NETGEAR DG834 ADSL Firewall Router DG834 DG834 manual
- Consulta online o descarga el manual de instrucciones
- 236 páginas
- 6.64 mb
Ir a la página of
manuales de instrucciones parecidos
- 
									
                                        Network RouterNETGEAR FVS338198 páginas 6.63 mb
- 
									
                                        Network RouterNETGEAR RP114155 páginas 1.2 mb
- 
									
                                        Network RouterNETGEAR KWGR61414 páginas 0.1 mb
- 
									
                                        Network RouterNETGEAR WGT624 V3148 páginas 2.77 mb
- 
									
                                        Network RouterNETGEAR ReadyNAS 316241 páginas 5.45 mb
- 
									
                                        Network RouterNETGEAR FVS3182 páginas 0.44 mb
- 
									
                                        Network RouterNETGEAR RO318 RO318 RO3182 páginas 0.46 mb
- 
									
                                        Network RouterNETGEAR WN3000RP-100NAS32 páginas 1.61 mb
Buen manual de instrucciones
Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones NETGEAR DG834 ADSL Firewall Router DG834 DG834. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica NETGEAR DG834 ADSL Firewall Router DG834 DG834 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.
¿Qué es un manual de instrucciones?
El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual NETGEAR DG834 ADSL Firewall Router DG834 DG834 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.
Desafortunadamente pocos usuarios destinan su tiempo a leer manuales NETGEAR DG834 ADSL Firewall Router DG834 DG834, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.
Entonces, ¿qué debe contener el manual de instrucciones perfecto?
Sobre todo, un manual de instrucciones NETGEAR DG834 ADSL Firewall Router  DG834 DG834 debe contener: 
							 - información acerca de las especificaciones técnicas del dispositivo NETGEAR DG834 ADSL Firewall Router  DG834 DG834 
							 - nombre de fabricante y año de fabricación del dispositivo NETGEAR DG834 ADSL Firewall Router  DG834 DG834 
							 - condiciones de uso, configuración y mantenimiento del dispositivo NETGEAR DG834 ADSL Firewall Router  DG834 DG834 
							 - marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas 
¿Por qué no leemos los manuales de instrucciones?
Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de NETGEAR DG834 ADSL Firewall Router DG834 DG834 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de NETGEAR DG834 ADSL Firewall Router DG834 DG834 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico NETGEAR en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de NETGEAR DG834 ADSL Firewall Router DG834 DG834, como se suele hacer teniendo una versión en papel.
¿Por qué vale la pena leer los manuales de instrucciones?
Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo NETGEAR DG834 ADSL Firewall Router  DG834 DG834, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.
Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual NETGEAR DG834 ADSL Firewall Router  DG834 DG834. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.
Índice de manuales de instrucciones
- 
                            Página 1202-10005 -0 5, June 2005 202-10005-05 June 2005 NETGEAR , Inc. 4500 Great America Parkway Santa Clara, CA 95 054 USA Phone 1-888-NETGEAR Reference Manual for the ADSL Firewall Router DG834[...] 
- 
                            Página 2ii 202-10005 -0 5, June 2005 © 2005 by NETGEAR, Inc. All rights reserved. T rademarks NETGEAR is a t rademark of Netgear , Inc. Microsoft, W indows, and W indow s NT are registered trademar ks of Microsoft Corporation. Other brand and product names are registered tradem arks or trad emarks of their respective holders. Statement of Conditions In th[...] 
- 
                            Página 3202-10005 -0 5, June 2005 iii Es wird hiermit bestätigt, daß da s DG834 ADSL Firewall Router gemäß de r im BMP T -AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschrifts mäßige Betreiben ei niger Geräte (z.B. T estsender) kann jedoch gewissen Beschränkungen unterli egen. Lesen Sie dazu bitte die An merku[...] 
- 
                            Página 4202-10005-05, Jun e 20 05 iv[...] 
- 
                            Página 5Contents v 202-10005-0 5, June 2005 Content s Chapter 1 About This Manual Audience, Scope, Conventions, and Formats . ......... ............. ................. ............ ............ 1-1 How to Use This Manual ............. ................. ................ ............. ................ ................ ..... 1-2 How to Print this Manual .....[...] 
- 
                            Página 6202-10005-05 , June 2005 vi Contents Record Y our Internet Connec tion Information .... ................. ................ ................ ..... 3-3 Connecting the DG834 to Y o ur LAN ... ... ... .... ... ... ... ............. ... .... ... ... ... .... ... ... ... ... .... ... ..... 3-4 How to Connect the Router ................ ............. ....[...] 
- 
                            Página 7Contents vii 202-10005-0 5, June 2005 How to Set Y our T ime Zone ...... ................ ............. ................ ................ ............. ... 4-13 How to Schedule Firewall Services .... ....... ...... ............. ............. ................ ............. 4-14 Chapter 5 Managing Y our Network Backing Up, Restoring, or Eras ing Y o[...] 
