN encryption will you use?}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard\ql \u8212? DE \u8212? The Data Encryption Standard (DES) pr ocesses input data that is 64 bits wide, \par encrypting these values using a 56 bit key. Faster but less secure than 3DES. \par\pard\par\pard\ql \u8212? 3DE S \u8212? (Triple DES) achieves a higher level of security by encrypting the dat a three \par times using DES with three different, unrelated keys. \par\pard\ par\pard\ql \u8212? AES \par\pard\par\pard\ql \u8226? What level of authenticat ion will you use? \par \u8212? MDS \u8212? 128 bits, faster but less secure. \ u8212? SHA-1 \u8212? 160 bits, slower but more secure. \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 NETGEAR publis hes additional interoperability scenarios with various gateway and client softwa re products. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 VPN Tunnel Config uration \par\pard\par\pard\ul0\nosupersub\cf11\f12\fs21 There are two tunnel con figurations and three ways to configure them: \u8226? Use the VPN Wizard to conf igure a VPN tunnel (recommended for most situations): \par \u8212? See \ul 0\nosupersub\cf21\f22\fs21 \u8220?How to Set Up a Client-to-Gateway VPN Configur ation\u8221? on page 5-5\ul0\nosupersub\cf11\f12\fs21 . \u8212? See \ul0\nosupe rsub\cf21\f22\fs21 \u8220?How to Set Up a Gateway-to-Gateway VPN Configuration\u 8221? on page 5-20\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql \u8226? See \ul0\nosupersub\cf21\f22\fs21 Chapter 6, \u8220?Advanced Virtual Private Net working\ul0\nosupersub\cf11\f12\fs21 \u8221? when the VPN Wizard and its VPNC \p ar defaults (see \ul0\nosupersub\cf21\f22\fs21 Table 5-1\ul0\nosupersub\cf1 1\f12\fs21 on \ul0\nosupersub\cf21\f22\fs21 page 5-4\ul0\nosupersub\cf11\f12\fs 21 ) are not appropriate for your special circumstances. \par\pard\par\pard\ql \ ul0\nosupersub\cf12\f13\fs30 How to Set Up a Client-to-Gateway VPN Configuration \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN Client and a network gateway (see \ul0 \nosupersub\cf21\f22\fs21 Figure 5-3\ul0\nosupersub\cf11\f12\fs21 ) involves the following two steps: \par\pard\par\pard\qc \u8226? \ul0\nosupersub\cf21\f22\fs2 1 \u8220?Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS318v3\u8 221? on page 5-6\ul0\nosupersub\cf11\f12\fs21 uses the VPN Wizard to configure the VPN tunnel between the remote PC and network gateway. \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf21\f22\fs21 \u8220?Step 2: Configuring the NETGEAR Pro Safe VPN Client on the Remote PC\u8221? on page 5-9 \par \ul0\nosupersub\ cf11\f12\fs21 configures the NETGEAR ProSafe VPN Client endpoint. \par\pard\par\ pard\ql \ul0\nosupersub\cf41\f42\fs36 VPN Tunnel \par\pard\par\pard\ql \ul0\nosu persub\cf42\f43\fs28 FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf27\f28\fs2 4 24.0.0.1 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf27\f28\fs24 192.168.3.1}\cell{\ul0\nos upersub\cf44\f45\fs18 PC}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql (Running NETGEAR ProSafe VPN Client) \par\pard\par\pard\q l \ul0\nosupersub\cf43\f44\fs18 PCs \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5

\fs19 Figure 5-3:

Client-to-gateway VPN tunnel \par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Step 1: Configuring the Client-to-Gateway VPN Tunnel on the FVS318v3 \par\pard\par\pard\ ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 This s ection uses the VPN Wizard to set up the VPN tunnel using the VPNC default param eters listed in \ul0\nosupersub\cf21\f22\fs21 Table 5-1 on page 5-4\ul0\nosupers ub\cf11\f12\fs21 . If you have special requirements not covered by these VPNC-re commended parameters, refer to \ul0\nosupersub\cf21\f22\fs21 Chapter 6, \u8220?A dvanced Virtual Private Networking\ul0\nosupersub\cf11\f12\fs21 \u8221? to set u p the VPN tunnel. \par\pard\par\pard\ql Follow this procedure to configure a cli ent-to-gateway VPN tunnel using the VPN Wizard. \par\pard\par\pard\ql \ul0\nosup ersub\cf25\f26\fs19 1. \ul0\nosupersub\cf11\f12\fs21 Log in to the FVS318v3 at i ts LAN address of \ul0\nosupersub\cf16\f17\fs21 http://192.168.0.1\ul0\nosupersu b\cf11\f12\fs21 with its default user name of \par \ul0\nosupersub\cf15\f16 \fs21 admin\ul0\nosupersub\cf11\f12\fs21 and password of \ul0\nosupersub\cf15\f 16\fs21 password\ul0\nosupersub\cf11\f12\fs21 . Click the \ul0\nosupersub\cf15\f 16\fs21 VPN Wizard\ul0\nosupersub\cf11\f12\fs21 link in the main menu to displa y this screen. Click \ul0\nosupersub\cf15\f16\fs21 Next\ul0\nosupersub\cf11\f12\ fs21 to proceed. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-4: VPN Wizard start screen \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Fill in the Connection Name and the pre-shared key, select the type of target end point, and}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 click \ul0\nosupersub\cf15\f16\fs21 Next\u l0\nosupersub\cf11\f12\fs21 to proceed.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note:\ul0\nosupersub\cf11\f 12\fs21 The Connection Name is arbitrary and not relevant to how the configurat ion functions. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-6}\cell{\ul0\nosupersub\cf 4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P

roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 E nter the new Connection Name: \par\pard\par\pard\ql (RoadWarrior in this example ) \par\pard\par\pard\ql Enter the pre-shared key: (12345678 in this example) \pa r\pard\par\pard\ql Select the radio button: \par\pard\par\pard\ql A remote VPN c lient (single PC) \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-5: Connection Name and Remote IP Type \par\pard\par\pard\ql \ul0\nosupersub\cf11\ f12\fs21 The Summary screen below displays. \par\pard\par\pard\ql \ul0\nosupersu b\cf4\f5\fs19 Figure 5-6: VPN Wizard Summary \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 To view the VPNC recommended authentication and encryption settings used by the VPN Wizard, click the \ul0\nosupersub\cf15\f16\fs21 here \ul0\nosupersub\cf11\f 12\fs21 link (see \ul0\nosupersub\cf21\f22\fs21 Figure 5-6\ul0\nosupersub\cf11\f 12\fs21 ). Click \ul0\nosupersub\cf15\f16\fs21 Back\ul0\nosupersub\cf11\f12\fs21 to return to the \ul0\nosupersub\cf15\f16\fs21 Summary\ul0\nosupersub\cf11\f12 \fs21 screen. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-7: V PNC Recommended Settings \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 3. \ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Done\ul0\nosup ersub\cf11\f12\fs21 on the Summary screen (see \ul0\nosupersub\cf21\f22\fs21 Fi gure 5-6\ul0\nosupersub\cf11\f12\fs21 ) to complete the configuration procedure. \par The VPN Policies menu below displays showing that the new tunnel is enab led. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-8: VPN Policie s \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 To view or modify the tunn el settings, select the radio button next to the tunnel entry and click \ul0\nos upersub\cf15\f16\fs21 Edit\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-8}\cell{\ul0\nosupersub\cf 4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Step 2: Configuri ng the NETGEAR ProSafe VPN Client on the Remote PC \par\pard\par\pard\ql \ul0\no supersub\cf11\f12\fs21 This procedure describes how to configure the NETGEAR Pro Safe VPN Client. This example assumes the PC running the client has a dynamicall y assigned IP address. \par\pard\par\pard\ql The PC must have the NETGEAR Pro Safe VPN Client program installed that supports IPSec. Go to the NETGEAR Web sit e (\ul0\nosupersub\cf16\f17\fs21 http://www.netgear.com\ul0\nosupersub\cf11\f12\ fs21 ) and select VPN01L_VPN05L in the Product \par Quick Find drop-down menu fo r information on how to purchase the NETGEAR ProSafe VPN Client. \par\pard\par\p ard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 Before installing the NETGEAR ProSafe VPN Client software, be sure to turn off \par any virus protection or firewall software you may be running on your PC. \par\pa rd\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 1. \ul0\nosupersub\cf11\f12\fs21 In stall the NETGEAR ProSafe VPN Client on the remote PC and reboot. \par \ul0\nos upersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 You may need to insert your Windows CD to complete the installation. \par\pard\par\pard\ql \ul0\nosuper

sub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 If you do not have a modem or dial-up adapter installed in your PC, you may see the \par warning message stating \u8220?The NETGEAR ProSafe VPN Component requires at least one dial-up a dapter be installed.\u8221? You can disregard this message. \par\pard\par\pard\q l \ul0\nosupersub\cf25\f26\fs19 c.\ul0\nosupersub\cf11\f12\fs21 Install the I PSec Component. You may have the option to install either the VPN Adapter \par or the IPSec Component or both. The VPN Adapter is not necessary. \par\pard\ul0\ nosupersub\cf25\f26\fs19 2. \ul0\nosupersub\cf11\f12\fs21 Add a new connection. \ul0\nosupersub\cf25\f26\fs19 d.\ul0\nosupersub\cf11\f12\fs21 The system shou ld show the ProSafe icon ( \ul0\nosupersub\cf25\f26\fs19 e.\ul0\nosupersub\cf11\ f12\fs21 Double-click the system tray icon to open the Security Policy Editor . ) in the system tray after rebooting. \par\pard\par\pard\ql \ul0\nosupersub\ cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 The procedure in this section explains how to create a new security policy from scratch. For the procedure on how to import an existing security policy that has already been created on anoth er client running the NETGEAR ProSafe VPN Client, see \ul0\nosupersub\cf21\f22\f s21 \u8220?Transferring a Security Policy to Another Client\u8221? on page 5-18\ ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs 19 a.\ul0\nosupersub\cf11\f12\fs21 Run the NETGEAR ProSafe Security Policy Ed itor program and create a VPN \par Connection. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\n osupersub\cf11\f12\fs21 From the Edit menu of the Security Policy Editor, cli ck \ul0\nosupersub\cf15\f16\fs21 Add\ul0\nosupersub\cf11\f12\fs21 , then \ul0\no supersub\cf15\f16\fs21 Connection\ul0\nosupersub\cf11\f12\fs21 . A \u8220?New \p ar Connection\u8221? listing appears in the list of policies. Rename the \u 8220?New Connection\u8221? so that it matches the Connection Name you entered in the VPN Settings of the FVS318v3 on LAN A. \par\pard\par\pard\ql \ul0\nosupersu b\cf15\f16\fs21 Note:\ul0\nosupersub\cf11\f12\fs21 In this example, the Connect ion Name used on the client side of the VPN tunnel is \ul0\nosupersub\cf15\f16\f s21 NETGEAR_VPN_router\ul0\nosupersub\cf11\f12\fs21 and it does not have to mat ch the \ul0\nosupersub\cf15\f16\fs21 RoadWarrior\ul0\nosupersub\cf11\f12\fs21 C onnection \par Name used on the gateway side of the VPN tunnel (see \ul0\nosupe rsub\cf21\f22\fs21 Figure 5-5\ul0\nosupersub\cf11\f12\fs21 ) because Connection Names are unrelated to how the VPN tunnel functions. \par\pard\par\pard\ql \ul0\ nosupersub\cf15\f16\fs21 Tip:\ul0\nosupersub\cf11\f12\fs21 Choose Connection Na mes that make sense to the people using and administrating the VPN. \par\pard\pa r\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-9: Security Policy Editor new c onnection \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-10}\cell{\ul0\nosupersub\c f4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\qj \ul0\nosupersub\cf4\f5\fs19 Figure 5-1 0: Security Policy Editor connection settings \par \ul0\nosupersub\cf25\f26

\fs19 c.\ul0\nosupersub\cf11\f12\fs21 Select Secure in the Connection Securit y check box. \ul0\nosupersub\cf25\f26\fs19 d.\ul0\nosupersub\cf11\f12\fs21 Se lect IP\ul0\nosupersub\cf15\f16\fs21 \ul0\nosupersub\cf11\f12\fs21 Subnet in th e ID Type menu. \par\pard\par\pard\ql In this example, type \ul0\nosupersub\cf15 \f16\fs21 192.168.3.1\ul0\nosupersub\cf11\f12\fs21 in the Subnet field as the n etwork address of the FVS318v3. \par\pard\par\pard\ul0\nosupersub\cf25\f26\fs19 e.\ul0\nosupersub\cf11\f12\fs21 Enter \ul0\nosupersub\cf15\f16\fs21 255.255.2 55.0\ul0\nosupersub\cf11\f12\fs21 in the Mask field as the LAN Subnet Mask of t he FVS318v3. \ul0\nosupersub\cf25\f26\fs19 f. \ul0\nosupersub\cf11\f12\fs21 Sele ct All in the Protocol menu to allow all traffic through the VPN tunnel. \ul0\no supersub\cf25\f26\fs19 g.\ul0\nosupersub\cf11\f12\fs21 Select the Connect usi ng Secure Gateway Tunnel check box. \ul0\nosupersub\cf25\f26\fs19 h.\ul0\nosuper sub\cf11\f12\fs21 Select IP\ul0\nosupersub\cf15\f16\fs21 \ul0\nosupersub\cf1 1\f12\fs21 Address in the ID Type menu below the check box. \par\pard\par\pard\q l \ul0\nosupersub\cf25\f26\fs19 i. \ul0\nosupersub\cf11\f12\fs21 Enter the publi c WAN IP Address of the FVS318v3 in the field directly below the ID Type \par menu. In this example, \ul0\nosupersub\cf2\f3\fs18 22.23.24.25\ul0\nosupersub\cf 15\f16\fs21 \ul0\nosupersub\cf11\f12\fs21 would be used. \par\pard\par\pard\ql The resulting Connection Settings are shown in \ul0\nosupersub\cf21\f22\fs21 Fig ure 5-10\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf 25\f26\fs19 3. \ul0\nosupersub\cf11\f12\fs21 Configure the Security Policy in th e NETGEAR ProSafe VPN Client software. \par\pard\par\pard\ql \ul0\nosupersub\cf2 5\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 In the Network Security Policy lis t, expand the new connection by double clicking its \par name or clicking on the \u8220?+\u8221? symbol. My Identity and Security Policy subheadings appe ar below the connection name. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs1 9 b.\ul0\nosupersub\cf11\f12\fs21 Click on the \ul0\nosupersub\cf15\f16\fs21 Security Policy\ul0\nosupersub\cf11\f12\fs21 subheading to show the Security Po licy menu. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-1 1: Security Policy Editor Security Policy \par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf25\f26\fs19 c.\ul0\nosupersub\cf11\f12\fs21 the Main Mode in the Select Phase 1 Negotiation Mode check box.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} Select

\trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Configure the VPN Client Identity.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql In this step, you will provide information about the remo te VPN client PC. You will need to provide: \par\pard\par\pard\ql \u8212? The P re-Shared Key that you configured in the FVS318v3. \u8212? Either a fixed IP ad

dress or a \u8220?fixed virtual\u8221? IP address of the VPN client PC. \par\par d\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 I n the Network Security Policy list on the left side of the Security Policy Edito r window, \par click on \ul0\nosupersub\cf15\f16\fs21 My Identity\ul0\nosupersu b\cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-12}\cell{\ul0\nosupersub\c f4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 F igure 5-12: Security Policy Editor My Identity \par \ul0\nosupersub\cf25\f26 \fs19 b.\ul0\nosupersub\cf11\f12\fs21 Choose None in the Select Certificate b ox. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 c.\ul0\nosupersub\cf11\f 12\fs21 Select IP Address in the ID Type box. If you are using a virtual fixe d IP address, enter this \par address in the Internal Network IP Address box. Otherwise, leave this box empty. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\ fs19 d.\ul0\nosupersub\cf11\f12\fs21 In the Internet Interface box, select th e adapter you use to access the Internet. Select PPP \par Adapter in the N ame menu if you have a dial-up Internet account. Select your Ethernet adapter if you have a dedicated Cable or DSL line. You may also choose Any if you will be switching between adapters or if you have only one adapter. \par\pard\par\pard\q j \ul0\nosupersub\cf25\f26\fs19 e.\ul0\nosupersub\cf11\f12\fs21 Click the \ul 0\nosupersub\cf15\f16\fs21 Pre-Shared Key\ul0\nosupersub\cf11\f12\fs21 button. In the Pre-Shared Key dialog box, click the \ul0\nosupersub\cf15\f16\fs21 Enter Key \par \ul0\nosupersub\cf11\f12\fs21 button. Enter the FVS318v3's Pre-S hared Key and click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs2 1 . In this example, \ul0\nosupersub\cf15\f16\fs21 12345678 \ul0\nosupersub\cf11 \f12\fs21 is entered. This field is case sensitive. \par\pard\par\pard\ql \ul0\n osupersub\cf4\f5\fs19 Figure 5-13: Security Policy Editor Pre-Shared Key \par\ pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-13}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 5. \ul0\ nosupersub\cf11\f12\fs21 Configure the VPN Client Authentication Proposal. \par\ pard\par\pard\ql In this step, you will provide the type of encryption (DES or 3 DES) to be used for this connection. This selection must match your selection in the FVS318v3 configuration. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 In the Network Security Policy list on the l eft side of the Security Policy Editor window, \par expand the Security Poli cy heading by double clicking its name or clicking on the \u8220?+\u8221? symbol . \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12 \fs21 Expand the Authentication subheading by double clicking its name or cli cking on the \u8220?+\u8221? \par symbol. Then select Proposal 1 below Aut hentication. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-14: Se curity Policy Editor Authentication \par \ul0\nosupersub\cf25\f26\fs19 c. \ul0\nosupersub\cf11\f12\fs21 In the Authentication Method menu, select Pre-S

hared key. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 d.\ul0\nosupersub \cf11\f12\fs21 In the Encrypt Alg menu, select the type of encryption. In thi s example, use Triple DES. \ul0\nosupersub\cf25\f26\fs19 e.\ul0\nosupersub\cf11\ f12\fs21 In the Hash Alg menu, select SHA-1. \par\pard\par\pard\ql \ul0\nosup ersub\cf25\f26\fs19 f. \ul0\nosupersub\cf11\f12\fs21 In the SA Life menu, select Unspecified. \par\pard\par\pard \ul0\nosupersub\cf25\f26\fs19 g.\ul0\nos upersub\cf11\f12\fs21 In the Key Group menu, select Diffie-Hellman Group 2. \ ul0\nosupersub\cf25\f26\fs19 6. \ul0\nosupersub\cf11\f12\fs21 Configure the VPN Client Key Exchange Proposal. \par\pard\par\pard\ql In this step, you will provi de the type of encryption (DES or 3DES) to be used for this connection. This sel ection must match your selection in the FVS318v3 configuration. \par\pard\par\pa rd\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 Expand th e Key Exchange subheading by double clicking its name or clicking on the \u8220? +\u8221? \par symbol. Then select Proposal 1 below Key Exchange. \par\pard\par \pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-14}\cell{\ul0\nosupersub\c f4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-1 5: Security Policy Editor Key Exchange \par \ul0\nosupersub\cf25\f26\fs19 b. \ul0\nosupersub\cf11\f12\fs21 In the SA Life menu, select Unspecified. \ul0\n osupersub\cf25\f26\fs19 c.\ul0\nosupersub\cf11\f12\fs21 In the Compression me nu, select None. \ul0\nosupersub\cf25\f26\fs19 d.\ul0\nosupersub\cf11\f12\fs21 Check the Encapsulation Protocol (ESP) check box. \par\pard\ul0\nosupersub\cf2 5\f26\fs19 f. \ul0\nosupersub\cf11\f12\fs21 Save the VPN Client Settings. \ul0\n osupersub\cf25\f26\fs19 e.\ul0\nosupersub\cf11\f12\fs21 In the Encrypt Alg me nu, select the type of encryption. In this example, use Triple DES. \par In the Hash Alg menu, select SHA-1. \ul0\nosupersub\cf25\f26\fs19 g.\ul0\nosuper sub\cf11\f12\fs21 In the Encapsulation menu, select Tunnel. \ul0\nosupersub\c f25\f26\fs19 h.\ul0\nosupersub\cf11\f12\fs21 Leave the Authentication Protoco l (AH) check box unchecked. \par\pard\par\pard\ql From the File menu at the top of the Security Policy Editor window, select Save. \par\pard\par\pard\ql After y ou have configured and saved the VPN client information, your PC will automatica lly open the VPN connection when you attempt to access any IP addresses in the r ange of the remote VPN firewall\u8217?s LAN. \par\pard\par\pard\ql \ul0\nosupers ub\cf25\f26\fs19 8. \ul0\nosupersub\cf11\f12\fs21 Check the VPN Connection. \par \pard\par\pard\ql To check the VPN Connection, you can initiate a request from t he remote PC to the FVS318v3\u8217?s network by using the \u8220?Connect\u8221? option in the NETGEAR ProSafe menu bar. The NETGEAR ProSafe client will report t he results of the attempt to connect. Since the remote PC has a dynamically assi gned WAN IP address, it must initiate the request. \par\pard\par\pard\ql To perf orm a ping test using our example, start from the remote PC: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-15}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19

a.\ul0\nosupersub\cf11\f12\fs21 Establish an Internet connection from the PC . \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12 \fs21 On the Windows taskbar, click the \ul0\nosupersub\cf15\f16\fs21 Start\u l0\nosupersub\cf11\f12\fs21 button, and then click \ul0\nosupersub\cf15\f16\fs2 1 Run\ul0\nosupersub\cf11\f12\fs21 . \ul0\nosupersub\cf25\f26\fs19 c.\ul0\nosupe rsub\cf11\f12\fs21 Type \ul0\nosupersub\cf45\f46\fs18 ping -t 192.168.3.1 \ul0\nosupersub\cf11\f12\fs21 , and then click \ul0\nosupersub\cf15\f16\fs21 OK \ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs1 9 Figure 5-16: Running a Ping test to the LAN from the PC \par\pard\par\pard\q l \ul0\nosupersub\cf11\f12\fs21 This will cause a continuous ping to be sent to the first FVS318v3. After between several \par seconds and two minutes, the pin g response should change from \u8220?timed out\u8221? to \u8220?reply.\u8221? \p ar\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-17: Ping test results \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Once the connection is esta blished, you can open the browser of the PC and enter the LAN IP address of the remote FVS318v3. After a short wait, you should see the login screen of the VPN Firewall (unless another PC already has the FVS318v3 management interface open). \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Monitoring the Progress and Status of the VPN Client Connection \par\pard\par\pard\ql \ul0\nosupersub\cf11\ f12\fs21 Information on the progress and status of the VPN client connection can be viewed by opening the NETGEAR ProSafe Log Viewer. \par\pard\par\pard\ql \ul0 \nosupersub\cf25\f26\fs19 1. \ul0\nosupersub\cf11\f12\fs21 To launch this functi on, click on the \ul0\nosupersub\cf15\f16\fs21 Windows Start\ul0\nosupersub\cf11 \f12\fs21 button, then select \ul0\nosupersub\cf15\f16\fs21 Programs\ul0\nosupe rsub\cf11\f12\fs21 , then \par \ul0\nosupersub\cf15\f16\fs21 NETGEAR ProSafe VP N Client\ul0\nosupersub\cf11\f12\fs21 , then \ul0\nosupersub\cf15\f16\fs21 Log V iewer\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-16}\cell{\ul0\nosupersub\c f4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The Log Viewer screen for a similar successful connection is shown below: \par\ pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-18: Log Viewer screen \p ar\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12 \fs21 Use the active VPN tunnel information and pings to determine whether a fai led \par connection is due to the VPN tunnel or some reason outside the V PN tunnel. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 2. \ul0\nosupersu b\cf11\f12\fs21 The Connection Monitor screen for a similar connection is shown below: \par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf4\f5\fs19 Figure 5-19: ll {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} Connection Monitor screen}\ce

\trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 In this example you can see the following: }\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 The FVS318v3 has a public IP WAN address of 22.23.24.25.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 The FVS318v3 has a LAN IP address of 192.168.3.1.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 The VPN client PC has a dynamically assigned address of 192.16 8.2.2.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-17}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 While the connection is being established, the Connection Name field in this me nu will say \u8220?SA\u8221? before the name of the connection. When the connect ion is successful, the \u8220?SA\u8221? will change to the yellow key symbol sho wn in the illustration above. \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs2 1 Note: \ul0\nosupersub\cf11\f12\fs21 While your PC is connected to a remote LAN through a VPN, you might not have \par normal Internet access. If this is the c ase, you will need to close the VPN connection in order to have normal Internet access. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Transferring a Secur ity Policy to Another Client \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This section explains how to export and import a security policy as an \ul0\nos upersub\cf15\f16\fs21 .spd\ul0\nosupersub\cf11\f12\fs21 file so that an existin g NETGEAR ProSafe VPN Client configuration can be copied to other PCs running th e NETGEAR ProSafe VPN Client. \par\pard\par\pard\ql \ul0\nosupersub\cf38\f39\fs2 1 Exporting a Security Policy \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs2 1 The following procedure (\ul0\nosupersub\cf21\f22\fs21 Figure 5-20\ul0\nosuper sub\cf11\f12\fs21 ) enables you to export a security policy as an \ul0\nosupersu b\cf15\f16\fs21 .spd\ul0\nosupersub\cf11\f12\fs21 file. \par\pard\par\pard\ql \ ul0\nosupersub\cf15\f16\fs21 Step 1\ul0\nosupersub\cf11\f12\fs21 : Select \ul0\n osupersub\cf15\f16\fs21 Export Security Policy\ul0\nosupersub\cf11\f12\fs21 fro m the \ul0\nosupersub\cf15\f16\fs21 File\ul0\nosupersub\cf11\f12\fs21 pulldown. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Step 2\ul0\nosupersub\cf11\ f12\fs21 : Click \ul0\nosupersub\cf15\f16\fs21 Export\ul0\nosupersub\cf11\f12\fs 21 once you decide the name of the file \par and directory where you want to

store the client policy. \par\pard\par\pard\ql In this example, the exported po licy is named \ul0\nosupersub\cf15\f16\fs21 policy.spd \ul0\nosupersub\cf11\f12\ fs21 and is being stored on the C drive. \par\pard\par\pard\ql \ul0\nosupersub\c f4\f5\fs19 Figure 5-20: Exporting a security policy \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-18}\cell{\ul0\nosupersub\c f4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \u l0\nosupersub\cf38\f39\fs21 Importing a Security Policy \par\pard\par\pard\ql \u l0\nosupersub\cf11\f12\fs21 The following procedure (\ul0\nosupersub\cf21\f22\fs 21 Figure 5-21\ul0\nosupersub\cf11\f12\fs21 ) enables you to import an existing security policy. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Step 1\ul0\nosupersub\cf11 \f12\fs21 : Invoke the NETGEAR ProSafe}\cell{\ul0\nosupersub\cf15\f16\fs21 Step 2\ul0\nosupersub\cf11\f12\fs21 : Select the security policy to import.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql VPN Client and select \ul0\nosupersub\cf15\f16\fs21 Impor t Security \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Policy\ul0\nosupersub\cf11 \f12\fs21 from the \ul0\nosupersub\cf15\f16\fs21 File\ul0\nosupersub\cf11\f12\f s21 pulldown.}\cell{\ul0\nosupersub\cf11\f12\fs21 In this example, the security policy file is}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql named \ul0\nosupersub\cf15\f16\fs21 FVS318v3_clientpolic y_direct.spd \ul0\nosupersub\cf11\f12\fs21 and located on the Desktop. \par\pard \par\pard\ql The security policy is now imported. \par\pard\par\pard\ql In this example, the connection name is \ul0\nosupersub\cf15\f16\fs21 Scenario_1\ul0\nos upersub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-21: Importing a security policy \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-19}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 How to Set Up a G ateway-to-Gateway VPN Configuration \par\pard\par\pard\ql \ul0\nosupersub\ cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 This section uses the VPN Wiza rd to set up the VPN tunnel using the VPNC default parameters listed in \ul0\nos

upersub\cf21\f22\fs21 Table 5-1 on page 5-4\ul0\nosupersub\cf11\f12\fs21 . If yo u have special requirements not covered by these VPNC-recommended parameters, re fer to \ul0\nosupersub\cf21\f22\fs21 Chapter 6, \u8220?Advanced Virtual Private Networking\ul0\nosupersub\cf11\f12\fs21 \u8221? to set up the VPN tunnel. \par\p ard\par\pard\ql \ul0\nosupersub\cf41\f42\fs36 VPN Tunnel \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf41\f42\fs36 A}\cell{\ul0\nosupersub\cf 41\f42\fs36 B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf43\f44\fs18 FVS318v3 VPN Firewall}\cel l{\ul0\nosupersub\cf43\f44\fs18 FVS318v3 VPN Firewall}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf43\f44\fs18 PCs}\cell{\ul0\nosupersub\ cf43\f44\fs18 PCs}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-22: Gateway-to-Gat eway VPN Tunnel \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Follow the p rocedure below to set the LAN IPs on each FVS318v3 to different subnets and conf igure each properly for the Internet. \par\pard\par\pard\ql The LAN IP address r anges of each VPN endpoint must be different. The connection will fail if both a re using the NETGEAR default address range of 192.168.0.x. \par\pard\par\pard\ql In this example, LAN A uses 192.168.0.1 and LAN B uses 192.168.3.1. \par\pard\p ar\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-20}\cell{\ul0\nosupersub\c f4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Procedure to Configure a Gateway-to-Gateway VPN Tunnel \par\pard\par\pard\ql \u l0\nosupersub\cf11\f12\fs21 Follow this procedure to configure a gateway-to-gate way VPN tunnel using the VPN Wizard. \par\pard\par\pard\ql \ul0\nosupersub\cf25\ f26\fs19 1. \ul0\nosupersub\cf11\f12\fs21 Log in to the FVS318v3 on LAN A at its default LAN address of \ul0\nosupersub\cf16\f17\fs21 http://192.168.0.1\ul0\nos upersub\cf11\f12\fs21 with its \par default user name of \ul0\nosupersub\cf4 \f5\fs19 admin\ul0\nosupersub\cf11\f12\fs21 and password of \ul0\nosupersub\cf4 \f5\fs19 password\ul0\nosupersub\cf11\f12\fs21 . Click the \ul0\nosupersub\cf15\ f16\fs21 VPN Wizard\ul0\nosupersub\cf11\f12\fs21 link in the main menu to displ ay this screen. Click \ul0\nosupersub\cf15\f16\fs21 Next\ul0\nosupersub\cf11\f12 \fs21 to proceed. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-23 : VPN Wizard start screen \par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Fill in the Connection Name and the pre-shared key, select the type of target end point, and}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 click \ul0\nosupersub\cf15\f16\fs21 Next\u l0\nosupersub\cf11\f12\fs21 to proceed.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Enter the new Connection Name : (GtoG in this example) \par\pard\par\pard\ql Enter the pre-shared key: (123456 78 in this example) \par\pard\par\pard\ql Select the radio button: A remote VPN Gateway \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-24: Connect ion Name and Remote IP Type \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-21}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 3. Fill in the IP Address or FQDN for the target VPN endpoint WAN connection and click \ul0\nosupersub\cf15\f16\fs21 Next\ul0\nosupersub\cf11\f12\fs21 . \par \pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Enter the WAN IP address of the re mote VPN gateway: \par\pard\par\pard\ql (22.23.24.25 in this example) \par\pard\ par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-25: Remote IP \par\pard\par\p ard\ql \ul0\nosupersub\cf11\f12\fs21 4. Identify the IP addresses at the targe t endpoint that can use this tunnel, and click \ul0\nosupersub\cf15\f16\fs21 Nex t\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs 18 Enter the LAN IP settings of the remote VPN gateway: \par\pard\par\pard\ql \u 8226? IP Address \par\pard\par\pard\ql (192.168.3.1 in this example) \u8226? Su bnet Mask \par\pard\par\pard\ql (255.255.255.0 in this example) \par\pard\par\pa rd\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-26: Secure Connection Remote Access ibility \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-22}\cell{\ul0\nosupersub\c f4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The Summ ary screen below displays. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Fig ure 5-27: VPN Wizard Summary \par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-23}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 To view the VPNC recommended authentication and encryption settings used by the VPN Wizard, click the \ul0\nosupersub\cf15\f16\fs21 here \ul0\nosupersub\cf11\f 12\fs21 link (see \ul0\nosupersub\cf21\f22\fs21 Figure 5-27\ul0\nosupersub\cf11\ f12\fs21 ). Click \ul0\nosupersub\cf15\f16\fs21 Back\ul0\nosupersub\cf11\f12\fs2 1 to return to the Summary screen. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5 \fs19 Figure 5-28: VPN Recommended Settings \par\pard\par\pard\ql \ul0\nosuper sub\cf25\f26\fs19 5. \ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f1 6\fs21 Done\ul0\nosupersub\cf11\f12\fs21 on the Summary screen (see \ul0\nosupe rsub\cf21\f22\fs21 Figure 5-27\ul0\nosupersub\cf11\f12\fs21 ) to complete the co nfiguration \par procedure. The VPN Policies menu below displays showing that the new tunnel is enabled. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs1 9 Figure 5-29: VPN Policies \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-24}\cell{\ul0\nosupersub\c f4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 6.}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 Repeat for the FVS318v3 on LAN B. Pay spec ial attention and use the following network}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 settings as appropriate.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 WAN IP of the remote VPN gateway (e.g., \ul0\nosupersub\cf15\f16\fs21 14.15.16 .17\ul0\nosupersub\cf11\f12\fs21 )}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 LAN IP settings of the remote VPN gateway:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8212? IP Address (e.g, \ul0\nosupersub\cf15\f16\fs21 1 92.168.0.1\ul0\nosupersub\cf11\f12\fs21 ) \u8212? Subnet Mask (e.g., \ul0\nosup ersub\cf15\f16\fs21 255.255.255.0\ul0\nosupersub\cf11\f12\fs21 ) \u8212? Presha red Key (e.g., \ul0\nosupersub\cf15\f16\fs21 12345678\ul0\nosupersub\cf11\f12\fs 21 ) \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 7. \ul0\nosupersub\cf11 \f12\fs21 Use the VPN Status screen to activate the VPN tunnel by performing the following steps: \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 No te: \ul0\nosupersub\cf11\f12\fs21 The VPN Status screen is only one of three way s to active a VPN tunnel. See \ul0\nosupersub\cf21\f22\fs21 \u8220?Activating a VPN Tunnel\u8221? on page 5-26\ul0\nosupersub\cf11\f12\fs21 for information on the other ways. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosup ersub\cf11\f12\fs21 Open the FVS318v3 management interface and click on \ul0\ nosupersub\cf15\f16\fs21 VPN Status\ul0\nosupersub\cf11\f12\fs21 under VPN to g et the \par VPN Status/Log screen (\ul0\nosupersub\cf21\f22\fs21 Figure 5-30 \ul0\nosupersub\cf11\f12\fs21 ). \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs 19 Figure 5-30: VPN Status/Log screen \par\pard\par\pard\ql \ul0\nosupersub\cf 25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 Click on \ul0\nosupersub\cf15\f16 \fs21 VPN Status\ul0\nosupersub\cf11\f12\fs21 (\ul0\nosupersub\cf21\f22\fs21 Fi gure 5-32\ul0\nosupersub\cf11\f12\fs21 ) to get the Current VPN Tunnels (SAs) sc reen \par (\ul0\nosupersub\cf21\f22\fs21 Figure 5-31\ul0\nosupersub\cf11\f 12\fs21 ). Click on \ul0\nosupersub\cf15\f16\fs21 Connect\ul0\nosupersub\cf11\f1 2\fs21 for the VPN tunnel you want to activate. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-25}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-3 1: Current VPN Tunnels (SAs) Screen \par\pard\par\pard\ql \ul0\nosupersub\cf25 \f26\fs19 c.\ul0\nosupersub\cf11\f12\fs21 Look at the VPN Status/Log screen ( \ul0\nosupersub\cf21\f22\fs21 Figure 5-30\ul0\nosupersub\cf11\f12\fs21 ) to veri fy that the tunnel is connected. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\ fs30 VPN Tunnel Control \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Acti vating a VPN Tunnel \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 There ar e three ways to activate a VPN tunnel: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Start using the VPN tunnel.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Use the VPN Status page.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Activate the VPN tunnel by pinging the remote endpoint.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf38\f39\fs21 Start Using a VPN Tunnel to Activate It \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 To use a VPN tu nnel, use a Web browser to go to a URL whose IP address or range is covered by t he policy for that VPN tunnel. \par\pard\par\pard\ql \ul0\nosupersub\cf38\f39\fs 21 Using the VPN Status Page to Activate a VPN Tunnel \par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 To use the VPN Status screen to activate a VPN tunnel, perform the following steps:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Log in to the VPN Firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Open the FVS318v3 management interface and click on \ul0\nosupersub \cf15\f16\fs21 VPN Status\ul0\nosupersub\cf11\f12\fs21 under VPN to get the}\ce ll {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 VPN Status/Log screen (\ul0\nosupersub\cf2 1\f22\fs21 Figure 5-32\ul0\nosupersub\cf11\f12\fs21 ).}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-26}\cell{\ul0\nosupersub\c f4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 F igure 5-32: VPN Status/Log screen \par\pard\par\pard\ql \ul0\nosupersub\cf25\f 26\fs19 3. \ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 VPN Status\ul0\nosupersub\cf11\f12\fs21 (\ul0\nosupersub\cf21\f22\fs21 Figure 5-32 \ul0\nosupersub\cf11\f12\fs21 ) to get the Current VPN Tunnels (SAs) screen (\ul 0\nosupersub\cf21\f22\fs21 Figure 5-33\ul0\nosupersub\cf11\f12\fs21 ). \par Click \ul0\nosupersub\cf15\f16\fs21 Connect\ul0\nosupersub\cf11\f12\fs21 for th e VPN tunnel you want to activate. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\ fs19 Figure 5-33: Current VPN Tunnels (SAs) screen \par\pard\par\pard\ql \ul0\ nosupersub\cf38\f39\fs21 Activate the VPN Tunnel by Pinging the Remote Endpoint \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 This section u ses 192.168.3.1 for an example remote endpoint LAN IP address. \par\pard\par\par d\ql To activate the VPN tunnel by pinging the remote endpoint (192.168.3.1), do the following steps depending on whether your configuration is client-to-gatewa y or gateway-to-gateway: \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf15\f16\ fs21 Client-to-Gateway Configuration\ul0\nosupersub\cf11\f12\fs21 \u8212?to chec k the VPN Connection, you can initiate a request \par from the remote PC to th e FVS318v3\u8217?s network by using the \u8220?Connect\u8221? option in the NETG EAR ProSafe menu bar. The NETGEAR ProSafe client will report the results of the attempt to connect. Since the remote PC has a dynamically assigned WAN IP addres s, it must initiate the request. \par\pard\par\pard\ql To perform a ping test us ing our example, start from the remote PC: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-27}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 Establish an Internet connection from the PC . \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12 \fs21 On the Windows taskbar, click the \ul0\nosupersub\cf15\f16\fs21 Start\u l0\nosupersub\cf11\f12\fs21 button, and then click \ul0\nosupersub\cf15\f16\fs2 1 Run\ul0\nosupersub\cf11\f12\fs21 . \ul0\nosupersub\cf25\f26\fs19 c.\ul0\nosupe rsub\cf11\f12\fs21 Type \ul0\nosupersub\cf15\f16\fs21 ping -t 192.168.3.1\u l0\nosupersub\cf45\f46\fs18 \ul0\nosupersub\cf11\f12\fs21 and then click \ul0\ nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-34: Running a Ping test to the LAN from the PC \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This will cause a con tinuous ping to be sent to the first FVS318v3. Within two minutes, \par the ping response should change from \u8220?timed out\u8221? to \u8220?reply.\u8221? \pa r\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note:\ul0\nosupersub\cf11\f12\f s21 Use \ul0\nosupersub\cf15\f16\fs21 Ctrl-C\ul0\nosupersub\cf11\f12\fs21 to s top the pinging. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-35: Ping test results \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Once the connection is established, you can open the browser of the PC and enter the LAN IP address of the remote FVS318v3. After a short wait, you should see the login screen of the VPN Firewall (unless another PC already has the FVS318v3 manageme nt interface open). \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Gateway-to-Gateway Configuration\ul0\nosupersub\cf11\f12\fs21 \u8212?test the VPN tunnel by pinging the remote network}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 from a PC attached to the FVS318v3.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\ fs21 Open a command prompt (\ul0\nosupersub\cf15\f16\fs21 Start\ul0\nosupersu b\cf11\f12\fs21 -> \ul0\nosupersub\cf15\f16\fs21 Run\ul0\nosupersub\cf11\f12\fs 21 -> \ul0\nosupersub\cf15\f16\fs21 cmd\ul0\nosupersub\cf11\f12\fs21 ). \ul0\no supersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 Type \ul0\nosupersub\c f15\f16\fs21 ping 192.168.3.1\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-28}\cell{\ul0\nosupersub\c f4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 F igure 5-36: Pinging test results \par\pard\par\pard\ql \ul0\nosupersub\cf15\f1 6\fs21 Note:\ul0\nosupersub\cf11\f12\fs21 The pings may fail the first time. If so, then try the pings a second time. \par\pard\par\pard\ql \ul0\nosupersub\cf1 9\f20\fs27 Verifying the Status of a VPN Tunnel \par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 To use the VPN Status page to determine th e status of a VPN tunnel, perform the following steps:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Log in to the VPN Firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Open the FVS318v3 management interface and click \ul0\nosupersub\cf 15\f16\fs21 VPN Status\ul0\nosupersub\cf11\f12\fs21 under VPN to get the VPN}\c ell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Status/Log screen (\ul0\nosupersub\cf21\f2

2\fs21 Figure 5-37\ul0\nosupersub\cf11\f12\fs21 ).}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-37: VPN Status/Log screen \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Log\u8212?this log s hows the details of recent VPN activity, including the building of the VPN tunne l. If there is a problem with the VPN tunnel, refer to the log for information a bout what might be the cause of the problem. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Refresh\ul0\nosupersub\cf1 1\f12\fs21 to see the most recent entries.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networking}\cell{\ul0\ nosupersub\cf4\f5\fs19 5-29}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Click \ul0\nosupersub\cf15\f16\fs21 Clear Log\ul0\nosupersub\cf11\f12\fs21 to delete all log entries.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 VPN St atus\ul0\nosupersub\cf11\f12\fs21 (\ul0\nosupersub\cf21\f22\fs21 Figure 5-37\ul 0\nosupersub\cf11\f12\fs21 ) to get the Current VPN Tunnels (SAs) screen (\ul0\n osupersub\cf21\f22\fs21 Figure 5-38\ul0\nosupersub\cf11\f12\fs21 ).}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl

