Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsPC ComponentsNetgear FVS336Gv1
111112113114115116117118119120
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
5-24 Virtual Private Networking Using IPsec
v1.0, January 2010
5. Enable a backup RADIUS server (if required).
6. Set the Time Out Period, in seconds, that the VPN firewall should wait for a response from
the RADIUS server.
7. Set the Maximum Retry Count. This is the number of attempts that the VPN firewall will
make to contact the RADIUS server.
8. Click Apply to save the settings.
Assigning IP Addresses to Remote Users (ModeConfig)
To simply the process of connecting remote VPN clients to the VPN firewall, you can use the
ModeConfig screen to assign IP addresses to remote users, including a network access IP address,
subnet mask, and name server addresses from the VPN firewall. Remote users are given IP
addresses available in secured network space so that remote users appear as seamless extensions of
the network.
In the following example, we configured the VPN firewall using ModeConfig, and then
configured a PC running ProSafe VPN Client software using these IP addresses.
VPN firewall FVS336G
WAN IP address: 172.21.4.1
LAN IP address/subnet: 192.168.2.1/255.255.255.0
ProSafe VPN Client software IP address: 192.168.1.2
Mode Config Operation
After the IKE Phase 1 negotiation is complete, the VPN connection initiator (which is the remote
user with a VPN client) requests the IP configuration settings such as the IP address, subnet mask
and name server addresses. The Mode Config feature will allocate an IP address from the
configured IP address pool and will activate a temporary IPsec policy using the template security
proposal information configured in the Mode Config record. The Mode Config feature allocates an
Note: Selection of the Authentication Protocol, usually PAP or CHAP, is configured
on the individual IKE policy screens.