- 
                            Página 8202-10005-05 , June 2005 viii Contents Reserved IP addresses ............ ................ ................ ................. ............ ............ 6-6 How to Configure LAN TCP/IP S ettings .... ................ ................ ................ ............... 6-7 Configuring Dynamic DNS .... ................. ................ ............. ..[...] 
- 
                            Página 9Contents ix 202-10005-0 5, June 2005 Chapter 8 T roubleshooting Basic Functioning .................. ................ ............. ................ ................ ............. ............... 8- 1 Power LED Not On ............. ................ ............. ................ ............. ................ ............ 8-2 T e st LED Never Turns[...] 
- 
                            Página 10202-10005-05 , June 2005 x Contents Domain Name Server ... ................ ............. ................ ................ ............. ................ . B-9 IP Configuration by DHCP .... .... ... ... ... .... ............ .... ... ... ... .... ... ... ... ............. ... .... ... ... . B-9 Internet Security and Firewalls .... ............. ..[...] 
- 
                            Página 11Contents xi 202-10005-0 5, June 2005 Appendix D Vi rtual Private Networking What is a VPN? .............. ................. ................ ............. ................ ............. ................ .... D-1 What Is IPSec and How Does It Work? .... ................ ................. ................ ............. ....... D-2 IPSec Security Feat[...] 
- 
                            Página 12202-10005-05 , June 2005 xii Contents S tep 2: Config urin g the NETGEAR ProSafe VPN Client on the Remote PC at the T e lec ommut er ’s Home Office .... ... ... ... .... ... ... ... ............. ... .... ... ... ... .... ... ... ............. .. E-17 Monitoring the VPN T unnel (T elecommuter Ex ample) ............... ......... .......... .......[...] 
- 
                            Página 13About This Manual 1-1 202-10005-0 5, June 2005 Chapter 1 About This Manual This chapter describes the intended audience, sc ope, conventions, and formats of this manual. Audience, Scope, Conventions, and Format s This reference manual assumes that the reader h as basic to interme diate computer and Internet skills. However , basic computer network,[...] 
- 
                            Página 14Reference Manual for the ADSL Firewall Router DG834 1-2 About This Manual 202-10005-05, June 2005 How to Use This Manual The HTML version of this ma nual includes the following: • Buttons, and , for browsing forw ards or backwards throu gh the manual one p age at a time • A button that displays the table of cont ents and an button. Double-click[...] 
- 
                            Página 15Reference Manual for the ADSL Firewall Router DG834 About This Manual 1-3 202-10005-0 5, June 2005 How to Print this Manual T o print this manual you can choose one of the fo llowing several options, a ccording to your needs. • Printing a Page in the HTML V iew . Each page in the HTML versi on of the manu al is dedicated to a major topic. Use the[...] 
- 
                            Página 16Reference Manual for the ADSL Firewall Router DG834 1-4 About This Manual 202-10005-05, June 2005[...] 
- 
                            Página 17Introduction 2-1 202-10005-0 5, June 2005 Chapter 2 Introduction This chapter describes the features of the N ETGEAR DG834 ADSL Firewall Router. The DG834 ADSL router is a combination of a built-in AD SL modem, router, 4-port switch, and firewall which enables your entire network to safely share an Internet c onnection that otherwise is used by a s[...] 
- 
                            Página 18Reference Manual for the ADSL Firewall Router DG834 2-2 Introduction 202-10005-05, June 2005 • Extensive Internet protoco l support • T rustworthy VPN Communic ations over the Internet • VPN W izard for easy VPN configuration • Content filtering • Auto Sensing an d Auto Uplink™ LAN Ethernet connections These features are discussed below[...] 
- 
                            Página 19Reference Manual for the ADSL Firewall Router DG834 Introduction 2-3 202-10005-0 5, June 2005 • Remote management The router all ows you to log in to the W eb management interface from a remot e location via the Internet. For security , you can limit remote management access to a specified remote IP address or range of addresses, and you can choo[...] 
- 
                            Página 20Reference Manual for the ADSL Firewall Router DG834 2-4 Introduction 202-10005-05, June 2005 • PPP over Ethernet (PPPoE) PPP over Ethernet is a protocol for connecting remote hosts to the Internet over an ADSL connection by simulating a dial-up connection. This feature elimin ates the need to run a login program such as EnterNet o r W inPOET on y[...] 
- 
                            Página 21Reference Manual for the ADSL Firewall Router DG834 Introduction 2-5 202-10005-0 5, June 2005 Auto Sensing and Auto Uplin k™ LAN Ethernet Connections W ith its internal 4-port 10/100 switch, th e DG834 can co nnect to either a 10 Mbps stan dard Ethernet network or a 100 M bps Fast Ethernet network. The local LAN p orts are autosensing and capable[...] 
- 