{}\cell{\ul0\nosupersub\cf4\f5\fs19 Figure 5-38: een}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

Current VPN Tunnels (SAs) scr

\trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 This page lists the following data for eac h active VPN Tunnel.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 SPI\ul0\nosupersub\cf11\f12\fs21 \u8212?each SA has a unique S PI (Security Parameter Index) for traffic in each direction.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 For Manual key exchange, the SPI is specif ied in the Policy definition. For Automatic key}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 exchange, the SPI is generated by the IKE protocol.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Policy Name\ul0\nosupersub\cf11\f12\fs21 \u8212?the name of th e VPN policy associated with this SA.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Remote Endpoint\ul0\nosupersub\cf11\f12\fs21 \u8212?the IP add ress on the remote VPN Endpoint.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Action\ul0\nosupersub\cf11\f12\fs21 \u8212?the action will be either a \ul0\nosupersub\cf15\f16\fs21 Drop\ul0\nosupersub\cf11\f12\fs21 or a \ ul0\nosupersub\cf15\f16\fs21 Connect\ul0\nosupersub\cf11\f12\fs21 button.}\cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 SLifeTime (Secs)\ul0\nosupersub\cf11\f12\fs21 \u8212?the remai ning Soft Lifetime for this SA in seconds. When the Soft}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Lifetime becomes zero, the SA (Security Association) will re-negotiated. \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf15\f16\fs21 HLif eTime (Secs)\ul0\nosupersub\cf11\f12\fs21 \u8212?the remaining Hard Lifetime for this SA in seconds. When the Hard \par Lifetime becomes zero, the SA (Security Association) will be terminated. (It will be re-established if required.) \par\p ard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Deactivating a VPN Tunnel \par\par d\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Sometimes a VPN tunnel must be deact ivated for testing purposes. There are two ways to deactivate a VPN tunnel: \par \pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Policy table on VPN Policies page}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 VPN Status page}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf38\f39\fs21 Using the Policy Table on the VPN Policies Page to Deactivate a VPN Tunnel}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 To use the VPN Policies page to deactivate a VPN tunnel, perform the following steps:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Log in to the VPN Firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c

f11\f12\fs21 Click on \ul0\nosupersub\cf15\f16\fs21 VPN Policies\ul0\nosupersub\ cf11\f12\fs21 under VPN to get the VPN Policies screen below (\ul0\nosupersub\c f21\f22\fs21 Figure 5-39\ul0\nosupersub\cf11\f12\fs21 ).}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-30}\cell{\ul0\nosupersub\c f4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 F igure 5-39: VPN Policies \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 3 . \ul0\nosupersub\cf11\f12\fs21 Clear the Enable check box for the VPN tunnel yo u want to deactivate and click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersu b\cf11\f12\fs21 . (To \par reactivate the tunnel, check the Enable box and click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs21 .) \par\p ard\par\pard\ql \ul0\nosupersub\cf38\f39\fs21 Using the VPN Status Page to Deact ivate a VPN Tunnel \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 To use th e VPN Status page to deactivate a VPN tunnel, perform the following steps: \par\ pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Log in to the VPN Firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 VPN Status\ul0\nosupersub\cf11\ f12\fs21 under VPN to get the VPN Status/Log screen (\ul0\nosupersub\cf21\f22\f s21 Figure 5-40\ul0\nosupersub\cf11\f12\fs21 ).}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-40: screen \par\pard\par\pard{ VPN Status/Log

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Basic Virtual Private Networ king}\cell{\ul0\nosupersub\cf4\f5\fs19 5-31}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 3. \ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 VPN Status \ul0\nosupersub\cf11\f12\fs21 (\ul0\nosupersub\cf21\f22\fs21 Figure 5-40\ul0\no supersub\cf11\f12\fs21 ) to get the Current VPN Tunnels (SAs) screen (\ul0\nosup

ersub\cf21\f22\fs21 Figure 5-41\ul0\nosupersub\cf11\f12\fs21 ). \par Click \u l0\nosupersub\cf15\f16\fs21 Drop\ul0\nosupersub\cf11\f12\fs21 for the VPN tunne l you want to deactivate. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figu re 5-41: Current VPN Tunnels (SAs) screen \par\pard\par\pard\ql \ul0\nos upersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 When NETBIOS is enable d (which it is in the VPNC defaults implemented by the VPN Wizard), automatic tr affic will reactivate the tunnel. To prevent reactivation from happening, either disable NETBIOS or disable the policy for the tunnel (see \par\pard\par\pard\ql \ul0\nosupersub\cf21\f22\fs21 \u8220?Using the Policy Table on the VPN Policies Page to Deactivate a VPN Tunnel\u8221? on page 5-30\ul0\nosupersub\cf11\f12\fs2 1 ). \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Deleting a VPN Tunnel \ par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 To delete a VPN tunnel: \par\ pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 1. \ul0\nosupersub\cf11\f12\fs21 Log in to the VPN Firewall. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 2. \ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 VPN Policie s\ul0\nosupersub\cf11\f12\fs21 under VPN to display the VPN Policies screen (\u l0\nosupersub\cf21\f22\fs21 Figure 5-42\ul0\nosupersub\cf11\f12\fs21 ). Select t he \par radio button for the VPN tunnel to be deleted and click the \ul0\nosuper sub\cf15\f16\fs21 Delete\ul0\nosupersub\cf11\f12\fs21 button. \par\pard\par\par d\ql \ul0\nosupersub\cf4\f5\fs19 Figure 5-42: VPN Policies \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 5-32}\cell{\ul0\nosupersub\c f4\f5\fs19 Basic Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf8\f9\fs36 Chapter 6 \par\pard\par\pard\ql Advanced Virtu al Private Networking \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Th is chapter describes how to use the advanced virtual private networking (VPN) fe atures of the FVS318v3 VPN Firewall. See \ul0\nosupersub\cf21\f22\fs21 Chapter 5 , \u8220?Basic Virtual Private Networking\ul0\nosupersub\cf11\f12\fs21 \u8221? f or a description on \par how to use the basic VPN features. \par\pard\par\pard\q l \ul0\nosupersub\cf12\f13\fs30 Overview of FVS318v3 Policy-Based VPN Configurat ion \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The FVS318v3 uses stateof-the-art firewall and security technology to facilitate controlled and activel y monitored VPN connectivity. Since the FVS318v3 strictly conforms to IETF stand ards, it is interoperable with devices from major network equipment vendors. \pa r\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf43\f44\fs18 FVS318v3 VPN Firewall}\cel l{\ul0\nosupersub\cf43\f44\fs18 FVS318v3 VPN Firewall}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql PCs \par\pard\par\pard\ql PCs \par\pard\par\pard\ql \ul0\ nosupersub\cf4\f5\fs19 Figure 6-1: Secure access through FVS318v3 VPN firewalls \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Using Policies to Manage VPN Traffic \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 You crea te policy definitions to manage VPN traffic on the FVS318v3. There are two kinds of policies: \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf15\f16\fs21 IKE Po licies\ul0\nosupersub\cf11\f12\fs21 : Define the authentication scheme and autom atically generate the encryption \par keys. As an alternative option, to furth er automate the process, you can create an IKE policy that uses a trusted certif icate authority to provide the authentication while the IKE policy still handles the encryption. \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf15\f16\fs21 VPN Policies\ul0\nosupersub\cf11\f12\fs21 : Apply the IKE policy to specific traffi c that requires a VPN tunnel. Or, you can \par create a VPN policy that does no t use an IKE policy but in which you manually enter all the authentication and k ey parameters. \par\pard\par\pard\ql Since VPN policies use IKE policies, you de fine the IKE policy first. The FVS318v3 also allows you to manually input the au thentication scheme and encryption key values. In the case of manual key managem ent there will not be any IKE policies. \par\pard\par\pard\ql In order to establ ish secure communication over the Internet with the remote site you need to \par configure matching VPN policies on both the local and remote FVS318v3 VPN Firewa lls. The outbound VPN policy on one end must match to the inbound VPN policy on other end, and vice versa. \par\pard\par\pard\ql When the network traffic enters into the FVS318v3 from the LAN network interface, if there is no VPN policy fou nd for a type of network traffic, then that traffic passes through without any c hange. However, if the traffic is selected by a VPN policy, then the IPSec authe ntication and encryption rules are applied to it as defined in the VPN policy. \ par\pard\par\pard\ql By default, a new VPN policy is added with the least priori ty, that is, at the end of the VPN policy table. \par\pard\par\pard\ql \ul0\nosu persub\cf19\f20\fs27 Using Automatic Key Management \par\pard\par\pard\ql \ul0\n osupersub\cf11\f12\fs21 The most common configuration scenarios will use IKE pol icies to automatically manage the authentication and encryption keys. Based on t he IKE policy, some parameters for the VPN tunnel are generated automatically. T he IKE protocols perform negotiations between the two VPN endpoints to automatic ally generate required parameters. \par\pard\par\pard\ql Some organizations will use an IKE policy with a Certificate Authority (CA) to perform authentication. Typically, CA authentication is used in large organizations that maintain their own internal CA server. This requires that each VPN gateway have a certificate f rom the CA. Using CAs reduces the amount of data entry required on each VPN endp oint. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-2}\cell{\ul0\nosupersub\cf 4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 IKE Policies\u8217? Automatic Key and Authentication Management \par\pard\par\p ard\ql \ul0\nosupersub\cf11\f12\fs21 Click the \ul0\nosupersub\cf15\f16\fs21 IK E Policies\ul0\nosupersub\cf11\f12\fs21 link from the VPN section of the main m enu, and then click the \ul0\nosupersub\cf15\f16\fs21 Add\ul0\nosupersub\cf11\f1 2\fs21 button of the IKE Policies screen to display the IKE Policy Configuratio n menu shown in \ul0\nosupersub\cf21\f22\fs21 Figure 6-2\ul0\nosupersub\cf11\f12 \fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 6-2: IKE - Poli cy Configuration Menu \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net

working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The IKE Policy Co nfiguration fields are defined in the following table. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 6-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 IKE Policy Configuration fields}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 General}\cell{\ul0\nosupersu b\cf2\f3\fs18 These settings identify this policy and determine its major charac teristics.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Policy Name}\cell{\ul0\nosup ersub\cf2\f3\fs18 The descriptive name of the IKE policy. Each policy should hav e a unique}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql policy name. This name is not supplied to the remote VPN endpoint. It is only used to help you identify IKE policies. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Direction/Type}\cell{\ul0\no supersub\cf2\f3\fs18 This setting is used when determining if the IKE policy mat ches the current}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql traffic. The drop-down menu includes the following: \par\ pard\par\pard\u8226? Initiator \u8212? Outgoing connections are allowed, but inc oming are blocked. \u8226? Responder \u8212? Incoming connections are allowed, b ut outgoing are \par blocked. \par\pard\par\pard\u8226? Both Directions \u821 2? Both outgoing and incoming connections are allowed. \u8226? Remote Access \u8 212? This is to allow only incoming client connections, \par where the IP add ress of the remote client is unknown. \par\pard\par\pard\ql If Remote Access is selected, the Exchange Mode must be Aggressive, and the Identities below (both L

ocal and Remote) must be Name. On the matching VPN Policy, the IP address of the remote VPN endpoint should be set to 0.0.0.0. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Exchange Mode}\cell{\ul0\nos upersub\cf2\f3\fs18 Main Mode or Aggressive Mode. This setting must match the se tting used}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql on the remote VPN endpoint. \par\pard\par\pard\ql \u8226? Main Mode is slower but more secure. Also, the Identity below must be \par established by IP address. \par\pard\par\pard\ql \u8226? Aggressive Mode is fast er but less secure. The Identity below can be by \par name (host name, domain name, and e-mail address) instead of by IP address. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Local}\cell{\ul0\nosupersub\ cf2\f3\fs18 These parameters apply to the Local FVS318v3 VPN Firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Local Identity Type}\cell{\u l0\nosupersub\cf2\f3\fs18 Use this field to identify the local FVS318v3. You can choose one of the}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql following four options from the drop-down list: \u8226? B y its Internet (WAN) port IP address. \par\pard\par\pard\u8226? By its Fully Qua lified Domain Name (FQDN) \u8212? your domain name. \u8226? By a Fully Qualified User Name \u8212? your name, E-mail address, or \par other ID. \par\pard\par\ pard\ql \u8226? By DER ASN.1 DN \u8212? the binary DER encoding of your ASN.1 X. 500 \par Distinguished Name. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Local Identity Data}\cell{\u l0\nosupersub\cf2\f3\fs18 This field lets you identify the local FVS318v3 by nam e.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 6-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 IKE Policy Configuration fields}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Remote}\cell{\ul0\nosupersub \cf2\f3\fs18 These parameters apply to the target remote FVS318v3, VPN gateway, or}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql VPN client. \par\pard\par\pard\ql Remote Identity Type Us e this field to identify the remote FVS318v3. You can choose one of the \par\par d\par\pard\ql following four options from the drop-down list: \u8226? By its Int ernet (WAN) port IP address. \par\pard\par\pard\u8226? By its Fully Qualified Do main Name (FQDN) \u8212? your domain name. \u8226? By a Fully Qualified User Nam e \u8212? your name, E-mail address, or \par other ID. \par\pard\par\pard\ql \u8226? By DER ASN.1 DN \u8212? the binary DER encoding of your ASN.1 X.500 \par Distinguished Name. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Remote Identity Data}\cell{\ ul0\nosupersub\cf2\f3\fs18 This field lets you identify the target remote FVS318 v3 by name.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 IKE SA Parameters}\cell{\ul0 \nosupersub\cf2\f3\fs18 These parameters determine the properties of the IKE Sec urity}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 Association.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Encryption Algorithm}\cell{\ ul0\nosupersub\cf2\f3\fs18 Choose the encryption algorithm for this IKE policy:} \cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\u8226? DES is the default \u8226? 3DES is more secure If you enable A uthentication Header (AH), this menu lets you to select from \par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 these authentication algorithms:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 \u8226? MD5 \u8212? the default}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 \u8226? SHA-1 \u8212? more secure}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Authentication Method}\cell{ \ul0\nosupersub\cf2\f3\fs18 You may select Pre-Shared Key or RSA Signature.}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Pre-Shared Key}\cell{\ul0\no supersub\cf2\f3\fs18 Specify the key according to the requirements of the Authen tication}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 Algorithm you selected.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 \u8226? For MD5, the key length should be 16 bytes.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 \u8226? For SHA-1, the key length should be 20 bytes.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 RSA Signature}\cell{\ul0\nos upersub\cf2\f3\fs18 RSA Signature requires a certificate.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Diffie-Hellman (D-H) Group}\ cell{\ul0\nosupersub\cf2\f3\fs18 The DH Group setting determines the bit size us ed in the key exchange.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql This must match the value used on the remote VPN gateway or client. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 SA Life Time}\cell{\ul0\nosu persub\cf2\f3\fs18 The amount of time in seconds before the Security Association expires;}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql over an hour (3600) is common. \par\pard\par\pard\ql \ul0 \nosupersub\cf19\f20\fs27 VPN Policy Configuration for Auto Key Negotiation \par \pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 An already defined IKE policy is required for VPN - Auto Policy configuration. From the VPN Policies section of the main menu, you can navigate to the VPN - Auto Policy configuration menu. \pa r\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 F igure 6-3: VPN - Auto Policy menu \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-6}\cell{\ul0\nosupersub\cf 4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The VPN - Auto Po licy fields are defined in the following table. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 6-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 VPN - Auto Policy Configuration Fields}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 General}\cell{\ul0\nosupersu b\cf2\f3\fs18 These settings identify this policy and determine its major charac teristics.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Policy Name}\cell{\ul0\nosup ersub\cf2\f3\fs18 The descriptive name of the VPN policy. Each policy should hav e a unique}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql policy name. This name is not supplied to the remote VPN endpoint. It is only used to help you identify VPN policies. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 IKE Policy}\cell{\ul0\nosupe rsub\cf2\f3\fs18 The existing IKE policies are presented in a drop-down list.}\c ell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Note: Create the IKE policy BEFORE creating a VPN - Auto policy. \par\pard\par\pard\ql Remote VPN Endpoint The address used to locate the remote VPN firewall or client to which you \par\pard\par\pard\ql wish to connec t. The remote VPN endpoint must have this FVS318v3\u8217?s Local IP values enter ed as its Remote VPN Endpoint. \u8226? By its Fully Qualified Domain Name (FQDN) \u8212? your domain name. \u8226? By its IP Address. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Address Type}\cell{\ul0\nosu persub\cf2\f3\fs18 The address type used to locate the remote VPN firewall or cl ient to which}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard\ql you wish to connect. \par\pard\par\pard\ql \u8226? By its Fully Qualified Domain Name (FQDN) \u8212? your domain name. \u8226? By its IP Address. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Address Data}\cell{\ul0\nosu persub\cf2\f3\fs18 The address used to locate the remote VPN firewall or client to which you}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql wish to connect. The remote VPN endpoint must have this F VS318v3\u8217?s Local Identity Data entered as its Remote VPN Endpoint. \u8226? By its Fully Qualified Domain Name (FQDN) \u8212? your domain name. \u8226? By i ts IP Address. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 SA Life Time}\cell{\ul0\nosu persub\cf2\f3\fs18 The duration of the Security Association before it expires.}\ cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8226? Seconds \u8212? the amount of time before the SA expires. Over an hour is \par common (3600). \par\pard\par\pard\ql \u8226? Kby tes \u8212? the amount of traffic before the SA expires. One of these can be set without setting the other. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 IPSec PFS}\cell{\ul0\nosuper sub\cf2\f3\fs18 If enabled, security is enhanced by ensuring that the key is cha nged at}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql regular intervals. Also, even if one key is broken, subse quent keys are no easier to break. Each key has no relationship to the previous key. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 PFS Key Group}\cell{\ul0\nos upersub\cf2\f3\fs18 If PFS is enabled, this setting determines the DH group bit size used in the}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql key exchange. This must match the value used on the remot e gateway. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 6-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 VPN - Auto Policy Configuration Fields}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Traffic Selector}\cell{\ul0\ nosupersub\cf2\f3\fs18 These settings determine if and when a VPN tunnel will be established. If}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql network traffic meets \ul0\nosupersub\cf13\f14\fs18 all\u l0\nosupersub\cf2\f3\fs18 criteria, then a VPN tunnel will be created. \par\par d\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Local IP}\cell{\ul0\nosupers ub\cf2\f3\fs18 The drop-down menu allows you to configure the source IP address of the}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql outbound network traffic for which this VPN policy will p rovide security. Usually, this address is from your network address space. The c hoices are: \u8226? ANY for all valid IP addresses in the Internet address space \u8226? Single IP Address \par\pard\par\pard\ql \u8226? Range of IP Addresses \ u8226? Subnet Address \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Remote IP}\cell{\ul0\nosuper sub\cf2\f3\fs18 The drop-down menu allows you to configure the destination IP ad dress of}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql the outbound network traffic for which this VPN policy wi ll provide security. Usually, this address is from the remote site's corporate n etwork address space. The choices are: \par\pard\par\pard\ql \u8226? ANY for all valid IP addresses in the Internet address space \u8226? Single IP Address \par \pard\par\pard\ql \u8226? Range of IP Addresses \u8226? Subnet Address \par\pard \par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Authenticating Header (AH)}\ cell{\ul0\nosupersub\cf2\f3\fs18 AH specifies the authentication protocol for th e VPN header. These}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Configuration}\cell{\ul0\nos upersub\cf2\f3\fs18 settings must match the remote VPN endpoint.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Enable Authentication}\cell{ \ul0\nosupersub\cf2\f3\fs18 Use this check box to enable or disable AH for this VPN policy.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Authentication Algorithm}\ce ll{\ul0\nosupersub\cf2\f3\fs18 If you enable AH, then select the authentication algorithm:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 \u8226? MD5 \u8212? the default}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 \u8226? SHA1 \u8212? more secure}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Encapsulated Security}\cell{ \ul0\nosupersub\cf2\f3\fs18 ESP provides security for the payload (data) sent th rough the VPN tunnel.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Payload (ESP) Configuration} \cell{\ul0\nosupersub\cf2\f3\fs18 Generally, you will want to enable both Encryp tion and Authentication. Two}\cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql ESP modes are available: \u8226? Plain ESP encryption \pa r\pard\par\pard\ql \u8226? ESP encryption with authentication \par\pard\par\pard \ql These settings must match the remote VPN endpoint. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Enable Encryption}\cell{\ul0 \nosupersub\cf2\f3\fs18 Use this check box to enable or disable ESP Encryption.} \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Encryption Algorithm}\cell{\ ul0\nosupersub\cf2\f3\fs18 If you enable ESP encryption, then select the encrypt ion algorithm:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\u8226? DES \u8212? the default \u8226? 3DES \u8212? more secure Use t his check box to enable or disable ESP transform for this VPN policy. \par\pard\ par\pard\ql You can select the ESP mode also with this menu. Two ESP modes are a vailable: \par\pard\par\pard\ql \u8226? Plain ESP \par\pard\par\pard\ql \u8226? ESP with authentication \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-8}\cell{\ul0\nosupersub\cf 4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 6-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 VPN - Auto Policy Configuration Fields}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Authentication Algorithm}\ce ll{\ul0\nosupersub\cf2\f3\fs18 If you enable AH, then use this menu to select wh ich authentication}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql algorithm will be employed. The choices are: \par\pard\pa r\pard\ql \u8226? MD5 \u8212? the default \u8226? SHA1 \u8212? more secure \par\ pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETBIOS Enable}\cell{\ul0\no supersub\cf2\f3\fs18 Check this if you wish NETBIOS traffic to be forwarded over the VPN}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql tunnel. The NETBIOS protocol is used by Microsoft Network ing for such features as Network Neighborhood. \par\pard\par\pard\ql \ul0\nosupe rsub\cf19\f20\fs27 VPN Policy Configuration for Manual Key Exchange \par\pard\pa r\pard\ql \ul0\nosupersub\cf11\f12\fs21 With Manual Key Management, you will not use an IKE policy. You must manually type in all the \par required key inf ormation. Click the \ul0\nosupersub\cf15\f16\fs21 VPN Policies\ul0\nosupersub\cf 11\f12\fs21 link from the VPN section of the main menu to display the menu show n below. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 F igure 6-4: VPN - Manual Policy menu \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-10}\cell{\ul0\nosupersub\c f4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The VPN Manual Po licy fields are defined in the following table. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 6-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 VPN Manual Policy Configuration Fields}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 General}\cell{\ul0\nosupersu b\cf2\f3\fs18 These settings identify this policy and determine its major charac teristics.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Policy Name}\cell{\ul0\nosup ersub\cf2\f3\fs18 The name of the VPN policy. Each policy should have a unique p olicy}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql name. This name is not supplied to the remote VPN Endpoin t. It is used to help you identify VPN policies. \par\pard\par\pard\ql Remote VP N Endpoint The WAN Internet IP address of the remote VPN firewall or client to w hich \par\pard\par\pard\ql you wish to connect. The remote VPN endpoint must hav e this FVS318v3\u8217?s WAN Internet IP address entered as its Remote VPN Endpoi nt. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Traffic Selector}\cell{\ul0\ nosupersub\cf2\f3\fs18 These settings determine if and when a VPN tunnel will be established. If}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql network traffic meets \ul0\nosupersub\cf13\f14\fs18 all\u l0\nosupersub\cf2\f3\fs18 criteria, then a VPN tunnel will be created. \par\par d\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Local IP}\cell{\ul0\nosupers ub\cf2\f3\fs18 The drop down menu allows you to configure the source IP address of the}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql outbound network traffic for which this VPN policy will p rovide security. Usually, this address is from your network address space. The c hoices are: \u8226? ANY for all valid IP addresses in the Internet address space \u8226? Single IP Address \par\pard\par\pard\ql \u8226? Range of IP Addresses \ u8226? Subnet Address \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Remote IP}\cell{\ul0\nosuper sub\cf2\f3\fs18 The drop down menu allows you to configure the destination IP ad dress of}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql the outbound network traffic for which this VPN policy wi

ll provide security. Usually, this address is from the remote site's corporate n etwork address space. The choices are: \par\pard\par\pard\ql \u8226? ANY for all valid IP addresses in the Internet address space \u8226? Single IP Address \par \pard\par\pard\ql \u8226? Range of IP Addresses \u8226? Subnet Address \par\pard \par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Authenticating Header (AH)}\ cell{\ul0\nosupersub\cf2\f3\fs18 AH specifies the authentication protocol for th e VPN header. These}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Configuration}\cell{\ul0\nos upersub\cf2\f3\fs18 settings must match the remote VPN endpoint.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Note: The Incoming settings here must match the Outgoing settings on the remote VPN endpoint, and the Outgoing settings here must match t he Incoming settings on the remote VPN endpoint. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 SPI - Incoming}\cell{\ul0\no supersub\cf2\f3\fs18 Enter a hexadecimal value (3 - 8 chars). Any value is accep table, provided}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql the remote VPN endpoint has the same value in its Outgoin g SPI field. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 SPI - Outgoing}\cell{\ul0\no supersub\cf2\f3\fs18 Enter a hexadecimal value (3 - 8 chars). Any value is accep table, provided}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql the remote VPN endpoint has the same value in its Incomin g SPI field. \par\pard\par\pard\ql Enable Authentication Use this check box to e nable or disable AH. Authentication is often not \par\pard\par\pard\ql used. In this case, leave the check box unchecked. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 6-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 VPN Manual Policy Configuration Fields}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Authentication Algorithm}\ce ll{\ul0\nosupersub\cf2\f3\fs18 If you enable AH, then select the authentication algorithm:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8226? MD5 \u8212? the default \u8226? SHA1 \u8212? more secure \par\pard\par\pard\ql Enter the keys in the fields provided. For MD5, th e keys should be 16 characters. For SHA-1, the keys should be 20 characters. \pa r\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Key - In}\cell{\ul0\nosupers ub\cf2\f3\fs18 Enter the keys.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8226? For MD5, the keys should be 16 characters. \u8226 ? For SHA-1, the keys should be 20 characters. \par\pard\par\pard\ql Any value i s acceptable, provided the remote VPN endpoint has the same value in its Authent ication Algorithm Key - Out field. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Key - Out}\cell{\ul0\nosuper sub\cf2\f3\fs18 Enter the keys in the fields provided.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8226? For MD5, the keys should be 16 characters. \u8226 ? For SHA-1, the keys should be 20 characters. \par\pard\par\pard\ql Any value i s acceptable, provided the remote VPN endpoint has the same value in its Authent ication Algorithm Key - In field. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Encapsulated Security}\cell{ \ul0\nosupersub\cf2\f3\fs18 ESP provides security for the payload (data) sent th rough the VPN tunnel.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Payload (ESP) Configuration}

\cell{\ul0\nosupersub\cf2\f3\fs18 Generally, you will want to enable both encryp tion and authentication.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql when you use ESP. Two ESP modes are available: \u8226? Pl ain ESP encryption \par\pard\par\pard\ql \u8226? ESP encryption with authenticat ion \par\pard\par\pard\ql These settings must match the remote VPN endpoint. \pa r\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 SPI - Incoming}\cell{\ul0\no supersub\cf2\f3\fs18 Enter a hexadecimal value (3 - 8 chars). Any value is accep table, provided}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 the remote VPN endpoint has the same value i n its Outgoing SPI field.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 SPI - Outgoing}\cell{\ul0\no supersub\cf2\f3\fs18 Enter a hexadecimal value (3 - 8 chars). Any value is accep table, provided}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 the remote VPN endpoint has the same value i n its Incoming SPI field.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Enable Encryption}\cell{\ul0 \nosupersub\cf2\f3\fs18 Use this check box to enable or disable ESP Encryption.} \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Encryption Algorithm}\cell{\ ul0\nosupersub\cf2\f3\fs18 If you enable ESP Encryption, then select the Encrypt ion Algorithm:}\cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pardKey - In \u8226? \u8226? DES \u8212? the default 3DES \u8212? mor e secure Enter the key in the fields provided. \par\pard\par\pard\ql \u8226? For DES, the key should be eight characters. \u8226? For 3DES, the key should be 24 characters. \par\pard\par\pard\ql Any value is acceptable, provided the remote VPN endpoint has the same value in its Encryption Algorithm Key - Out field. \pa r\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Key - Out}\cell{\ul0\nosuper sub\cf2\f3\fs18 Enter the key in the fields provided.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8226? For DES, the key should be eight characters. \u82 26? For 3DES, the key should be 24 characters. \par\pard\par\pard\ql Any value i s acceptable, provided the remote VPN endpoint has the same value in its Encrypt ion Algorithm Key - In field. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-12}\cell{\ul0\nosupersub\c f4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 6-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 VPN Manual Policy Configuration Fields}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Enable Authentication}\cell{ \ul0\nosupersub\cf2\f3\fs18 Use this check box to enable or disable ESP authenti cation for this VPN}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql policy. \par\pard\par\pard\ql Authentication Algorithm If you enable authentication, then use this menu to select the algorithm: \par\par d\par\pard\ql \u8226? MD5 \u8212? the default \u8226? SHA1 \u8212? more secure \ par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Key - In}\cell{\ul0\nosupers ub\cf2\f3\fs18 Enter the key.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8226? For MD5, the key should be 16 characters. \u8226? For SHA-1, the key should be 20 characters. \par\pard\par\pard\ql Any value is acceptable, provided the remote VPN endpoint has the same value in its Authentic ation Algorithm Key - Out field. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Key - Out}\cell{\ul0\nosuper sub\cf2\f3\fs18 Enter the key in the fields provided.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8226? For MD5, the key should be 16 characters. \u8226? For SHA-1, the key should be 20 characters. \par\pard\par\pard\ql Any value is acceptable, provided the remote VPN endpoint has the same value in its Authentic ation Algorithm Key - In field. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETBIOS Enable}\cell{\ul0\no supersub\cf2\f3\fs18 Check this if you wish NETBIOS traffic to be forwarded over the VPN}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql tunnel. The NETBIOS protocol is used by Microsoft Network ing for such features as Network Neighborhood. \par\pard\par\pard\ql \ul0\nosupe rsub\cf12\f13\fs30 Using Digital Certificates for IKE Auto-Policy Authentication \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Digital certificates are st rings generated using encryption and authentication schemes that cannot be dupli cated by anyone without access to the different values used in the production of the string. They are issued by Certification Authorities (CAs) to authenticate a person or a workstation uniquely. The CAs are authorized to issue these certif icates by Policy Certification Authorities (PCAs), who are in turn certified by the Internet Policy Registration Authority (IPRA). The FVS318v3 is able to use c ertificates to authenticate users at the end points during the IKE key exchange process. \par\pard\par\pard\ql The certificates can be obtained from a certifica te server that an organization might maintain internally or from the established public CAs. The certificates are produced by providing the \par particul ars of the user being identified to the CA. The information provided may include the user's name, e-mail ID, and domain name. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-13}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Each CA has its o

wn certificate. The certificates of a CA are added to the FVS318v3 and then can be used to form IKE policies for the user. Once a CA certificate is added to the FVS318v3 and a certificate is created for a user, the corresponding IKE policy is added to the FVS318v3. Whenever the user tries to send traffic through the FV S318v3, the certificates are used in place of pre-shared keys during initial key exchange as the authentication and key generation mechanism. Once the keys are established and the tunnel is set up the connection proceeds according to the VP N policy. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Certificate Revoca tion List (CRL) \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Each Certifi cation Authority (CA) maintains a list of the revoked certificates. The list of these revoked certificates is known as the Certificate Revocation List (CRL). \p ar\pard\par\pard\ql Whenever an IKE policy receives the certificate from a peer, it checks for this certificate in the CRL on the FVS318v3 obtained from the cor responding CA. If the certificate is not present in the CRL it means that the ce rtificate is not revoked. IKE can then use this certificate for authentication. If the certificate is present in the CRL it means that the certificate is revoke d, and the IKE will not authenticate the client. \par\pard\par\pard\ql You must manually update the FVS318v3 CRL regularly in order for the CA-based authentica tion process to remain valid. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs3 0 Walk-Through of Configuration Scenarios on the FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 There are a variety of configurations you might im plement with the FVS318v3. The scenarios listed below illustrate typical configu rations you might use in your organization. \par\pard\par\pard\ql In order to he lp make it easier to set up an IPsec system, the following two scenarios are pro vided. These scenarios were developed by the VPN Consortium (\ul0\nosupersub\cf1 6\f17\fs21 http://www.vpnc.org\ul0\nosupersub\cf11\f12\fs21 ). The goal is to \p ar make it easier to get the systems from different vendors to interoperate . NETGEAR is providing you with both of these scenarios in the following two for mats: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 VPN Consortium Scenarios without any product implementation de tails}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 VPN Consortium Scenarios based on the FVS318v3 User Interface} \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql The purpose of providing these two versions of the same s cenarios is to help you determine where \par the two vendors use different vo cabulary. Seeing the examples presented in these different ways will reveal how systems from different vendors do the same thing. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-14}\cell{\ul0\nosupersub\c f4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal

l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The PC mus t have the NETGEAR ProSafe VPN Client program installed that supports IPSec. Go to the NETGEAR Web site (\ul0\nosupersub\cf16\f17\fs21 http://www.netgear.com\ul 0\nosupersub\cf11\f12\fs21 ) and select VPN01L_VPN05L in the Product \par Quick Find drop down menu for information on how to purchase the NETGEAR ProSafe VPN C lient. \par\pard\par\pard\ql \ul0\nosupersub\cf46\f47\fs21 Note: \ul0\nosuper sub\cf11\f12\fs21 Before installing the NETGEAR ProSafe VPN Client software, be sure to turn off any virus protection or firewall software you may be running on your PC. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 VPN Consortium Sce nario 1: \par\pard\par\pard\ql Gateway-to-Gateway with Preshared Secrets \par\pa rd\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The following is a typical gatewayto-gateway VPN that uses a preshared secret for authentication. \par\pard\ul0\no supersub\cf47\f48\fs18 10.5.6.0/24 10.5.6.1 Gateway A 14.15.16.17 Internet 22.23 .24.25 Gateway B 172.23.9.1 172.23.9.0/24 \par\pard\par\pard\ql \ul0\nosupersub\ cf4\f5\fs19 Figure 6-5: VPN Consortium Scenario 1 \par\pard\par\pard\ql \ul0\nos upersub\cf11\f12\fs21 Gateway A connects the internal LAN 10.5.6.0/24 to the Int ernet. Gateway A's LAN interface has the address 10.5.6.1, and its WAN (Internet ) interface has the address 14.15.16.17. \par\pard\par\pard\ql Gateway B connect s the internal LAN 172.23.9.0/24 to the Internet. Gateway B's WAN (Internet) \pa r interface has the address 22.23.24.25. Gateway B's LAN interface address , 172.23.9.1, can be used for testing IPsec but is not needed for configuring Ga teway A. \par\pard\par\pard\ql The IKE Phase 1 parameters used in Scenario 1 are : \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Main mode}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 TripleDES}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 SHA-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 MODP group 2 (1024 bits)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 pre-shared secret of \u8220?hr5xb84l6aa9r6\u8221?}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper

sub\cf11\f12\fs21 SA lifetime of 28800 seconds (eight hours) with no kilobytes r ekeying}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-15}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The IKE Phase 2 p arameters used in Scenario 1 are: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 TripleDES}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 SHA-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 ESP tunnel mode}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 MODP group 2 (1024 bits)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Perfect forward secrecy for rekeying}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 SA lifetime of 3600 seconds (one hour) with no kilobytes rekey ing}\cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Selectors for all IP protocols, all ports, between 10.5.6.0/24 and 172.23.9.0/24, using IPv4}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql subnets \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs 27 FVS318v3 Scenario 1: FVS318v3 to Gateway B IKE and VPN Policies \par\pard\par \pard\ql \ul0\nosupersub\cf15\f16\fs21 Note\ul0\nosupersub\cf11\f12\fs21 : This scenario assumes all ports are open on the FVS318v3. You can verify this by revi ewing the security settings as seen in the \ul0\nosupersub\cf21\f22\fs21 Figure 4-2\ul0\nosupersub\cf11\f12\fs21 on \ul0\nosupersub\cf21\f22\fs21 page 4-3\ul0\ nosupersub\cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 Gateway\ul0\nosupersub\cf4 9\f50\fs18 A}\cell{\ul0\nosupersub\cf50\f51\fs19 Scenario 1}\cell{\ul0\nosupers ub\cf48\f49\fs18 Gateway\ul0\nosupersub\cf49\f50\fs18 B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 FVS318}\cell {}\cell{\ul0\nosupersub\cf48\f49\fs18 FVS318}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf48\f49\fs18 14.15.16.17}\cell{\ul0\nosupersub\cf48\f49 \fs18 22.23.24.25}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 10.5.6.1/24}\cell{\ul0\nos upersub\cf48\f49\fs18 WAN IP}\cell{\ul0\nosupersub\cf48\f49\fs18 WAN IP}\cell{\u l0\nosupersub\cf48\f49\fs18 172.23.9.1/24}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 LAN IP}\cell {}\cell {}\cell{\ul0\nosupersub\cf48\f49\fs18 LAN IP}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 6-6: LAN to LAN VPN a ccess from an \ul0\nosupersub\cf38\f39\fs21 FVS318v3\ul0\nosupersub\cf11\f12\fs2 1 \ul0\nosupersub\cf4\f5\fs19 to an \ul0\nosupersub\cf38\f39\fs21 FVS318v3 \ul0 \nosupersub\cf11\f12\fs21 Use this scenario illustration and configuration scree ns as a model to build your configuration. \par\pard\par\pard\ql \ul0\nosupersub \cf15\f16\fs21 1. Log in to the FVS318v3 labeled Gateway A as in the illustrat ion. \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Log in at the default a ddress of \ul0\nosupersub\cf16\f17\fs21 http://192.168.0.1\ul0\nosupersub\cf11\f 12\fs21 with the default user name of \ul0\nosupersub\cf15\f16\fs21 admin\ul0\n osupersub\cf11\f12\fs21 and \par default password of \ul0\nosupersub\cf15 \f16\fs21 password\ul0\nosupersub\cf11\f12\fs21 , or using whatever password and LAN address you have chosen. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs2 1 2. Configure the WAN (Internet) and LAN IP addresses of the FVS318v3. \par\p ard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 From the main menu Setup section, click the \ul0\nosupersub\cf15\f16\fs21 Basic Setup\ul0\nosupersub\cf11\f12\fs21 link to go back to the Basic \par Settings menu. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-16}\cell{\ul0\nosupersub\c f4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf38\f39\fs21 WAN IP \ par\pard\par\pard\ql addresses \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\f s18 ISP provides these addresses \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs 19 Figure 6-7: FVS318v3 Internet IP Address menu \par\pard\par\pard\ql \ul0\nosu persub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 Configure the WAN Intern et Address according to the settings above and click \ul0\nosupersub\cf15\f16\fs 21 Apply\ul0\nosupersub\cf11\f12\fs21 to \par save your settings. For more inf ormation on configuring the WAN IP settings in the Basic Settings topics, please see \ul0\nosupersub\cf21\f22\fs21 \u8220?How to Manually Configure Your Interne t Connection\u8221? on page 3-12\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pa rd{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-17}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 c.\ul0\n

osupersub\cf11\f12\fs21 From the main menu Advanced section, click the \ul0\n osupersub\cf15\f16\fs21 LAN IP Setup\ul0\nosupersub\cf11\f12\fs21 link. The fol lowing \par menu appears \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 F igure 6-8: LAN IP Setup menu \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 d.\ul0\nosupersub\cf11\f12\fs21 Configure the LAN IP address according to th e settings above and click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf 11\f12\fs21 to save \par your settings. For more information on LAN TCP/I P setup topics, please see \ul0\nosupersub\cf21\f22\fs21 \u8220?Configuring LAN TCP/IP Setup Parameters\u8221? on page 8-3\ul0\nosupersub\cf11\f12\fs21 . \par\p ard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note: \ul0\nosupersub\cf11\f12\fs2 1 After you click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs 21 to change the LAN IP address settings, your workstation will be disconnected from the FVS318v3. You will have to log on with\ul0\nosupersub\cf18\f19\fs21 h ttp://10.5.6.1\ul0\nosupersub\cf11\f12\fs21 which is now the address you use to connect to the built-in Web-based configuration manager of the FVS318v3. \par\p ard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-18}\cell{\ul0\nosupersub\c f4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 3. Set up the IKE Policy illustrated below on the FVS318v3. \par\pard\par\pard\ql \ul0 \nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 From the main menu VPN section, click on the \ul0\nosupersub\cf15\f16\fs21 IKE Policies\ul0\nosuper sub\cf11\f12\fs21 link, and then click the \ul0\nosupersub\cf15\f16\fs21 Add \p ar \ul0\nosupersub\cf11\f12\fs21 button to display the screen below. \par\p ard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 6-9: Scenario 1 IKE Policy \p ar\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs2 1 Configure the IKE Policy according to the settings in the illustration abov e and click \par \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\ f12\fs21 to save your settings. For more information on IKE Policy topics, plea se see \ul0\nosupersub\cf21\f22\fs21 \u8220?IKE Policies\u8217? Automatic Key an d Authentication Management\u8221? on page 6-3\ul0\nosupersub\cf11\f12\fs21 . \p ar\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-19}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 4. Set up the FVS318v3 VPN -Auto Policy illustrated below. \par\pard\par\pard\ql \ul0\ nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 From the main menu V PN section, click on the \ul0\nosupersub\cf15\f16\fs21 VPN Policies\ul0\nosupers ub\cf11\f12\fs21 link, and then click on the \par \ul0\nosupersub\cf15\f16 \fs21 Add Auto Policy\ul0\nosupersub\cf11\f12\fs21 button. \par\pard\par\pard\q l \ul0\nosupersub\cf2\f3\fs18 WAN IP \par address \par\pard\par\pard\ql LA N IP \par\pard\par\pard\ql addresses \par\pard\par\pard\ql \ul0\nosupersub\cf4\f 5\fs19 Figure 6-10: Scenario 1 VPN - Auto Policy \par\pard\par\pard\ql \ul0\nosu persub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 Configure the IKE Policy

according to the settings in the illustration above and click \par \ul0\nos upersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs21 to save your settings. For more information on IKE Policy topics, please see \ul0\nosupersub\cf21\f22\ fs21 \u8220?IKE Policies\u8217? Automatic Key and Authentication Management\u822 1? on page 6-3\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosuper sub\cf25\f26\fs19 5. \ul0\nosupersub\cf15\f16\fs21 After applying these changes, all traffic from the range of LAN IP addresses specified on \par FVS318v3 A and FVS318v3 B will flow over a secure VPN tunnel. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-20}\cell{\ul0\nosupersub\c f4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 How to Check VPN Connections \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 You can test con nectivity and view VPN status information on the FVS318v3 (see also \ul0\nosuper sub\cf21\f22\fs21 \u8220?VPN Tunnel Control\u8221? on page 5-26\ul0\nosupersub\c f11\f12\fs21 ). \par\pard\par\pard\ql \ul0\nosupersub\cf38\f39\fs21 Testing the Gateway A FVS318v3 LAN and the Gateway B LAN \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Using our example, from a PC attached to the FVS318v3 on LAN A, on a Windows PC click}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 the \ul0\nosupersub\cf15\f16\fs21 Start\ul 0\nosupersub\cf11\f12\fs21 button on the taskbar and then click \ul0\nosupersub \cf15\f16\fs21 Run\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Type \ul0\nosupersub\cf15\f16\fs21 ping -t 172.23.9.1\ul0\nosup ersub\cf11\f12\fs21 , and then click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupe rsub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 This will cause a continuous ping to be sent to the LAN interface o f Gateway B. Within two}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl

{}\cell{\ul0\nosupersub\cf11\f12\fs21 minutes, the ping response should change f rom timed out to reply.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 At this point the connection is established.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 5.}\cell{\ul0\nosupersub\c f11\f12\fs21 To test connectivity between the FVS318v3 Gateway A and Gateway B W AN ports, follow}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 these steps:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\ fs21 Using our example, log in to the FVS318v3 on LAN A, go to the main menu Maintenance \par section and click the \ul0\nosupersub\cf15\f16\fs21 Diag nostics\ul0\nosupersub\cf11\f12\fs21 link. \par\pard\par\pard\ql \ul0\nosupersu b\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 To test connectivity to the W AN port of Gateway B, enter \ul0\nosupersub\cf15\f16\fs21 22.23.24.25\ul0\nosu persub\cf11\f12\fs21 , and then click \par \ul0\nosupersub\cf15\f16\fs21 Pi ng\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\qj \ul0\nosupersub\cf25\f26 \fs19 c.\ul0\nosupersub\cf11\f12\fs21 This causes a ping to be sent to the WA N interface of Gateway B. Within two minutes, the \par ping response should cha nge from timed out to reply. You may have to run this test several times before you get the reply message back from the target FVS318v3. \par\pard\par\pard\ql \ ul0\nosupersub\cf25\f26\fs19 d.\ul0\nosupersub\cf11\f12\fs21 At this point th e connection is established. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16 \fs21 Note\ul0\nosupersub\cf11\f12\fs21 : If you want to ping the FVS318v3 as a test of network connectivity, be sure the FVS318v3 is configured to respond to a ping on the Internet WAN port by checking the check \par box seen in \ul0\nosup ersub\cf21\f22\fs21 Figure 4-2\ul0\nosupersub\cf11\f12\fs21 on \ul0\nosupersub\ cf21\f22\fs21 page 4-3\ul0\nosupersub\cf11\f12\fs21 . However, to preserve a hig h degree of security, you should turn off this feature when you are finished wit h testing. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 6. \ul0\nosupersu b\cf11\f12\fs21 To view the FVS318v3 event log and status of Security Associatio ns, follow these steps: \par \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\ cf11\f12\fs21 Go to the FVS318v3 main menu VPN section and click the \ul0\nos upersub\cf15\f16\fs21 VPN Status\ul0\nosupersub\cf11\f12\fs21 link. \par\pard\p ar\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 The log screen displays a history of the VPN connections, and the IPSec SA and IKE S A \par tables will report the status and data transmission statistics of the VP N tunnels for each policy. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net

working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-21}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 FVS318v3 Scenario 2: FVS318v3 to FVS318v3 with RSA Certificates \par\pard\par\pard\ql \ul0\nos upersub\cf11\f12\fs21 The following is a typical gateway-to-gateway VPN that use s Public Key Infrastructure x.509 (PKIX) certificates for authentication. The ne twork setup is identical to the one given in Scenario 1. The IKE Phase 1 and Pha se 2 parameters are identical to the ones given in Scenario 1, with the exceptio n that the identification is done with signatures authenticated by PKIX certific ates. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note\ul0\nosupersub\cf 11\f12\fs21 : Before completing this configuration scenario, make sure the corre ct Time Zone is set on the FVS318v3. For instructions on this topic, see \ul0\no supersub\cf21\f22\fs21 \u8220?Time Zone\u8221? on page 4-13\ul0\nosupersub\cf11\ f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 1. Obtain a roo t certificate. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupe rsub\cf11\f12\fs21 Obtain the root certificate (that includes the public key) from a Certificate Authority (CA) \par\pard\par\pard\ql \ul0\nosupersub\cf15\f1 6\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 The procedure for obtaining certifica tes differs from a CA like Verisign and a CA such as a Windows 2000 certificate server, which an organization operates for providing certificates for its member s. For example, an administrator of a Windows 2000 certificate server might prov ide it to you via e-mail. \par\pard\par\pard \ul0\nosupersub\cf25\f26\fs19 b. \ul0\nosupersub\cf11\f12\fs21 Save the certificate as a text file called \ul0 \nosupersub\cf18\f19\fs21 trust.txt\ul0\nosupersub\cf11\f12\fs21 . \ul0\nosupers ub\cf15\f16\fs21 2. Install the trusted CA certificate for the Trusted Root CA . \par \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 Log in to the FVS318v3. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosu persub\cf11\f12\fs21 From the main menu VPN section, click the \ul0\nosupersu b\cf15\f16\fs21 CAs\ul0\nosupersub\cf11\f12\fs21 link. \ul0\nosupersub\cf25\f26 \fs19 c.\ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Add \ul0\nosupersub\cf11\f12\fs21 to add a CA. \par\pard\par\pard\ql \ul0\nosupersu b\cf25\f26\fs19 d.\ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f1 6\fs21 Browse\ul0\nosupersub\cf11\f12\fs21 to locate the \ul0\nosupersub\cf18\f 19\fs21 trust.txt\ul0\nosupersub\cf11\f12\fs21 file. \ul0\nosupersub\cf25\f26\f s19 e.\ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Uploa d\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\ fs21 3. Create a certificate request for the FVS318v3. \par \ul0\nosupersub\ cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 From the main menu VPN section, click the \ul0\nosupersub\cf15\f16\fs21 Certificates\ul0\nosupersub\cf11\f12\fs 21 link. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-22}\cell{\ul0\nosupersub\c f4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\n osupersub\cf11\f12\fs21 Click the \ul0\nosupersub\cf15\f16\fs21 Generate Requ est\ul0\nosupersub\cf11\f12\fs21 button to display the screen illustrated in \u l0\nosupersub\cf21\f22\fs21 Figure 6-11\ul0\nosupersub\cf11\f12\fs21 below. \pa

r\pard\par\pard\ql FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Fi gure 6-11: Generate Self Certificate Request menu \par \ul0\nosupersub\cf25\f26 \fs19 c.\ul0\nosupersub\cf11\f12\fs21 Fill in the fields on the Add Self Cert ificate screen. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Required}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql - Name. Enter a name to identify this certificate. \par \pard\par\pard\qj - Subject. This is the name that other organizations will se e as the holder (owner) of \par this certificate. This should be your registered business name or official company name. Generally, all certificates should have the same value in the Subject field. \par\pard\par\pard\ql - Hash Algorithm. Select the desired option: MD5 or SHA1. - Signature Algorithm. Select the desi red option: DSS or RSA. - Signature Key Length. Select the desired option: 512 , 1024, or 2048. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Optional}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql - IP Address. If you use \u8220?IP type\u8221? in the I KE policy, you should input the IP \par Address here. Otherwise, you should leav e this blank. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-23}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 - Doma in Name. If you have a domain name, you can enter it here. Otherwise, you \par should leave this blank. \par\pard\par\pard\ql - E-mail Address. You can enter you e-mail address here. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 d. \ul0\nosupersub\cf11\f12\fs21 Click the \ul0\nosupersub\cf15\f16\fs21 Next\ul 0\nosupersub\cf11\f12\fs21 button to continue. The FVS318v3 generates a Self Ce rtificate Request as \par shown below. \par\pard\par\pard\ql \ul0\nosupers ub\cf38\f39\fs21 Highlight, copy and paste this data into a text file. \par\pard \par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 6-12: Self Certificate Request d ata \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 4. Transmit the Self C ertificate Request data to the Trusted Root CA. \par \ul0\nosupersub\cf25\f26 \fs19 a.\ul0\nosupersub\cf11\f12\fs21 Highlight the text in the Data to suppl y to CA area, copy it, and paste it into a text file. \par\pard\par\pard\ql \ul0 \nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 Give the certificat e request data to the CA. In the case of a Windows 2000 internal CA, \par you might simply e-mail it to the CA administrator. The procedures of a CA like Verisign and a CA such as a Windows 2000 certificate server administrator will d iffer. Follow the procedures of your CA. \par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-24}\cell{\ul0\nosupersub\c f4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 c.\ul0\n osupersub\cf11\f12\fs21 When you have finished gathering the Self Certificate Request data, click the \ul0\nosupersub\cf15\f16\fs21 Done \par \ul0\nos upersub\cf11\f12\fs21 button. You will return to the Certificates screen where y our pending \u8220?FVS318v3\u8221? Self Certificate Request will be listed, as i llustrated in \ul0\nosupersub\cf21\f22\fs21 Figure 6-13\ul0\nosupersub\cf11\f12\ fs21 below. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 FVS318v3 \par\par d\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 6-13: Self Certificate Requests table \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 5. Receive the cert ificate back from the Trusted Root CA and save it as a text file. \par\pard\par\ pard\ql Note: \ul0\nosupersub\cf11\f12\fs21 In the case of a Windows 2000 intern al CA, the CA administrator might simply email it to back to you. Follow the pro cedures of your CA. Save the certificate you get back from the CA as a text file called \ul0\nosupersub\cf18\f19\fs21 final.txt\ul0\nosupersub\cf11\f12\fs21 . \ par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 6. Upload the new certifica te. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f 12\fs21 From the main menu VPN section, click the \ul0\nosupersub\cf15\f16\fs 21 Certificates\ul0\nosupersub\cf11\f12\fs21 link. \ul0\nosupersub\cf25\f26\fs1 9 b.\ul0\nosupersub\cf11\f12\fs21 Click the radio button of the Self Certific ate Request you want to upload. \ul0\nosupersub\cf25\f26\fs19 c.\ul0\nosupersub\ cf11\f12\fs21 Click the \ul0\nosupersub\cf15\f16\fs21 Upload Certificate\ul0\ nosupersub\cf11\f12\fs21 button. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26 \fs19 d.\ul0\nosupersub\cf11\f12\fs21 Browse to the location of the file you saved in Step 5 above that contains the certificate \par from the CA. \pa r\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 e.\ul0\nosupersub\cf11\f12\fs21 Click the \ul0\nosupersub\cf15\f16\fs21 Upload\ul0\nosupersub\cf11\f12\fs21 button. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-25}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 f. \ul0\nosupersub\cf11\f12\fs21 You will now see the \u8220?FVS318v3\u8221? en try in the Active Self Certificates table and the \par pending \u8220?FVS318v3\ u8221? Self Certificate Request is gone, as illustrated below. \par\pard\par\par d\ql \ul0\nosupersub\cf52\f53\fs18 FVS318 \par\pard\par\pard\ql \ul0\nosupersub\ cf4\f5\fs19 Figure 6-14: Self Certificates table \par\pard\par\pard\ql \ul0\nosu persub\cf15\f16\fs21 7. Associate the new certificate and the Trusted Root CA certificate on the FVS318v3. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 Create a new IKE policy called \ul0\nosupers ub\cf15\f16\fs21 Scenario_2 \ul0\nosupersub\cf11\f12\fs21 with all the same prop erties of \ul0\nosupersub\cf15\f16\fs21 Scenario_1 \par \ul0\nosupersub\cf11\f12 \fs21 (see \ul0\nosupersub\cf21\f22\fs21 \u8220?Scenario 1 IKE Policy\u8221? on page 6-19\ul0\nosupersub\cf11\f12\fs21 ) except now use the RSA Signature instea d of the shared key. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 6-

15: IKE policy using RSA Signature \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-26}\cell{\ul0\nosupersub\c f4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub \cf11\f12\fs21 Create a new VPN Auto Policy called \ul0\nosupersub\cf15\f16\f s21 scenario2a\ul0\nosupersub\cf11\f12\fs21 with all the same properties as \pa r \ul0\nosupersub\cf15\f16\fs21 scenario1a\ul0\nosupersub\cf11\f12\fs21 e xcept that it uses the IKE policy called Scenario_2. \par\pard\par\pard\ql Now, the traffic from devices within the range of the LAN subnet addresses on FVS318v 3 A and Gateway B will be authenticated using the certificates rather than via a shared key. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 8. Set up Certi ficate Revocation List (CRL) checking. \par\pard\par\pard\ql \ul0\nosupersub\cf2 5\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs21 Get a copy of the CRL from the CA and save it as a text file. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 The procedure for obtaining a CRL differs fr om a CA like Verisign and a CA such as a Windows 2000 certificate server, which an organization operates for providing certificates for its members. Follow the procedures of your CA. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul 0\nosupersub\cf11\f12\fs21 From the main menu VPN section, click the \ul0\nos upersub\cf15\f16\fs21 CRL\ul0\nosupersub\cf11\f12\fs21 link. \ul0\nosupersub\cf 25\f26\fs19 c.\ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs 21 Add\ul0\nosupersub\cf11\f12\fs21 to add a CRL. \par\pard\par\pard\ql \ul0\no supersub\cf25\f26\fs19 d.\ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\ cf15\f16\fs21 Browse\ul0\nosupersub\cf11\f12\fs21 to locate the CRL file. \ul0\ nosupersub\cf25\f26\fs19 e.\ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersu b\cf15\f16\fs21 Upload\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql Now expired or revoked certificates will not be allowed to use the VPN tunnels manag ed by IKE policies which use this CA. \par\pard\par\pard\ql \ul0\nosupersub\cf15 \f16\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 You must update the CRLs regularly in order to maintain the validity of the certificate-based VPN policies. \par\p ard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Virtual Private Net working}\cell{\ul0\nosupersub\cf4\f5\fs19 6-27}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 6-28}\cell{\ul0\nosupersub\c f4\f5\fs19 Advanced Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf8\f9\fs36 Chapter 7 Maintenance \par\pard\par\

pard\ql \ul0\nosupersub\cf11\f12\fs21 This chapter describes how to use the main tenance features of your FVS318v3 ProSafe VPN Firewall. These features can be fo und by clicking on the Maintenance heading in the main menu of the browser inter face. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Viewing VPN Firewall S tatus Information \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The Router Status menu provides status and usage information. From the main menu of the br owser interface, click \ul0\nosupersub\cf15\f16\fs21 Maintenance\ul0\nosupersub\ cf11\f12\fs21 , then select \ul0\nosupersub\cf15\f16\fs21 Router Status\ul0\nosu persub\cf11\f12\fs21 to view this screen. \par\pard\par\pard\ql \ul0\nosupersub \cf4\f5\fs19 Figure 7-1: Router Status screen \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Maintenance}\cell{\ul0\nosup ersub\cf4\f5\fs19 7-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This screen shows the following parameters: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 7-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 FVS318v3 Status fields}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 System Name}\cell{\ul0\nosup ersub\cf2\f3\fs18 The System Name assigned to the firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Firmware Version}\cell{\ul0\ nosupersub\cf2\f3\fs18 The firewall firmware version.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 WAN Port}\cell{\ul0\nosupers ub\cf2\f3\fs18 These parameters apply to the Internet (WAN) port of the firewall .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 MAC Address}\cell{\ul0\nosup

ersub\cf2\f3\fs18 The MAC address used by the Internet (WAN) port of the firewal l.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 IP Address}\cell{\ul0\nosupe rsub\cf2\f3\fs18 The IP address used by the Internet (WAN) port of the firewall. If no address is}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 shown, the firewall cannot connect to the In ternet.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 IP Subnet Mask}\cell{\ul0\no supersub\cf2\f3\fs18 The IP Subnet Mask being used by the Internet (WAN) port of the firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 DHCP}\cell{\ul0\nosupersub\c f2\f3\fs18 The protocol on the WAN port used to obtain the WAN IP address. This field can}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 show DHCP Client, Fixed IP, PPPoE, BPA or PP TP. For example, if set to Client,}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 the firewall is configured to obtain an IP a ddress dynamically from the ISP.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 LAN Port}\cell{\ul0\nosupers

ub\cf2\f3\fs18 These parameters apply to the Local (WAN) port of the firewall.}\ cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 MAC Address}\cell{\ul0\nosup ersub\cf2\f3\fs18 The MAC address used by the LAN port of the firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 IP Address}\cell{\ul0\nosupe rsub\cf2\f3\fs18 The IP address used by the Local (LAN) port of the firewall. Th e default is}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql 192.168.0.1 \par\pard\par\pard\ql IP Subnet Mask The IP S ubnet Mask used by the Local (LAN) port of the firewall. The default is \par\par d\par\pard\ql 255.255.255.0 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 DHCP}\cell{\ul0\nosupersub\c f2\f3\fs18 Identifies if the firewall\u8217?s built-in DHCP server is active for the LAN attached}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql devices. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 7-2}\cell{\ul0\nosupersub\cf 4\f5\fs19 Maintenance}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe V PN Firewall FVS318v3 \ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f1 6\fs21 Show WAN Status\ul0\nosupersub\cf11\f12\fs21 to display the WAN connecti on status. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 7-2: WAN C onnection Status screen \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This screen shows the following statistics:. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 7-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Connection Status fields}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Connection Time}\cell{\ul0\n osupersub\cf2\f3\fs18 The length of time the firewall has been connected to your Internet service provider\u8217?s}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 network.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Connection Method}\cell{\ul0 \nosupersub\cf2\f3\fs18 The method used to obtain an IP address from your Intern et service provider.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 IP Address}\cell{\ul0\nosupe rsub\cf2\f3\fs18 The WAN (Internet) IP address assigned to the firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Network Mask}\cell{\ul0\nosu persub\cf2\f3\fs18 The WAN (Internet) subnet mask assigned to the firewall.}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Default Gateway}\cell{\ul0\n osupersub\cf2\f3\fs18 The WAN (Internet) default gateway the firewall communicat es with.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Log action buttons are described in \ul0\n osupersub\cf21\f22\fs21 Table 7-2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 7-2.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Connection Status action buttons}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Button}\cell{\ul0\nosupersub \cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Renew}\cell{\ul0\nosupersub\ cf2\f3\fs18 Click the Renew button to renew the DHCP lease.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Maintenance}\cell{\ul0\nosup ersub\cf4\f5\fs19 7-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16 \fs21 Show Statistics\ul0\nosupersub\cf11\f12\fs21 to display firewall usage st atistics. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 7-3: Router Statistics screen \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This scre en shows the following statistics: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 7-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Router Statistics fields}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Interface}\cell{\ul0\nosuper sub\cf2\f3\fs18 The statistics for the WAN (Internet), LAN (local), 802.11a, and 802.11b/g interfaces.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf2\f3\fs18 For each interface, the screen displays:}\ce ll {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Status}\cell{\ul0\nosupersub \cf2\f3\fs18 The link status of the interface.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 TxPkts}\cell{\ul0\nosupersub \cf2\f3\fs18 The number of packets transmitted on this interface since reset or manual clear.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 RxPkts}\cell{\ul0\nosupersub \cf2\f3\fs18 The number of packets received on this interface since reset or man ual clear.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Collisions}\cell{\ul0\nosupe rsub\cf2\f3\fs18 The number of collisions on this interface since reset or manua l clear.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Tx B/s}\cell{\ul0\nosupersub \cf2\f3\fs18 The current transmission (outbound) bandwidth used on the interface s.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Rx B/s}\cell{\ul0\nosupersub \cf2\f3\fs18 The current reception (inbound) bandwidth used on the interfaces.}\ cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Up Time}\cell{\ul0\nosupersu b\cf2\f3\fs18 The amount of time since the firewall was last restarted.}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Up Time}\cell{\ul0\nosupersu b\cf2\f3\fs18 The time elapsed since this port acquired the link.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Poll Interval}\cell{\ul0\nos upersub\cf2\f3\fs18 Specifies the intervals at which the statistics are updated in this window. Click on Stop}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql to freeze the display. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 7-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 Maintenance}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 WAN Stat us action buttons are described in the table below: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table 7-2.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Connection Status action buttons}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Field}\cell{\ul0\nosupersub\ cf2\f3\fs18 Description}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Set Interval}\cell{\ul0\nosu persub\cf2\f3\fs18 Enter a time and click the button to set the polling frequenc y.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Stop}\cell{\ul0\nosupersub\c f2\f3\fs18 Click the Stop button to freeze the polling information.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Viewing a List of Attached Devices \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The Attached Devices menu contains a table of all IP devices that the firewall has discovered on the local network. From the main menu of the browser interface, under the Maintenan ce heading, select Attached Devices to view the table, shown below. \par\pard\pa r\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 7-4: Attached Devices menu \par\p ard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 For each device, the table shows t he IP address, NetBIOS Host Name (if available), and Ethernet MAC address. Note that if the firewall is rebooted, the table data is lost until the firewall redi scovers the devices. To force the firewall to look for attached devices, click t he \ul0\nosupersub\cf15\f16\fs21 Refresh \ul0\nosupersub\cf11\f12\fs21 button. \ par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Upgrading the Firewall Softwa re \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf1 1\f12\fs21 The FVS318v3 firmware is not backward compatible with earlier version s of the \par FVS318 firewall. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Maintenance}\cell{\ul0\nosup ersub\cf4\f5\fs19 7-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The rout ing software of the FVS318v3 VPN Firewall is stored in FLASH memory, and can be upgraded as new software is released by NETGEAR. Upgrade files can be downloaded from NETGEAR's Web site. If the upgrade file is compressed (.ZIP file), you mus t first extract the binary (.BIN) file before sending it to the firewall. The up grade file can be sent to the firewall using your browser. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 The Web brows er used to upload new firmware into the FVS318v3 VPN Firewall must support HTTP uploads. NETGEAR recommends using Microsoft Internet Explorer or Netscape Naviga tor 5.0 or above. \par\pard\par\pard\ql From the main menu of the browser interf ace, under the Maintenance heading, select the Router Upgrade heading to display the menu shown below. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 7-5: Router Upgrade menu \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 T o upload new firmware: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Download and unzip the new software file from NETGEAR.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 In the Router Upgrade menu, click the \ul0\nosupersub\cf15\f16\fs21 Browse\ul0\nosupersub\cf11\f12\fs21 button and browse to the location of the b inary}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl

{}\cell{\ul0\nosupersub\cf11\f12\fs21 (.BIN) upgrade file}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Upload\ul0\nosupersub\cf11\f12\ fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note: \ul0\nosupersub\cf11\ f12\fs21 When uploading software to the FVS318v3 VPN Firewall, it is important n ot to interrupt the Web browser by closing the window, clicking a link, or loadi ng a new page. If the browser is interrupted, it may corrupt the software. When the upload is complete, your firewall \par will automatically restart. The upgrade process will typically take about one minute. \par\pard\par\pard\ql In s ome cases, you may need to reconfigure the firewall after upgrading. \par\pard\p ar\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 7-6}\cell{\ul0\nosupersub\cf 4\f5\fs19 Maintenance}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Configur ation File Management \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The co nfiguration settings of the FVS318v3 VPN Firewall are stored within the firewall in a configuration file. This file can be saved (backed up) to a user\u8217?s P C, retrieved (restored) from the user\u8217?s PC, or cleared to factory default settings. \par\pard\par\pard\ql From the main menu of the browser interface, und er the Maintenance heading, select the Settings Backup heading to bring up the m enu shown below. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 7-6: Settings Backup menu \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 You ca n use the Settings Backup menu to back up your configuration in a file, restore from that file, or erase the configuration settings. \par\pard\par\pard\ql \ul0\ nosupersub\cf19\f20\fs27 Backing Up the Configuration \par\pard\par\pard\ql \ul0 \nosupersub\cf11\f12\fs21 To save your settings, select the Backup tab. Click th e \ul0\nosupersub\cf15\f16\fs21 Backup\ul0\nosupersub\cf11\f12\fs21 button. You r browser will extract the configuration file from the firewall and prompts you for a location on your PC to store the file. You can give the file a meaningful name at this time, such as sanjose.cfg. \par\pard\par\pard\ql \ul0\nosupersub\cf 19\f20\fs27 Restoring the Configuration \par\pard\par\pard\ql \ul0\nosupersub\cf 11\f12\fs21 To restore your settings from a saved configuration file, enter the full path to the file on your PC or click the \ul0\nosupersub\cf15\f16\fs21 Brow se\ul0\nosupersub\cf11\f12\fs21 button to browse to the file. When you have loc ated it, click the \ul0\nosupersub\cf15\f16\fs21 Restore\ul0\nosupersub\cf11\f12 \fs21 button to send the file to the firewall. The firewall will then reboot au tomatically. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Maintenance}\cell{\ul0\nosup ersub\cf4\f5\fs19 7-7}\cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Erasing the Configuration \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 It is some times desirable to restore the firewall to a known blank condition. To do this, see the Erase function, which will restore all factory settings. After an erase, the firewall's password will be \ul0\nosupersub\cf15\f16\fs21 password\ul0\nosu persub\cf11\f12\fs21 , the LAN IP address will be 192.168.0.1, and the firewall' s DHCP client will be enabled. \par\pard\par\pard\ql To erase the configuration, click the \ul0\nosupersub\cf15\f16\fs21 Erase\ul0\nosupersub\cf11\f12\fs21 but ton. \par\pard\par\pard\ql To restore the factory default configuration settings without knowing the login password or IP address, you must use the reset button on the rear panel of the firewall. See \ul0\nosupersub\cf21\f22\fs21 \u8220?Res toring the Default Configuration and Password\u8221? on page 9-7\ul0\nosupersub\ cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Changing the Administrator Password \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The default password for the firewall\u8217?s Web Configuration Manager is \ul0\nosu persub\cf15\f16\fs21 password\ul0\nosupersub\cf11\f12\fs21 . NETGEAR recommends that you change this password to a more secure password. \par\pard\par\pard\ql F rom the main menu of the browser interface, under the Maintenance heading, selec t Set Password to bring up this menu. \par\pard\par\pard\ql \ul0\nosupersub\cf4\ f5\fs19 Figure 7-7: Set Password menu \par\pard\par\pard\ql \ul0\nosupersub\cf 11\f12\fs21 To change the password, first enter the old password, and then enter the new password twice. Click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersu b\cf11\f12\fs21 . To change the login idle timeout, change the number of minutes and click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs21 . \p ar\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 7-8}\cell{\ul0\nosupersub\cf 4\f5\fs19 Maintenance}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf8\f9\fs36 Chapter 8 \par\pard\par\pard\ql Advanced Confi guration \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This chapter descri bes how to configure the advanced features of your FVS318v3 ProSafe VPN Firewall . These features can be found under the Advanced heading in the main menu of the \par browser interface. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 H ow to Configure Dynamic DNS \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Serve rs (DNS). However, if your Internet account uses a dynamically assigned IP addre ss, you will not know in advance what your IP address will be, and the address c an change frequently. In this case, you can use a commercial dynamic DNS service , which will allow you to register your domain to their IP address, and will for ward traffic directed to your domain to your frequently-changing IP address. \pa r\pard\par\pard\ql The firewall contains a client that can connect to a dynamic DNS service provider. To use this feature, you must select a service provider an d obtain an account with them. After you have configured your account informatio n in the firewall, whenever your ISP-assigned IP address changes, your firewall will automatically contact your dynamic DNS service provider, log in to \par your account, and register your new IP address. \par\pard\par\pard\ql \ul0\nosup ersub\cf25\f26\fs19 1. \ul0\nosupersub\cf11\f12\fs21 Log in to the firewall at i

ts default LAN address of\ul0\nosupersub\cf16\f17\fs21 http://192.168.0.1\ul0\n osupersub\cf11\f12\fs21 with its default user \par name of \ul0\nosupersub\ cf15\f16\fs21 admin\ul0\nosupersub\cf11\f12\fs21 , default password of \ul0\nosu persub\cf15\f16\fs21 password\ul0\nosupersub\cf11\f12\fs21 , or using whatever p assword and LAN address you have chosen for the firewall. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 From the main menu of the browser interface, under Advanced, click on \ul0\nosupersub\cf15\f16\fs21 Dynamic DNS\ul0\nosupersub\cf11\f12\fs21 .}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Access the Web site of one of the dynamic DNS service providers who se names appear in the}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 menu, and register for an account.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 For example, for dyndns.org, go to \ul0\no supersub\cf16\f17\fs21 www.dyndns.org\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Select the name of your dynamic DNS Service Provider.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 5.}\cell{\ul0\nosupersub\c f11\f12\fs21 Type the host and domain name that your dynamic DNS provider gave y ou. This will look like}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 a URL, such as \ul0\nosupe rsub\cf16\f17\fs21 myName.dyndns.org\ul0\nosupersub\cf11\f12\fs21 .}\cell \cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 6.}\cell{\ul0\nosupersub\c f11\f12\fs21 Type the user name for your dynamic DNS account.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Configuration}\cell {\ul0\nosupersub\cf4\f5\fs19 8-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 7. \ul0\ nosupersub\cf11\f12\fs21 Type the password (or key) for your dynamic DNS account . \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 8. \ul0\nosupersub\cf11\f1 2\fs21 If your dynamic DNS provider allows the use of wildcards in resolving you r URL, you may \par select the Use wildcards check box to activate this feat ure. \par\pard\par\pard\ql For example, the wildcard feature will cause *.yourho st.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org \par\p ard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 9. \ul0\nosupersub\cf11\f12\fs21 C lick \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs21 to save y our configuration. \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 No te: \ul0\nosupersub\cf11\f12\fs21 If your ISP assigns a private WAN IP address s uch as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because pr ivate addresses will not be routed on the Internet. \par\pard\par\pard\ql \ul0\n osupersub\cf12\f13\fs30 Using the LAN IP Setup Options \par\pard\par\pard\ql \ul 0\nosupersub\cf11\f12\fs21 The LAN IP Setup menu allows configuration of LAN IP services such as DHCP and RIP. From the main menu of the browser interface, unde r Advanced, click on \ul0\nosupersub\cf15\f16\fs21 LAN IP Setup\ul0\nosupersub\c f11\f12\fs21 to view the menu shown below. \par\pard\par\pard\ql \ul0\nosupersu b\cf4\f5\fs19 Figure 8-1: LAN IP Setup Menu \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 8-2}\cell{\ul0\nosupersub\cf 4\f5\fs19 Advanced Configuration}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Configuring LAN T CP/IP Setup Parameters \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The f irewall is shipped preconfigured to use private IP addresses on the LAN side, an d to act as a DHCP server. The firewall\u8217?s default LAN IP configuration is: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 LAN IP addresses\u8212?192.168.0.1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Subnet mask\u8212?255.255.255.0}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql These addresses are part of the IETF-designated private a ddress range for use in private networks, and should be suitable in most applica tions. If your network has a requirement to use a different IP addressing scheme , you can make those changes in this menu. \par\pard\par\pard\ql The LAN IP para meters are: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 IP Address}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql This is the LAN IP address of the firewall. \par\pard\par \pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 IP Subnet Mask}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql This is the LAN Subnet Mask of the firewall. Combined wit h the IP address, the IP Subnet Mask allows a device to know which other address es are local to it, and which must be reached through a gateway or firewall. \pa r\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 RIP Direction}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql RIP (Router Information Protocol) allows a firewall to ex change routing information with \par other firewalls. The RIP Direction selec tion controls how the firewall sends and receives RIP packets. Both is the defau lt. \par\pard\par\pard\ql \u8212? When set to Both or Out Only, the firewall br oadcasts its routing table periodically. \u8212? When set to Both or In Only, i t incorporates the RIP information that it receives. \u8212? When set to None, it will not send any RIP packets and ignores any RIP packets received. \par\pard \par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 RIP Version}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql This controls the format and the broadcasting method of t he RIP packets that the firewall sends. (It recognizes both formats when receivi ng.) By default, this is set for RIP-1. \par\pard\par\pard\ql \u8212? RIP-1 is universally supported. RIP-1 is probably adequate for most networks, unless you \par have an unusual network setup. \par\pard\par\pard\ql \u8212? RIP-2 carr ies more information. RIP-2B uses subnet broadcasting. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Configuration}\cell {\ul0\nosupersub\cf4\f5\fs19 8-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note: \ul0\nosupe rsub\cf11\f12\fs21 If you change the LAN IP address of the firewall while connec ted through the browser, you will be disconnected. You must then open a new conn ection to the new IP address and log in again. \par\pard\par\pard\ql \ul0\nosupe rsub\cf19\f20\fs27 Using the Firewall as a DHCP server \par\pard\par\pard\ql \ul 0\nosupersub\cf11\f12\fs21 By default, the firewall functions as a DHCP (Dynamic Host Configuration Protocol) server, allowing it to assign IP, DNS server, and default gateway addresses to all computers connected to the firewall's LAN. The assigned default gateway address is the LAN address of the firewall. IP addresse s will be assigned to the attached PCs from a pool of addresses specified in thi s menu. \par Each pool address is tested before it is assigned to avoid dupli cate addresses on the LAN. \par\pard\par\pard\ql For most applications, the defa ult DHCP and TCP/IP settings of the firewall are satisfactory. See \ul0\nosupers ub\cf21\f22\fs21 \u8220?IP Configuration by DHCP\u8221? on page B-10\ul0\nosuper sub\cf11\f12\fs21 \u8221? for an explanation of DHCP and information about how t o assign IP addresses for your network. \par\pard\par\pard\ql If another device on your network will be the DHCP server, or if you will manually configure the n etwork settings of all of your computers, clear the \ul0\nosupersub\cf15\f16\fs2 1 Use router as DHCP server\ul0\nosupersub\cf11\f12\fs21 check box. Otherwise, leave it checked. \par\pard\par\pard\ql To specify the pool of IP addresses to b e assigned, set the Starting IP Address and Ending IP Address. These addresses s hould be part of the same IP address subnet as the firewall\u8217?s LAN IP addre ss. Using the default addressing scheme, you should define a range between 192.1 68.0.2 and 192.168.0.253, although you may wish to save part of the range for de vices with fixed addresses. \par\pard\par\pard\ql The firewall will deliver the following parameters to any LAN device that requests DHCP: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 An IP address from the range you have defined}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Subnet mask}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Gateway IP address (the firewall\u8217?s LAN IP address)}\cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Primary DNS server (if you entered a primary DNS address in th e Basic Settings menu;}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 otherwise, the firewall\u8217?s LAN IP add ress)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Secondary DNS server (if you entered a secondary DNS address i n the Basic Settings menu}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 8-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 Advanced Configuration}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Using Address Res ervation \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 When you specify a reserved IP address for a PC on the LAN, that PC will always receive the same IP address each time it accesses the firewall\u8217?s DHCP server. Reserved IP add resses should be assigned to servers that require permanent IP settings. \par\pa rd\par\pard\ql To reserve an IP address: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click the \ul0\nosupersub\cf15\f16\fs21 Add\ul0\nosupersub\cf11\f12 \fs21 button.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 In the IP Address box, type the IP address to assign to the PC or s erver.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard\ql (Choose an IP address from the firewall\u8217?s LAN subne t, such as 192.168.0.X.) \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Type the MAC Address of the PC or server.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 (\ul0\nosupersub\cf15\f16\fs21 Tip\ul0\nos upersub\cf11\f12\fs21 : If the PC is already present on your network, you can co py its MAC address from the}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Attached Devices menu and paste it here.)} \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\f s21 to enter the reserved address into the table.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Note\ul0\nosupersub\cf11\f12\fs21 : The re served address will not be assigned until the next time the PC contacts the fire wall\u8217?s}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 DHCP server. Reboot the PC or access its I P configuration and force a DHCP release and renew.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 To edit or delete a reserved address entry :}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click the button next to the reserved address you want to edit or d elete.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Edit\ul0\nosupersub\cf11\f12\fs 21 or \ul0\nosupersub\cf15\f16\fs21 Delete\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Configuring Static Routes \ par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Static Routes provide addi tional routing information to your firewall. Under normal circumstances, the fir ewall has adequate routing information after it has been configured for \par Int ernet access, and you do not need to configure additional static routes. You mus t configure static routes only for unusual cases such as multiple firewalls or m ultiple IP subnets located on your network. \par\pard\par\pard\ql From the Main Menu of the browser interface, under Advanced, click on \ul0\nosupersub\cf15\f16 \fs21 Static Routes\ul0\nosupersub\cf11\f12\fs21 to view the Static Route table shown below. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Configuration}\cell {\ul0\nosupersub\cf4\f5\fs19 8-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 F igure 8-2: Static Routes table \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\ fs21 To add or edit a Static Route: \par\pard\par\pard\ql \ul0\nosupersub\cf25\f 26\fs19 1. \ul0\nosupersub\cf11\f12\fs21 Click the \ul0\nosupersub\cf15\f16\fs21 Add\ul0\nosupersub\cf11\f12\fs21 button to open the Add/Edit menu, shown below . \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure 8-3: Static Route E ntry and Edit menu \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Type a route name for this static route in the Route Name box.}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 (This is for identification purpose only.) }\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Select Private if you want to limit access to the LAN only. The sta tic route will not be reported}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 in RIP.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Select Active to make this route effective.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 5.}\cell{\ul0\nosupersub\c f11\f12\fs21 Type the Destination IP Address of the final destination.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 6.}\cell{\ul0\nosupersub\c f11\f12\fs21 Type the IP Subnet Mask for this destination.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 If the destination is a single host, type \ul0\nosupersub\cf15\f16\fs21 255.255.255.255\ul0\nosupersub\cf11\f12\fs21 .}\ce ll {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 7.}\cell{\ul0\nosupersub\c f11\f12\fs21 Type the Gateway IP Address, which must be a firewall on the same L AN segment as the}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 8-6}\cell{\ul0\nosupersub\cf 4\f5\fs19 Advanced Configuration}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 8.}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 Type a number between 1 and 15 as the Metr ic value.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 This represents the number of firewalls be tween your network and the destination. Usually, a}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 setting of 2 or 3 works, but if this is a direct connection, set it to 1.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 9.}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Apply\ ul0\nosupersub\cf11\f12\fs21 to have the static route entered into the table.}\ cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf19\f20\fs27 Static Route Example}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 As an example of when a static route is ne eded, consider the following case:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Your primary Internet access is through a cable modem to an ISP.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 You have an ISDN firewall on your home network for connecting to the company w here}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql you are employed. This firewall\u8217?s address on your L AN is 192.168.0.100. \par\pard\par\pard\ql \u8226? Your company\u8217?s network is 134.177.0.0. \par\pard\par\pard\ql When you first configured your firewall, t wo implicit static routes were created. A default route was created with your IS P as the gateway, and a second static route was created to your local network fo r all 192.168.0.x addresses. With this configuration, if you attempt to access a device on the 134.177.0.0 network, your firewall will forward your request to t he ISP. The ISP forwards your request to the company where you are employed, and the request will likely be denied by the company\u8217?s firewall. \par\pard\pa r\pard\ql In this case you must define a static route, telling your firewall tha t 134.177.0.0 should be accessed through the ISDN firewall at 192.168.0.100. The static route would look like \ul0\nosupersub\cf21\f22\fs21 Figure 8-3\ul0\nosup ersub\cf11\f12\fs21 . \par\pard\par\pard\ql In this example: \par\pard\u8226? Th e Destination IP Address and IP Subnet Mask fields specify that this static rout e applies to all 134.177.x.x addresses. \u8226?\par\par The Gateway IP Address f ields specifies that all traffic for these addresses should be forwarded to the ISDN firewall at 192.168.0.100. \u8226? A Metric value of 1 will work since the ISDN firewall is on the LAN. \u8226? Private is selected only as a precautionary security measure in case RIP is activated. \par\pard\par\pard\ql \ul0\nosupersu b\cf12\f13\fs30 Enabling Remote Management Access \par\pard\par\pard\ql \ul0\nos upersub\cf11\f12\fs21 Using the Remote Management page, you can allow a user or users on the Internet to configure, upgrade and check the status of your FVS318v 3 VPN Firewall. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Configuration}\cell {\ul0\nosupersub\cf4\f5\fs19 8-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note: \ul0\nosupe rsub\cf11\f12\fs21 Be sure to change the firewall\u8217?s default configuration password to a very secure password. The ideal password should contain no diction ary words from any language, and should be a mixture of letters (both upper and lower case), numbers, and symbols. Your password can be up to 30 characters. \pa r\pard\par\pardTo configure your firewall for Remote Management: \ul0\nosupersub \cf25\f26\fs19 1. \ul0\nosupersub\cf11\f12\fs21 Select the Turn Remote Managemen t On check box. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 2. \ul0\nosu persub\cf11\f12\fs21 Specify what external addresses will be allowed to access t he firewall\u8217?s remote management. \par \ul0\nosupersub\cf15\f16\fs21 No te: \ul0\nosupersub\cf11\f12\fs21 For enhanced security, restrict access to as f ew external IP addresses as practical. \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosu persub\cf11\f12\fs21 To allow access from any IP address on the Internet, sel ect Everyone. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosuper sub\cf11\f12\fs21 To allow access from a range of IP addresses on the Interne t, select IP address range. \par Enter a beginning and ending IP address to define the allowed range. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 c.\ul0\nosupersub\cf11\f12\fs21 To allow access from a single IP address on the Internet, select Only this PC. \par Enter the IP address that will be allowe d access. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 3. \ul0\nosupersub \cf11\f12\fs21 Specify the Port Number that will be used for accessing the manag ement interface. \par\pard\par\pard\ql Web browser access normally uses the stan dard HTTP service port 80. For greater security, \par you can change the remot e management web interface to a custom port by entering that number in the box p rovided. Choose a number between 1024 and 65535, but do not use the number of an y common service port. The default is 8080, which is a common alternate for HTTP . \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 4. \ul0\nosupersub\cf11\f1 2\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs21 t o have your changes take effect. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\ fs19 5. \ul0\nosupersub\cf11\f12\fs21 When accessing your firewall from the Inte rnet, the Secure Sockets Layer (SSL) will be \par enabled. You will enter \ul0\nosupersub\cf18\f19\fs21 https://\ul0\nosupersub\cf11\f12\fs21 and type yo ur firewall's WAN IP address into your browser, followed by a colon (:) and the custom port number. For example, if your WAN IP address is 134.177.0.123 and you use port number 8080, type the following in your browser: \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 https://134.177.0.123:8080 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 If you do not use the SSL \ul0\nosupersub\cf18\f19 \fs21 https://address\ul0\nosupersub\cf11\f12\fs21 , but rather use \ul0\nosuper sub\cf18\f19\fs21 http://address\ul0\nosupersub\cf11\f12\fs21 , the FVS318v3 wil l automatically attempt to redirect to \ul0\nosupersub\cf18\f19\fs21 https://add ress. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note: \ul0\nosuper sub\cf11\f12\fs21 The first time you remotely connect the FVS318v3 with a browse r via SSL, you may get a message regarding the SSL certificate. If you are using a Windows computer with Internet Explorer 5.5 or higher, simply click \ul0\nosu persub\cf15\f16\fs21 Yes\ul0\nosupersub\cf11\f12\fs21 to accept the certificate . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 8-8}\cell{\ul0\nosupersub\cf 4\f5\fs19 Advanced Configuration}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa

rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Tip:\ul0\n osupersub\cf11\f12\fs21 If you are using a dynamic DNS service such as TZO, you can always identify the IP address of your FVS318v3 by running \ul0\nosupersub\ cf53\f54\fs18 TRACERT\ul0\nosupersub\cf11\f12\fs21 from the Windows Start menu Run option. For example, type \ul0\nosupersub\cf15\f16\fs21 tracert yourFVS318v3 .mynetgear.net\ul0\nosupersub\cf11\f12\fs21 and you will see the IP address \pa r your ISP assigned to the FVS318v3. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Advanced Configuration}\cell {\ul0\nosupersub\cf4\f5\fs19 8-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 8-10}\cell{\ul0\nosupersub\c f4\f5\fs19 Advanced Configuration}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf8\f9\fs36 Chapter 9 \par\pard\par\pard\ql Troubleshootin g \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This chapter gives informa tion about troubleshooting your FVS318v3 ProSafe VPN Firewall. After each proble m description, instructions are provided to help you diagnose and solve the prob lem. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Basic Functioning \par\ pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 After you turn on power to the fi rewall, the following sequence of events should occur: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 When power is first applied, verify that the PWR LED is on.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 After approximately 30 seconds, verify that:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\ fs21 The TEST LED is not lit. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\ fs19 b.\ul0\nosupersub\cf11\f12\fs21 The LAN port LEDs are lit for any local ports that are connected. \ul0\nosupersub\cf25\f26\fs19 c.\ul0\nosupersub\cf11\f 12\fs21 The Internet port LED is lit. \par\pard\par\pard\ql If a port\u8217?s LED is lit, a link has been established to the connected device. If a LAN port is connected to a 100 Mbps device, verify that the port\u8217?s LED is green. If the port is 10 Mbps, the LED will be green. \par\pard\par\pard\ql If any of the se conditions does not occur, refer to the appropriate following section. \par\p ard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Power LED Not On \par\pard\par\par

d\ql \ul0\nosupersub\cf11\f12\fs21 If the Power and other LEDs are off when your firewall is turned on: \par\pard\par\pard\ql \u8226? Make sure that the power c ord is properly connected to your firewall and that the power \par supply a dapter is properly connected to a functioning power outlet. \par\pard\par\pard\u 8226? Check that you are using the 12 V DC power adapter supplied by NETGEAR for this product. If the error persists, you have a hardware problem and should con tact technical support. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Troubleshooting}\cell{\ul0\n osupersub\cf4\f5\fs19 9-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 January 2005 \par\pard\par\ pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firew all FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 LEDs Never Turn Off \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 When the firewall is tu rned on, the LEDs turn on briefly and then turn off. If all the LEDs stay on, th ere is a fault within the firewall. \par\pard\par\pard\ql If all LEDs are still on one minute after power up: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Cycle the power to see if the firewall recovers.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Clear the firewall\u8217?s configuration to factory defaults. This will set the firewall\u8217?s IP address to}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql 192.168.0.1. This procedure is explained in \ul0\nosupers ub\cf21\f22\fs21 \u8220?Restoring the Default Configuration and Password\u8221? on page 9-7\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql If the error pe rsists, you might have a hardware problem and should contact technical support. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 LAN or Internet Port LEDs No t On \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 If either the LAN LEDs or Internet LED do not light when the Ethernet connection is made, check the fol lowing: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Make sure that the Ethernet cable connections are secure at th e firewall and at the hub or}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 workstation.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Make sure that power is turned on to the connected hub or work station.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Be sure you are using the correct cable:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql When connecting the firewall\u8217?s Internet port to a c able or DSL modem, use the cable that was supplied with the cable or DSL modem. This cable could be a standard straight-through Ethernet cable or an Ethernet cr ossover cable. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 9-2}\cell{\ul0\nosupersub\cf 4\f5\fs19 Troubleshooting}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 January 2005 \par\pard\par\ pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firew all FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Troubleshooting the Web Configuration Interface \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\ fs21 If you are unable to access the firewall\u8217?s Web Configuration interfac e from a PC on your local network, check the following: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Check the Ethernet connection between the PC and the firewall as described in the previous}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 section.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8226? Make sure your PC\u8217?s IP address is on the sa me subnet as the firewall. If you are using the \par recommended addressing s cheme, your PC\u8217?s address should be in the range of 192.168.0.2 to 192.168. 0.254. \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosuper sub\cf11\f12\fs21 If your PC\u8217?s IP address is shown as 169.254.x.x: Recent versions of Windows and MacOS will generate and assign an IP address if the comp uter cannot reach a DHCP server. These auto-generated addresses are in the range of 169.254.x.x. If your IP address is in this \par range, check the connection from the PC to the firewall and reboot your PC. \par\pard\par\pard\ql \u8226? If

your firewall\u8217?s IP address has been changed and you don\u8217?t know the current IP address, \par clear the firewall\u8217?s configuration to fact ory defaults. This will set the firewall\u8217?s IP address to 192.168.0.1. This procedure is explained in \ul0\nosupersub\cf21\f22\fs21 \u8220?Restoring the De fault Configuration and Password\u8221? on page 9-7\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Make sure your browser has Java, JavaScript, or ActiveX enable d. If you are using Internet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Explorer, click \ul0\nosupersub\cf15\f16\f s21 Refresh\ul0\nosupersub\cf11\f12\fs21 to be sure the Java applet is loaded.} \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Try quitting the browser and launching it again.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Make sure you are using the correct login information. The fac tory default login name is}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 admin\ul0\nosupersub\cf11\f 12\fs21 and the password is \ul0\nosupersub\cf15\f16\fs21 password\ul0\nosupers ub\cf11\f12\fs21 . Make sure that CAPS LOCK is off when entering this informatio n. \par\pard\par\pard\ql If the firewall does not save changes you have made in the Web Configuration Interface, check the following: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 When entering configuration settings, be sure to click the \ul 0\nosupersub\cf15\f16\fs21 Apply\ul0\nosupersub\cf11\f12\fs21 button before mov ing to}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 another menu or tab, or your changes are l ost.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard\ql \u8226? Click the \ul0\nosupersub\cf15\f16\fs21 Refresh\u l0\nosupersub\cf11\f12\fs21 or \ul0\nosupersub\cf15\f16\fs21 Reload\ul0\nosuper sub\cf11\f12\fs21 button in the Web browser. The changes may have occurred, but \par the Web browser may be caching the old configuration. \par\pard\par\pard { \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Troubleshooting}\cell{\ul0\n osupersub\cf4\f5\fs19 9-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 January 2005 \par\pard\par\ pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firew all FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Troubleshooting the ISP Connection \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 If your firewall is unable to access the Internet, you should first determine whet her the firewall is able to obtain a WAN IP address from the ISP. Unless you hav e been assigned a static IP address, your firewall must request an IP address fr om the ISP. You can determine whether the request was successful using the Web C onfiguration Manager. \par\pard\par\pard\ql To check the WAN IP address: \par\pa rd\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Launch your browser and select an external site such as http://www. netgear.com}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Access the main menu of the firewall\u8217?s configuration at \ul0\ nosupersub\cf18\f19\fs21 http://192.168.0.1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Under the Maintenance heading, select \ul0\nosupersub\cf15\f16\fs21 Router Status}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Check that an IP address is shown for the WAN Port}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 If 0.0.0.0 is shown, your firewall has not obtained an IP address from your ISP.}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 If your firewall is unable to obtain an IP address from the ISP, you may need to force your cable or}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 DSL modem to recognize your new firewall b y performing the following procedure:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Turn off power to the cable or DSL modem.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Turn off power to your firewall.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Wait five minutes and reapply power to the cable or DSL modem.}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 When the modem\u8217?s LEDs indicate that it has reacquired sync wi th the ISP, reapply power to}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 your firewall.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl

{}\cell{\ul0\nosupersub\cf11\f12\fs21 If your firewall is still unable to obtain an IP address from the ISP, the problem may be one of the}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 following:}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Your ISP may require a login program.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Ask your ISP whether they require PPP over Ethernet (PPPoE) or some other type of login.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 If your ISP requires a login, you may have incorrectly set the login name and password.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Your ISP may check for your PC's host name.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Assign the PC Host Name of your ISP accoun t as the Account Name in the Basic Settings}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 menu.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Your ISP only allows one Ethernet MAC address to connect to In ternet, and may check for}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 your PC\u8217?s MAC address. In this case: }\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Inform your ISP that you have bought a new network device , and ask them to use the firewall\u8217?s MAC address. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 9-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 Troubleshooting}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 January 2005 \par\pard\par\ pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firew all FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 OR \par\pard\pa r\pard\ql Configure your firewall to spoof your PC\u8217?s MAC address. This can be done in the Basic Settings menu. Refer to \ul0\nosupersub\cf21\f22\fs21 \u82 20?How to Manually Configure Your Internet Connection\u8221? on page 3-12\ul0\no supersub\cf11\f12\fs21 . \par\pard\par\pard\ql If your firewall can obtain an IP address, but your PC is unable to load any Web pages from the Internet: \par\pa rd\par\pard\ql \u8226? Your PC may not recognize any DNS server addresses. \par\ pard\par\pard\ql A DNS server is a host on the Internet that translates Internet names (such as www addresses) to numeric IP addresses. Typically your ISP will provide the addresses of one or two DNS servers for your use. Alternatively, you may configure your PC manually with DNS addresses, as explained in your operati ng system documentation\ul0\nosupersub\cf18\f19\fs21 . \par\pard\par\pard\ql \ul 0\nosupersub\cf11\f12\fs21 \u8226? Your PC may not have the firewall configured as its TCP/IP gateway. \par\pard\par\pard\ql If your PC obtains its information from the firewall by DHCP, reboot the PC and verify the gateway address. \par\pa rd\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Troubleshooting a TCP/IP Network Us ing a Ping Utility \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Most TCP/ IP terminal devices and firewalls contain a ping utility that sends an echo requ est packet to the designated device. The device then responds with an echo reply . Troubleshooting a TCP/IP network is made very easy by using the ping utility i n your PC or workstation. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Te sting the LAN Path to Your Firewall \par\pard\par\pard\ql \ul0\nosupersub\cf11\f 12\fs21 You can ping the firewall from your PC to verify that the LAN path to yo ur firewall is set up correctly. \par\pard\par\pardTo ping the firewall from a P C running Windows 95 or later: \ul0\nosupersub\cf25\f26\fs19 1. \ul0\nosupersub\ cf11\f12\fs21 From the Windows toolbar, click the \ul0\nosupersub\cf15\f16\fs21 Start\ul0\nosupersub\cf11\f12\fs21 button and select \ul0\nosupersub\cf15\f16\f s21 Run\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 In the field provided, type ping followed by the IP address of the

firewall, as in this example:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 ping 192.168.0.1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click on \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\f s21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql You should see a message like this one: \par\pard\par\par d\ql \ul0\nosupersub\cf45\f46\fs18 Pinging <IP address> with 32 bytes of data \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Troubleshooting}\cell{\ul0\n osupersub\cf4\f5\fs19 9-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 January 2005 \par\pard\par\ pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firew all FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 If the path is working, you see this message: \par\pard\par\pard\ql \ul0\nosupersub\cf45\f46\fs 18 Reply from < IP address >: bytes=32 time=NN ms TTL=xxx \par\pard\par\pard\q l \ul0\nosupersub\cf11\f12\fs21 If the path is not working, you see this message : \par\pard\par\pard\ql \ul0\nosupersub\cf45\f46\fs18 Request timed out \par\par d\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 If the path is not functioning corre ctly, you could have one of the following problems: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Wrong physical connections}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8212? Make sure the LAN port LED is on. If the LED is off, follow the instructions in \ul0\nosupersub\cf21\f22\fs21 \u8220?LAN \par or Internet Port LEDs Not On\u8221? on page 9-2\ul0\nosupersub\cf11\f12\fs21 \u8 221?. \par\pard\par\pard\ql \u8212? Check that the corresponding Link LEDs are on for your network interface card and \par for the hub ports (if any) that are connected to your workstation and firewall. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Wrong network configuration}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8212? Verify that the Ethernet card driver software an d TCP/IP software are both installed \par and configured on your PC or wor kstation. \par\pard\par\pard\ql \u8212? Verify that the IP address for your fir ewall and your workstation are correct and that \par the addresses are on the same subnet. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Testing the Pa th from Your PC to a Remote Device \par\pard\par\pard\ql \ul0\nosupersub\cf11\f1 2\fs21 After verifying that the LAN path works correctly, test the path from you r PC to a remote device. From the Windows run menu, type: \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 PING -n 10\ul0\nosupersub\cf11\f12\fs21 <\ul0\nos upersub\cf18\f19\fs21 IP address\ul0\nosupersub\cf11\f12\fs21 > \par\pard\par\pa rd\ql where <\ul0\nosupersub\cf18\f19\fs21 IP address\ul0\nosupersub\cf11\f12\fs 21 > is the IP address of a remote device such as your ISP\u8217?s DNS server. \ par\pard\par\pard\ql If the path is functioning correctly, replies as in the pre vious section are displayed. If you do not receive replies: \par\pard\par\pard\q l \u8212? Check that your PC has the IP address of your firewall listed as the default gateway. If the \par IP configuration of your PC is assigned by DHCP, this information will not be visible in your PC\u8217?s Network Control Panel. Verify that the IP address of the firewall is listed as the default gateway. \pa r\pard\par\pard\ql \u8212? Check to see that the network address of your PC (th e portion of the IP address specified \par by the netmask) is different fro m the network address of the remote device. \par\pard\par\pard\ql \u8212? Check that your cable or DSL modem is connected and functioning. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 9-6}\cell{\ul0\nosupersub\cf 4\f5\fs19 Troubleshooting}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 January 2005 \par\pard\par\ pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firew all FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 \u8212? If you r ISP assigned a host name to your PC, enter that host name as the Account Name in \par the Basic Settings menu. \par\pard\par\pard\ql \u8212? Your ISP could b e rejecting the Ethernet MAC addresses of all but one of your PCs. Many \par broadband ISPs restrict access by only allowing traffic from the MAC address of your broadband modem, but some ISPs additionally restrict access to the MAC addr ess of a single PC connected to that modem. If this is the case, you must config ure your firewall to \u8220?clone\u8221? or \u8220?spoof\u8221? the MAC address from the authorized PC. Refer to \ul0\nosupersub\cf21\f22\fs21 \u8220?How to Man ually Configure Your Internet Connection\u8221? on page 3-12\ul0\nosupersub\cf11 \f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Restoring the De fault Configuration and Password \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12 \fs21 This section explains how to restore the factory default configuration set tings, changing the firewall\u8217?s administration password to \ul0\nosupersub\ cf15\f16\fs21 password\ul0\nosupersub\cf11\f12\fs21 and the IP address to 192.1 68.0.1. You can erase \par the current configuration and restore factory default s in two ways: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Use the Erase function of the firewall (see \ul0\nosupersub\cf 21\f22\fs21 \u8220?Erasing the Configuration\u8221? on page 7-8\ul0\nosupersub\c f11\f12\fs21 ).}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Use the \ul0\nosupersub\cf15\f16\fs21 Reset\ul0\nosupersub\cf1 1\f12\fs21 button on the rear panel of the firewall. Use this method for cases when the}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 administration password or IP address are not known.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 Press and hold the \ul0\nosupersub\cf15\f16\fs21 Reset\ul0\nosupers ub\cf11\f12\fs21 button until the Test LED turns on and begins blinking (about 10}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 seconds).}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Release the \ul0\nosupersub\cf15\f16\fs21 Reset\ul0\nosupersub\cf11 \f12\fs21 button and wait for the firewall to reboot.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Problems with Date and Time \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The E-Mail menu in the Cont ent Filtering section displays the current date and time of day. The FVS318v3 VP N Firewall uses the Network Time Protocol (NTP) to obtain the current time from one of several Network Time Servers on the Internet. Each entry in the log is st amped with the date and time of day. Problems with the date and time function ca n include: \par\pard\par\pard\ql \u8226? Date shown is January 1, 2000. Cause: T he firewall has not yet successfully reached a \par Network Time Server. Che ck that your Internet access settings are configured correctly. If you have just completed configuring the firewall, wait at least five minutes and check the da te and time again. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Time is off by one hour. Cause: The firewall does not automati cally sense Daylight Savings}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Time. In the E-Mail menu, check or uncheck the box marked \ul0\nosupersub\cf15\f16\fs21 Adjust for Daylight Savings}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Time\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Troubleshooting}\cell{\ul0\n osupersub\cf4\f5\fs19 9-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 January 2005 \par\pard\par\ pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firew all FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 9-8}\cell{\ul0\nosupersub\cf 4\f5\fs19 Troubleshooting}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 January 2005 \par\pard\par\ pard\ql \ul0\nosupersub\cf8\f9\fs36 Appendix A \par\pard\par\pard\ql Technical S pecifications \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This appendix provides technical specifications for the FVS318v3 ProSafe VPN Firewall. \par\pa rd\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Network Protocol and Standards Compat ibility \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 Data and Routing Protocols :}\cell{\ul0\nosupersub\cf11\f12\fs21 TCP/IP, RIP-1, RIP-2, DHCP}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 PPP over Ethernet (PPPoE)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Power Adapter}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 North America:}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 120V, 60 Hz, input}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 United Kingdom, Australia: }\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 240V, 50 Hz, input}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 Europe:}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 230V, 50 Hz, input}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 Japan:}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 100V, 50/60 Hz, input}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 All regions (output):}\cel l {}\cell{\ul0\nosupersub\cf11\f12\fs21 12 V DC @ 1.2 A output, 18W maximum}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Physical Specifications}\cel l \cell

\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 Dimensions:}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 39.6 x 254 x 178 mm (1.6 x 10 x 7 in)}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 Weight:}\cell{\ul0\nosuper sub\cf11\f12\fs21 1.23 kg}\cell{\ul0\nosupersub\cf11\f12\fs21 (2.72 lb)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Environmental Specifications }\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 Operating temperature:}\ce ll{\ul0\nosupersub\cf11\f12\fs21 0 to 40 C}\cell{\ul0\nosupersub\cf11\f12\fs21 (32 to 104 F)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 Operating humidity:}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 90% maximum relative humidity, noncondensi ng}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Technical Specifications}\ce

ll{\ul0\nosupersub\cf4\f5\fs19 A-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Electromagnetic Emi ssions \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 Meets requirements of:}\ce ll{\ul0\nosupersub\cf11\f12\fs21 FCC Part 15 Class B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 VCCI Class B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 EN 55 022 (CISPR 22), Class B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Interface Specifications}\ce ll \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 LAN:}\cell{\ul0\nosupersub \cf11\f12\fs21 10BASE-T or 100BASE-Tx, RJ-45}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 WAN:}\cell{\ul0\nosupersub \cf11\f12\fs21 10BASE-T or 100BASE-Tx, RJ-45}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 A-2}\cell{\ul0\nosupersub\cf

4\f5\fs19 Technical Specifications}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf8\f9\fs36 Appendix B \par\pard\par\pard\ql Network, Rout ing, and Firewall Basics \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Thi s chapter provides an overview of IP networks, routing, and networking. \par\par d\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Related Publications \par\pard\par\p ard\ql \ul0\nosupersub\cf11\f12\fs21 As you read this document, you may be direc ted to various RFC documents for further \par information. An RFC is a Request For Comment (RFC) published by the Internet Engineering Task Force (IETF), an o pen organization that defines the architecture and operation of the Internet. Th e RFC documents outline and define the standard protocols and procedures for the Internet. The \par documents are listed on the World Wide Web at \ul0\nosupersu b\cf18\f19\fs21 www.ietf.org\ul0\nosupersub\cf11\f12\fs21 and are mirrored and indexed at many other sites worldwide. \par\pard\par\pard\ql \ul0\nosupersub\cf1 2\f13\fs30 Basic Router Concepts \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\ fs21 Large amounts of bandwidth can be provided easily and relatively inexpensiv ely in a local area \par network (LAN). However, providing high bandwidth between a local network and the Internet can be very expensive. Because of this expense, Internet access is usually provided by a slower-speed \par wide-area n etwork (WAN) link such as a cable or DSL modem. In order to make the best use of the slower WAN link, a mechanism must be in place for selecting and transmittin g only the data traffic meant for the Internet. The function of selecting and fo rwarding this data is performed by a router. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Network, Routing, and Firewa ll Basics}\cell{\ul0\nosupersub\cf4\f5\fs19 B-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 What is a Router? \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 A router is a device that f orwards traffic between networks based on network layer information in the data and on routing tables maintained by the router. In these routing tables, a route r builds up a \par logical picture of the overall network by gathering and exchanging information with other routers in the network. Using this information , the router chooses the best path for forwarding network traffic. \par\pard\par \pard\ql Routers vary in performance and scale, number of routing protocols supp orted, and types of physical WAN connection they support. The FVS318v3 ProSafe V PN Firewall is a small office router that routes the IP protocol over a single-u ser broadband connection. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Ro uting Information Protocol \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 O ne of the protocols used by a router to build and maintain a picture of the netw ork is the Routing Information Protocol (RIP). Using RIP, routers periodically u pdate one another and check for changes to add to the routing table. \par\pard\p ar\pard\ql The FVS318v3 VPN Firewall supports both the older RIP-1 and the newer RIP-2 protocols. Among other improvements, RIP-2 supports subnet and multicast protocols. RIP is not required for most home applications. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 IP Addresses and the Internet \par\pard\par\pard\ ql \ul0\nosupersub\cf11\f12\fs21 Because TCP/IP networks are interconnected acro ss the world, every machine on the Internet must have a unique address to make s ure that transmitted data reaches the correct destination. Blocks of addresses a

re assigned to organizations by the Internet Assigned Numbers Authority (IANA). Individual users and small organizations may obtain their addresses either from the IANA or from an Internet service provider (ISP). You can contact IANA at www .iana.org. \par\pard\par\pard\ql The Internet Protocol (IP) uses a 32-bit addres s structure. The address is usually written in dot \par notation (also called do tted-decimal notation), in which each group of eight bits is written in decimal form, separated by decimal points. \par\pard\par\pard\ql For example, the follow ing binary address: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf14\f15\fs18 11000011}\cell{\ul0\nosupe rsub\cf14\f15\fs18 00100010}\cell{\ul0\nosupersub\cf14\f15\fs18 00001100}\cell{\ ul0\nosupersub\cf14\f15\fs18 00000111}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 is normally written as: \pa r\pard\par\pard\ql \ul0\nosupersub\cf14\f15\fs18 195.34.12.7 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 B-2}\cell{\ul0\nosupersub\cf 4\f5\fs19 Network, Routing, and Firewall Basics}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The latter versio n is easier to remember and easier to enter into your computer. \par\pard\par\pa rd\ql In addition, the 32 bits of the address are subdivided into two parts. The first part of the address identifies the network, and the second part identifie s the host node or station on the network. The dividing point may vary depending on the address range and the application. \par\pard\par\pard\ql There ar e five standard classes of IP addresses. These address classes have different wa ys of determining the network and host sections of the address, allowing for dif ferent numbers of hosts on a network. Each address type begins with a unique bit pattern, which is used by the TCP/IP software to identify the address class. Af ter the address class has been determined, the software can correctly identify t he host section of the address. The follow figure shows the three main \par addr ess classes, including network and host sections of the address for each address type. \par\pard\par\pard\ql \ul0\nosupersub\cf55\f56\fs18 Class A \par\pard\par \pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf55\f56\fs18 Network}\cell{\ul0\nosuper sub\cf55\f56\fs18 Node}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Class B \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf55\f56\fs18 Network}\cell{\ul0\nosuper sub\cf55\f56\fs18 Node}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Class C \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf55\f56\fs18 Network}\cell{\ul0\nosuper sub\cf55\f56\fs18 Node}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf54\f55\fs18 7261 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure B-1: Three Main Address Classes \par\pard\p ar\pard\ql \ul0\nosupersub\cf11\f12\fs21 The five address classes are: \par\pard \par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Class A}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Class A addresses can have up to 16,777,214 hosts on a si ngle network. They use an eight-bit network number and a 24-bit node number. Cla ss A addresses are in this range: \par\pard\par\pard\ql \ul0\nosupersub\cf14\f15 \fs18 1.x.x.x to 126.x.x.x. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Class B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Class B addresses can have up to 65,354 hosts on a networ k. A Class B address uses a 16-bit network number and a 16-bit node number. Clas s B addresses are in this range: \par\pard\par\pard\ql \ul0\nosupersub\cf14\f15\ fs18 128.1.x.x to 191.254.x.x. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Network, Routing, and Firewa ll Basics}\cell{\ul0\nosupersub\cf4\f5\fs19 B-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Class C}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Class C addresses can have 254 hosts on a network. Class

C addresses use 24 bits for the network address and eight bits for the node. The y are in this range: \par\pard\par\pard\ql \ul0\nosupersub\cf14\f15\fs18 192.0.1 .x to 223.255.254.x. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Class D}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are in this range: \par\pard\par\pard\ql \ul0\ nosupersub\cf14\f15\fs18 224.0.0.0 to 239.255.255.255. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Class E}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Class E addresses are for experimental use. \par\pard\par \pard\ql This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network. \par\pard\par\pard\ql For each unique value of the network portion of the address, the base address of the range (host address of all zeros) is known as the network address and is no t usually assigned to a host. Also, the top address of the range (host address o f all ones) is not assigned, but is used as the broadcast address for simultaneo usly sending a packet to all hosts with the same network address. \par\pard\par\ pard\ql \ul0\nosupersub\cf19\f20\fs27 Netmask \par\pard\par\pard\ql \ul0\nos upersub\cf11\f12\fs21 In each of the address classes previously described, the s ize of the two parts (network address and host address) is implied by the class. This partitioning scheme can also be expressed by a netmask \par associated wit h the IP address. A netmask is a 32-bit quantity that, when logically combined ( using \par an AND operator) with an IP address, yields the network address. For instance, the netmasks for Class A, B, and C addresses are 255.0.0.0, 255.2 55.0.0, and 255.255.255.0, respectively. \par\pard\par\pard\ql For example, the address 192.168.170.237 is a Class C IP address whose network portion is the upp er 24 bits. When combined (using an AND operator) with the Class C netmask, as s hown here, only the network portion of the address remains: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf14\f15\fs18 11000000}\cell{\ul0\nosupe rsub\cf14\f15\fs18 10101000}\cell{\ul0\nosupersub\cf14\f15\fs18 10101010}\cell{\ ul0\nosupersub\cf14\f15\fs18 11101101 (192.168.170.237)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 combined with:}\cell \cell \cell \cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf14\f15\fs18 11111111}\cell{\ul0\nosupe rsub\cf14\f15\fs18 11111111}\cell{\ul0\nosupersub\cf14\f15\fs18 11111111}\cell{\ ul0\nosupersub\cf14\f15\fs18 00000000 (255.255.255.0)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 Equals:}\cell \cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf14\f15\fs18 11000000}\cell{\ul0\nosupe rsub\cf14\f15\fs18 10101000}\cell{\ul0\nosupersub\cf14\f15\fs18 10101010}\cell{\ ul0\nosupersub\cf14\f15\fs18 00000000 (192.168.170.0)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 B-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 Network, Routing, and Firewall Basics}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 As a shorter alte rnative to dotted-decimal notation, the netmask may also be expressed in terms o f the number of ones from the left. This number is appended to the IP address, f ollowing a backward slash (/), as \u8220?/n.\u8221? In the example, the address could be written as 192.168.170.237/24, indicating \par that the netmask is 24 o nes followed by 8 zeros. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Sub net Addressing \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 By looking at the addressing structures, you can see that even with a Class C address, there are a large number of hosts per network. Such a structure is an inefficient use

of addresses if each end of a routed link requires a different network number. I t is unlikely that the smaller office LANs would have that many devices. You can resolve this problem by using a technique known as subnet addressing. \par\pard \par\pard\ql Subnet addressing allows us to split one IP network address into sm aller multiple physical networks known as subnetworks. Some of the node numbers are used as a subnet number instead. A Class B address gives us 16 bits of node numbers translating to 64,000 nodes. Most organizations do not use 64,000 nodes, so there are free bits that can be reassigned. Subnet addressing makes use of t hose bits that are free, as shown below. \par\pard\par\pard\ql \ul0\nosupersub\c f55\f56\fs18 Class B \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf55\f56\fs18 Network}\cell{\ul0\nosuper sub\cf55\f56\fs18 Subnet}\cell{\ul0\nosupersub\cf55\f56\fs18 Node}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure B-2: Example of Subn etting a Class B Address \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 A C lass B address can be effectively translated into multiple Class C addresses. Fo r example, the IP address of 172.16.0.0 is assigned, but node addresses are limi ted to 255 maximum, allowing eight extra bits to use as a subnet address. The IP address of 172.16.97.235 would be interpreted as IP network address 172.16, sub net number 97, and node number 235. In addition to extending the number of addre sses available, subnet addressing provides other benefits. Subnet addressing all ows a network manager to construct an address scheme for the network by using di fferent subnets for other geographical locations in the network or for other dep artments in the organization. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Network, Routing, and Firewa ll Basics}\cell{\ul0\nosupersub\cf4\f5\fs19 B-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Although t he preceding example uses the entire third octet for a subnet address, note that you are not restricted to octet boundaries in subnetting. To create more networ k numbers, you need only \par shift some bits from the host address to the netwo rk address. For instance, to partition a Class C network number (192.68.135.0) i nto two, you shift one bit from the host address to the network address. The new netmask (or subnet mask) is 255.255.255.128. The first subnet has network numbe r 192.68.135.0 with hosts 192.68.135.1 to 129.68.135.126, and the second subnet has network number 192.68.135.128 with hosts 192.68.135.129 to 192.68.135.254. \ par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11 \f12\fs21 The number 192.68.135.127 is not assigned because it is the broadcast address of the first subnet. The number 192.68.135.128 is not assigned because i t is the network address of the second subnet. \par\pard\par\pard\ql The followi ng table lists the additional subnet mask bits in dotted-decimal notation. To us e the \par table, write down the original class netmask and replace the 0 v alue octets with the dotted-decimal value of the additional subnet bits. For exa mple, to partition your Class C network with subnet mask 255.255.255.0 into 16 s ubnets (4 bits), the new subnet mask becomes 255.255.255.240. \par\pard\par\pard {

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table B-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Netmask notation translation table for one octet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Number of Bits}\cell{\ul0\no supersub\cf2\f3\fs18 Dotted-Decimal Value}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 1}\cell{\ul0\nosupersub\cf2\ f3\fs18 128}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 2}\cell{\ul0\nosupersub\cf2\ f3\fs18 192}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 3}\cell{\ul0\nosupersub\cf2\ f3\fs18 224}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 4}\cell{\ul0\nosupersub\cf2\ f3\fs18 240}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 5}\cell{\ul0\nosupersub\cf2\ f3\fs18 248}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 6}\cell{\ul0\nosupersub\cf2\ f3\fs18 252}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 7}\cell{\ul0\nosupersub\cf2\ f3\fs18 254}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 8}\cell{\ul0\nosupersub\cf2\ f3\fs18 255}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 The following table displays several commo n netmask values in both the dotted-decimal and the}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 masklength formats.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table B-2.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Netmask formats}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Dotted-Decimal}\cell{\ul0\no supersub\cf2\f3\fs18 Masklength}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 255.0.0.0}\cell{\ul0\nosuper sub\cf2\f3\fs18 /8}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 B-6}\cell{\ul0\nosupersub\cf 4\f5\fs19 Network, Routing, and Firewall Basics}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\ul0\nosupersub\cf4\f5\fs19 Netmask formats \ul0\nosupersub\ cf2\f3\fs18 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.

255.255.248 255.255.255.252 255.255.255.254 255.255.255.255 /16 /24 /25 /26 /27 /28 /29 /30 /31 /32 \par\pard\par\pard\ul0\nosupersub\cf11\f12\fs21 Configur e all hosts on a LAN segment to use the same netmask for the following reasons: \u8226? So that hosts recognize local IP broadcast packets \par\pard\par\pard\ql When a device broadcasts to its segment neighbors, it uses a destination addres s of the local network address with all ones for the host address. In order for this scheme to work, all devices on the segment must agree on which bits compris e the host address. \par\pard\par\pard\ql \u8226? So that a local router or brid ge recognizes which addresses are local and which are remote \par\pard\par\pard\ ql \ul0\nosupersub\cf19\f20\fs27 Private IP Addresses \par\pard\par\pard\ql \ul0 \nosupersub\cf11\f12\fs21 If your local network is isolated from the Internet (f or example, when using NAT), you can assign any IP addresses to the hosts withou t problems. However, the IANA has reserved the following three blocks of IP addr esses specifically for private networks: \par\pard\par\pard\ql \ul0\nosupersub\c f14\f15\fs18 10.0.0.0 - 10.255.255.255 \par\pard\par\pard\ql 172.16.0.0 - 17 2.31.255.255 192.168.0.0 - 192.168.255.255 \par\pard\par\pard\ql \ul0\nosupers ub\cf11\f12\fs21 Choose your private network number from this range. The DHCP se rver of the FVS318v3 VPN Firewall is preconfigured to automatically assign priva te addresses. \par\pard\par\pard\ql Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines explained h ere. For more information about address assignment, refer to RFC 1597, \ul0\nosu persub\cf18\f19\fs21 Address Allocation for Private Internets,\ul0\nosupersub\cf 11\f12\fs21 and RFC 1466, \ul0\nosupersub\cf18\f19\fs21 Guidelines for Manageme nt of IP Address Space\ul0\nosupersub\cf11\f12\fs21 . The Internet Engineering T ask Force (IETF) publishes RFCs on its Web site at \par www.ietf.org. \par\pard\ par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Network, Routing, and Firewa ll Basics}\cell{\ul0\nosupersub\cf4\f5\fs19 B-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Single IP Address Operation Using NAT \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to obtain a range of IP addresses from the ISP. This type of Internet accou nt is more costly than a single-address account typically used by a single user with a modem, rather than a router. The FVS318v3 VPN Firewall employs an address -sharing method called Network Address Translation (NAT). This method allows sev eral networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your ISP. \par\pard\par\pard\ ql The router accomplishes this address sharing by translating the internal LAN IP addresses to a single address that is globally unique on the Internet. T he internal LAN IP addresses can be either \par private addresses or registered addresses. For more information about IP address translation, refer to RFC 1631, \ul0\nosupersub\cf18\f19\fs21 The IP Network Address Translator (NAT)\ul0\nosup ersub\cf11\f12\fs21 . \par\pard\par\pard\ql The following figure illustrates a s ingle IP address operation. \par\pard\par\pard\ql \ul0\nosupersub\cf55\f56\fs18 Private IP addresses assigned by user \par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf55\f56\fs18 IP addresses}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf55\f56\fs18 assigned by ISP}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf55\f56\fs18 192.168.0.2}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql 192.168.0.3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf55\f56\fs18 192.168.0.1}\cell{\ul0\nos upersub\cf55\f56\fs18 172.21.15.105}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Internet \par\pard\par\pard\ql 192.168.0.4 \par\pard\par\ pard\ql 192.168.0.5 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure B-3 : Single IP Address Operation Using NAT \par\pard\par\pard\ql \ul0\nosupersub\ cf11\f12\fs21 This scheme offers the additional benefit of firewall-like protect ion because the internal LAN addresses are not available to the Internet through the translated connection. All incoming inquiries are filtered out by the route r. This filtering can prevent intruders from probing your system. However, using port forwarding, you can allow one PC (for example, a Web server) on your local network to be accessible to outside users. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 B-8}\cell{\ul0\nosupersub\cf 4\f5\fs19 Network, Routing, and Firewall Basics}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 MAC Addresses and Address Resolution Protocol \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 An IP address alone cannot be used to deliver data from one LAN device to anoth er. To send data between LAN devices, you must convert the IP address of the des tination device to its media access control (MAC) address. Each device on an Eth ernet network has a unique MAC address, which is a 48-bit number assigned to eac h device by the manufacturer. The technique that associates the IP address with a MAC address is known as address resolution. Internet Protocol uses the Address Resolution Protocol (ARP) to resolve MAC addresses. \par\pard\par\pard\ql If a device sends data to another station on the network and the destination MAC address is not yet recorded, ARP is used. An ARP request is broadcast onto the network. All stations on the network \par receive and read the request. The dest ination IP address for the chosen station is included as part of the message so that only the station with this IP address responds to the ARP request. All othe r stations discard the request. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\f s27 Related Documents \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The st ation with the correct IP address responds with its own MAC address directly to

the sending device. The receiving station provides the transmitting station with the required destination MAC \par address. The IP address data and MAC add ress data for each station are held in an ARP table. The next time data is sent, the address can be obtained from the address information in the table. \par\par d\par\pard\ql For more information about address assignment, refer to the IETF d ocuments RFC 1597, \ul0\nosupersub\cf18\f19\fs21 Address Allocation for Private Internets,\ul0\nosupersub\cf11\f12\fs21 and RFC 1466, \ul0\nosupersub\cf18\f19\ fs21 Guidelines for Management of IP Address Space\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql For more information about IP address translation, refer to RFC 1631, \ul0\nosupersub\cf18\f19\fs21 The IP Network Address Translator (N AT)\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf19\f2 0\fs27 Domain Name Server \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Ma ny of the resources on the Internet can be addressed by simple descriptive names such as \ul0\nosupersub\cf18\f19\fs21 www.NETGEAR.com\ul0\nosupersub\cf11\f12\f s21 . This addressing is very helpful at the application level, but the descript ive name must be translated to an IP address in order for a user to actually con tact the resource. Just as a telephone directory maps names to phone numbers, or as an ARP table maps IP addresses to MAC addresses, a domain name system (DNS) server maps descriptive names of network resources to IP addresses. \par\pard\pa r\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Network, Routing, and Firewa ll Basics}\cell{\ul0\nosupersub\cf4\f5\fs19 B-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 When a PC accesse s a resource by its descriptive name, it first contacts a DNS server to obtain t he IP address of the resource. The PC sends the desired message using the IP add ress. Many large organizations, such as ISPs, maintain their own DNS servers and allow their customers to use the servers to look up addresses. \par\pard\par\pa rd\ql \ul0\nosupersub\cf12\f13\fs30 IP Configuration by DHCP \par\pard\par\pard\ ql \ul0\nosupersub\cf11\f12\fs21 When an IP-based local area network is installe d, each PC must be configured with an IP address. If the PCs need to access the Internet, they should also be configured with a gateway address and one or more DNS server addresses. As an alternative to manual configuration, there is a meth od by \par which each PC on the network can automatically obtain this confi guration information. A device on the network may act as a Dynamic Host Configur ation Protocol (DHCP) server. The DHCP server stores a list or pool of IP addres ses, along with other information (such as gateway and DNS addresses) that it ma y assign to the other devices on the network. The FVS318v3 VPN Firewall has the capacity to act as a DHCP server. \par\pard\par\pard\ql The FVS318v3 VPN Firewal l also functions as a DHCP client when connecting to the ISP. The firewall can a utomatically obtain an IP address, subnet mask, DNS server addresses, and a gate way address if the ISP provides this information by DHCP. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Internet Security and Firewalls \par\pard\par\pard \ql \ul0\nosupersub\cf11\f12\fs21 When your LAN connects to the Internet through a router, an opportunity is created for outsiders \par to access or disrupt you r network. A NAT router provides some protection because by the very nature of t he process, the network behind the router is shielded from access by outsiders o n the \par Internet. However, there are methods by which a determined hacker can possibly obtain information about your network or at the least can disrupt your Internet access. A greater degree of protection is provided by a firewall route r. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 B-10}\cell{\ul0\nosupersub\c

f4\f5\fs19 Network, Routing, and Firewall Basics}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 What is a Firewal l? \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 A firewall is a de vice that protects one network from another, while allowing communication betwee n the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack. Several known types of intrusion or attack can be \par recognized when they occur. When an incident is detected, the firewall can log details of the attempt, and can optionally send e mail to an administrator notifying them of the incident. Using information from the log, the administrator can take action with the ISP of the hacker. In some t ypes of intrusions, the firewall can fend off the hacker by discarding all furth er packets from the hacker\u8217?s IP address for a period of time. \par\pard\pa r\pard\ql \ul0\nosupersub\cf38\f39\fs21 Stateful Packet Inspection \par\pard\par \pard\ql \ul0\nosupersub\cf11\f12\fs21 Unlike simple Internet sharing routers, a firewall uses a process called stateful packet inspection to ensure secure fire wall filtering to protect your network from attacks and intrusions. Since user-l evel applications such as FTP and Web browsers can create complex patterns of ne twork traffic, it is necessary for the firewall to analyze groups of network con nection states. Using Stateful Packet Inspection, an incoming packet is intercep ted at the network layer and then analyzed for state-related information associa ted with all network connections. A central cache within the firewall keeps trac k of the state information associated with all network connections. All traffic passing through the firewall is analyzed against the state of these connections in order to determine whether or not it will be allowed to pass through or rejec ted. \par\pard\par\pard\ql \ul0\nosupersub\cf38\f39\fs21 Denial of Service Attac k \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 A hacker may be able to pr event your network from operating or communicating by launching a Denial of Serv ice (DoS) attack. The method used for such an attack can be as simple as merely flooding your site with more requests than it can handle. A more sophisticated a ttack may attempt to exploit some weakness in the operating system used by your router or gateway. Some operating systems can be disrupted by simply sending a p acket with incorrect length information. \par\pard\par\pard\ql \ul0\nosupersub\c f12\f13\fs30 Ethernet Cabling \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs2 1 Although Ethernet networks originally used thick or thin coaxial cable, most i nstallations currently use unshielded twisted pair (UTP) cabling. The UTP cable contains eight conductors, arranged in four twisted pairs, and terminated with a n RJ45 type connector. A normal straight-through UTP Ethernet cable follows the EIA568B standard wiring as described below in \ul0\nosupersub\cf21\f22\fs21 Tabl e B-3\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Network, Routing, and Firewa ll Basics}\cell{\ul0\nosupersub\cf4\f5\fs19 B-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table B-3.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 UTP Ethernet cable wiring, straight-through}\cell

\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Pin}\cell{\ul0\nosupersub\cf 2\f3\fs18 Wire color}\cell{\ul0\nosupersub\cf2\f3\fs18 Signal}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 1}\cell{\ul0\nosupersub\cf2\ f3\fs18 Orange/White}\cell{\ul0\nosupersub\cf2\f3\fs18 Transmit (Tx) +}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 2}\cell{\ul0\nosupersub\cf2\ f3\fs18 Orange}\cell{\ul0\nosupersub\cf2\f3\fs18 Transmit (Tx) -}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 3}\cell{\ul0\nosupersub\cf2\ f3\fs18 Green/White}\cell{\ul0\nosupersub\cf2\f3\fs18 Receive (Rx) +}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 4}\cell{\ul0\nosupersub\cf2\ f3\fs18 Blue}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 5}\cell{\ul0\nosupersub\cf2\ f3\fs18 Blue/White}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 6}\cell{\ul0\nosupersub\cf2\ f3\fs18 Green}\cell{\ul0\nosupersub\cf2\f3\fs18 Receive (Rx) -}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 7}\cell{\ul0\nosupersub\cf2\ f3\fs18 Brown/White}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 8}\cell{\ul0\nosupersub\cf2\ f3\fs18 Brown}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Category 5 Cable Quality \p ar\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Category 5 distributed cable t hat meets ANSI/EIA/TIA-568-A building wiring standards can be a maximum of 328 f eet (ft.) or 100 meters (m) in length, divided as follows: \par\pard\par\pard\ql 20 ft. (6 m) between the hub and the patch panel (if used) 295 ft. (90 m) from the wiring closet to the wall outlet 10 ft. (3 m) from the wall outlet to the de sktop device \par\pard\par\pard\ql The patch panel and other connecting hardware must meet the requirements for 100 Mbps operation (Category 5). Only 0.5 inch ( 1.5 cm) of untwist in the wire pair is allowed at any termination point. \par\pa rd\par\pard\ql A twisted pair Ethernet network operating at 10 Mbits/second (10B ASE-T) will often tolerate low quality cables, but at 100 Mbits/second (10BASE-T x) the cable must be rated as Category 5, or Cat 5, by the Electronic Industry A ssociation (EIA). This rating will be printed on the cable jacket. A Category 5 cable will meet specified requirements regarding loss and crosstalk. In addition , there are restrictions on maximum cable length for both 10 and 100 Mbits/secon d networks. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 B-12}\cell{\ul0\nosupersub\c f4\f5\fs19 Network, Routing, and Firewall Basics}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Inside Twisted Pair Cables \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 For two devices to communicate, the transmitter of each device must be connected to the receiver of the other device. The crossover function is usually implemen ted internally as part of the circuitry in the device. Computers and workstation adapter cards are usually media-dependent interface ports, called MDI or uplink ports. Most repeaters and switch ports are configured as media-dependent interf

aces with built-in crossover ports, called MDI-X or normal ports. Auto Uplink technology automatically senses which connection, MDI or MDI-X, is needed and ma kes the right connection. \par\pard\par\pard\ql \ul0\nosupersub\cf21\f22\fs21 Fi gure B-4\ul0\nosupersub\cf11\f12\fs21 illustrates straight-through twisted pair cable. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure B-4: Straight -through twisted-pair cable \ul0\nosupersub\cf21\f22\fs21 Figure B-5\ul0\nosuper sub\cf11\f12\fs21 illustrates crossover twisted pair cable. \par\pard\par\pard\ ql \ul0\nosupersub\cf4\f5\fs19 Figure B-5: Crossover twisted-pair cable \par\p ard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Network, Routing, and Firewa ll Basics}\cell{\ul0\nosupersub\cf4\f5\fs19 B-13}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure B-6 : Category 5 UTP cable with male RJ-45 plug at each end \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note\ul0\nosupersub\cf11\f12\fs21 : Flat \u8220?si lver satin\u8221? telephone cable may have the same RJ-45 plug. However, using t elephone cable results in excessive collisions, causing the attached port to be partitioned or disconnected from the network. \par\pard\par\pard\ql \ul0\nosuper sub\cf19\f20\fs27 Uplink Switches, Crossover Cables, and MDI/MDIX Switching \par \pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 In the wiring table above, the c oncept of transmit and receive are from the perspective of the PC, which is wire d as Media Dependant Interface (MDI). In this wiring, the PC transmits on pins 1 and 2. At the hub, the perspective is reversed, and the hub receives on pins 1 and 2. This wiring is referred to as Media Dependant Interface - Crossover (MDIX). \par\pard\par\pard\ql When connecting a PC to a PC, or a hub port to another hub port, the transmit pair must be exchanged with the receive pair. This excha nge is done by one of two mechanisms. Most hubs provide an Uplink switch which w ill exchange the pairs on one port, allowing that port to be connected to anothe r hub using a normal Ethernet cable. The second method is to use a crossover \pa r cable, which is a special cable in which the transmit and receive pairs are exchanged at one of the two cable connectors. Crossover cables are often unm arked as such, and must be identified by comparing the two connectors. Since the cable connectors are clear plastic, it is easy to place them side by side and v iew the order of the wire colors on each. On a straight-through cable, the color order will be the same on both connectors. On a crossover cable, the orange and blue pairs will be exchanged from one connector to the other. \par\pard\par\par d{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 B-14}\cell{\ul0\nosupersub\c f4\f5\fs19 Network, Routing, and Firewall Basics}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The FVS318 v3 VPN Firewall incorporates Auto Uplink\ul0\nosupersub\cf20\f21\fs18 TM\ul0\nos upersub\cf11\f12\fs21 technology (also called MDI/MDIX). Each LOCAL Ethernet po rt will automatically sense whether the Ethernet cable plugged into the port sho uld have a normal connection (e.g. connecting to a PC) or an uplink connection ( e.g. connecting to a router, switch, or hub). That port will then configure itse

lf to the correct \par configuration. This feature also eliminates the need to w orry about crossover cables, as Auto Uplink\ul0\nosupersub\cf20\f21\fs18 TM\ul0\ nosupersub\cf11\f12\fs21 will accommodate either type of cable to make the righ t connection. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Network, Routing, and Firewa ll Basics}\cell{\ul0\nosupersub\cf4\f5\fs19 B-15}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 B-16}\cell{\ul0\nosupersub\c f4\f5\fs19 Network, Routing, and Firewall Basics}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf8\f9\fs36 Appendix C \par\pard\par\pard\ql Virtual Priva te Networking \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 There have bee n many improvements in the Internet including Quality of Service, network perfor mance, and inexpensive technologies, such as DSL. But one of the most important advances has been in Virtual Private Networking (VPN) Internet Protocol security (IPSec). IPSec is one of the most complete, secure, and commercially available, standards-based protocols developed for transporting data. \par\pard\par\pard\q l \ul0\nosupersub\cf12\f13\fs30 What is a VPN? \par\pard\par\pard\ql \ul0\nosupe rsub\cf11\f12\fs21 A VPN is a shared network where private data is segmented fro m other traffic so that only the intended recipient has access. The term VPN was originally used to describe a secure connection over the Internet. Today, howev er, VPN is also used to describe private networks, such as Frame Relay, Asynchro nous Transfer Mode (ATM), and Multiprotocol Label Switching (MPLS). \par\pard\pa r\pard\ql A key aspect of data security is that the data flowing across th e network is protected by encryption technologies. Private networks lack data se curity; so data attackers can tap directly into the network and read the data. I PSec-based VPNs use encryption to provide data security, which increases the net work\u8217?s resistance to data tampering or theft. \par\pard\par\pard\ql IPSecbased VPNs can be created over any type of IP network, including the Internet, F rame Relay, ATM, and MPLS, but only the Internet is ubiquitous and inexpensive. \par\pard\par\pard\ql VPNs are traditionally used for: \par\pard\par\pard\ql \u8 226? \ul0\nosupersub\cf15\f16\fs21 Intranets: \ul0\nosupersub\cf11\f12\fs21 Intr anets connect an organization\u8217?s locations. These locations range from the \par headquarters offices, to branch offices, to a remote employee\u8217?s ho me. Often this connectivity is used for e-mail and for sharing applications and files. While Frame Relay, ATM, and MPLS accomplish these tasks, the shortcomings of each limits connectivity. The cost of connecting home users is also very exp ensive compared to Internet-access technologies, such as DSL or cable. Because o f this, organizations are moving their networks to the Internet, which is inexpe nsive, and using IPSec to create these networks. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Virtual Private Networking}\ cell{\ul0\nosupersub\cf4\f5\fs19 C-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 \u8226? \ul0\nosu persub\cf15\f16\fs21 Remote Access: \ul0\nosupersub\cf11\f12\fs21 Remote access enables telecommuters and mobile workers to access e-mail \par and business app lications. A dial-up connection to an organization\u8217?s modem pool is one met hod of access for remote workers, but is expensive because the organization must pay the associated long distance telephone and service costs. Remote access VPN s greatly reduce expenses by enabling mobile workers to dial a local Internet co nnection and then set up a secure IPSec-based VPN communications to their organi zation. \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf15\f16\fs21 Extranets\ul 0\nosupersub\cf11\f12\fs21 : Extranets are secure connections between two or mor e organizations. Common \par uses for extranets include supply-chain manageme nt, development partnerships, and subscription services. These undertakings can be difficult using legacy network technologies due to connection costs, time del ays, and access availability. IPSec-based VPNs are ideal for extranet connection s. IPSec-capable devices can be quickly and inexpensively installed on existing Internet connections. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 What I s IPSec and How Does It Work? \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs2 1 IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data \par authentication, integrity, and confidentiality a s data is transferred between communication points across IP networks. IPSec pro vides data security at the IP packet level. A packet is a data bundle that is or ganized for transmission across a network, and includes a header and payload (th e data in the packet). IPSec emerged as a viable network security standard becau se enterprises wanted to \par ensure that data could be securely transmitted ove r the Internet. IPSec protects against possible \par security exposures by pr otecting data while in transit. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\f s27 IPSec Security Features \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12 \fs21 IPSec is the most secure method commercially available for connecting netw ork sites. IPSec was designed to provide the following security features when tr ansferring packets across networks: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Authentication: \ul0\nosupersub\cf11\f12\fs21 Verifies that th e packet received is actually from the claimed sender.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Integrity: \ul0\nosupersub\cf11\f12\fs21 Ensures that the cont ents of the packet did not change in transit.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Confidentiality: \ul0\nosupersub\cf11\f12\fs21 Conceals the me ssage content through encryption.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 IPSec Components \par\pard\

par\pard\ql \ul0\nosupersub\cf11\f12\fs21 IPSec contains the following elements: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 C-2}\cell{\ul0\nosupersub\cf 4\f5\fs19 Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Encapsulating Security Payload (ESP)\ul0\nosupersub\cf11\f12\f s21 : Provides confidentiality, authentication, and}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 integrity.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Authentication Header (AH)\ul0\nosupersub\cf11\f12\fs21 : Prov ides authentication and integrity.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Internet Key Exchange (IKE)\ul0\nosupersub\cf11\f12\fs21 : Pro vides key management and Security Association (SA)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql management. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f2 0\fs27 Encapsulating Security Payload (ESP) \par\pard\par\pard\ql \ul0\nosupersu b\cf11\f12\fs21 ESP provides authentication, integrity, and confidentiality, whi ch protect against data tampering and, most importantly, provide message content protection. \par\pard\par\pard\ql IPSec provides an open framework for implemen ting industry standard algorithms, such as SHA and MD5. The algorithms that IPSe c uses produce a unique and unforgeable identifier for each packet, which is a d ata equivalent of a fingerprint. This fingerprint allows the device to determine if a packet has been tampered with. Furthermore, packets that are not authentic ated are discarded and not delivered to the intended receiver. \par\pard\par\par d\ql ESP also provides all encryption services in IPSec. Encryption translates a readable message into an unreadable format to hide the message content. The opp osite process, called decryption, translates the message content from an unreada ble format to a readable message. Encryption and decryption allows only the send er and the authorized receiver to read the data. In addition, ESP has an option

to perform authentication, called ESP authentication. Using ESP authentication, ESP provides authentication and integrity for the payload and not for the IP hea der. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure C-1: Original pa cket and packet with IPSec Encapsulated Security Payload \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Virtual Private Networking}\ cell{\ul0\nosupersub\cf4\f5\fs19 C-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The ESP header is inserted into the packet between the IP header and any subsequent pack et contents. However, because ESP encrypts the data, the payload is changed. ESP does not encrypt the ESP header, nor does it encrypt the ESP authentication. \p ar\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Authentication Header (AH) \pa r\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 AH provides authentication and integrity, which protect against data tampering, using the same algorithms as ES P. AH also provides optional anti-replay protection, which protects against unau thorized retransmission of packets. The authentication header is inserted into t he packet between the IP header and any subsequent packet contents. The payload is not touched. \par\pard\par\pard\ql Although AH protects the packet\u8217?s or igin, destination, and contents from being tampered with, the identity of the se nder and receiver is known. In addition, AH does not protect the data\u8217?s co nfidentiality. If data is intercepted and only AH is used, the message contents can be read. ESP protects data confidentiality. For added protection in certain cases, AH and ESP can be used together. In the following table, IP HDR represent s the IP header and includes both source and destination IP addresses. \par\pard \par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure C-2: Original packet and packe t with IPSec Authentication Header \par\pard\par\pard\ql \ul0\nosupersub\cf19\f2 0\fs27 IKE Security Association \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\f s21 IPSec introduces the concept of the Security Association (SA). An SA is a lo gical connection between two devices transferring data. An SA provides data prot ection for unidirectional traffic by using the defined IPSec protocols. An IPSec tunnel typically consists of two unidirectional SAs, which together provide a p rotected, full-duplex data channel. \par\pard\par\pard\ql The SAs allow an enter prise to control exactly which resources may communicate securely, according to security policy. To do this an enterprise can set up multiple SAs to enable mult iple secure VPNs, as well as define SAs within the VPN to support different depa rtments and business partners. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 C-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf38\f39\fs21 Mode \pa r\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 SAs operate using modes. A mode is the method in which the IPSec protocol is applied to the packet. IPSec can b e used in tunnel mode or transport mode. Typically, the tunnel mode is used for gateway-to-gateway IPSec tunnel protection, while transport mode is used for hos t-to-host IPSec tunnel protection. A gateway is a device that monitors and manag es incoming and outgoing network traffic and routes the traffic accordingly. A h

ost is a device that sends and receives network traffic. \par\pard\par\pard\ql \ u8226? \ul0\nosupersub\cf15\f16\fs21 Transport Mode: \ul0\nosupersub\cf11\f12\fs 21 The transport mode IPSec implementation encapsulates only the packet\u8217?s \par payload. The IP header is not changed. After the packet is processed wit h IPSec, the new IP packet contains the old IP header (with the source and desti nation IP addresses unchanged) and the processed packet payload. Transport mode does not shield the information in the IP header; therefore, an attacker can lea rn where the packet is coming from and where it is going. The packet diagrams in \ul0\nosupersub\cf21\f22\fs21 Figure C-1\ul0\nosupersub\cf11\f12\fs21 and \ul0 \nosupersub\cf21\f22\fs21 Figure C-2\ul0\nosupersub\cf11\f12\fs21 show a packet in transport mode. \par\pard\par\pard\ql \u8226? \ul0\nosupersub\cf15\f16\fs21 Tunnel Mode: \ul0\nosupersub\cf11\f12\fs21 The tunnel mode IPSec implementation encapsulates the entire IP packet. The \par entire packet becomes the payloa d of the packet that is processed with IPSec. A new IP header is created that co ntains the two IPSec gateway addresses. The gateways perform the encapsulation a nd decapsulation on behalf of the hosts. Tunnel mode ESP prevents an attacker fr om analyzing the data and deciphering it, as well as knowing who the packet is f rom and where it is going. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 N ote: \ul0\nosupersub\cf11\f12\fs21 AH and ESP can be used in both transport mode or tunnel mode. \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure C-3: Original packet and packet with IPSec ESP in Tunnel mode \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Virtual Private Networking}\ cell{\ul0\nosupersub\cf4\f5\fs19 C-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Key Management \p ar\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 IPSec uses the Internet Key Ex change (IKE) protocol to facilitate and automate the SA setup and the exchange o f keys between parties transferring data. Using keys ensures that only the sende r and receiver of a message can access it. \par\pard\par\pard\ql IPSec requires that keys be re-created, or refreshed, frequently so that the parties can commun icate securely with each other. IKE manages the process of refreshing keys; howe ver, a user can control the key strength and the refresh frequency. Refreshing k eys on a regular basis ensures data confidentiality between sender and receiver. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Understand the Process Befo re You Begin \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This appendix p rovides case studies on how to configure a secure IPSec VPN tunnels. This docume nt assumes the reader has a working knowledge of NETGEAR management systems. \pa r\pard\par\pard\ql NETGEAR is a member of the VPN Consortium, a group formed to facilitate IPSec VPN vendor \par interoperability. The VPN Consortium has developed specific scenarios to aid system administrators in the often confusin g process of connecting two different vendor implementations of the IPSec standa rd. The case studies in this TechNote follow the addressing and configuration me chanics defined by the VPN Consortium. Additional information regarding inter-ve ndor interoperability may be found at \ul0\nosupersub\cf16\f17\fs21 http://www.v pnc.org/interop.html\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql It is a good idea to gather all the necessary information required to establish a VPN before you begin the configuration process. You should understand whether the fi rmware is up to date, all of the addresses that will be necessary, and all of th e parameters that need to be set on both sides. Try to understand any incompatib ilities before you begin, so that you minimize any potential complications which may arise from normal firewall or WAN processes. \par\pard\par\pard\ql If you a re not a full-time system administrator, it is a good idea to familiarize yourse lf with the mechanics of a VPN as described in this appendix. Other good sources

include: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 The NETGEAR VPN Tutorial - \ul0\nosupersub\cf16\f17\fs21 http: //www.netgear.com/planetvpn/pvpn_2.html}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 The VPN Consortium - \ul0\nosupersub\cf16\f17\fs21 http://www. vpnc.org/}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 The VPN bibliography in \ul0\nosupersub\cf21\f22\fs21 \u8220?A dditional Reading\u8221? on page C-11\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 C-6}\cell{\ul0\nosupersub\cf 4\f5\fs19 Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 VPN Process Overv iew \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Even though IPSec is sta ndards-based, each vendor has its own set of terms and procedures for implementi ng the standard. Because of these differences, it may be a good idea to review s ome of the terms and the generic processes for connecting two gateways before di ving into to the specifics. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Network Interfaces and Addresses \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\ fs21 The VPN gateway is aptly named because it functions as a \u8220?gatekeeper\ u8221? for each of the computers connected on the Local Area Network behind it. \par\pard\par\pard\ql In most cases, each gateway will have a public facing addr ess (WAN side) and a private facing address (LAN side). These addresses are refe rred to as the network interface in documentation regarding the construction of VPN communication. \par\pard\par\pard\ql \ul0\nosupersub\cf38\f39\fs21 Interface Addressing \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This example use s addresses provided the VPN Consortium. However, when you set up your own equip ment, you will be using addresses specific to the devices that you are attemptin g to connect via IPSec VPN. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf57\f58\fs18 10.5.6.0/24}\cell{\ul0\nos upersub\cf57\f58\fs18 172.23.9.0/24}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf58\f59\fs19 VPN Consortium Example}\ce ll {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf58\f59\fs19 Network Interface Addressi ng}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf56\f57\fs18 Gateway A}\cell{\ul0\nosup ersub\cf56\f57\fs18 Gateway B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf57\f58\fs18 14.15.16.17}\cell{\ul0\nosupersub\cf57\f58 \fs18 22.23.24.25}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf56\f57\fs18 LAN IP}\cell {}\cell {}\cell{\ul0\nosupersub\cf56\f57\fs18 LAN IP}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf56\f57\fs18 WAN IP}\cell{\ul0\nosupersub\cf56\f57\fs18 WAN IP}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf57\f58\fs18 10.5.6.1}\cell {}\cell {}\cell{\ul0\nosupersub\cf57\f58\fs18 172.23.9.1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure C-4: VPN Consortium example network interface addressing \par\pard\par\pard\ql \ul0\nosupersub\cf11\ f12\fs21 Make sure the addresses do not overlap or conflict. That is, each set o f addresses should be separate and distinct. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Virtual Private Networking}\ cell{\ul0\nosupersub\cf4\f5\fs19 C-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table C-1.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 WAN (Internet/public) and LAN (internal/private) addressing}\ce ll \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Gateway}\cell{\ul0\nosupersu b\cf2\f3\fs18 LAN or WAN}\cell{\ul0\nosupersub\cf2\f3\fs18 VPNC Example Address} \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Gateway A}\cell{\ul0\nosuper sub\cf2\f3\fs18 LAN (Private)}\cell{\ul0\nosupersub\cf2\f3\fs18 10.5.6.1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Gateway A}\cell{\ul0\nosuper sub\cf2\f3\fs18 WAN (Public)}\cell{\ul0\nosupersub\cf2\f3\fs18 14.15.16.17}\cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Gateway B}\cell{\ul0\nosuper sub\cf2\f3\fs18 LAN (Private)}\cell{\ul0\nosupersub\cf2\f3\fs18 22.23.24.25}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Gateway B}\cell{\ul0\nosuper sub\cf2\f3\fs18 WAN (Public)}\cell{\ul0\nosupersub\cf2\f3\fs18 172.23.9.1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 You need to know the subnet mask of both g ateway LAN Connections. Refer to \ul0\nosupersub\cf21\f22\fs21 Appendix A,}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf21\f22\fs21 \u8220?Technical Specifications\ul0\nosupe rsub\cf11\f12\fs21 \u8221? to gather the necessary address and subnet mask infor mation to aid in}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 the configuration and trou bleshooting process.}\cell {}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table C-2.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Subnet addressing}\cell \cell

\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Gateway}\cell{\ul0\nosupersu b\cf2\f3\fs18 LAN or WAN}\cell{\ul0\nosupersub\cf2\f3\fs18 Interface Name}\cell{ \ul0\nosupersub\cf2\f3\fs18 Example Subnet Mask}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Gateway A}\cell{\ul0\nosuper sub\cf2\f3\fs18 LAN (Private)}\cell{\ul0\nosupersub\cf2\f3\fs18 Subnet Mask A}\c ell{\ul0\nosupersub\cf2\f3\fs18 255.255.255.0}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Gateway B}\cell{\ul0\nosuper sub\cf2\f3\fs18 LAN (Private)}\cell{\ul0\nosupersub\cf2\f3\fs18 Subnet Mask B}\c ell{\ul0\nosupersub\cf2\f3\fs18 255.255.255.0}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf38\f39\fs21 Firewalls \par\pard\par\par d\ql \ul0\nosupersub\cf11\f12\fs21 It is important to understand that many gatew ays are also firewalls. VPN tunnels cannot function properly if firewall setting s disallow all incoming traffic. Please refer to the firewall instructions for b oth gateways to understand how to open specific protocols, ports, and addresses that you intend to allow. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 VP N Tunnel Between Gateways \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 A Security Association (SA), frequently called a tunnel, is the set of information that allows two entities (networks, PCs, routers, firewalls, gateways) to trust each other and communicate securely as they pass information over the Internet. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 C-8}\cell{\ul0\nosupersub\cf 4\f5\fs19 Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa

rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf41\f42\fs36 VPN Tunnel \par\p ard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf27\f28\fs24 VPN Gateway A}\cell{\ul0\n osupersub\cf27\f28\fs24 VPN Gateway B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf43\f44\fs18 PCs}\cell{\ul0\nosupersub\ cf43\f44\fs18 PCs}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure C-5: VPN tunnel Secu rity Associaton (SA) \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The SA contains all the information necessary for gateway A to negotiate a secure and e ncrypted communication stream with gateway B. This communication is often referr ed to as a \u8220?tunnel.\u8221? The gateways contain this information so that i t does not have to be loaded onto every computer connected to the gateways. \par \pard\par\pard\ql Each gateway must negotiate its SA with another gateway using the parameters and processes established by IPSec. As illustrated below, the mos t common method of accomplishing this process is via the Internet Key Exchange ( IKE) protocol which automates some of the negotiation procedures. \par\pard\par\ pard\ql \ul0\nosupersub\cf61\f62\fs22 IPSec Security Association IKE \par VPN Tunnel Negotiation Steps \par\pard\par\pard\ql \ul0\nosupersub\cf60\f61\fs19 1) Communication \par\pard\par\pard\ql request sent to VPN Gateway \par\pard\pa r\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf59\f60\fs19 VPN Gateway}\cell{\ul0\nos upersub\cf59\f60\fs19 VPN Gateway}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf60\f61\fs19 2) IKE Phase I authenticati on 3) IKE Phase II negotiation 4) Secure data transfer 5) IPSec tunnel terminati on \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure C-6: IPSec Securit y Association (SA) negotiation \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs 21 Or, you can configure your gateways using manual key exchange, which involves manually configuring each paramter on both gateways. \par\pard\par\pard\ql 1.\u l0\nosupersub\cf15\f16\fs21 The IPSec software on Host A initiates the IPSec process in an attempt to communicate \par with Host B.\ul0\nosupersub\cf11 \f12\fs21 The two computers then begin the Internet Key Exchange (IKE) process. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Virtual Private Networking}\ cell{\ul0\nosupersub\cf4\f5\fs19 C-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 2.}\cell{\ul0\nosupersub\c f62\f63\fs21 IKE Phase I.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\ fs21 The two parties negotiate the encryption and authentication algorithms t o use in the IKE \par SAs. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 The two parties authenticate each other usin g a predetermined mechanism, such as \par preshared keys or digital certif icates. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 c.\ul0\nosupersub\cf 11\f12\fs21 A shared master key is generated by the Diffie-Hellman Public key algorithm within the \par IKE framework for the two parties. The master ke y is also used in the second phase to derive IPSec keys for the SAs. \par\pard\p ar\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 3.}\cell{\ul0\nosupersub\c f62\f63\fs21 IKE Phase II.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\ fs21 The two parties negotiate the encryption and authentication algorithms t o use in the IPSec \par SAs. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 The master key is used to derive the IPSec k eys for the SAs. Once the SA keys are created \par and exchanged, the IPSec SAs are ready to protect user data between the two VPN gateways. \par\pard\par\ pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 4.}\cell{\ul0\nosupersub\c f62\f63\fs21 Data transfer.\ul0\nosupersub\cf63\f64\fs21 Data is transferred be tween IPSec peers based on the IPSec parameters and}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf63\f64\fs21 keys stored in the SA database.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 5.}\cell{\ul0\nosupersub\c f15\f16\fs21 IPSec tunnel termination.\ul0\nosupersub\cf11\f12\fs21 IPSec SAs t erminate through deletion or by timing out.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 VPNC IKE Security Parameter s \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Remember that both gateway s must have the identical parameters set for the process to work correctly. The settings shown below follow the examples given for Scenario 1 of the VPN Consort ium. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 VPNC IKE Phase I Parame ters \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The IKE Phase 1 paramet ers used: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Main mode}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 TripleDES}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 SHA-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 MODP group 1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 pre-shared secret of "hr5xb84l6aa9r6"}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 SA lifetime of 28800 seconds (eight hours)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 C-10}\cell{\ul0\nosupersub\c f4\f5\fs19 Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa

rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 VPNC IKE Phase II Parameters \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The IKE Phase 2 parameters used in Scenario 1 are: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 TripleDES}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 SHA-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 ESP tunnel mode}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 MODP group 1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Perfect forward secrecy for rekeying}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 SA lifetime of 28800 seconds (one hour)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Testing and Troubleshooting \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Once you have completed the VPN configuration steps you can use PCs, located behind each of the gateways, t o ping various addresses on the LAN-side of the other gateway. \par\pard\par\par d\ql You can troubleshoot connections using the VPN status and log details on th e Netgear gateway to determine if IKE negotiation is working. Common problems en countered in setting up VPNs include: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Parameters may be configured differently on Gateway A and Gate way B.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Two LANs set up with similar or overlapping addressing schemes .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 So many required configuration parameters mean errors such as mistyped information or}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 mismatched parameter selections on either side are more likely to happen.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Additional Reading \par\par d\ul0\nosupersub\cf11\f12\fs21 \u8226? \ul0\nosupersub\cf18\f19\fs21 Building an d Managing Virtual Private Networks\ul0\nosupersub\cf11\f12\fs21 , Dave Kosiur, Wiley & Sons; ISBN: 0471295264 \u8226?\par\par \ul0\nosupersub\cf18\f19\fs21 Fir ewalls and Internet Security: Repelling the Wily Hacker\ul0\nosupersub\cf11\f12\ fs21 , William R. Cheswick and Steven M. Bellovin, Addison-Wesley; ISBN: 0201633 574 \u8226? \ul0\nosupersub\cf18\f19\fs21 VPNs A Beginners Guide\ul0\nosupersub\ cf11\f12\fs21 , John Mains, McGraw Hill; ISBN: 0072191813 \u8226? [FF98] Floyd, S., and Fall, K., Promoting the Use of End-to-End Congestion Control in the \par \pard\par\pard\ql Internet. IEEE/ACM Transactions on Networking, August 1999. \p ar\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Virtual Private Networking}\ cell{\ul0\nosupersub\cf4\f5\fs19 C-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Relevant RFCs lis ted numerically: \par\pard\u8226?\par\par \u8226? \u8226?\par\par \u8226? \u8226 ? [RFC 791] \ul0\nosupersub\cf18\f19\fs21 Internet Protocol DARPA Internet Progr am Protocol Specification\ul0\nosupersub\cf11\f12\fs21 , Information Sciences In stitute, USC, September 1981. [RFC 1058] \ul0\nosupersub\cf18\f19\fs21 Routing I nformation Protocol\ul0\nosupersub\cf11\f12\fs21 , C Hedrick, Rutgers University , June 1988. [RFC 1483] \ul0\nosupersub\cf18\f19\fs21 Multiprotocol Encapsulatio n over ATM Adaptation Layer 5\ul0\nosupersub\cf11\f12\fs21 , Juha Heinanen, Tele com Finland, July 1993. [RFC 2401] S. Kent, R. Atkinson, \ul0\nosupersub\cf18\f1 9\fs21 Security Architecture for the Internet Protocol\ul0\nosupersub\cf11\f12\f s21 , RFC 2401, November 1998. [RFC 2407] D. Piper, \ul0\nosupersub\cf18\f19\fs2 1 The Internet IP Security Domain of Interpretation for ISAKMP\ul0\nosupersub\cf

11\f12\fs21 , November 1998. \par\pard\par\pard\ql \u8226? [RFC 2474] K. Nichols , S. Blake, F. Baker, D. Black, \ul0\nosupersub\cf18\f19\fs21 Definition of the Differentiated Services \par Field (DS Field) in the IPv4 and IPv6 Headers\ul 0\nosupersub\cf11\f12\fs21 , December 1998. \par\pard\par\pard\ql \u8226? [RFC 2 475] S. Blake, D. Black, M. Carlson, E. Davies, Z. Wang, and W. Weiss, \ul0\nosu persub\cf18\f19\fs21 An \par Architecture for Differentiated Services\ul0\nos upersub\cf11\f12\fs21 , December 1998. \par\pard\u8226? [RFC 2481] K. Ramakrishn an, S. Floyd, \ul0\nosupersub\cf18\f19\fs21 A Proposal to Add Explicit Congestio n Notification (ECN) to IP\ul0\nosupersub\cf11\f12\fs21 , January 1999. \u8226?\ par\par [RFC 2408] D. Maughan, M. Schertler, M. Schneider, J. Turner, \ul0\nosup ersub\cf18\f19\fs21 Internet Security Association and Key Management Protocol (I SAKMP)\ul0\nosupersub\cf11\f12\fs21 . \u8226? [RFC 2409] D. Harkins, D.Carrel, \ ul0\nosupersub\cf18\f19\fs21 Internet Key Exchange\ul0\nosupersub\cf11\f12\fs21 (IKE) protocol. \u8226? [RFC 2401] S. Kent, R. Atkinson, \ul0\nosupersub\cf18\f 19\fs21 Security Architecture for the Internet Protocol\ul0\nosupersub\cf11\f12\ fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 C-12}\cell{\ul0\nosupersub\c f4\f5\fs19 Virtual Private Networking}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf8\f9\fs36 Appendix D \par\pard\par\pard\ql Preparing You r Network \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 This appendix desc ribes how to prepare your network to connect to the Internet through the FVS318v 3 ProSafe VPN Firewall and how to verify the readiness of broadband Internet ser vice from an Internet service provider (ISP). \par\pard\par\pard\ql \ul0\nos upersub\cf15\f16\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 If an ISP technician c onfigured your computer during the installation of a broadband modem, or if you configured it using instructions provided by your ISP, you may need to copy the current configuration information for use in the configuration of your firewall. Write down this information before reconfiguring your computers. Refer to \ul0\ nosupersub\cf21\f22\fs21 \u8220?Obtaining ISP Configuration Information for Wind ows Computers\u8221? on page D-19\ul0\nosupersub\cf11\f12\fs21 \u8221? or \ul0\n osupersub\cf21\f22\fs21 \u8220?Obtaining ISP Configuration Information for Macin tosh Computers\u8221? on page D-20\ul0\nosupersub\cf11\f12\fs21 \u8221? \par for further information. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Prepar ing Your Computers for TCP/IP Networking \par\pard\par\pard\ql \ul0\nosupersub\ cf11\f12\fs21 Computers access the Internet using a protocol called TCP/IP (Tran smission Control Protocol/ Internet Protocol). Each computer on your network mus t have TCP/IP installed and selected as its networking protocol. If a Network In terface Card (NIC) is already installed in your PC, then TCP/ IP is probably alr eady installed as well. \par\pard\par\pard\ql Most operating systems include the software components you need for networking with TCP/IP: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Windows\ul0\nosupersub\cf20\f21\fs18 \ul0\nosupersub\cf11\f12\f s21 95 or later includes the software components for establishing a TCP/IP netw ork.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Windows 3.1 does not include a TCP/IP component. You need to p urchase a third-party TCP/}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 IP application package such as NetManage C hameleon.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Macintosh Operating System 7 or later includes the software co mponents for establishing a}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 TCP/IP network.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \u8226? All versions of UNIX or Linux include TCP/IP comp onents. Follow the instructions provided \par with your operating system or ne tworking software to install TCP/IP on your computer. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Preparing Your Network}\cell {\ul0\nosupersub\cf4\f5\fs19 D-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 In your IP networ k, each PC and the firewall must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (net mask), a domain name server (DNS) address, and a default gateway address. In mos t cases, you should install TCP/IP so that the PC obtains its specific network c onfiguration information automatically \par from a DHCP server during bootup . For a detailed explanation of the meaning and purpose of these configuration i tems, refer to \u8220?\ul0\nosupersub\cf21\f22\fs21 Appendix B, \u8220?Network, Routing, and Firewall Basics\ul0\nosupersub\cf11\f12\fs21 .\u8221? \par\pard\par \pard\ql The FVS318v3 VPN Firewall is shipped preconfigured as a DHCP server. Th e firewall assigns the following TCP/IP configuration information automatically when the PCs are rebooted: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 PC or workstation IP addresses\u8212?192.168.0.2 through 192.1 68.0.254}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Subnet mask\u8212?255.255.255.0}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Gateway address (the firewall)\u8212?192.168.0.1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql These addresses are part of the IETF-designated private a ddress range for use in private networks. \par\pard\par\pard\ql \ul0\nosupersub\ cf12\f13\fs30 Configuring Windows 95, 98, and Me for TCP/IP Networking \par\pard \par\pard\ql \ul0\nosupersub\cf11\f12\fs21 As part of the PC preparation process , you need to manually install and configure TCP/IP on each networked PC. Before starting, locate your Windows CD; you may need to insert it during the TCP/IP i nstallation process. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Install or Verify Windows Networking Components \par\pard\par\pard\ql \ul0\nosupersub\c f11\f12\fs21 To install or verify the necessary components for IP networking: \p ar\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 On the Windows taskbar, click the \ul0\nosupersub\cf15\f16\fs21 Sta rt\ul0\nosupersub\cf11\f12\fs21 button, point to Settings, and then click \ul0\ nosupersub\cf15\f16\fs21 Control}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Panel\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf25\f26\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Double-click the \ul0\nosupersub\cf15\f16\fs21 Network\ul0\nosupers ub\cf11\f12\fs21 icon.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql The Network window opens, which displays a list of instal led components: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 D-2}\cell{\ul0\nosupersub\cf 4\f5\fs19 Preparing Your Network}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Network s. \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosuper sub\cf11\f12\fs21 It is not necessary to remove any other network components sho wn in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks. \par\pard\par\pard\ql If you need to install a new adapter, follow these steps: \ul0\nosupersub\cf25\f26\fs19 a.\ul0\nosupersub\cf11\f12\fs2 1 Click the \ul0\nosupersub\cf15\f16\fs21 Add\ul0\nosupersub\cf11\f12\fs21 b utton. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf1 1\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 Adapter\ul0\nosupersub\cf11\f 12\fs21 , and then click \ul0\nosupersub\cf15\f16\fs21 Add\ul0\nosupersub\cf11\f 12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 c.\ul0\nosupersub\ cf11\f12\fs21 Select the manufacturer and model of your Ethernet adapter, and then click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 . \par If you need TCP/IP: \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 a.\ul0\n osupersub\cf11\f12\fs21 Click the \ul0\nosupersub\cf15\f16\fs21 Add\ul0\nosup ersub\cf11\f12\fs21 button. \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 Protoco l\ul0\nosupersub\cf11\f12\fs21 , and then click \ul0\nosupersub\cf15\f16\fs21 Ad d\ul0\nosupersub\cf11\f12\fs21 . \ul0\nosupersub\cf25\f26\fs19 c.\ul0\nosupersub \cf11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 Microsoft\ul0\nosupersub\ cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf25\f26\fs19 d.\ul0\nosup ersub\cf11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 TCP/IP\ul0\nosupersu b\cf11\f12\fs21 , and then click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub \cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Preparing Your Network}\cell {\ul0\nosupersub\cf4\f5\fs19 D-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 If you n eed Client for Microsoft Networks: \par\pard\par\pard\ql \ul0\nosupersub\cf25\f2 6\fs19 a.\ul0\nosupersub\cf11\f12\fs21 Click the \ul0\nosupersub\cf15\f16\fs2 1 Add\ul0\nosupersub\cf11\f12\fs21 button. \par\pard\par\pard\ql \ul0\nosupersu b\cf25\f26\fs19 b.\ul0\nosupersub\cf11\f12\fs21 Select \ul0\nosupersub\cf15\f 16\fs21 Client\ul0\nosupersub\cf11\f12\fs21 , and then click \ul0\nosupersub\cf1 5\f16\fs21 Add\ul0\nosupersub\cf11\f12\fs21 . \ul0\nosupersub\cf25\f26\fs19 c.\u l0\nosupersub\cf11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 Microsoft\ul 0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard \ul0\nosupersub\cf25\f26\fs19 d. \ul0\nosupersub\cf11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 Client for Microsoft Networks\ul0\nosupersub\cf11\f12\fs21 , and then click \ul0\nosupersu b\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 . \ul0\nosupersub\cf25\f26\fs19 3. \ul0\nosupersub\cf11\f12\fs21 Restart your PC for the changes to take effect. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Enabling DHCP to Automatica lly Configure TCP/IP Settings \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs2 1 After the TCP/IP protocol components are installed, each PC must be assigned s pecific information about itself and resources that are available on its network . The simplest way to configure this information is to allow the PC to obtain th e information from a DHCP server in the network. \par\pard\par\pard\ql \ul0\nosu persub\cf64\f65\fs24 You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP. \par\pard\pa r\pard\ql The following steps will walk you through the configuration process fo

r each of these versions of Windows. \par\pard\par\pard\ql Locate your \ul0\nosu persub\cf65\f66\fs24 Network Neighborhood\ul0\nosupersub\cf64\f65\fs24 icon. \p ar\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 If the Network Neighborhood icon is on the Windows desktop, position your mouse}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 pointer over it and right-click your mouse button.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 If the icon is not on the desktop,}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Click \ul0\nosupersub\cf15\f16\fs21 Start\ul0\nosupersub\cf11\f12\fs21 on the task bar located at the bottom left of the window.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Choose \ul0\nosupersub\cf15\f16\fs21 Settings\ul0\nosupersub\cf11\f12\fs21 , a nd then \ul0\nosupersub\cf15\f16\fs21 Control Panel\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Locate the \ul0\nosupersub\cf15\f16\fs21 Network Neighborhood\ul0\nosupersub\c f11\f12\fs21 icon and click on it. This will open the Network}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard\ql panel as shown below. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 D-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 Preparing Your Network}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Verify the following settings as shown: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Client for Microsoft Network exists}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Ethernet adapter is present}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 TCP/IP is present}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf15\f16\fs21 Primary Network Logon\ul0\nosupersub\cf11\f12\fs21 is set to} \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Windows logon \par\pard\par\pard\ql Click on the \ul0\nos upersub\cf15\f16\fs21 Properties \ul0\nosupersub\cf11\f12\fs21 button. The follo wing TCP/IP Properties window will display. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Preparing Your Network}\cell {\ul0\nosupersub\cf4\f5\fs19 D-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 \u8226? By default, the \ul0\nosupersub\cf15\f16\fs21 IP Address \ul0\nosupersu

b\cf11\f12\fs21 tab is open on \par\pard\par\pard\ql this window. \par\pard\par\ pard\ql \u8226? Verify the following: \par\pard\par\pard\ql \ul0\nosupersub\cf15 \f16\fs21 Obtain an IP address automatically \ul0\nosupersub\cf11\f12\fs21 is se lected. If not selected, click in the radio button to the left of it to select i t. This setting is required to enable the DHCP server to automatically assign an IP address. \par\pard\par\pard\ql \u8226? Click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 to continue. \par\pard\par\pard\ql Restart the PC. \par\pard\par\pard\ql Repeat these steps for each PC with this version of W indows on your network. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Sele cting Windows\u8217? Internet Access Method \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 On the Windows taskbar, click the \ul0\nosupersub\cf15\f16\fs21 Sta rt\ul0\nosupersub\cf11\f12\fs21 button, point to \ul0\nosupersub\cf15\f16\fs21 Settings\ul0\nosupersub\cf11\f12\fs21 , and then click \ul0\nosupersub\cf15\f16\ fs21 Control}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Panel\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Double-click the \ul0\nosupersub\cf15\f16\fs21 Internet Options\ul0 \nosupersub\cf11\f12\fs21 icon.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 I want to set up my Internet c onnection manually\ul0\nosupersub\cf11\f12\fs21 or \ul0\nosupersub\cf15\f16\fs2 1 I want to connect through a}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Local Area Network\ul0\nosupersub\cf11\f12 \fs21 and click \ul0\nosupersub\cf15\f16\fs21 Next\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 I want to connect through a Lo cal Area Network\ul0\nosupersub\cf11\f12\fs21 and click \ul0\nosupersub\cf15\f1 6\fs21 Next\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 5.}\cell{\ul0\nosupersub\c f11\f12\fs21 Uncheck all boxes in the LAN Internet Configuration screen and clic k \ul0\nosupersub\cf15\f16\fs21 Next\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 6.}\cell{\ul0\nosupersub\c f11\f12\fs21 Proceed to the end of the Wizard.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Verifying TCP/IP Properties \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 After your PC is configured and has rebooted, you can check the TCP/IP configuration using the utility \ul0 \nosupersub\cf18\f19\fs21 winipcfg.exe\ul0\nosupersub\cf11\f12\fs21 : \par\pard\ par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 D-6}\cell{\ul0\nosupersub\cf 4\f5\fs19 Preparing Your Network}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 1.}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 On the Windows taskbar, click the \ul0\nos upersub\cf15\f16\fs21 Start\ul0\nosupersub\cf11\f12\fs21 button, and then click \ul0\nosupersub\cf15\f16\fs21 Run\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 2.}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 Type \ul0\nosupersub\cf45\f46\fs18 winipcf g\ul0\nosupersub\cf11\f12\fs21 , and then click \ul0\nosupersub\cf15\f16\fs21 OK \ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 The IP Configuration window opens, which l ists (among other things), your IP address, subnet}\cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 mask, and default gateway.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 3.}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 From the drop-down box, select your Ethern et adapter.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 The window is updated to show your setting s, which should match the values below if you are}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 using the default TCP/IP settings that NET GEAR recommends for connecting through a}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 router or gateway:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 The IP address is between 192.168.0.2 and 192.168.0.254}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 The subnet mask is 255.255.255.0}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 The default gateway is 192.168.0.1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Configuring Windows NT4, 20 00 or XP for IP Networking \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 A s part of the PC preparation process, you may need to install and configure TCP/ IP on each networked PC. Before starting, locate your Windows CD; you may need t o insert it during the TCP/IP installation process. \par\pard\par\pard\ql \ul0\n osupersub\cf19\f20\fs27 Install or Verify Windows Networking Components \par\par d\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 To install or verify the necessary c omponents for IP networking: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 On the Windows taskbar, click the \ul0\nosupersub\cf15\f16\fs21 Sta rt\ul0\nosupersub\cf11\f12\fs21 button, point to \ul0\nosupersub\cf15\f16\fs21 Settings\ul0\nosupersub\cf11\f12\fs21 , and then click \ul0\nosupersub\cf15\f16\ fs21 Control}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Panel\ul0\nosupersub\cf11\f12\fs21 .}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Double-click the \ul0\nosupersub\cf15\f16\fs21 Network and Dialup C onnections\ul0\nosupersub\cf11\f12\fs21 icon.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 If an Ethernet adapter is present in your PC, you should see an ent ry for \ul0\nosupersub\cf15\f16\fs21 Local Area}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Connection\ul0\nosupersub\cf11\f12\fs21 . Double-click that entry.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 Properties\ul0\nosupersub\cf11 \f12\fs21 .}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 5.}\cell{\ul0\nosupersub\c f11\f12\fs21 Verify that \ul0\nosupersub\cf15\f16\fs21 Client for Microsoft Netw orks\ul0\nosupersub\cf11\f12\fs21 and \ul0\nosupersub\cf15\f16\fs21 Internet Pr otocol (TCP/IP)\ul0\nosupersub\cf11\f12\fs21 are present. If}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 not, select \ul0\nosupersub\cf15\f16\fs21 Install\ul0\nosupersub\cf11\f12\fs21 and add them.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 6.}\cell{\ul0\nosupersub\c f11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 Internet Protocol (TCP/IP)\ul0

\nosupersub\cf11\f12\fs21 , click \ul0\nosupersub\cf15\f16\fs21 Properties\ul0\n osupersub\cf11\f12\fs21 , and verify that \ul0\nosupersub\cf15\f16\fs21 Obtain a n IP address}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 automatically\ul0\nosupersub\cf11\f12\fs21 is selected.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 7.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 and close all \ul0\nosupersub\cf15\f16\fs21 Network and Dialup Connections\ul0 \nosupersub\cf11\f12\fs21 windows.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf4\f5\fs19 Preparing Your Network}\cell{\ul0\nosupersub \cf4\f5\fs19 D-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firew all FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf66\f67\fs19 8.}\cell{\ul0\nosupersub\c f11\f12\fs21 Then, restart your PC.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Enabling DHCP to Automatica lly Configure TCP/IP Settings \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs2 1 You will find there are many similarities in the procedures for different Wind ows systems when using DHCP to configure TCP/IP. \par\pard\par\pard\ql The follo wing steps will walk you through the configuration process for each of these ver sions of Windows. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 DHCP Confi guration of TCP/IP in Windows XP \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\ fs21 Locate your \ul0\nosupersub\cf15\f16\fs21 Network Neighborhood\ul0\nosupers ub\cf11\f12\fs21 icon. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 Control Panel\ul0\nosuper sub\cf11\f12\fs21 from the Windows XP new Start Menu.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Select the \ul0\nosupersub\cf15\f16\fs21 Network Connections\u l0\nosupersub\cf11\f12\fs21 icon on the Control Panel. This will take you to t he next}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql step. \par\pard\par\pard\ql \u8226? Now the Network Conne ction window \par displays. \par\pard\par\pard\ql The Connections List tha t shows all the network connections set up on the PC, located to the right of th e window. \par\pard\par\pard\ql \u8226? Right-click on the \ul0\nosupersub\cf15\ f16\fs21 Connection \ul0\nosupersub\cf11\f12\fs21 you will \par use and choose \ ul0\nosupersub\cf15\f16\fs21 Status\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par \pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 D-8}\cell{\ul0\nosupersub\cf 4\f5\fs19 Preparing Your Network}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Referenc e Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupe rsub\cf11\f12\fs21 \u8226? Now you should be at the Local Area \par\pard\par\par d\ql Network Connection Status window. This box displays the connection status, duration, speed, and activity statistics. \par\pard\par\pard\ql \u8226? Administ rator logon access rights are needed \par to use this window. \par\pard\pa r\pard\ql \u8226? Click the \ul0\nosupersub\cf15\f16\fs21 Properties button\ul0\ nosupersub\cf11\f12\fs21 to view details \par about the connection. \par\pard\ par\pard\ql \u8226? The TCP/IP details are presented on the \par Support tab page. \par\pard\par\pard\ql \u8226? Select \ul0\nosupersub\cf15\f16\fs21 Int ernet Protocol, \ul0\nosupersub\cf11\f12\fs21 and click \par \ul0\nosupersub\ cf15\f16\fs21 Properties \ul0\nosupersub\cf11\f12\fs21 to view the configuration information\ul0\nosupersub\cf15\f16\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Preparing Your Network}\cell {\ul0\nosupersub\cf4\f5\fs19 D-9}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 \u8226? Verify that the \ul0\nosupersub\cf15\f16\fs21 Obtain an IP address \par \pard\par\pard\ql automatically\ul0\nosupersub\cf11\f12\fs21 radio button is se lected. \par\pard\par\pard\ql \u8226? Verify that \ul0\nosupersub\cf15\f16\fs21 Obtain DNS server address \par automatically\ul0\nosupersub\cf11\f12\fs21 radi o button is selected. \par\pard\par\pard\ql \u8226? Click the \ul0\nosupersub\cf 15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 button. \par\pard\par\pard\ql This completes the DHCP configuration of TCP/ IP in Windows XP. \par\pard\par\pard\ql Repeat these steps for each PC with this version of Windows on your network. \p ar\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 DHCP Configuration of TCP/IP i n Windows 2000 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Once again, a fter you have installed the network card, TCP/IP for Windows 2000 is configured. TCP/IP should be added by default and set to DHCP without your having to config ure it. However, if there are problems, follow these steps to configure TCP/IP w ith DHCP for Windows 2000. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 D-10}\cell{\ul0\nosupersub\c f4\f5\fs19 Preparing Your Network}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11 \f12\fs21 \u8226? Click on the \ul0\nosupersub\cf15\f16\fs21 My Network Places\u l0\nosupersub\cf11\f12\fs21 icon on the Windows desktop. This will bring up a window \par called Network and Dial-up Connections. \par\pard\par\pard\ql \u 8226? Right click on \ul0\nosupersub\cf15\f16\fs21 Local Area Connection\ul0\nos upersub\cf11\f12\fs21 and select \ul0\nosupersub\cf15\f16\fs21 Properties\ul0\n osupersub\cf11\f12\fs21 . \par\pard\par\pard\ql \u8226? The \ul0\nosupersub\cf15 \f16\fs21 Local Area Connection Properties \par\pard\par\pard\ql \ul0\nosupersub \cf11\f12\fs21 dialog box appears. \par\pard\par\pard\ql \u8226? Verify that you have the correct Ethernet \par card selected in the \ul0\nosupersub\cf15\f16\fs 21 Connect using:\ul0\nosupersub\cf11\f12\fs21 box. \par\pard\par\pard\ql \u822 6? Verify that at least the following two items \par are displayed and select ed in the box of \u8220?Components checked are used by this connection:\u8221? \ par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Client for Microsoft Networks and}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Internet Protocol (TCP/IP)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \u8226? Click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupe rsub\cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Preparing Your Network}\cell {\ul0\nosupersub\cf4\f5\fs19 D-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Referenc e Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupe rsub\cf11\f12\fs21 \u8226? With Internet Protocol (TCP/IP) selected, \par\pard\p ar\pard\ql click on \ul0\nosupersub\cf15\f16\fs21 Properties\ul0\nosupersub\cf11 \f12\fs21 to open the Internet Protocol (TCP/IP) Properties dialogue box. \par\ pard\par\pard\ql \u8226? Verify that \par\pard\u8226? \ul0\nosupersub\cf15\f16\f s21 Obtain an IP address automatically\ul0\nosupersub\cf11\f12\fs21 is selected . \u8226? \ul0\nosupersub\cf15\f16\fs21 Obtain DNS server address \par\pard\par\ pard\ql automatically\ul0\nosupersub\cf11\f12\fs21 is selected. \par\pard\par\p ard\ql \u8226? Click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs 21 to return to Local Area \par Connection Properties. \par\pard\par\par d\ql \u8226? Click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 again to complete the \par configuration process for Windows 2000. \par\par d\par\pard\ql Restart the PC. \par\pard\par\pard\ql Repeat these steps for each PC with this version of Windows on your network. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 D-12}\cell{\ul0\nosupersub\c f4\f5\fs19 Preparing Your Network}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19 \f20\fs27 DHCP Configuration of TCP/IP in Windows NT4 \par\pard\par\pard\ql \ul0 \nosupersub\cf11\f12\fs21 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Follow this procedure to co nfigure TCP/IP with DHCP in Windows NT 4.0. \par\pard\par\pard\ql \u8226? Choose \ul0\nosupersub\cf15\f16\fs21 Settings\ul0\nosupersub\cf11\f12\fs21 from the S tart Menu, and then select \ul0\nosupersub\cf15\f16\fs21 Control Panel\ul0\nosup ersub\cf11\f12\fs21 . \par This will display Control Panel window. \par\par d\par\pard\ql \u8226? Double-click the \ul0\nosupersub\cf15\f16\fs21 Network\ul0 \nosupersub\cf11\f12\fs21 icon in the \par Control Panel window. \par\pard\ par\pard\ql The Network panel will display. \u8226? Select the \ul0\nosupers ub\cf15\f16\fs21 Protocols\ul0\nosupersub\cf11\f12\fs21 tab to continue. \par\p ard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Preparing Your Network}\cell {\ul0\nosupersub\cf4\f5\fs19 D-13}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P

roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 \u8226? Highlight the \ul0\nosupersub\cf15\f16\fs21 TCP/IP Protocol\ul0\nosuper sub\cf11\f12\fs21 in the \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Ne twork Protocols\ul0\nosupersub\cf11\f12\fs21 box, and click on the \ul0\nosuper sub\cf15\f16\fs21 Properties\ul0\nosupersub\cf11\f12\fs21 button. \par\pard\par \pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 D-14}\cell{\ul0\nosupersub\c f4\f5\fs19 Preparing Your Network}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 \u8226? The \ul0\nosupersub\cf15\f16\fs21 TCP/IP Properties\ul0\nosupersub\cf11 \f12\fs21 dialog box now \par\pard\par\pard\ql displays. \par\pard\par\pard\ql \u8226? Click the \ul0\nosupersub\cf15\f16\fs21 IP Address \ul0\nosupersub\cf11\ f12\fs21 tab\ul0\nosupersub\cf15\f16\fs21 . \par\pard\par\pard\ql \ul0\nosupersu b\cf11\f12\fs21 \u8226? Select the radio button marked \ul0\nosupersub\cf15\f16\ fs21 Obtain an IP \par address from a DHCP server. \par\pard\par\pard\ql \ul0\n osupersub\cf11\f12\fs21 \u8226? Click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosup ersub\cf11\f12\fs21 . This completes the configuration \par of TCP/IP in Win dows NT. \par\pard\par\pard\ql Restart the PC. \par\pard\par\pard\ql Repeat thes e steps for each PC with this version of Windows on your network. \par\pard\par\ pard\ql \ul0\nosupersub\cf19\f20\fs27 Verifying TCP/IP Properties for Windows XP , 2000, and NT4 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 To check you r PC\u8217?s TCP/IP configuration: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 1.}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 On the Windows taskbar, click the \ul0\nos upersub\cf15\f16\fs21 Start\ul0\nosupersub\cf11\f12\fs21 button, and then click \ul0\nosupersub\cf15\f16\fs21 Run\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 The Run window opens.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Type \ul0\nosupersub\cf45\f46\fs18 cmd\ul0\nosupersub\cf11\f12\fs21 and then click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 . }\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 A command window opens}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Type \ul0\nosupersub\cf45\f46\fs18 ipconfig /all}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 Your IP Configuration information will be listed, and should match the values below if you are}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 using the default TCP/IP settings that NET GEAR recommends for connecting through a}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 router or gateway:}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 The IP address is between 192.168.0.2 and 192.168.0.254}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 The subnet mask is 255.255.255.0}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf4\f5\fs19 Preparing Your Network}\cell{\ul0\nosupersub \cf4\f5\fs19 D-15}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 The default gateway is 192.168.0.1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Type \ul0\nosupersub\cf45\f46\fs18 exit}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Configuring the Macintosh f or TCP/IP Networking \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Beginni ng with Macintosh Operating System 7, TCP/IP is already installed on the Macinto sh. On each networked Macintosh, you will need to configure TCP/IP to use DHCP. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 MacOS 8.6 or 9.x \par\pard\p ar\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 From the Apple menu, select Control Panels, then TCP/IP.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 The TCP/IP Control Panel opens:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 From the \u8220?Connect via\u8221? box, select your Macintosh\u8217 ?s Ethernet interface.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 From the \u8220?Configure\u8221? box, select Using DHCP Server.}\ce ll {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 You can leave the DHCP Client ID box empty .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Close the TCP/IP Control Panel.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 5.}\cell{\ul0\nosupersub\c f11\f12\fs21 Repeat this for each Macintosh on your network.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf19\f20\fs27 MacOS X}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 From the Apple menu, choose System Preferences, then Network.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 D-16}\cell{\ul0\nosupersub\c f4\f5\fs19 Preparing Your Network}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 If not already selected, select Built-in Ethernet in the Configure list.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 If not already selected, Select Using DHCP in the TCP/IP tab.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 Save\ul0\nosupersub\cf11\f12\fs 21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Verifying TCP/IP Properties for Macintosh Computers \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Aft er your Macintosh is configured and has rebooted, you can check the TCP/IP confi guration by \par returning to the TCP/IP Control Panel. From the Apple me nu, select Control Panels, then TCP/IP. \par\pard\par\pard\ql The panel is updat ed to show your settings, which should match the values below if you are using t he default TCP/IP settings that NETGEAR recommends: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 The IP Address is between 192.168.0.2 and 192.168.0.254}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 The Subnet mask is 255.255.255.0}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 The Router address is 192.168.0.1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql If you do not see these values, you may need to restart y our Macintosh or you may need to switch the \u8220?Configure\u8221? setting to a different option, then back again to \u8220?Using DHCP Server\u8221?. \par\pard \par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Preparing Your Network}\cell {\ul0\nosupersub\cf4\f5\fs19 D-17}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Verifying the Rea diness of Your Internet Account \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12 \fs21 For broadband access to the Internet, you need to contract with an Interne t service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem. This modem must \par be a separate physical box (not a card ) and must provide an Ethernet port intended for connection to a Network Interfa ce Card (NIC) in a computer. Your firewall does not support a USB-connected broa dband modem. \par\pard\par\pard\ql For a single-user Internet account, your ISP supplies TCP/IP configuration information for one computer. With a typical accou nt, much of the configuration information is dynamically assigned when your PC i s first booted up while connected to the ISP, and you will not need to know that dynamic information. \par\pard\par\pard\ql In order to share the Internet c onnection among several computers, your firewall takes the place of the single P C, and you need to configure it with the TCP/IP information that the single PC w ould \par normally use. When the firewall\u8217?s Internet port is connected to the broadband modem, the firewall appears to be a single PC to the ISP. The fire wall then allows the PCs on the local network to masquerade as the single PC to access the Internet through the broadband modem. The method used by the firewall to accomplish this is called Network Address Translation (NAT) or IP masqueradi ng. \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Are Login Protocols Used ? \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Some ISPs require a specia l login protocol, in which you must enter a login name and password in order to access the Internet. If you normally log in to your Internet account by running a program such as WinPOET or EnterNet, then your account uses PPP over Ethernet (PPPoE). \par\pard\par\pard\ql When you configure your router, you will need to enter your login name and password in the router\u8217?s configuration menus. A fter your network and firewall are configured, the firewall will perform the log in task when needed, and you will no longer need to run the login program from y our PC. It is not necessary to uninstall the login program. \par\pard\par\pard\q l \ul0\nosupersub\cf19\f20\fs27 What Is Your Configuration Information? \par\par d\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 More and more, ISPs are dynamicall y assigning configuration information. However, if your ISP does not dynamically assign configuration information but instead used fixed configurations, your \p ar ISP should have given you the following basic information for your account: \ par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 D-18}\cell{\ul0\nosupersub\c f4\f5\fs19 Preparing Your Network}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal

l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 An IP address and subnet mask}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 A gateway IP address, which is the address of the ISP\u8217?s router}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 One or more domain name server (DNS) IP addresses}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Host name and domain suffix}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql For example, your account\u8217?s full server names may l ook like this: \par\pard\par\pard\ql \ul0\nosupersub\cf14\f15\fs18 mail.xxx.yyy. com \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 In this example, the dom ain suffix is \ul0\nosupersub\cf14\f15\fs18 xxx.yyy.com\ul0\nosupersub\cf11\f12\ fs21 . \par\pard\par\pard\ql If any of these items are dynamically supplied by t he ISP, your firewall automatically acquires them. \par\pard\par\pard\ql If an I SP technician configured your PC during the installation of the broadband modem, or if you configured it using instructions provided by your ISP, you need to co py the configuration information from your PC\u8217?s Network TCP/IP Properties window or Macintosh TCP/IP Control Panel before reconfiguring your PC for use wi th the firewall. These procedures are described next. \par\pard\par\pard\ql \ul0 \nosupersub\cf19\f20\fs27 Obtaining ISP Configuration Information for Windows Co mputers \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 As mentioned above , you may need to collect configuration information from your PC so that you can use this information when you configure the FVS318v3 VPN Firewall. Following th is procedure is only necessary when your ISP does not dynamically supply the acc ount information. \par\pard\par\pard\ql To get the information you need to confi gure the firewall for Internet access: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 1.}\cell{\ul0\nosupersub\c f11\f12\fs21 On the Windows taskbar, click the \ul0\nosupersub\cf15\f16\fs21 Sta rt\ul0\nosupersub\cf11\f12\fs21 button, point to \ul0\nosupersub\cf15\f16\fs21 Settings\ul0\nosupersub\cf11\f12\fs21 , and then click \ul0\nosupersub\cf15\f16\ fs21 Control}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Panel\ul0\nosupersub\cf11\f12\fs21 .}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 Double-click the \ul0\nosupersub\cf15\f16\fs21 Network\ul0\nosupers ub\cf11\f12\fs21 icon.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 The Network window opens, which displays a list of installed components.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 TCP/IP\ul0\nosupersub\cf11\f12 \fs21 , and then click \ul0\nosupersub\cf15\f16\fs21 Properties\ul0\nosupersub\c f11\f12\fs21 .}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 The TCP/IP Properties dialog box opens.}\c ell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 Select the \ul0\nosupersub\cf15\f16\fs21 IP Address\ul0\nosupersub\

cf11\f12\fs21 tab.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 If an IP address and subnet mask are shown , write down the information. If an address is}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 present, your account uses a fixed (static ) IP address. If no address is present, your account}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 uses a dynamically-assigned IP address. Cl ick \u8220?Obtain an IP address automatically\u8221?.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 5.}\cell{\ul0\nosupersub\c f11\f12\fs21 Select the \ul0\nosupersub\cf15\f16\fs21 Gateway\ul0\nosupersub\cf1 1\f12\fs21 tab.}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf4\f5\fs19 Preparing Your Network}\cell{\ul0\nosupersub \cf4\f5\fs19 D-19}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 If an IP address appears under Installed Gateways, write down the address. This is the ISP\u8217? s gateway address. Select the address and then click \ul0\nosupersub\cf15\f16\fs 21 Remove\ul0\nosupersub\cf11\f12\fs21 to remove the gateway address. \par\pard \par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 6.}\cell{\ul0\nosupersub\c f11\f12\fs21 Select the DNS Configuration tab.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 If any DNS server addresses are shown, wri te down the addresses. If any information appears}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 in the Host or Domain information box, wri te it down. Click \ul0\nosupersub\cf15\f16\fs21 Disable DNS\ul0\nosupersub\cf11\ f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 7.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 to save your changes and close the TCP/IP Properties dialog box.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 You are returned to the Network window.}\c ell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 8.}\cell{\ul0\nosupersub\c f11\f12\fs21 Click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 .}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 9.}\cell{\ul0\nosupersub\c f11\f12\fs21 Reboot your PC at the prompt. You may also be prompted to insert yo

ur Windows CD.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Obtaining ISP Configuration Information for Macintosh Computers \par\pard\par\pard\qj \ul0\nosupersub\cf11\ f12\fs21 As mentioned above, you may need to collect configuration information f rom your Macintosh so that you can use this information when you configure the F VS318v3 VPN Firewall. Following this procedure is only necessary when your ISP d oes not dynamically supply the account information. \par\pard\par\pardTo get the information you need to configure the firewall for Internet access: \ul0\nosupe rsub\cf67\f68\fs20 1. \ul0\nosupersub\cf11\f12\fs21 From the Apple menu, select Control Panels, then TCP/IP. \par\pard\par\pard\ql The TCP/IP Control Panel open s, which displays a list of configuration settings. If the \u8220?Configure\u822 1? setting is \u8220?Using DHCP Server\u8221?, your account uses a dynamically-a ssigned IP address. In this case, close the Control Panel and skip the rest of t his section. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 2.}\cell{\ul0\nosupersub\c f11\f12\fs21 If an IP address and subnet mask are shown, write down the informat ion.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 3.}\cell{\ul0\nosupersub\c f11\f12\fs21 If an IP address appears under Router address, write down the addre ss. This is the ISP\u8217?s}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 gateway address.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 4.}\cell{\ul0\nosupersub\c f11\f12\fs21 If any Name Server addresses are shown, write down the addresses. T hese are your ISP\u8217?s DNS}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 addresses.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 5.}\cell{\ul0\nosupersub\c f11\f12\fs21 If any information appears in the Search domains information box, w

rite it down.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 6.}\cell{\ul0\nosupersub\c f11\f12\fs21 Change the \u8220?Configure\u8221? setting to \u8220?Using DHCP Ser ver\u8221?.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 7.}\cell{\ul0\nosupersub\c f11\f12\fs21 Close the TCP/IP Control Panel.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 D-20}\cell{\ul0\nosupersub\c f4\f5\fs19 Preparing Your Network}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Restarting the Ne twork \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Once you\u8217?ve set up your computers to work with the firewall, you must reset the network for the devices to be able to communicate correctly. Restart any computer that is connec ted to the FVS318v3 VPN Firewall. \par\pard\par\pard\ql After configuring all of your computers for TCP/IP networking and restarting them, and connecting them t o the local network of your FVS318v3 VPN Firewall, you are ready to access and c onfigure the firewall. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Preparing Your Network}\cell {\ul0\nosupersub\cf4\f5\fs19 D-21}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 D-22}\cell{\ul0\nosupersub\c f4\f5\fs19 Preparing Your Network}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa

rd\ql \ul0\nosupersub\cf8\f9\fs36 Appendix E \par\pard\par\pard\ql VPN Configura tion of NETGEAR FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Thi s is a case study on how to configure a secure IPSec VPN tunnel on a NETGEAR FVS 318v3. This case study follows the VPN Consortium interoperability profile guide lines (found at \ul0\nosupersub\cf16\f17\fs21 http://www.vpnc.org/InteropProfile s/Interop-01.html\ul0\nosupersub\cf11\f12\fs21 ). \par\pard\par\pard\ql This stu dy covers the following situations: \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 FVS318v3 to FVS318v3 (see \ul0\nosupersub\cf21\f22\fs21 page E -6\ul0\nosupersub\cf11\f12\fs21 )}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 FVS318v3 to FVS318v2 (see \ul0\nosupersub\cf21\f22\fs21 page E -13\ul0\nosupersub\cf11\f12\fs21 )}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 FVS318v3 to FVL328 (see \ul0\nosupersub\cf21\f22\fs21 page E-2 0\ul0\nosupersub\cf11\f12\fs21 )}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 FVS318v3 to VPN Client (see \ul0\nosupersub\cf21\f22\fs21 page E-27\ul0\nosupersub\cf11\f12\fs21 )}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\ f12\fs21 Product updates are available on the NETGEAR, Inc. Web site at \par \ul0\nosupersub\cf16\f17\fs21 http://www.netgear.com/support/main.asp\ul0\nosupe rsub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Case St udy Overview \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The procedure f or configuring a VPN tunnel between two gateway endpoints is as follows: \par\pa rd\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf68\f69\fs19 1.}\cell{\ul0\nosupersub\c f15\f16\fs21 Gather the network information}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf68\f69\fs19 2.}\cell{\ul0\nosupersub\c f15\f16\fs21 Configure gateway A}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf68\f69\fs19 3.}\cell{\ul0\nosupersub\c f15\f16\fs21 Configure gateway B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf68\f69\fs19 4.}\cell{\ul0\nosupersub\c f15\f16\fs21 Activate the VPN tunnel}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Gathering the Network Infor mation \par\pard\par\pard\qc \ul0\nosupersub\cf11\f12\fs21 The configuration in this document follows the addressing and configuration mechanics defined by the VPN Consortium. Gather all the necessary information before you begin the config uration process. Verify whether the firmware is up to date, all of the addresses that will be necessary, and all of the parameters that need to be set on both s ides. Check that there are no firewall restrictions. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf57\f58\fs18 10.5.6.0/24}\cell{\ul0\nos upersub\cf57\f58\fs18 172.23.9.0/24}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf58\f59\fs19 VPN Consortium Example}\ce ll {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf58\f59\fs19 Network Interface Addressi ng}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf56\f57\fs18 Gateway A}\cell{\ul0\nosup ersub\cf56\f57\fs18 Gateway B}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf57\f58\fs18 14.15.16.17}\cell{\ul0\nosupersub\cf57\f58 \fs18 22.23.24.25}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf56\f57\fs18 LAN IP}\cell {}\cell {}\cell{\ul0\nosupersub\cf56\f57\fs18 LAN IP}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf56\f57\fs18 WAN IP}\cell{\ul0\nosupersub\cf56\f57\fs18 WAN IP}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf57\f58\fs18 10.5.6.1}\cell {}\cell {}\cell{\ul0\nosupersub\cf57\f58\fs18 172.23.9.1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf4\f5\fs19 Figure E-1:

Addressing and subnets used fo

r this case study}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf19\f20\fs27 Configuring the Gateways}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 Configure each gateway as summarized in \u l0\nosupersub\cf21\f22\fs21 Figure E-2\ul0\nosupersub\cf11\f12\fs21 and \ul0\no supersub\cf21\f22\fs21 Figure E-3\ul0\nosupersub\cf11\f12\fs21 :}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf68\f69\fs19 1.}\cell{\ul0\nosupersub\c f15\f16\fs21 Configure Gate A.}\cell \cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf68\f69\fs19 a.\ul0\nosupersub\cf15\f16\fs21 to the router at Gateway A.}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf68\f69\fs19 b.\ul0\nosupersub\cf15\f16\fs21 VPN Wizard to configure this router.}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row}

Log in

Use the

\trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 Enter the requested information as prompte d by the VPN Wizard:}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Connection Name and Pre-Shared Key}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184

\cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Remote WAN IP address}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Remote LAN IP Subnet: IP Address and Subnet Mask:}\cell \cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf68\f69\fs19 2.}\cell {}\cell{\ul0\nosupersub\cf15\f16\fs21 Repeat the above steps for Gateway B.}\cel l {}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx1728 \cltxlrtb\clftsWidth1\cellx3456 \cltxlrtb\clftsWidth1\cellx5184 \cltxlrtb\clftsWidth1\cellx6912 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ul0\nosupersub\cf68\f69\fs19 a.\ul0\nosupersub\cf15\f16\fs21 Log in to the router at Gateway B. \ul0\nosupersub\cf68\f69\fs19 b.\ul0\nosu persub\cf15\f16\fs21 Use the VPN Wizard to configure this router. \par \ul0\nosupersub\cf11\f12\fs21 Enter the requested information as prompted by the VPN Wizard. \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosu persub\cf11\f12\fs21 The WAN and LAN IP addresses must be unique at each end of the VPN tunnel. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-2}\cell{\ul0\nosupersub\cf 4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Referenc e Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupe rsub\cf4\f5\fs19 Step 1: Click VPN Wizard on \par the Side Menu Bar \par\p ard\par\pard\ql Step 2: Enter the following: o Connection name \par\pard\par\par d\ql o Pre-Shared Key (must be the \par same for each end) \par\pard\par\pard\ql o Select \u8220?A remote VPN Gateway\u8221? \par\pard\par\pard\ql Step 3: Enter the remote WAN\u8217?s \par IP address \par\pard\par\pard\ql Step 4: Enter t he following: o Remote LAN IP Address o Remote LAN Subnet Mask \par\pard\par\par d\ql to \ul0\nosupersub\cf9\f10\fs19 Figure E-3 \par\pard\par\pard\ql \ul0\nosup ersub\cf4\f5\fs19 Figure E-2: NETGEAR\u8217?s VPN Wizard for the router at eac h gateway (part 1 of 2) \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 S tep 5: Verify the information \par (example screen) \par\pard\par\pard\ql E xample screen \par\pard\par\pard\ql Figure E-3: NETGEAR\u8217?s VPN Wizard for the router at a gateway A (part 2 of 2) \par\pard\par\pard\qj \ul0\nosupersub\ cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 The default log in address for the FVS318v3 router is \ul0\nosupersub\cf16\f17\fs21 http://192.168.0.1\ul0\nos upersub\cf11\f12\fs21 with the default user name of \ul0\nosupersub\cf15\f16\fs 21 admin\ul0\nosupersub\cf11\f12\fs21 and default password of \ul0\nosupersub\c f15\f16\fs21 password\ul0\nosupersub\cf11\f12\fs21 . The login address will chan ge to the local LAN IP subnet address after you configure the router. The user n ame and password will also change to the ones you have chosen to use in your ins tallation. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-4}\cell{\ul0\nosupersub\cf 4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Activating the VP N Tunnel \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 You can activate th e VPN tunnel by testing connectivity and viewing the VPN tunnel status informati on as described in the following flowchart: \par\pard\par\pard\ql \ul0\nosupersu b\cf15\f16\fs21 Start \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Fail}\cell{\ul0\nosupersub \cf15\f16\fs21 Test Step 1}\cell{\ul0\nosupersub\cf15\f16\fs21 Pass}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Ping Remote}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 LAN IP Address}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Test Step 2}\cell {}\cell{\ul0\nosupersub\cf15\f16\fs21 Test Step 3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Fail}\cell {}\cell{\ul0\nosupersub\cf15\f16\fs21 Pass}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Ping Remote}\cell {}\cell{\ul0\nosupersub\cf15\f16\fs21 View VPN}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 WAN IP Address}\cell {}\cell{\ul0\nosupersub\cf15\f16\fs21 Tunnel Status}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf15\f16\fs21 End}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Fix the}\cell{\ul0\nosuper sub\cf15\f16\fs21 Fix the}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Router Network}\cell{\ul0\ nosupersub\cf15\f16\fs21 VPN Tunnel}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 and then Retest}\cell{\ul0 \nosupersub\cf15\f16\fs21 and then Retest}\cell {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-4: Testing Flowcha rt \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 All traffic from the rang e of LAN IP addresses specified on the router at Gateway A and the router at Gat eway B will now flow over a secure VPN tunnel. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 The FVS318v3-to-F VS318v3 Case \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table E-1.}\cell{\ul0\nosupe

rsub\cf4\f5\fs19 Policy Summary}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 VPN Consortium Scenario:}\ce ll{\ul0\nosupersub\cf2\f3\fs18 Scenario 1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Type of VPN}\cell{\ul0\nosup ersub\cf2\f3\fs18 LAN-to-LAN or Gateway-to-Gateway}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Security Scheme:}\cell{\ul0\ nosupersub\cf2\f3\fs18 IKE with Preshared Secret/Key}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Date Tested:}\cell{\ul0\nosu persub\cf2\f3\fs18 November 2004}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Model/Firmware Tested:}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway A}\cell{\ul0 \nosupersub\cf2\f3\fs18 FVS318v3 with firmware version v3.0_14}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway B}\cell{\ul0 \nosupersub\cf2\f3\fs18 FVS318v3 with firmware version v3.0_14}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 IP Addressing:}\cell \cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway A}\cell{\ul0 \nosupersub\cf2\f3\fs18 Static IP address}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway B}\cell{\ul0 \nosupersub\cf2\f3\fs18 Static IP address}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf19\f20\fs27 Configuring the VPN Tunnel }\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Note\ul0\nosupersub\cf11\f12\fs21 : This s cenario assumes all ports are open on the FVS318v3.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 Gateway\ul0\nosupersub\cf4 9\f50\fs18 A}\cell{\ul0\nosupersub\cf50\f51\fs19 Scenario 1}\cell{\ul0\nosupers ub\cf48\f49\fs18 Gateway\ul0\nosupersub\cf49\f50\fs18 B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 FVS318v3}\cell {}\cell{\ul0\nosupersub\cf48\f49\fs18 FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf48\f49\fs18 14.15.16.17}\cell{\ul0\nosupersub\cf48\f49 \fs18 22.23.24.25}\cell \cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 10.5.6.1/24}\cell{\ul0\nos upersub\cf48\f49\fs18 WAN IP}\cell{\ul0\nosupersub\cf48\f49\fs18 WAN IP}\cell{\u l0\nosupersub\cf48\f49\fs18 172.23.9.1/24}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 LAN IP}\cell {}\cell {}\cell{\ul0\nosupersub\cf48\f49\fs18 LAN IP}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-5: LAN to LAN VPN access from an \ul0\nosupersub\cf38\f39\fs21 FVS318v3\ul0\nosupersub\cf11\f12\f s21 \ul0\nosupersub\cf4\f5\fs19 to an \ul0\nosupersub\cf38\f39\fs21 FVS318v3 \u l0\nosupersub\cf11\f12\fs21 Use this scenario illustration and configuration scr eens as a model to build your configuration. \ul0\nosupersub\cf15\f16\fs21 1. Log in to the FVS318v3 labeled Gateway A as in the illustration (\ul0\nosupersub \cf69\f70\fs21 Figure E-5\ul0\nosupersub\cf15\f16\fs21 ). \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Log in at the default address of \ul0\nosupersub\c f16\f17\fs21 http://192.168.0.1\ul0\nosupersub\cf11\f12\fs21 with the default u ser name of \ul0\nosupersub\cf15\f16\fs21 admin\ul0\nosupersub\cf11\f12\fs21 an d \par default password of \ul0\nosupersub\cf15\f16\fs21 password\ul0\nosupersu b\cf11\f12\fs21 (or using whatever password and LAN address you have chosen). \ par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-6}\cell{\ul0\nosupersub\cf 4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0 \nosupersub\cf11\f12\fs21 Based on the network addresses used in this example, y ou would log in to the LAN IP address of \ul0\nosupersub\cf16\f17\fs21 http://10 .5.6.1\ul0\nosupersub\cf11\f12\fs21 at Gateway A. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 2.}\cell {}\cell{\ul0\nosupersub\cf15\f16\fs21 Use the VPN Wizard to configure the FVS318 v3 at Gateway A.}\cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 Follow the steps listed in \ul0\nosupersub \cf21\f22\fs21 Figure E-2\ul0\nosupersub\cf11\f12\fs21 and \ul0\nosupersub\cf21 \f22\fs21 Figure E-3\ul0\nosupersub\cf11\f12\fs21 using the following parameter s as}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 illustrated in \ul0\nosupersub\cf21\f22\fs 21 Figure E-6\ul0\nosupersub\cf11\f12\fs21 :}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Connection Name: \ul0\nosupersub\cf15\f16\fs21 Scenario_1\ul0\nosupersub\cf11\ f12\fs21 (in this example)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Pre-Shared Key: \ul0\nosupersub\cf15\f16\fs21 12345678\ul0\nosupersub\cf11\f12 \fs21 (in this example), must be the same at both VPN tunnel}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 endpoints}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2

1 Remote WAN IP address: \ul0\nosupersub\cf15\f16\fs21 22.23.24.25\ul0\nosupersu b\cf11\f12\fs21 (in this example), must be unique at each VPN}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 tunnel endpoint}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Remote LAN IP Subnet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql - IP Address: \ul0\nosupersub\cf15\f16\fs21 172.23.9.1\ ul0\nosupersub\cf11\f12\fs21 (in this example), must be unique at each VPN tunn el endpoint - Subnet Mask: \ul0\nosupersub\cf15\f16\fs21 255.255.255.0\ul0\nos upersub\cf11\f12\fs21 (in this example) \par\pard\par\pard\ql \ul0\nosupersub\c f67\f68\fs20 3. \ul0\nosupersub\cf15\f16\fs21 Log in to the FVS318v3 labeled Gat eway B as in the illustration (\ul0\nosupersub\cf69\f70\fs21 Figure E-5\ul0\nosu persub\cf15\f16\fs21 ). \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Log in at the default address of \ul0\nosupersub\cf16\f17\fs21 http://192.168.0.1\ul 0\nosupersub\cf11\f12\fs21 with the default user name of \ul0\nosupersub\cf15\f 16\fs21 admin\ul0\nosupersub\cf11\f12\fs21 and \par default password of \ul0 \nosupersub\cf15\f16\fs21 password\ul0\nosupersub\cf11\f12\fs21 (or using whate ver password and LAN address you have chosen). \par\pard\par\pard\ql \ul0\nos upersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 Based on the network a ddresses used in this example, you would log in to the LAN IP address of \ul0\no supersub\cf16\f17\fs21 http://172.23.9.1\ul0\nosupersub\cf11\f12\fs21 at Gatewa y B. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 4. Repeat the process using the VPN Wizard to configure the FVS318v3 at Gateway B. \par\pard\par\pard \ql \ul0\nosupersub\cf11\f12\fs21 Follow the steps listed in \ul0\nosupersub\cf2 1\f22\fs21 Figure E-2\ul0\nosupersub\cf11\f12\fs21 and \ul0\nosupersub\cf21\f22 \fs21 Figure E-3\ul0\nosupersub\cf11\f12\fs21 , but use the following parameters instead as illustrated in \ul0\nosupersub\cf21\f22\fs21 Figure E-6\ul0\nosupers ub\cf11\f12\fs21 : \par\pard\u8226? \u8226? \u8226? Connection Name: \ul0\nosupe rsub\cf15\f16\fs21 Scenario_1\ul0\nosupersub\cf11\f12\fs21 (in this example) Pr e-Shared Key: \ul0\nosupersub\cf15\f16\fs21 12345678\ul0\nosupersub\cf11\f12\fs2 1 (in this example), must be the same at both VPN tunnel endpoints Remote WAN I P address: \ul0\nosupersub\cf15\f16\fs21 14.15.16.17\ul0\nosupersub\cf11\f12\fs2 1 (in this example), must be unique at each VPN tunnel endpoint \par\pard\par\p ard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320

\cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17 \f18\fs19 Reference Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\p ard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Remote LAN IP Subnet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql - IP Address: \ul0\nosupersub\cf15\f16\fs21 10.5.6.1\ul 0\nosupersub\cf11\f12\fs21 (in this example), must be unique at each VPN tunnel endpoint - Subnet Mask: \ul0\nosupersub\cf15\f16\fs21 255.255.255.0\ul0\nosup ersub\cf11\f12\fs21 (in this example) \par\pard\par\pard\ql All traffic from th e range of LAN IP addresses specified on FVS318v3 A and FVS318v3 B will now flow over a secure VPN tunnel once the VPN tunnel is initiated (see \ul0\nosupersub\ cf21\f22\fs21 \u8220?Initiating and Checking the VPN Connections\u8221? on page 11\ul0\nosupersub\cf11\f12\fs21 ). \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Gateway A VPN Parameter En try}\cell{\ul0\nosupersub\cf15\f16\fs21 Gateway B VPN Parameter Entry}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Continue as shown in \ul0\ nosupersub\cf69\f70\fs21 Figure E-3}\cell{\ul0\nosupersub\cf15\f16\fs21 Continue as shown in \ul0\nosupersub\cf69\f70\fs21 Figure E-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-6: VPN parameter e ntry at Gateway A (FVS318v3) and Gateway B (FVS318v3) \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-8}\cell{\ul0\nosupersub\cf 4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Referenc e Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupe rsub\cf19\f20\fs27 Viewing and Editing the VPN Parameters \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The VPN Wizard sets up a VPN tunnel using the defa ult parameters from the VPN Consortium \par (VPNC). The policy definitions t o manage VPN traffic on the FVS318v3 are presented in \ul0\nosupersub\cf21\f22\f s21 Figure E-7\ul0\nosupersub\cf11\f12\fs21 and \ul0\nosupersub\cf21\f22\fs21 F igure E-8\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Gateway A VPN Policy Param eters}\cell{\ul0\nosupersub\cf15\f16\fs21 Gateway B VPN Policy Parameters}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-7: VPN policies at Gateway A (FVS318v3) and Gateway B (FVS318v3) \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Referenc e Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Gateway A IKE Parameters}\ cell{\ul0\nosupersub\cf15\f16\fs21 Gateway B IKE Parameters}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-8: IKE parameters at Gateway A (FVS318v3) and Gateway B (FVS318v3) \par\pard\par\pard\ql \ul0\nosu persub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 The Pre-Shared Key must be the same at both VPN tunnel endpoints. \par\pard\par\pard\ql The remote WAN and LAN IP addresses for one VPN tunnel endpoint will be the local WAN and LAN I P addresses for the other VPN tunnel endpoint. \par\pard\par\pard\ql The VPN Wiz ard ensures the other VPN parameters are the same at both VPN tunnel endpoints. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-10}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Initiating and Ch ecking the VPN Connections \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Y ou can test connectivity and view VPN status information on the FVS318v3 accordi ng to the \par testing flowchart shown in \ul0\nosupersub\cf21\f22\fs21 Figure E-4\ul0\nosupersub\cf11\f12\fs21 . To test the VPN tunnel from the Gateway A LAN , do the following: \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 1. \ul0\ nosupersub\cf15\f16\fs21 Test 1: Ping Remote LAN IP Address\ul0\nosupersub\cf11\ f12\fs21 : To establish the connection between the FVS318v3 \par Gateway A and Gateway B tunnel endpoints, perform these steps at Gateway A: \par\pard\pa r\pard\ql \ul0\nosupersub\cf67\f68\fs20 a.\ul0\nosupersub\cf11\f12\fs21 From a Windows PC attached to the FVS318v3 on LAN A, click the \ul0\nosupersub\cf15\f 16\fs21 Start\ul0\nosupersub\cf11\f12\fs21 button on the \par taskbar and then click \ul0\nosupersub\cf15\f16\fs21 Run\ul0\nosupersub\cf11\f12\fs21 . \par\par

d\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 b.\ul0\nosupersub\cf11\f12\fs21 T ype \ul0\nosupersub\cf15\f16\fs21 ping -t 172.23.9.1\ul0\nosupersub\cf11\f12 \fs21 , and then click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\ fs21 (you would type \ul0\nosupersub\cf15\f16\fs21 ping -t 10.5.6.1\ul0\nosup ersub\cf11\f12\fs21 if testing \par from Gateway B). \par\pard\par\pard\ql \ ul0\nosupersub\cf67\f68\fs20 c.\ul0\nosupersub\cf11\f12\fs21 This will cause a continuous ping to be sent to the LAN interface of Gateway B. Within \par two minutes, the ping response should change from timed out to reply. \par\pard\ par\pard\ql At this point the VPN-tunnel-endpoint-to-VPN-tunnel-endpoint connect ion is established. \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 2. \ul0\ nosupersub\cf15\f16\fs21 Test 2: Ping Remote WAN IP Address (if Test 1 fails)\ul 0\nosupersub\cf11\f12\fs21 : To test connectivity between the \par Gateway A and Gateway B WAN ports, follow these steps: \par\pard\par\pard\ql \ul0\nosupe rsub\cf67\f68\fs20 a.\ul0\nosupersub\cf11\f12\fs21 Log in to the router on LA N A, go to the main menu Maintenance section, and click the \par \ul0\nos upersub\cf15\f16\fs21 Diagnostics\ul0\nosupersub\cf11\f12\fs21 link. \par\pard\ par\pard\ql \ul0\nosupersub\cf67\f68\fs20 b.\ul0\nosupersub\cf11\f12\fs21 To test connectivity to the WAN port of Gateway B, enter \ul0\nosupersub\cf15\f16\ fs21 22.23.24.25\ul0\nosupersub\cf11\f12\fs21 , and then click \par \ul0\nos upersub\cf15\f16\fs21 Ping \ul0\nosupersub\cf11\f12\fs21 (you would enter \ul0\n osupersub\cf15\f16\fs21 14.15.16.17\ul0\nosupersub\cf11\f12\fs21 if testing fro m Gateway B). \par\pard\par\pard\qj \ul0\nosupersub\cf67\f68\fs20 c.\ul0\nosuper sub\cf11\f12\fs21 This causes a ping to be sent to the WAN interface of Gatew ay B. Within two minutes, the \par ping response should change from timed o ut to reply. You may have to run this test several times before you get the repl y message back from the target FVS318v3. \par\pard\par\pard\ql \ul0\nosupersub\c f67\f68\fs20 d.\ul0\nosupersub\cf11\f12\fs21 At this point the gateway-to-gat eway connection is verified. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 3.}\cell{\ul0\nosupersub\c f15\f16\fs21 Test 3: View VPN Tunnel Status\ul0\nosupersub\cf11\f12\fs21 : To vi ew the FVS318v3 event log and status of Security}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 Associations, follow these steps:}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 a.\ul0\nosupersub\cf11\f12\ fs21 Go to the FVS318v3 main menu VPN section and click the \ul0\nosupersub\c f15\f16\fs21 VPN Status\ul0\nosupersub\cf11\f12\fs21 link. \par\pard\par\pard\q l \ul0\nosupersub\cf67\f68\fs20 b.\ul0\nosupersub\cf11\f12\fs21 The log scree n displays a history of the VPN connections, and the IPSec SA and IKE SA \par tables report the status and data transmission statistics of the VPN tunnels for each policy. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-11}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa

rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 VPN Status at Gateway A (FVS318v3) \par\pard\par\pard\ql \ul0\nosupersub\cf68\f 69\fs19 Status of VPN tunnel from Gateway B \par\pard\par\pard\ql \ul0\nosupersu b\cf70\f71\fs18 22.23.24.25 \par\pard\par\pard\ql \ul0\nosupersub\cf68\f69\fs19 Status of VPN tunnel to Gateway B \par\pard\par\pard\ql \ul0\nosupersub\cf70\f71 \fs18 22.23.24.25 \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 VPN Status at Gateway B (FVS318v3) \par\pard\par\pard\ql \ul0\nosupersub\cf68\f69\fs19 Sta tus of VPN tunnel from Gateway A \par\pard\par\pard\ql \ul0\nosupersub\cf70\f71\ fs18 22.23.24.25 \par\pard\par\pard\ql \ul0\nosupersub\cf68\f69\fs19 Status of V PN tunnel to Gateway A \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-9: VPN Status for the FVS318v3 routers at Gateway A and Gateway B \par\pard\ par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-12}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 The FVS318v3-to-F VS318v2 Case \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table E-2.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Policy Summary}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 VPN Consortium Scenario:}\ce ll{\ul0\nosupersub\cf2\f3\fs18 Scenario 1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Type of VPN}\cell{\ul0\nosup ersub\cf2\f3\fs18 LAN-to-LAN or Gateway-to-Gateway}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Security Scheme:}\cell{\ul0\ nosupersub\cf2\f3\fs18 IKE with Preshared Secret/Key}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Date Tested:}\cell{\ul0\nosu persub\cf2\f3\fs18 November 2004}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Model/Firmware Tested:}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway A}\cell{\ul0 \nosupersub\cf2\f3\fs18 FVS318v3 with firmware version v3.0_14}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway B}\cell{\ul0 \nosupersub\cf2\f3\fs18 FVS318v2 with firmware version V2.4}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 IP Addressing:}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway A}\cell{\ul0 \nosupersub\cf2\f3\fs18 Static IP address}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway B}\cell{\ul0 \nosupersub\cf2\f3\fs18 Static IP address}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf19\f20\fs27 Configuring the VPN Tunnel }\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Note\ul0\nosupersub\cf11\f12\fs21 : This s cenario assumes all ports are open on the FVS318v3 and FVS318v2.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640

\row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 Gateway\ul0\nosupersub\cf4 9\f50\fs18 A}\cell{\ul0\nosupersub\cf50\f51\fs19 Scenario 1}\cell{\ul0\nosupers ub\cf48\f49\fs18 Gateway\ul0\nosupersub\cf49\f50\fs18 B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 FVS318v3}\cell {}\cell{\ul0\nosupersub\cf48\f49\fs18 FVS318v2}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf48\f49\fs18 14.15.16.17}\cell{\ul0\nosupersub\cf48\f49 \fs18 22.23.24.25}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 10.5.6.1/24}\cell{\ul0\nos upersub\cf48\f49\fs18 WAN IP}\cell{\ul0\nosupersub\cf48\f49\fs18 WAN IP}\cell{\u l0\nosupersub\cf48\f49\fs18 172.23.9.1/24}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 LAN IP}\cell {}\cell {}\cell{\ul0\nosupersub\cf48\f49\fs18 LAN IP}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-10: LAN to LAN VPN access from an \ul0\nosupersub\cf38\f39\fs21 FVS318v3\ul0\nosupersub\cf11\f12\f s21 \ul0\nosupersub\cf4\f5\fs19 to an \ul0\nosupersub\cf38\f39\fs21 FVS318v2 \p ar \ul0\nosupersub\cf11\f12\fs21 Use this scenario illustration and configu ration screens as a model to build your configuration. \ul0\nosupersub\cf15\f16\

fs21 1. Log in to the FVS318v3 labeled Gateway A as in the illustration (\ul0\ nosupersub\cf69\f70\fs21 Figure E-10\ul0\nosupersub\cf15\f16\fs21 ). \par\pard\p ar\pard\ql \ul0\nosupersub\cf11\f12\fs21 Log in at the default address of \ul0\n osupersub\cf16\f17\fs21 http://192.168.0.1\ul0\nosupersub\cf11\f12\fs21 with th e default user name of \ul0\nosupersub\cf15\f16\fs21 admin\ul0\nosupersub\cf11\f 12\fs21 and \par default password of \ul0\nosupersub\cf15\f16\fs21 passwo rd\ul0\nosupersub\cf11\f12\fs21 (or using whatever password and LAN address you have chosen). \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-13}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0 \nosupersub\cf11\f12\fs21 Based on the network addresses used in this example, y ou would log in to the LAN IP address of \ul0\nosupersub\cf16\f17\fs21 http://10 .5.6.1\ul0\nosupersub\cf11\f12\fs21 at Gateway A. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 2.}\cell {}\cell{\ul0\nosupersub\cf15\f16\fs21 Use the VPN Wizard to configure the FVS318 v3 at Gateway A.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 Follow the steps listed in \ul0\nosupersub \cf21\f22\fs21 Figure E-2\ul0\nosupersub\cf11\f12\fs21 and \ul0\nosupersub\cf21 \f22\fs21 Figure E-3\ul0\nosupersub\cf11\f12\fs21 using the following parameter s as}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 illustrated in \ul0\nosupersub\cf21\f22\fs 21 Figure E-11\ul0\nosupersub\cf11\f12\fs21 :}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Connection Name: \ul0\nosupersub\cf15\f16\fs21 Scenario_1\ul0\nosupersub\cf11\ f12\fs21 (in this example)}\cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Pre-Shared Key: \ul0\nosupersub\cf15\f16\fs21 12345678\ul0\nosupersub\cf11\f12 \fs21 (in this example), must be the same at both VPN tunnel}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 endpoints}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Remote WAN IP address: \ul0\nosupersub\cf15\f16\fs21 22.23.24.25\ul0\nosupersu b\cf11\f12\fs21 (in this example), must be unique at each VPN}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 tunnel endpoint}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Remote LAN IP Subnet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql - IP Address: \ul0\nosupersub\cf15\f16\fs21 172.23.9.1\ ul0\nosupersub\cf11\f12\fs21 (in this example), must be unique at each VPN tunn el endpoint - Subnet Mask: \ul0\nosupersub\cf15\f16\fs21 255.255.255.0\ul0\nos upersub\cf11\f12\fs21 (in this example) \par\pard\par\pard\ql \ul0\nosupersub\c f67\f68\fs20 3. \ul0\nosupersub\cf15\f16\fs21 Log in to the FVS318v2 labeled Gat eway B as in the illustration (\ul0\nosupersub\cf69\f70\fs21 Figure E-10\ul0\nos

upersub\cf15\f16\fs21 ). \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Log in at the default address of \ul0\nosupersub\cf16\f17\fs21 http://192.168.0.1\u l0\nosupersub\cf11\f12\fs21 with the default user name of \ul0\nosupersub\cf15\ f16\fs21 admin\ul0\nosupersub\cf11\f12\fs21 and \par default password of \ul0 \nosupersub\cf15\f16\fs21 password\ul0\nosupersub\cf11\f12\fs21 (or using whate ver password and LAN address you have chosen). \par\pard\par\pard\ql \ul0\nos upersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 Based on the network a ddresses used in this example, you would log in to the LAN IP address of \ul0\no supersub\cf16\f17\fs21 http://172.23.9.1\ul0\nosupersub\cf11\f12\fs21 at Gatewa y B. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 4. Repeat the process using the VPN Wizard to configure the FVS318v2 at Gateway B. \par\pard\par\pard \ql \ul0\nosupersub\cf11\f12\fs21 Follow the steps listed in \ul0\nosupersub\cf2 1\f22\fs21 Figure E-2\ul0\nosupersub\cf11\f12\fs21 and \ul0\nosupersub\cf21\f22 \fs21 Figure E-3\ul0\nosupersub\cf11\f12\fs21 , but use the following parameters instead as illustrated in \ul0\nosupersub\cf21\f22\fs21 Figure E-11\ul0\nosuper sub\cf11\f12\fs21 : \par\pard\u8226? \u8226? \u8226? Connection Name: \ul0\nosup ersub\cf15\f16\fs21 Scenario_1\ul0\nosupersub\cf11\f12\fs21 (in this example) P re-Shared Key: \ul0\nosupersub\cf15\f16\fs21 12345678\ul0\nosupersub\cf11\f12\fs 21 (in this example), must be the same at both VPN tunnel endpoints Remote WAN IP address: \ul0\nosupersub\cf15\f16\fs21 14.15.16.17\ul0\nosupersub\cf11\f12\fs 21 (in this example), must be unique at each VPN tunnel endpoint \par\pard\par\ pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-14}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17 \f18\fs19 Reference Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\p ard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Remote LAN IP Subnet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql - IP Address: \ul0\nosupersub\cf15\f16\fs21 10.5.6.1\ul 0\nosupersub\cf11\f12\fs21 (in this example), must be unique at each VPN tunnel endpoint - Subnet Mask: \ul0\nosupersub\cf15\f16\fs21 255.255.255.0\ul0\nosup ersub\cf11\f12\fs21 (in this example) \par\pard\par\pard\ql All traffic from th e range of LAN IP addresses specified on FVS318v3 A and FVS318v3 B will now flow over a secure VPN tunnel once the VPN tunnel is initiated (see \ul0\nosupersub\ cf21\f22\fs21 \u8220?Initiating and Checking the VPN Connections\u8221? on page 18\ul0\nosupersub\cf11\f12\fs21 ). \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Gateway A VPN Parameter En try}\cell{\ul0\nosupersub\cf15\f16\fs21 Gateway B VPN Parameter Entry}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Continue as shown in \ul0\ nosupersub\cf69\f70\fs21 Figure E-3}\cell{\ul0\nosupersub\cf15\f16\fs21 Continue as shown in \ul0\nosupersub\cf69\f70\fs21 Figure E-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-11: VPN parameter entry at Gateway A (FVS318v3) and Gateway B (FVS318v2) \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-15}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Viewing and Editi ng the VPN Parameters \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The VP N Wizard sets up a VPN tunnel using the default parameters from the VPN Consorti um \par (VPNC). The policy definitions to manage VPN traffic are presented in \u l0\nosupersub\cf21\f22\fs21 Figure E-12\ul0\nosupersub\cf11\f12\fs21 . \par\pard \par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-16}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Referenc e Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupe rsub\cf15\f16\fs21 Gateway A VPN Parameters (FVS318v3) \par\pard\par\pard\ql Gat eway B VPN Parameters (FVS318v2) \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs 19 Figure E-12: VPN Parameters at Gateway A (FVS318v3) and Gateway B (FVS318v2 ) \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-17}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0\nosupe rsub\cf11\f12\fs21 The Pre-Shared Key must be the same at both VPN tunnel endpoi nts. \par\pard\par\pard\ql The remote WAN and LAN IP addresses for one VPN tunne l endpoint will be the local WAN and LAN IP addresses for the other VPN tunnel e ndpoint. \par\pard\par\pard\ql The VPN Wizard ensures the other VPN parameters a re the same at both VPN tunnel endpoints. \par\pard\par\pard\ql \ul0\nosupersub\ cf19\f20\fs27 Initiating and Checking the VPN Connections \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 You can test connectivity and view VPN status info rmation on the FVS318v3 according to the \par testing flowchart shown in \ul0\

nosupersub\cf21\f22\fs21 Figure E-4\ul0\nosupersub\cf11\f12\fs21 . To test the V PN tunnel from the Gateway A LAN, do the following: \par\pard\par\pard\qc \ul0\n osupersub\cf67\f68\fs20 1. \ul0\nosupersub\cf15\f16\fs21 Test 1: Ping Remote LAN IP Address\ul0\nosupersub\cf11\f12\fs21 : To establish the connection between t he FVS318v3 Gateway A and FVS318v2 Gateway B tunnel endpoints, perform these ste ps at Gateway A: \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 a.\ul0\nosu persub\cf11\f12\fs21 From a Windows PC attached to the FVS318v3 on LAN A, cli ck the \ul0\nosupersub\cf15\f16\fs21 Start\ul0\nosupersub\cf11\f12\fs21 button on the \par taskbar and then click \ul0\nosupersub\cf15\f16\fs21 Run\ul0\nos upersub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 b.\u l0\nosupersub\cf11\f12\fs21 Type \ul0\nosupersub\cf15\f16\fs21 ping -t 17 2.23.9.1\ul0\nosupersub\cf11\f12\fs21 , and then click \ul0\nosupersub\cf15\f16\ fs21 OK\ul0\nosupersub\cf11\f12\fs21 (you would type \ul0\nosupersub\cf15\f16\f s21 ping -t 10.5.6.1\ul0\nosupersub\cf11\f12\fs21 if testing \par from Gat eway B). \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 c.\ul0\nosupersub\c f11\f12\fs21 This will cause a continuous ping to be sent to the LAN interfac e of Gateway B. Within \par two minutes, the ping response should change fro m timed out to reply. \par\pard\par\pard\ql At this point the VPN-tunnel-endpoin t-to-VPN-tunnel-endpoint connection is established. \par\pard\par\pard\ql \ul0\n osupersub\cf67\f68\fs20 2. \ul0\nosupersub\cf15\f16\fs21 Test 2: Ping Remote WAN IP Address (if Test 1 fails)\ul0\nosupersub\cf11\f12\fs21 : To test connectivit y between the \par Gateway A and Gateway B WAN ports, follow these steps: \ par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 a.\ul0\nosupersub\cf11\f12\fs 21 Log in to the router on LAN A, go to the main menu Maintenance section, an d click the \par \ul0\nosupersub\cf15\f16\fs21 Diagnostics\ul0\nosupersub \cf11\f12\fs21 link. \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 b.\ul0 \nosupersub\cf11\f12\fs21 To test connectivity to the WAN port of Gateway B, enter \ul0\nosupersub\cf15\f16\fs21 22.23.24.25\ul0\nosupersub\cf11\f12\fs21 , and then click \par \ul0\nosupersub\cf15\f16\fs21 Ping \ul0\nosupersub\cf11\ f12\fs21 (you would enter \ul0\nosupersub\cf15\f16\fs21 14.15.16.17\ul0\nosupers ub\cf11\f12\fs21 if testing from Gateway B). \par\pard\par\pard\qj \ul0\nosuper sub\cf67\f68\fs20 c.\ul0\nosupersub\cf11\f12\fs21 This causes a ping to be se nt to the WAN interface of Gateway B. Within two minutes, the \par ping res ponse should change from timed out to reply. You may have to run this test sever al times before you get the reply message back from the target FVS318v2. \par\pa rd\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 d.\ul0\nosupersub\cf11\f12\fs21 At this point the gateway-to-gateway connection is verified. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-18}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 3. \ul0\nosupersub\cf15\f16\fs21 Test 3: View VPN Tunnel Status\ul0\nosupersub\ cf11\f12\fs21 : To view the FVS318v3 and FVS318v2 event log and status \par of Security Associations, go to the FVS318v3 main menu VPN section and click the \ul0\nosupersub\cf15\f16\fs21 VPN Status\ul0\nosupersub\cf11\f12\fs21 link. Fo r the FVS318v2, click \ul0\nosupersub\cf15\f16\fs21 Show VPN Status\ul0\nosupers ub\cf11\f12\fs21 from the Router Status screen. \par\pard\par\pard\ql \ul0\nosu persub\cf15\f16\fs21 VPN Status at Gateway A (FVS318v3) \par\pard\par\pard\ql \u l0\nosupersub\cf68\f69\fs19 Status of VPN tunnel from Gateway B \par\pard\par\pa rd{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf70\f71\fs18 22.23.24.25}\cell{\ul0\nos upersub\cf68\f69\fs19 Status of VPN tunnel}\cell

{\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql to Gateway B \par\pard\par\pard\ql \ul0\nosupersub\cf70\f 71\fs18 22.23.24.25 \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 IPSec Co nnection Status at Gateway B (FVS318v2) \par\pard\par\pard\ql \ul0\nosupersub\cf 68\f69\fs19 Status of VPN tunnel to and from Gateway A \par\pard\par\pard\ql \ul 0\nosupersub\cf4\f5\fs19 Figure E-13: VPN Status for the routers at Gateway A (FVS318v3) and Gateway B (FVS318v2) \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-19}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 The FVS318v3-to-F VL328 Case \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table E-3.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Policy Summary}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 VPN Consortium Scenario:}\ce ll{\ul0\nosupersub\cf2\f3\fs18 Scenario 1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Type of VPN}\cell{\ul0\nosup ersub\cf2\f3\fs18 LAN-to-LAN or Gateway-to-Gateway}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Security Scheme:}\cell{\ul0\ nosupersub\cf2\f3\fs18 IKE with Preshared Secret/Key}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Date Tested:}\cell{\ul0\nosu persub\cf2\f3\fs18 November 2004}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Model/Firmware Tested:}\cell

\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway A}\cell{\ul0 \nosupersub\cf2\f3\fs18 FVS318v3 with firmware version v3.0_14}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway B}\cell{\ul0 \nosupersub\cf2\f3\fs18 FVL328 with firmware version V2.0_01}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 IP Addressing:}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway A}\cell{\ul0 \nosupersub\cf2\f3\fs18 Static IP address}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway B}\cell{\ul0 \nosupersub\cf2\f3\fs18 Static IP address}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf19\f20\fs27 Configuring the VPN Tunnel }\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf15\f16\fs21 Note\ul0\nosupersub\cf11\f12\fs21 : This s cenario assumes all ports are open on the FVS318v3 and FVL328.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 Gateway\ul0\nosupersub\cf4 9\f50\fs18 A}\cell{\ul0\nosupersub\cf50\f51\fs19 Scenario 1}\cell{\ul0\nosupers ub\cf48\f49\fs18 Gateway\ul0\nosupersub\cf49\f50\fs18 B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 FVS318v3}\cell {}\cell{\ul0\nosupersub\cf48\f49\fs18 FVL328}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf48\f49\fs18 14.15.16.17}\cell{\ul0\nosupersub\cf48\f49 \fs18 22.23.24.25}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 10.5.6.1/24}\cell{\ul0\nos upersub\cf48\f49\fs18 WAN IP}\cell{\ul0\nosupersub\cf48\f49\fs18 WAN IP}\cell{\u l0\nosupersub\cf48\f49\fs18 172.23.9.1/24}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf48\f49\fs18 LAN IP}\cell {}\cell {}\cell{\ul0\nosupersub\cf48\f49\fs18 LAN IP}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2160 \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx6480 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-14: LAN to LAN VPN access from an \ul0\nosupersub\cf38\f39\fs21 FVS318v3\ul0\nosupersub\cf11\f12\f s21 \ul0\nosupersub\cf4\f5\fs19 to an \ul0\nosupersub\cf38\f39\fs21 FVL328 \par \ul0\nosupersub\cf11\f12\fs21 Use this scenario illustration and configuration s creens as a model to build your configuration. \ul0\nosupersub\cf15\f16\fs21 1. Log in to the FVS318v3 labeled Gateway A as in the illustration (\ul0\nosupers ub\cf69\f70\fs21 Figure E-14\ul0\nosupersub\cf15\f16\fs21 ). \par\pard\par\pard\

ql \ul0\nosupersub\cf11\f12\fs21 Log in at the default address of \ul0\nosupersu b\cf16\f17\fs21 http://192.168.0.1\ul0\nosupersub\cf11\f12\fs21 with the defaul t user name of \ul0\nosupersub\cf15\f16\fs21 admin\ul0\nosupersub\cf11\f12\fs21 and \par default password of \ul0\nosupersub\cf15\f16\fs21 password\ul0\n osupersub\cf11\f12\fs21 (or using whatever password and LAN address you have ch osen). \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-20}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf22\f23\fs21 Note: \ul0 \nosupersub\cf11\f12\fs21 Based on the network addresses used in this example, y ou would log in to the LAN IP address of \ul0\nosupersub\cf16\f17\fs21 http://10 .5.6.1\ul0\nosupersub\cf11\f12\fs21 at Gateway A. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 2.}\cell {}\cell{\ul0\nosupersub\cf15\f16\fs21 Use the VPN Wizard to configure the FVS318 v3 at Gateway A.}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell {}\cell{\ul0\nosupersub\cf11\f12\fs21 Follow the steps listed in \ul0\nosupersub \cf21\f22\fs21 Figure E-2\ul0\nosupersub\cf11\f12\fs21 and \ul0\nosupersub\cf21 \f22\fs21 Figure E-3\ul0\nosupersub\cf11\f12\fs21 using the following parameter s as}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 illustrated in \ul0\nosupersub\cf21\f22\fs 21 Figure E-15\ul0\nosupersub\cf11\f12\fs21 :}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Connection Name: \ul0\nosupersub\cf15\f16\fs21 Scenario_1\ul0\nosupersub\cf11\ f12\fs21 (in this example)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760

\cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Pre-Shared Key: \ul0\nosupersub\cf15\f16\fs21 12345678\ul0\nosupersub\cf11\f12 \fs21 (in this example), must be the same at both VPN tunnel}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 endpoints}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Remote WAN IP address: \ul0\nosupersub\cf15\f16\fs21 22.23.24.25\ul0\nosupersu b\cf11\f12\fs21 (in this example), must be unique at each VPN}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 tunnel endpoint}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosupersub\cf11\f12\fs2 1 Remote LAN IP Subnet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql - IP Address: \ul0\nosupersub\cf15\f16\fs21 172.23.9.1\ ul0\nosupersub\cf11\f12\fs21 (in this example), must be unique at each VPN tunn el endpoint - Subnet Mask: \ul0\nosupersub\cf15\f16\fs21 255.255.255.0\ul0\nos upersub\cf11\f12\fs21 (in this example) \par\pard\par\pard\ql \ul0\nosupersub\c f67\f68\fs20 3. \ul0\nosupersub\cf15\f16\fs21 Log in to the FVL328 labeled Gatew ay B as in the illustration (\ul0\nosupersub\cf69\f70\fs21 Figure E-14\ul0\nosup ersub\cf15\f16\fs21 ). \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Log i n at the default address of \ul0\nosupersub\cf16\f17\fs21 http://192.168.0.1\ul0

\nosupersub\cf11\f12\fs21 with the default user name of \ul0\nosupersub\cf15\f1 6\fs21 admin\ul0\nosupersub\cf11\f12\fs21 and \par default password of \ul0 \nosupersub\cf15\f16\fs21 password\ul0\nosupersub\cf11\f12\fs21 (or using whate ver password and LAN address you have chosen). \par\pard\par\pard\ql \ul0\nos upersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 Based on the network a ddresses used in this example, you would log in to the LAN IP address of \ul0\no supersub\cf16\f17\fs21 http://172.23.9.1\ul0\nosupersub\cf11\f12\fs21 at Gatewa y B. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 4. Repeat the process using the VPN Wizard to configure the FVL328 at Gateway B. \par\pard\par\pard\q l \ul0\nosupersub\cf11\f12\fs21 Follow the steps listed in \ul0\nosupersub\cf21\ f22\fs21 Figure E-2\ul0\nosupersub\cf11\f12\fs21 and \ul0\nosupersub\cf21\f22\f s21 Figure E-3\ul0\nosupersub\cf11\f12\fs21 , but use the following parameters i nstead as illustrated in \ul0\nosupersub\cf21\f22\fs21 Figure E-15\ul0\nosupersu b\cf11\f12\fs21 : \par\pard\u8226? \u8226? \u8226? Connection Name: \ul0\nosuper sub\cf15\f16\fs21 Scenario_1\ul0\nosupersub\cf11\f12\fs21 (in this example) Pre -Shared Key: \ul0\nosupersub\cf15\f16\fs21 12345678\ul0\nosupersub\cf11\f12\fs21 (in this example), must be the same at both VPN tunnel endpoints Remote WAN IP address: \ul0\nosupersub\cf15\f16\fs21 14.15.16.17\ul0\nosupersub\cf11\f12\fs21 (in this example), must be unique at each VPN tunnel endpoint \par\pard\par\pa rd{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-21}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17 \f18\fs19 Reference Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\p ard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Remote LAN IP Subnet}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql - IP Address: \ul0\nosupersub\cf15\f16\fs21 10.5.6.1\ul 0\nosupersub\cf11\f12\fs21 (in this example), must be unique at each VPN tunnel endpoint - Subnet Mask: \ul0\nosupersub\cf15\f16\fs21 255.255.255.0\ul0\nosup ersub\cf11\f12\fs21 (in this example) \par\pard\par\pard\ql All traffic from th e range of LAN IP addresses specified on FVS318v3 A and FVL328 B will now flow o ver a secure VPN tunnel once the VPN tunnel is initiated (see \ul0\nosupersub\cf 21\f22\fs21 \u8220?Initiating and Checking the VPN Connections\u8221? on page 25 \ul0\nosupersub\cf11\f12\fs21 ). \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Gateway A VPN Parameter En try}\cell{\ul0\nosupersub\cf15\f16\fs21 Gateway B VPN Parameter Entry}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Continue as shown in \ul0\ nosupersub\cf69\f70\fs21 Figure E-3}\cell{\ul0\nosupersub\cf15\f16\fs21 Continue

as shown in \ul0\nosupersub\cf69\f70\fs21 Figure E-3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-15: VPN parameter entry at Gateway A (FVS318v3) and Gateway B (FVL328) \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-22}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Referenc e Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupe rsub\cf19\f20\fs27 Viewing and Editing the VPN Parameters \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 The VPN Wizard sets up a VPN tunnel using the defa ult parameters from the VPN Consortium \par (VPNC). The policy definitions t o manage VPN traffic on the FVS318v3 and FVL328 are presented in \ul0\nosupersub \cf21\f22\fs21 Figure E-16\ul0\nosupersub\cf11\f12\fs21 and \ul0\nosupersub\cf2 1\f22\fs21 Figure E-17\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Gateway A VPN Policy Param eters}\cell{\ul0\nosupersub\cf15\f16\fs21 Gateway B VPN Policy Parameters}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-16: VPN policies a t Gateway A (FVS318v3) and Gateway B (FVL328) \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-23}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Referenc e Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf15\f16\fs21 Gateway A IKE Parameters}\ cell{\ul0\nosupersub\cf15\f16\fs21 Gateway B IKE Parameters}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-17: IKE parameters at Gateway A (FVS318v3) and Gateway B (FVL328) \par\pard\par\pard\ql \ul0\nosup ersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 The Pre-Shared Key must be the same at both VPN tunnel endpoints. \par\pard\par\pard\ql The remote WAN a nd LAN IP addresses for one VPN tunnel endpoint will be the local WAN and LAN IP addresses for the other VPN tunnel endpoint. \par\pard\par\pard\ql The VPN Wiza

rd ensures the other VPN parameters are the same at both VPN tunnel endpoints. \ par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-24}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Initiating and Ch ecking the VPN Connections \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Y ou can test connectivity and view VPN status information on the FVS318v3 and FVL 328 according to the testing flowchart shown in \ul0\nosupersub\cf21\f22\fs21 Fi gure E-4\ul0\nosupersub\cf11\f12\fs21 . To test the VPN tunnel from the Gateway A LAN, do the following: \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 1. \ul0\nosupersub\cf15\f16\fs21 Test 1: Ping Remote LAN IP Address\ul0\nosupersub\ cf11\f12\fs21 : To establish the connection between the FVS318v3 \par Gateway A and FVL328 Gateway B tunnel endpoints, perform these steps at Gateway A: \par\ pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 a.\ul0\nosupersub\cf11\f12\fs21 From a Windows PC attached to the FVS318v3 on LAN A, click the \ul0\nosupersub \cf15\f16\fs21 Start\ul0\nosupersub\cf11\f12\fs21 button on the \par taskbar and then click \ul0\nosupersub\cf15\f16\fs21 Run\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 b.\ul0\nosupersub\cf11\f12\f s21 Type \ul0\nosupersub\cf15\f16\fs21 ping -t 172.23.9.1\ul0\nosupersub\ cf11\f12\fs21 , and then click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\c f11\f12\fs21 (you would type \ul0\nosupersub\cf15\f16\fs21 ping -t 10.5.6.1\u l0\nosupersub\cf11\f12\fs21 if testing \par from Gateway B). \par\pard\par\p ard\ql \ul0\nosupersub\cf67\f68\fs20 c.\ul0\nosupersub\cf11\f12\fs21 This wil l cause a continuous ping to be sent to the LAN interface of Gateway B. Within \ par two minutes, the ping response should change from timed out to reply. \p ar\pard\par\pard\ql At this point the VPN-tunnel-endpoint-to-VPN-tunnel-endpoint connection is established. \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 2. \ul0\nosupersub\cf15\f16\fs21 Test 2: Ping Remote WAN IP Address (if Test 1 f ails)\ul0\nosupersub\cf11\f12\fs21 : To test connectivity between the \par Gateway A and Gateway B WAN ports, follow these steps: \par\pard\par\pard\ql \ul 0\nosupersub\cf67\f68\fs20 a.\ul0\nosupersub\cf11\f12\fs21 Log in to the rout er on LAN A, go to the main menu Maintenance section, and click the \par \ul0\nosupersub\cf15\f16\fs21 Diagnostics\ul0\nosupersub\cf11\f12\fs21 link. \p ar\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 b.\ul0\nosupersub\cf11\f12\fs2 1 To test connectivity to the WAN port of Gateway B, enter \ul0\nosupersub\c f15\f16\fs21 22.23.24.25\ul0\nosupersub\cf11\f12\fs21 , and then click \par \ul0\nosupersub\cf15\f16\fs21 Ping \ul0\nosupersub\cf11\f12\fs21 (you would ente r \ul0\nosupersub\cf15\f16\fs21 14.15.16.17\ul0\nosupersub\cf11\f12\fs21 if tes ting from Gateway B). \par\pard\par\pard\qj \ul0\nosupersub\cf67\f68\fs20 c.\ul0 \nosupersub\cf11\f12\fs21 This causes a ping to be sent to the WAN interface of Gateway B. Within two minutes, the \par ping response should change from timed out to reply. You may have to run this test several times before you get the reply message back from the target FVL328. \par\pard\par\pard\ql \ul0\nosupe rsub\cf67\f68\fs20 d.\ul0\nosupersub\cf11\f12\fs21 At this point the gatewayto-gateway connection is verified. \par\pard\par\pard\ql \ul0\nosupersub\cf67\f6 8\fs20 3. \ul0\nosupersub\cf15\f16\fs21 Test 3: View VPN Tunnel Status\ul0\nosup ersub\cf11\f12\fs21 : To view the FVS318v3 and FVL328 event log and status of \p ar Security Associations, go to the FVS318v3 main menu VPN section and clic k the \ul0\nosupersub\cf15\f16\fs21 VPN Status \ul0\nosupersub\cf11\f12\fs21 lin k. For the FVL328, click \ul0\nosupersub\cf15\f16\fs21 VPN Status\ul0\nosupersub \cf11\f12\fs21 on the VPN Status/Log screen. \par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-25}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 VPN Status at Gateway A (FVS318v3) \par\pard\par\pard\ql \ul0\nosupersub\cf68\f 69\fs19 Status of VPN tunnel from Gateway B \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf70\f71\fs18 22.23.24.25}\cell{\ul0\nos upersub\cf68\f69\fs19 Status of VPN tunnel}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql to Gateway B \par\pard\par\pard\ql \ul0\nosupersub\cf70\f 71\fs18 22.23.24.25 \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 IPSec Co nnection Status at Gateway B (FVL328) \par\pard\par\pard\ql \ul0\nosupersub\cf68 \f69\fs19 Status of VPN tunnel to and from Gateway A \par\pard\par\pard\ql \ul0\ nosupersub\cf4\f5\fs19 Figure E-18: VPN Status for the routers at Gateway A (F VS318v3) and Gateway B (FVL328) \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-26}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 The FVS318v3-to-V PN Client Case \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table E-4.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Policy Summary}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 VPN Consortium Scenario:}\ce ll{\ul0\nosupersub\cf2\f3\fs18 Scenario 1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Type of VPN}\cell{\ul0\nosup ersub\cf2\f3\fs18 PC/Client-to-Gateway}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

\trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Security Scheme:}\cell{\ul0\ nosupersub\cf2\f3\fs18 IKE with Preshared Secret/Key}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Date Tested:}\cell{\ul0\nosu persub\cf2\f3\fs18 November 2004}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Model/Firmware Tested:}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway A}\cell{\ul0 \nosupersub\cf2\f3\fs18 FVS318v3 with firmware version v3.0_14}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Client B}\cell{\ul0\ nosupersub\cf2\f3\fs18 NETGEAR ProSafe VPN Client v10.3.5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 IP Addressing:}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Gateway A}\cell{\ul0 \nosupersub\cf2\f3\fs18 Static IP address}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 NETGEAR-Client B}\cell{\ul0\ nosupersub\cf2\f3\fs18 Dynamic IP address}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf19\f20\fs27 Client-to-Gateway VPN Tunnel Overview}\cel

l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 The operational differences between gatewa y-to-gateway and client-to-gateway VPN tunnels are}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 summarized as follows:}\ce ll {}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Table E-5.}\cell{\ul0\nosupe rsub\cf4\f5\fs19 Differences between VPN tunnel types}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Operation}\cell{\ul0\nosuper sub\cf2\f3\fs18 Gateway-to-Gateway VPN Tunnels}\cell{\ul0\nosupersub\cf2\f3\fs18 Client-to-Gateway VPN Tunnels}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 Exchange Mode}\cell{\ul0\nos upersub\cf2\f3\fs18 Main Mode\u8212?The IP addresses of both}\cell{\ul0\nosupers ub\cf2\f3\fs18 Aggressive Mode\u8212?The IP address of}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pardgateways are known (especially when FQDN is used), so each gateway can use the Internet source of the traffic for (i.e., less secure). Both Directions \u8212?Either end of the VPN the client is not known in advance, so the gateway is programmed to accept valid traffic sourced from any Internet location Remote Access\u8212?The client end of the \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf2\f3\fs18 tunnel may initiate traffic (usually).}\cell{\ul0\nosupersub\cf2\f3\fs18 VPN tunnel must initiate traffic be

cause}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql its IP address is not know in advance, which prevents the gateway end of the VPN tunnel from initiating traffic. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-27}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Configur ing the VPN Tunnel \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Note\ul0\ nosupersub\cf11\f12\fs21 : This scenario assumes all ports are open on the FVS31 8v3. \par\pard\par\pard\ql \ul0\nosupersub\cf71\f72\fs18 10.5.6.0/24 \par\pard\p ar\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf73\f74\fs22 Scenario 1}\cell{\ul0\nosu persub\cf50\f51\fs19 Client B}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Gateway A \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf50\f51\fs19 WAN IP}\cell{\ul0\nosupers ub\cf50\f51\fs19 WAN IP}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql LAN IP \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf71\f72\fs18 14.15.16.17}\cell{\ul0\nos upersub\cf72\f73\fs18 0.0.0.0}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf71\f72\fs18 10.5.6.1 \par\pard\par\pard \ql \ul0\nosupersub\cf72\f73\fs18 Router \par\pard\par\pard\ql \ul0\nosupersub\c f74\f75\fs18 PC \par\pard\par\pard\ql (running NETGEAR ProSafe VPN Client) \par\ pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-19: LAN to PC VPN access from an \ul0\nosupersub\cf38\f39\fs21 FVS318v3\ul0\nosupersub\cf11\f12\fs21 \u l0\nosupersub\cf4\f5\fs19 to a VPN Client \ul0\nosupersub\cf11\f12\fs21 Use this scenario illustration and configuration screens as a model to build your config uration. \ul0\nosupersub\cf15\f16\fs21 1. Log in to the FVS318v3 labeled Gatew ay A as in the illustration (\ul0\nosupersub\cf69\f70\fs21 Figure E-19\ul0\nosup ersub\cf15\f16\fs21 ). \par\pard\par\pard\ql \ul0\nosupersub\cf11\f12\fs21 Log i n at the default address of \ul0\nosupersub\cf16\f17\fs21 http://192.168.0.1\ul0

\nosupersub\cf11\f12\fs21 with the default user name of \ul0\nosupersub\cf15\f1 6\fs21 admin\ul0\nosupersub\cf11\f12\fs21 and \par default password of \ul0 \nosupersub\cf15\f16\fs21 password\ul0\nosupersub\cf11\f12\fs21 (or using whate ver password and LAN address you have chosen). \par\pard\par\pard\ql \ul0\nos upersub\cf22\f23\fs21 Note: \ul0\nosupersub\cf11\f12\fs21 Based on the network a ddresses used in this example, you would log in to the LAN IP address of \ul0\no supersub\cf16\f17\fs21 http://10.5.6.1\ul0\nosupersub\cf11\f12\fs21 at Gateway A. \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 2. Use the VPN Wizard t o configure the FVS318v3 at Gateway A. \par\pard\par\pard\ql \ul0\nosupersub\cf1 1\f12\fs21 Follow the steps illustrated in \ul0\nosupersub\cf21\f22\fs21 Figure E-19\ul0\nosupersub\cf11\f12\fs21 (the resulting parameter screens are shown in \ul0\nosupersub\cf21\f22\fs21 Figure E-20\ul0\nosupersub\cf11\f12\fs21 ): \par\ pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Connection Name: \ul0\nosupersub\cf15\f16\fs21 Scenario_1\ul0\ nosupersub\cf11\f12\fs21 (in this example)}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Pre-Shared Key: \ul0\nosupersub\cf15\f16\fs21 12345678\ul0\nos upersub\cf11\f12\fs21 (in this example), must be the same at both VPN tunnel}\c ell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf11\f12\fs21 endpoints}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Connection Type: \ul0\nosupersub\cf15\f16\fs21 A Remote VPN Cl ient}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-28}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Referenc e Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupe rsub\cf68\f69\fs19 Pre-Shared Key must be the same at both ends of the VPN tunne l \par\pard\par\pard\ql Select \u8220?A Remote VPN Client\u8221? \par\pard\par\p

ard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-20: 8v3) \par\pard\par\pard{

VPN Wizard at Gateway A (FVS31

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-29}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Referenc e Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupe rsub\cf4\f5\fs19 Figure E-21: VPN parameters at Gateway A (FVS318v3) \par\pard \par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-30}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf67\f68\fs20 3.}\cell{\ul0\nosupersub\c f15\f16\fs21 Set up the VPN Client at Gateway B as in the illustration (\ul0\nos upersub\cf69\f70\fs21 Figure E-19\ul0\nosupersub\cf15\f16\fs21 ).}\cell \cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl {}\cell{\ul0\nosupersub\cf67\f68\fs20 a.\ul0\nosupersub\cf11\f12\fs21 Right-m ouse-click the ProSafe icon (}\cell{\ul0\nosupersub\cf11\f12\fs21 ) in the syste m tray and select the Security Policy}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx2880 \cltxlrtb\clftsWidth1\cellx5760 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql Editor. If you need to install the NETGEAR ProSafe VPN Cl ient on your PC, consult the documentation that came with your software. \par\pa rd\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 b.\ul0\nosupersub\cf11\f12\fs21 Add a new connection using the Edit/Add/Connection menu and rename it \ul0\nosup ersub\cf15\f16\fs21 Scenario_1\ul0\nosupersub\cf11\f12\fs21 . \par (\ul0\no supersub\cf15\f16\fs21 Scenario_1\ul0\nosupersub\cf11\f12\fs21 is used in this example to reflect the fact that the connection uses the Pre-Shared Key security scheme and encryption parameters proposed by the VPN Consortium, but you may wa nt to choose a name for your connection that is meaningful to your specific inst allation. The name you choose does not have to match the name used at the gatewa y end of the VPN tunnel.) \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figu re E-22: Adding and renaming a new connection \par\pard\par\pard{

\trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-31}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 c.\ul0\n osupersub\cf11\f12\fs21 Program the \ul0\nosupersub\cf15\f16\fs21 Scenario_1\ ul0\nosupersub\cf11\f12\fs21 connection screen as follows (see \ul0\nosupersub\ cf21\f22\fs21 Figure E-23\ul0\nosupersub\cf11\f12\fs21 ): \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Connection Security: \ul0\nosupersub\cf15\f16\fs21 Secure}\cel l {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} \trowd\trautofit1\intbl{\ul0\nosupersub\cf11\f12\fs21 \u8226?}\cell{\ul0\nosuper sub\cf11\f12\fs21 Remote Party Identity and Addressing: Select \ul0\nosupersub\c f15\f16\fs21 IP Subnet\ul0\nosupersub\cf11\f12\fs21 from the ID Type menu and}\ cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql then enter \ul0\nosupersub\cf15\f16\fs21 10.5.6.1\ul0\nos upersub\cf11\f12\fs21 for \ul0\nosupersub\cf15\f16\fs21 Subnet\ul0\nosupersub\c f11\f12\fs21 , \ul0\nosupersub\cf15\f16\fs21 255.255.255.0\ul0\nosupersub\cf11\f 12\fs21 for \ul0\nosupersub\cf15\f16\fs21 Mask\ul0\nosupersub\cf11\f12\fs21 , a nd leave \ul0\nosupersub\cf15\f16\fs21 All\ul0\nosupersub\cf11\f12\fs21 for \ul 0\nosupersub\cf15\f16\fs21 Protocol\ul0\nosupersub\cf11\f12\fs21 . \par (The \ul 0\nosupersub\cf15\f16\fs21 Subnet\ul0\nosupersub\cf11\f12\fs21 and \ul0\nosuper sub\cf15\f16\fs21 Mask\ul0\nosupersub\cf11\f12\fs21 parameters entered here mus t match the \ul0\nosupersub\cf15\f16\fs21 Start IP address\ul0\nosupersub\cf11\f 12\fs21 and \ul0\nosupersub\cf15\f16\fs21 Subnet Mask\ul0\nosupersub\cf11\f12\f s21 parameters of the \ul0\nosupersub\cf15\f16\fs21 Local IP Traffic Selector\u l0\nosupersub\cf11\f12\fs21 on the \ul0\nosupersub\cf15\f16\fs21 VPN Autopolicy \ul0\nosupersub\cf11\f12\fs21 screen shown in \ul0\nosupersub\cf21\f22\fs21 Fig ure E-21\ul0\nosupersub\cf11\f12\fs21 for the gateway router.) \par\pard\par\pa rd\ql \u8226? Enable \ul0\nosupersub\cf15\f16\fs21 Connect Using Secure Gateway Tunnel\ul0\nosupersub\cf11\f12\fs21 ; select \ul0\nosupersub\cf15\f16\fs21 Domai n Name\ul0\nosupersub\cf11\f12\fs21 for \ul0\nosupersub\cf15\f16\fs21 ID_Type\u l0\nosupersub\cf11\f12\fs21 ; \par enter \ul0\nosupersub\cf15\f16\fs21 fvs_ local\ul0\nosupersub\cf11\f12\fs21 for \ul0\nosupersub\cf15\f16\fs21 Domain Nam e\ul0\nosupersub\cf11\f12\fs21 ; and enter \ul0\nosupersub\cf15\f16\fs21 14.15.1 6.17\ul0\nosupersub\cf11\f12\fs21 for \ul0\nosupersub\cf15\f16\fs21 Gateway IP Address\ul0\nosupersub\cf11\f12\fs21 . (\ul0\nosupersub\cf15\f16\fs21 Domain Nam e\ul0\nosupersub\cf11\f12\fs21 must match the \ul0\nosupersub\cf15\f16\fs21 Loc al Identity Data\ul0\nosupersub\cf11\f12\fs21 parameter of the \ul0\nosupersub\ cf15\f16\fs21 IKE Policy Configuration\ul0\nosupersub\cf11\f12\fs21 screen show n in \ul0\nosupersub\cf21\f22\fs21 Figure E-21\ul0\nosupersub\cf11\f12\fs21 for the gateway router. Also, \ul0\nosupersub\cf15\f16\fs21 Gateway IP Address\ul0\ nosupersub\cf11\f12\fs21 must match the WAN IP address of the gateway router sh

own in \ul0\nosupersub\cf21\f22\fs21 Figure E-19\ul0\nosupersub\cf11\f12\fs21 .) \par\pard\par\pard\ql \u8226? Expand the Scenario_1 screen hierarchy by clickin g the + sign in front of Scenario_1. \par Then expand the rest of the scre en hierarchies by clicking the rest of the + signs. \par\pard\par\pard\ql \ul0\n osupersub\cf4\f5\fs19 Figure E-23: Scenario_1 connection screen parameters \pa r\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-32}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VP N Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 d.\ul0\n osupersub\cf11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 Security Policy\ ul0\nosupersub\cf11\f12\fs21 on the left hierarchy menu and then select \ul0\no supersub\cf15\f16\fs21 Aggressive Mode\ul0\nosupersub\cf11\f12\fs21 under \par \ul0\nosupersub\cf15\f16\fs21 Select Phase 1 Negotiation Mode\ul0\nosupersub\cf1 1\f12\fs21 (see \ul0\nosupersub\cf21\f22\fs21 Figure E-24\ul0\nosupersub\cf11\f 12\fs21 ). (The \ul0\nosupersub\cf15\f16\fs21 Select Phase 1 Negotiation Mode\ul 0\nosupersub\cf11\f12\fs21 choice must match the \ul0\nosupersub\cf15\f16\fs21 Exchange Mode\ul0\nosupersub\cf11\f12\fs21 setting for the \ul0\nosupersub\cf15 \f16\fs21 General IKE Policy Configuration\ul0\nosupersub\cf11\f12\fs21 paramet ers shown in \ul0\nosupersub\cf21\f22\fs21 Figure E-21\ul0\nosupersub\cf11\f12\f s21 for the gateway router.) \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-24: Scenario_1 Security Policy screen parameters \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-33}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 e.\ul0\nosupersub\cf11\f12\fs21 Select My Identity on the left hierarchy men u and program the screen as follows (see \par \ul0\nosupersub\cf21\f22\fs21 Fi gure E-25\ul0\nosupersub\cf11\f12\fs21 ): \par\pard\par\pard\ql \u8226? Under \u l0\nosupersub\cf15\f16\fs21 My Identity\ul0\nosupersub\cf11\f12\fs21 , select \u l0\nosupersub\cf15\f16\fs21 None\ul0\nosupersub\cf11\f12\fs21 for \ul0\nosupers ub\cf15\f16\fs21 Select Certificate\ul0\nosupersub\cf11\f12\fs21 (since we are using a \par Pre-Shared Key in this scenario). Then enter \ul0\nosupersub\cf1 5\f16\fs21 12345678\ul0\nosupersub\cf11\f12\fs21 for the \ul0\nosupersub\cf15\f 16\fs21 Pre-Shared Key\ul0\nosupersub\cf11\f12\fs21 value. (The \ul0\nosupersub \cf15\f16\fs21 Preshared-Key\ul0\nosupersub\cf11\f12\fs21 value must match the value you entered in the VPN Wizard for the gateway \ul0\nosupersub\cf15\f16\fs2 1 Pre-Shared Key\ul0\nosupersub\cf11\f12\fs21 value shown in \ul0\nosupersub\cf 21\f22\fs21 Figure E-20\ul0\nosupersub\cf11\f12\fs21 .) \par\pard\par\pard\ql \u 8226? Under \ul0\nosupersub\cf15\f16\fs21 My Identity\ul0\nosupersub\cf11\f12\fs 21 , select \ul0\nosupersub\cf15\f16\fs21 Domain Name\ul0\nosupersub\cf11\f12\fs 21 for the \ul0\nosupersub\cf15\f16\fs21 ID Type\ul0\nosupersub\cf11\f12\fs21 and then enter \ul0\nosupersub\cf15\f16\fs21 fvs_remote\ul0\nosupersub\cf11\f12\ fs21 . \par (\ul0\nosupersub\cf15\f16\fs21 Domain Name\ul0\nosupersub\cf11\f 12\fs21 must match the \ul0\nosupersub\cf15\f16\fs21 Remote Identity Data\ul0\n osupersub\cf11\f12\fs21 parameter of the \ul0\nosupersub\cf15\f16\fs21 IKE Poli

cy Configuration\ul0\nosupersub\cf11\f12\fs21 screen shown in \ul0\nosupersub\c f21\f22\fs21 Figure E-21\ul0\nosupersub\cf11\f12\fs21 for the gateway router.) \par\pard\par\pard\ql \ul0\nosupersub\cf68\f69\fs19 Pre-Shared Key must be the s ame at both ends of the VPN tunnel \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\ fs19 Figure E-25: Scenario_1 My Identity screen parameters \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-34}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 f. \ul0\nosupersub\cf11\f12\fs21 Verify the \ul0\nosupersub\cf15\f16\fs21 Authe ntication (Phase 1)\ul0\nosupersub\cf11\f12\fs21 and \ul0\nosupersub\cf15\f16\f s21 Key Exchange (Phase 1)\ul0\nosupersub\cf11\f12\fs21 \ul0\nosupersub\cf15\f1 6\fs21 Proposal 1\ul0\nosupersub\cf11\f12\fs21 screen \par parameters (see \ul0\nosupersub\cf21\f22\fs21 Figure E-26\ul0\nosupersub\cf11\f12\fs21 ) match t he \ul0\nosupersub\cf15\f16\fs21 IKE SA Parameters \ul0\nosupersub\cf11\f12\fs21 of the \ul0\nosupersub\cf15\f16\fs21 IKE Policy Configuration\ul0\nosupersub\cf 11\f12\fs21 screen shown in \ul0\nosupersub\cf21\f22\fs21 Figure E-21\ul0\nosup ersub\cf11\f12\fs21 for the gateway router. \par\pard\par\pard\ql \ul0\nosupers ub\cf4\f5\fs19 Figure E-26: Scenario_1 Proposal 1 parameters for Authenticatio n and Key Exchange \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 g.\ul0\no supersub\cf11\f12\fs21 Save the \ul0\nosupersub\cf15\f16\fs21 Scenario_1\ul0\ nosupersub\cf11\f12\fs21 connection using Save under the File menu. You can als o export the \par connection parameters using Export Security Policy under the File menu. \par\pard\par\pard\ql You are new ready to activate the tunnel, but you must do it from the client endpoint (see \ul0\nosupersub\cf21\f22\fs21 \ u8220?Initiating and Checking the VPN Connections\u8221? on page 36\ul0\nosupers ub\cf11\f12\fs21 ). In the client-to-gateway scenario, the gateway router will n ot know the client\u8217?s IP address until the client initiates the traffic. \p ar\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-35}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the P roSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf19\f20\fs27 Initiating and Checking the VPN Connections \par\pard\par\pard\ql \ul0\nosupers ub\cf11\f12\fs21 You can test connectivity and view VPN status information on th e FVS318v3 and VPN Client according to the testing flowchart shown in \ul0\nosup ersub\cf21\f22\fs21 Figure E-4\ul0\nosupersub\cf11\f12\fs21 . To test the VPN tu nnel from the Gateway A LAN, do the following: \par\pard\par\pard\ql \ul0\nosupe rsub\cf67\f68\fs20 1. \ul0\nosupersub\cf15\f16\fs21 Test 1: Launch Scenario_1 Co nnection from Client PC\ul0\nosupersub\cf11\f12\fs21 : To check the \ul0\nosuper sub\cf15\f16\fs21 VPN Connection\ul0\nosupersub\cf11\f12\fs21 , \par you can initiate a request from the remote PC to the VPN router\u8217?s network by using the \ul0\nosupersub\cf15\f16\fs21 Connect\ul0\nosupersub\cf11\f12\fs21 option in the VPN Client\u8217?s menu bar (see \ul0\nosupersub\cf21\f22\fs21 Figure E-2 7\ul0\nosupersub\cf11\f12\fs21 ). Since the remote PC has a dynamically assigned WAN IP address, it must initiate the request. \par\pard\par\pard\ql \ul0\nosupe

rsub\cf67\f68\fs20 a.\ul0\nosupersub\cf11\f12\fs21 Open the popup menu by rig ht-clicking on the system tray icon. \ul0\nosupersub\cf67\f68\fs20 b.\ul0\nosupe rsub\cf11\f12\fs21 Select \ul0\nosupersub\cf15\f16\fs21 Connect\ul0\nosupersu b\cf11\f12\fs21 to open the \ul0\nosupersub\cf15\f16\fs21 My Connections\ul0\no supersub\cf11\f12\fs21 list. \ul0\nosupersub\cf67\f68\fs20 c.\ul0\nosupersub\cf 11\f12\fs21 Choose \ul0\nosupersub\cf15\f16\fs21 Scenario_1\ul0\nosupersub\cf 11\f12\fs21 . \par\pard\par\pard\ql The VPN Client reports the results of the at tempt to connect. Once the connection is established, you can access resources o f the network connected to the VPN router. \par\pard\par\pard\ql \ul0\nos upersub\cf15\f16\fs21 Alternative Ping Test\ul0\nosupersub\cf11\f12\fs21 : To pe rform a ping test as an alternative, start from the remote PC: \ul0\nosupersub\c f67\f68\fs20 a.\ul0\nosupersub\cf11\f12\fs21 From a Windows Client PC, click the \ul0\nosupersub\cf15\f16\fs21 Start\ul0\nosupersub\cf11\f12\fs21 button on the taskbar and then click \ul0\nosupersub\cf15\f16\fs21 Run\ul0\nosupersub\cf11 \f12\fs21 . \ul0\nosupersub\cf67\f68\fs20 b.\ul0\nosupersub\cf11\f12\fs21 Typ e \ul0\nosupersub\cf15\f16\fs21 ping -t 10.5.6.1\ul0\nosupersub\cf11\f12\fs2 1 , and then click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs21 . \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 c.\ul0\nosupersub\cf11\f1 2\fs21 This will cause a continuous ping to be sent to the LAN interface of G ateway A. Within \par two minutes, the ping response should change from timed out to reply. \par\pard\par\pard\ql At this point the VPN-tunnel-endpoint-to-VPN -tunnel-endpoint connection is established. \par\pard\par\pard\ql \ul0\nosupersu b\cf4\f5\fs19 Figure E-27: Scenario_1 connection launch from VPN Client PC \pa r\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-36}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 2. \ul0\nosupersu b\cf15\f16\fs21 Test 2: Ping Remote WAN IP Address (if Test 1 fails)\ul0\nosuper sub\cf11\f12\fs21 : To test connectivity between the \par Gateway A and Ga teway B WAN ports, follow these steps: \par\pard\par\pard\ql \ul0\nosupersub\cf6 7\f68\fs20 a.\ul0\nosupersub\cf11\f12\fs21 From a Windows Client PC, click th e \ul0\nosupersub\cf15\f16\fs21 Start\ul0\nosupersub\cf11\f12\fs21 button on th e taskbar and then click \ul0\nosupersub\cf15\f16\fs21 Run\ul0\nosupersub\cf11\f 12\fs21 . \ul0\nosupersub\cf67\f68\fs20 b.\ul0\nosupersub\cf11\f12\fs21 Type \ul0\nosupersub\cf15\f16\fs21 ping -t 14.151.6.17\ul0\nosupersub\cf11\f12\fs 21 , and then click \ul0\nosupersub\cf15\f16\fs21 OK\ul0\nosupersub\cf11\f12\fs2 1 . \par\pard\par\pard\qj \ul0\nosupersub\cf67\f68\fs20 c.\ul0\nosupersub\cf11\f 12\fs21 This causes a ping to be sent to the WAN interface of Gateway A. With in two minutes, the \par ping response should change from timed out to re ply. You may have to run this test several times before you get the reply messag e back from the target FVS318v3. \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\ fs20 d.\ul0\nosupersub\cf11\f12\fs21 At this point the gateway-to-gateway con nection is verified. \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 3. \ul0 \nosupersub\cf15\f16\fs21 Test 3: View VPN Tunnel Status\ul0\nosupersub\cf11\f12 \fs21 : To view the FVS318v3 event log and status of Security \par Associat ions, go to the FVS318v3 main menu VPN section and click the \ul0\nosupersub\cf1 5\f16\fs21 VPN Status\ul0\nosupersub\cf11\f12\fs21 link. For the For the VPN Cl ient, click \ul0\nosupersub\cf15\f16\fs21 VPN Status\ul0\nosupersub\cf11\f12\fs2 1 on the VPN Status/Log screen. \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\ fs20 a.\ul0\nosupersub\cf11\f12\fs21 Open the popup menu by right-clicking on the system tray icon. \ul0\nosupersub\cf67\f68\fs20 b.\ul0\nosupersub\cf11\f12\ fs21 Select \ul0\nosupersub\cf15\f16\fs21 Connection Monitor\ul0\nosupersub\c

f11\f12\fs21 . \par\pard\par\pard\ql See \ul0\nosupersub\cf21\f22\fs21 Figure E28\ul0\nosupersub\cf11\f12\fs21 for the resulting status screens. \par\pard\par \pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell{\ul0\nosupersub\cf4\f5\fs19 E-37}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\par\pard\par\pard\par\pard\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewall FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf15 \f16\fs21 VPN Status at Gateway A (FVS318v3) \par\pard\par\pard\ql \ul0\nosupers ub\cf68\f69\fs19 Status of VPN tunnel from Gateway B \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf70\f71\fs18 22.23.24.25}\cell{\ul0\nos upersub\cf68\f69\fs19 Status of VPN tunnel}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql to Gateway B \par\pard\par\pard\ql \ul0\nosupersub\cf70\f 71\fs18 22.23.24.25 \par\pard\par\pard\ql \ul0\nosupersub\cf15\f16\fs21 Connecti on Monitor at Gateway B (remote VPN Client) \par\pard\par\pard\ql \ul0\nosupersu b\cf68\f69\fs19 Status of VPN \par\pard\par\pard\ql tunnel to and from Gateway A \par\pard\par\pard\ql \ul0\nosupersub\cf4\f5\fs19 Figure E-28: VPN Status for Gateway A (FVS318v3) and Gateway B (VPN Client) \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 E-38}\cell{\ul0\nosupersub\c f4\f5\fs19 VPN Configuration of NETGEAR FVS318v3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf76\f77\fs39 Glossary \par\pard\par\pard\ql \ul0\nosupers ub\cf12\f13\fs30 List of Glossary Terms \par\pard\par\pard\ql \ul0\nosupersub\cf 11\f12\fs21 Use the list below to find definitions for technical terms used in t his manual. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 Numeric \par\par d\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 10BASE-T \par\pard\par\pard\ql \ul0\no supersub\cf67\f68\fs20 IEEE 802.3 specification for 10 Mbps Ethernet over twiste d pair wiring. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 100BASE-Tx \par \pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. \par\pard\par\pard\ql \ul0\nosupersub\c f2\f3\fs18 802.1x \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 802.1x def ines port-based, network access control used to provide authenticated network ac cess and automated data encryption key management. The IEEE 802.1x draft standar d offers an effective framework for authenticating and controlling user traffic to a protected network, as well as dynamically varying encryption keys. 802.1x u ses a protocol called EAP (Extensible Authentication Protocol) and supports mult iple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, and public key authentication. For details on EAP specifically, re fer to IETF's RFC 2284. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 A \p ar\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Access Control List (ACL) \par\p ard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 An ACL is a database that an Opera ting System uses to track each user\u8217?s access rights to system objects (suc

h as file directories and/or files). \par\pard\par\pard\ql \ul0\nosupersub\cf2\f 3\fs18 ADSL \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 Short for asymme tric digital subscriber line, a technology that allows data to be sent over exis ting copper telephone lines at data rates of from 1.5 to 9 Mbps when receiving d ata (known as the downstream rate) and from 16 to 640 Kbps when sending data (kn own as the upstream rate). ADSL requires a special ADSL modem. ADSL is growing i n popularity as more areas around the world gain access. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Glossary}\cell{\ul0\nosupers ub\cf75\f76\fs18 1}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 ARP \par\pard\par\p ard\ql \ul0\nosupersub\cf67\f68\fs20 Address Resolution Protocol, a TCP/IP proto col used to convert an IP address into a physical address (called a DLC address) , such as an Ethernet address. A host wishing to obtain a physical address broad casts an ARP request onto the TCP/IP network. The host on the network that has t he IP address in the request then replies with its physical hardware address. Th ere is also Reverse ARP (RARP) which can be used by a host to discover its IP ad dress. In this case, the host broadcasts its physical address and a RARP server replies with the host's IP address. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3 \fs18 Auto Uplink \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 Auto Uplin k\ul0\nosupersub\cf77\f78\fs18 TM\ul0\nosupersub\cf67\f68\fs20 technology (also called MDI/MDIX) eliminates the need to worry about crossover vs. \par straight -through Ethernet cables. Auto Uplink\ul0\nosupersub\cf77\f78\fs18 TM\ul0\nosupe rsub\cf67\f68\fs20 will accommodate either type of cable to make the right conn ection. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 B \par\pard\par\pard \ql \ul0\nosupersub\cf2\f3\fs18 Bandwidth \par\pard\par\pard\ql \ul0\nos upersub\cf67\f68\fs20 The information capacity, measured in bits per second, tha t a channel could transmit. Bandwidth examples include 10 Mbps for Ethernet, 100 Mbps for Fast Ethernet, and 1000 Mbps (I Gbps) for Gigabit Ethernet. \par\pard\ par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Baud \par\pard\par\pard\ql \ul0\nosupers ub\cf67\f68\fs20 The signaling rate of a line, that is, the number of transition s (voltage or frequency changes) made per second. Also known as line speed. \pa r\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Broadcast \par\pard\par\pard\ql \ ul0\nosupersub\cf67\f68\fs20 A packet sent to all devices on a network. \par\par d\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 C \par\pard\par\pard\ql \ul0\nosuper sub\cf2\f3\fs18 Class of Service \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\ fs20 A term to describe treating different types of traffic with different level s of service priority. Higher priority traffic gets faster treatment during tim es of switch congestion \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 CA \pa r\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 A Certificate Authority is a tr usted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Cat 5 \par\pard\par\pard\ql \ul0\nosupersub\ cf67\f68\fs20 Category 5\ul0\nosupersub\cf7\f8\fs19 \ul0\nosupersub\cf67\f68\fs 20 unshielded twisted pair (UTP) cabling. An Ethernet network operating at 10 Mb its/second (10BASE-T) will often tolerate low quality cables, but at 100 Mbits/s econd (10BASE-Tx) the cable must be rated as Category 5, or Cat 5 or Cat V, by t he Electronic Industry Association (EIA). This rating will be \par\pard\par\pard { \trowd\trautofit1\intbl{\ul0\nosupersub\cf75\f76\fs18 2}\cell{\ul0\nosupersub\cf 4\f5\fs19 Glossary}\cell {\trowd\trautofit1\intbl

\cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 printed on the ca ble jacket. Cat 5 cable contains eight conductors, arranged in four twisted pair s, and terminated with an RJ45 type connector. In addition, there are restrictio ns on maximum cable length for both 10 and 100 Mbits/second networks. \par\pard\ par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Certificate Authority \par\pard\par\pard \ql \ul0\nosupersub\cf67\f68\fs20 A Certificate Authority is a trusted third -party organization or company that issues digital certificates used to create d igital signatures and public-private key pairs. The role of the CA in this proce ss is to guarantee that the individual granted the unique certificate is, in fac t, who he or she claims to be. Usually, this means that the CA has an arrangemen t with a financial institution, such as a credit card company, which provides it with information to confirm an individual's claimed identity. CAs are a critica l component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who \par they claim to be. \p ar\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 D \par\pard\par\pard\ql \ul0\n osupersub\cf2\f3\fs18 DHCP \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 A n Ethernet protocol specifying how a centralized DHCP server can assign network configuration information to multiple DHCP clients. The assigned information inc ludes IP addresses, DNS addresses, and gateway (router) addresses. \par\pard\par \pard\ql \ul0\nosupersub\cf2\f3\fs18 DMZ \par\pard\par\pard\ql \ul0\nosupersub\c f67\f68\fs20 Specifying a Default DMZ Server allows you to set up a computer or server that is available to anyone on the Internet for services that you haven't defined. There are security issues with doing this, so only do this if you'll w illing to risk open access. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 DN S \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 Short for Domain N ame System (or Service), an Internet service that translates domain names into I P addresses. Because domain names are alphabetic, they're easier to remember. Th e Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding I P address. For example, the domain name www.example.com might translate to \par 198.105.232.4. The DNS system is, in fact, its own network. If one DNS server do esn't know how to translate a particular domain name, it asks another one, and s o on, until the correct IP address is returned. \par\pard\par\pard\ql \ul0\nosup ersub\cf2\f3\fs18 Domain Name \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs2 0 A descriptive name for an address or group of addresses on the Internet. Domai n names are of the form of a \par registered entity name plus one of a num ber of predefined top level suffixes such as .com, .edu, .uk, etc. For example, in the address mail.NETGEAR.com, mail is a server name and NETGEAR.com is the do main. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 DSL \par\pard\par\pard\q l \ul0\nosupersub\cf67\f68\fs20 Short for digital subscriber line, but is common ly used in reference to the asymmetric version of this technology (ADSL) that al lows data to be sent over existing copper telephone lines at data rates of from 1.5 \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Glossary}\cell{\ul0\nosupers ub\cf75\f76\fs18 3}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 to 9 Mbps when re

ceiving data (known as the downstream rate) and from 16 to 640 Kbps when sending data (known as the upstream rate). \par\pard\par\pard\ql ADSL requires a specia l ADSL modem. ADSL is growing in popularity as more areas around the world gain access. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 DSLAM \par\pard\par\pa rd\ql \ul0\nosupersub\cf67\f68\fs20 DSL Access Multiplexor. The piece of equipme nt at the telephone company central office that provides the ADSL signal. \par\p ard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Dynamic Host Configuration Protocol \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 DHCP. An Ethernet protocol specifying how a centralized DHCP server can assign network configuration infor mation to multiple DHCP clients. The assigned information includes IP addresses, DNS addresses, and gateway (router) addresses. \par\pard\par\pard\ql \ul0\nosup ersub\cf12\f13\fs30 E \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 EAP \par \pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 Extensible Authentication Protoc ol is a general protocol for authentication that supports multiple authenticatio n methods. EAP, an extension to PPP, supports such authentication methods as tok en cards, Kerberos, one-time passwords, certificates, public key authentication and smart cards. EAP is defined by RFC 2284. \par\pard\par\pard\ql \ul0\nosupers ub\cf2\f3\fs18 Ethernet \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 A LA N specification developed jointly by Xerox, Intel and Digital Equipment Corporat ion. Ethernet networks transmit packets at a rate of 10 Mbps. \par\pard\par\pard \ql \ul0\nosupersub\cf12\f13\fs30 G \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3 \fs18 Gateway \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 A local device , usually a router, that connects hosts on a local network to other networks. \p ar\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 I \par\pard\par\pard\ql \ul0\n osupersub\cf2\f3\fs18 ICMP \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 S ee \u8220?Internet Control Message Protocol\u8221? \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf75\f76\fs18 4}\cell{\ul0\nosupersub\cf 4\f5\fs19 Glossary}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 IEEE \par\pard\par\ pard\ql \ul0\nosupersub\cf67\f68\fs20 Institute of Electrical and Electronics En gineers. This American organization was founded in 1963 and sets standards for c omputers and communications. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 I ETF \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 Internet Engineering Tas k Force. An organization responsible for providing engineering solutions for TCP / IP networks. In the network management area, this group is responsible for the development of the SNMP protocol. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\ fs18 IKE \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 Internet Key Exchan ge. An automated method for exchanging and managing encryption keys between two VPN devices. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Internet Control Message Protocol \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 ICMP is an extension to the Internet Protocol (IP) that supports packets containing error, control, and informational messages. The PING command, for example, uses ICMP t o test an Internet connection. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Internet Protocol \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 The metho d or protocol by which data is sent from one computer to another on the Internet . Each computer (known as a host) on the Internet has at least one IP address th at uniquely identifies it among all other computers on the Internet. When you se nd or receive data (for example, an e-mail note or a Web page), the message gets divided into little chunks called packets. Each of these packets contains both the sender's Internet address and the receiver's address. Any packet is sent fir st to a gateway computer that understands a small part of the Internet. The gate way computer reads the destination address and forwards the packet to an \par

adjacent gateway that in turn reads the destination address and so forth across the Internet until one gateway recognizes the packet as belonging to a computer within its immediate neighborhood or domain. That gateway then forwards the pack et directly to the computer whose address is specified. \par\pard\par\pard\ql Be cause a message is divided into a number of packets, each packet can, if necessa ry, be sent by a different route across the Internet. Packets can arrive in a di fferent order than they were sent. The Internet Protocol just delivers them. It' s up to another protocol, the Transmission Control Protocol (TCP) to put them ba ck in the right order. IP is a connectionless protocol, which means that there i s no continuing connection between the end points that are communicating. Each p acket that travels through the Internet is treated as an independent unit of dat a without any relation to any other unit of data. (The reason the packets do get put in the right order is because of TCP, the connection-oriented protocol that keeps track of the packet sequence in a message.) In the Open Systems Interconn ection (OSI) communication model, IP is in Layer 3, the Networking Layer. The mo st widely used version of IP today is IP version 4 (IPv4). However, IP version 6 (IPv6) is also beginning to be supported. IPv6 provides for much longer address es and therefore for the possibility of many more Internet users. IPv6 includes the capabilities of IPv4 and any server that can support IPv6 packets can also s upport IPv4 packets. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 IP \par\p ard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 See \u8220?Internet Protocol\u8221 ? \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Glossary}\cell{\ul0\nosupers ub\cf75\f76\fs18 5}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 IP Address \par\par d\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 A four-byte number uniquely defining each host on the Internet, usually written in dotted-decimal notation with peri ods separating the bytes (for example, 134.177.244.57). Ranges of addresses are assigned by Internic, an organization formed for this purpose. \par\pard\par\par d\ql \ul0\nosupersub\cf2\f3\fs18 ISP \par\pard\par\pard\ql \ul0\nosupersub\cf67\ f68\fs20 Internet service provider. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f 13\fs30 L \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 LAN \par\pard\par\pa rd\ql \ul0\nosupersub\cf67\f68\fs20 See \u8220?Local Area Network\u8221? \par\pa rd\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Local Area Network \par\pard\par\pard \ql \ul0\nosupersub\cf67\f68\fs20 A communications network serving users within a limited area, such as one floor of a building. A LAN \par typically connec ts multiple personal computers and shared network devices such as storage and pr inters. Although many technologies exist to implement a LAN, Ethernet is the mos t common for connecting personal computers and is limited to a distance of 1,500 feet. LANs can be connected together, but if modems and telephones connect two or more LANs, the larger network constitutes what is called a WAN or Wide Area N etwork. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 M \par\pard\par\pard \ql \ul0\nosupersub\cf2\f3\fs18 MAC \par\pard\par\pard\ql \ul0\nosupersub\cf67\f 68\fs20 (1) Medium Access Control. In LANs, the sublayer of the data link contro l layer that supports medium-dependent functions and uses the services of the ph ysical layer to provide services to the logical link control (LLC) sublayer. The MAC sublayer includes the method of determining when a device has access to the transmission medium. (2) Message Authentication Code. In computer security, a v alue that is a part of a message or accompanies a message and is used to determi ne that the contents, origin, author, or other attributes of all or part of the message are as they appear to be. (\ul0\nosupersub\cf7\f8\fs19 IBM Glossary of C omputing Terms\ul0\nosupersub\cf67\f68\fs20 ) \par\pard\par\pard\ql \ul0\nosuper

sub\cf2\f3\fs18 MAC address \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 The Media Access Control address is a unique 48-bit hardware address assigned to every network interface \par card. Usually written in the form 01:23:45:67:89 :ab. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Maximum Receive Unit \par \pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 The size in bytes of the largest packet that can be sent or received. \par\pard\par\pard\ql \ul0\nosupersub\cf2\ f3\fs18 Maximum Transmit Unit \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs2 0 The size in bytes of the largest packet that can be sent or received. \par\par d\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf75\f76\fs18 6}\cell{\ul0\nosupersub\cf 4\f5\fs19 Glossary}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Mbps \par\pard\par\ pard\ql \ul0\nosupersub\cf67\f68\fs20 Megabits per second. \par\pard\par\pard\ql \ul0\nosupersub\cf78\f79\fs18 MDI/MDIX \par\pard\par\pard\ql \ul0\nosupersub\cf 67\f68\fs20 In cable wiring, the concept of transmit and receive are from the pe rspective of the PC, which is wired as a Media Dependant Interface (MDI). In MDI wiring, a PC transmits on pins 1 and 2. At the hub, switch, \par router, or access point, the perspective is reversed, and the hub receives on pins 1 and 2. This wiring is referred to as Media Dependant Interface - Crossover (MDI-X). \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 MTU \par\pard\par\pard\ql \ul 0\nosupersub\cf67\f68\fs20 The size in bytes of the largest packet that can be s ent or received. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 P \par\pard \par\pard\ql \ul0\nosupersub\cf2\f3\fs18 packet \par\pard\par\pard\ql \ul0\nosup ersub\cf67\f68\fs20 A block of information sent over a network. A packet typical ly contains a source and destination network address, some protocol and length i nformation, a block of data, and a checksum. \par\pard\par\pard\ql \ul0\nosupers ub\cf2\f3\fs18 Point-to-Point Protocol \par\pard\par\pard\ql \ul0\nosupersub\cf6 7\f68\fs20 PPP. A protocol allowing a computer using TCP/IP to connect directly to the Internet. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 PPP \par\pard \par\pard\ql \ul0\nosupersub\cf67\f68\fs20 A protocol allowing a computer using TCP/IP to connect directly to the Internet. \par\pard\par\pard\ql \ul0\nosupersu b\cf2\f3\fs18 PPPoA \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 PPPoA. P PP over ATM is a protocol for connecting remote hosts to the Internet over an al ways-on connection by simulating a dial-up connection. \par\pard\par\pard\ql \ul 0\nosupersub\cf2\f3\fs18 PPPoE \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs 20 PPPoE. PPP over Ethernet is a protocol for connecting remote hosts to the Int ernet over an always-on connection by simulating a dial-up connection. \par\pard \par\pard\ql \ul0\nosupersub\cf2\f3\fs18 PPP over ATM \par\pard\par\pard\ql \ul0 \nosupersub\cf67\f68\fs20 PPPoA. PPP over ATM is a protocol for connecting remot e hosts to the Internet over an always-on connection by simulating a dial-up con nection. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 PPP over Ethernet \pa r\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 PPPoE. PPP over Ethernet is a p rotocol for connecting remote hosts to the Internet over an always-on connection by simulating a dial-up connection. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Glossary}\cell{\ul0\nosupers ub\cf75\f76\fs18 7}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row}

}\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 PPTP \par\pard\par\ pard\ql \ul0\nosupersub\cf67\f68\fs20 Point-to-Point Tunneling Protocol. A metho d for establishing a virtual private network (VPN) by embedding Microsoft\u8217? s network protocol into Internet packets. \par\pard\par\pard\ql \ul0\nosupersub\ cf2\f3\fs18 Protocol \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 A set o f rules for communication between devices on a network. \par\pard\par\pard\ql \u l0\nosupersub\cf2\f3\fs18 PSTN \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs 20 Public Switched Telephone Network. \par\pard\par\pard\ql \ul0\nosupersub\cf12 \f13\fs30 Q \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 QoS \par\pard\par\ pard\ql \ul0\nosupersub\cf67\f68\fs20 See \u8220?Quality of Service\u8221? \par\ pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Quality of Service \par\pard\par\pa rd\ql \ul0\nosupersub\cf67\f68\fs20 QoS is a networking term that specifies a gu aranteed level of throughput. Throughput is the amount of data transferred from one device to another or processed in a specified amount of time - typically, th roughputs are measured in bytes per second (Bps). \par\pard\par\pard\ql \ul0\nos upersub\cf12\f13\fs30 R \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 RADIUS \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 Short for Remote Authentica tion Dial-In User Service, RADIUS is an authentication system. Using RADIUS, you must enter your user name and password before gaining access to a network. This \par information is passed to a RADIUS server, which checks that the informat ion is correct, and then authorizes access. Though not an official standard, the RADIUS specification is maintained by a working group of the IETF. \par\pard\pa r\pard\ql \ul0\nosupersub\cf2\f3\fs18 RFC \par\pard\par\pard\ql \ul0\nosupersub\ cf67\f68\fs20 Request For Comment. Refers to documents published by the Internet Engineering Task Force (IETF) \par proposing standard protocols and procedu res for the Internet. RFCs can be found at \ul0\nosupersub\cf7\f8\fs19 www.ietf. org\ul0\nosupersub\cf67\f68\fs20 . \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\ fs18 router \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 A device that fo rwards data between networks. An IP router forwards data based on IP source and destination addresses. \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf75\f76\fs18 8}\cell{\ul0\nosupersub\cf 4\f5\fs19 Glossary}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 S \par\pard\par\p ard\ql \ul0\nosupersub\cf2\f3\fs18 Segment \par\pard\par\pard\ql \ul0\nosupersub \cf67\f68\fs20 A section of a LAN that is connected to the rest of the network u sing a switch, bridge, or repeater. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3 \fs18 Subnet Mask \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 Combined w ith the IP address, the IP Subnet Mask allows a device to know which other addre sses are local \par to it, and which must be reached through a gateway or ro uter. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 T \par\pard\par\pard\q l \ul0\nosupersub\cf2\f3\fs18 TCP/IP \par\pard\par\pard\ql \ul0\nosupersub\cf67\ f68\fs20 The main internetworking protocols used in the Internet. The Internet P rotocol (IP) used in conjunction with the Transfer Control Protocol (TCP) form T CP/IP. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 U \par\pard\par\pard\ ql \ul0\nosupersub\cf2\f3\fs18 Universal Plug and Play \par\pard\par\pard\ql \ul 0\nosupersub\cf67\f68\fs20 UPnP. A networking architecture that provides compati bility among networking technology. UPnP compliant routers provide broadband use rs at home and small businesses with a seamless way to participate in online gam es, videoconferencing and other peer-to-peer services. \par\pard\par\pard\ql \ul 0\nosupersub\cf2\f3\fs18 UTP \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20

Unshielded twisted pair is the cable used by 10BASE-T and 100BASE-Tx Ethernet n etworks. \par\pard\par\pard\ql \ul0\nosupersub\cf12\f13\fs30 W \par\pard\par\par d\ql \ul0\nosupersub\cf2\f3\fs18 WAN \par\pard\par\pard\ql \ul0\nosupersub\cf67\ f68\fs20 See \u8220?Wide Area Network\u8221? \par\pard\par\pard\ql \ul0\nosupers ub\cf2\f3\fs18 Web \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 Also know n as World-Wide Web (WWW) or W3. An Internet client-server system to distribute information, based upon the hypertext transfer protocol (HTTP). \par\pard\par\pa rd\ql \ul0\nosupersub\cf2\f3\fs18 WEB Proxy Server \par\pard\par\pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf4\f5\fs19 Glossary}\cell{\ul0\nosupers ub\cf75\f76\fs18 9}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard\par\pa rd\ql \ul0\nosupersub\cf17\f18\fs19 Reference Manual for the ProSafe VPN Firewal l FVS318v3 \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 A Web proxy serve r is a specialized HTTP server that allows clients access to the Internet from b ehind a firewall. The proxy server listens for requests from clients within the firewall and forwards these requests to remote Internet servers outside the fire wall. The proxy server reads responses from the external servers and then sends them to internal client clients. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs 18 Wide Area Network \par\pard\par\pard\ql \ul0\nosupersub\cf67\f68\fs20 A WAN i s a computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local-area networks (LANs). \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 Windows Internet Naming Service \par\pard\par\pard\ ql \ul0\nosupersub\cf67\f68\fs20 WINS. Windows Internet Naming Service is a serv er process for resolving Windows-based computer names to IP addresses. \par\pard \par\pard\ql If a remote network contains a WINS server, your Windows PCs can ga ther information from that WINS server about its local hosts. This allows your P Cs to browse that remote network using the Windows Network Neighborhood feature. \par\pard\par\pard\ql \ul0\nosupersub\cf2\f3\fs18 WINS \par\pard\par\pard\ql \u l0\nosupersub\cf67\f68\fs20 WINS. Windows Internet Naming Service is a server pr ocess for resolving Windows-based computer names to IP addresses. \par\pard\par\ pard{ \trowd\trautofit1\intbl{\ul0\nosupersub\cf75\f76\fs18 10}\cell{\ul0\nosupersub\c f4\f5\fs19 Glossary}\cell {\trowd\trautofit1\intbl \cltxlrtb\clftsWidth1\cellx4320 \cltxlrtb\clftsWidth1\cellx8640 \row} }\par\pard\par\pard\ql \ul0\nosupersub\cf7\f8\fs19 January 2005 \par\pard}