                            Página 22Reference Manual for the ADSL Firewall Router DG834 2-6 Introduction 202-10005-05, June 2005 Figure 2-1: DG834 Front Pan el Y ou can use the LEDs to verify various conditions. Ta b l e 2 - 1 lists and des cribe s each LED on the front panel of the router. These LEDs are green when lit. The Router’ s Rear Panel The rear panel of the DG834 ADSL Fir[...] 
- 
                            Página 23Reference Manual for the ADSL Firewall Router DG834 Introduction 2-7 202-10005-0 5, June 2005 Figure 2-2: DG834 Rear Panel V iewed from left to right, the rear panel contains the following elements: • AC power adapter outlet • Four Local Ethernet RJ-45 ports for conn ecting the router to the local computers • Factory Default Reset push button[...] 
- 
                            Página 24Reference Manual for the ADSL Firewall Router DG834 2-8 Introduction 202-10005-05, June 2005[...] 
- 
                            Página 25Connecting the Router to the Internet 3-1 202-10005-0 5, June 2005 Chapter 3 Connecting the Router to the Internet This chapter describes how to set up the router on your Local Area Network (LAN) and connect to the Internet. It describes how to configure your DG834 ADSL Firewall Router for Internet access using the Setup W izard, or how to manu all[...] 
- 
                            Página 26Reference Manual for the ADSL Firewall Router DG834 3-2 Connecting the Router to the In ternet 202-10005-05, June 2005 Each device such as a telephone, fax machine, answering machine, or caller ID display will require an ADSL microfilter . Note: Do not connect the DG834 to the ADSL line through a micr ofilter unless the microfilter is a combination[...] 
- 
                            Página 27Reference Manual for the ADSL Firewall Router DG834 Connectin g the R oute r to the Internet 3-3 202-10005-0 5, June 2005 Internet Configuration Requirement s Depending on how your ISP set up your Internet account, you need o ne or more of these configuration parameters to connec t your router to the Internet: • V irtual Path Identifier (VPI)/V i[...] 
- 
                            Página 28Reference Manual for the ADSL Firewall Router DG834 3-4 Connecting the Router to the In ternet 202-10005-05, June 2005 ISP Multiplexing Method and V irtual Circuit Number: The default settings of your DG834 ADSL Firewall Router will work fine for most ISPs. However , some ISPs use a specific Multiplexing Method or a V i rtual Circuit Number for eit[...] 
- 
                            Página 29Reference Manual for the ADSL Firewall Router DG834 Connectin g the R oute r to the Internet 3-5 202-10005-0 5, June 2005 Note: The Resource CD included with your router contains an animated Installation Assistant to help you throug h this procedure. How to Connect the Router There are four steps to connecting your firewall: 1. Install ADSL filters[...] 
- 
                            Página 30Reference Manual for the ADSL Firewall Router DG834 3-6 Connecting the Router to the In ternet 202-10005-05, June 2005 . Figure 3-4: Connectin g an ADSL microfilter and phone Note: T o use a one-line filter with a separate splitter , insert the splitter into the phone outlet, connect the one-line f ilter to the splitter , and connect the phone to t[...] 
- 
                            Página 31Reference Manual for the ADSL Firewall Router DG834 Connectin g the R oute r to the Internet 3-7 202-10005-0 5, June 2005 c. Connect the Ethernet cable ( C) from your DG834’ s LAN port to the Ethernet adapter in your computer . Figure 3-6: Connectin g a computer to the DG834 ADSL router Note: The DG834 ADSL router incorporates Auto Uplink TM tech[...] 
- 
                            Página 32Reference Manual for the ADSL Firewall Router DG834 3-8 Connecting the Router to the In ternet 202-10005-05, June 2005 3. L OG IN TO THE DG834. Note: Y our computer needs to be co nfigured for DHCP . For instructions on configurin g for DHCP , please see Appendix C, “Preparing Y our Network” . a. Connect to the router by typi ng http://192.168.[...] 
- 
                            Página 33Reference Manual for the ADSL Firewall Router DG834 Connectin g the R oute r to the Internet 3-9 202-10005-0 5, June 2005 Figure 3-9: Setup Wi zard 4. C ONNECT TO THE I NTER NET The router is now properly attached to your network. Y ou are now ready to configure your router to connect to the Internet. There are two ways you can configure your route[...] 
- 
                            Página 34Reference Manual for the ADSL Firewall Router DG834 3-10 Connecting the Router to the Intern et 202-10005-05, June 2005 Note: If instead of the Setup W izard menu, the main menu of the rout er’ s Configuration Manager as shown in Figure 3-15 appears, click the Setup W izard link in the upper left to bring up this menu. 2. Y ou must select a count[...] 
- 
                            Página 35Reference Manual for the ADSL Firewall Router DG834 Connectin g th e Rou te r to the In te rn et 3-11 202-10005-0 5, June 2005 Figure 3-10: Setup W izard menu for PPPoE login account s Enter the PPPoE login user name and password. Wizard-Detected PPPoA Login Account Setup If the Setup W izard determines that your Internet service ac count uses a lo[...] 
- 
                            Página 36Reference Manual for the ADSL Firewall Router DG834 3-12 Connecting the Router to the Intern et 202-10005-05, June 2005 Figure 3-12: Setup W izard menu for Dynamic IP address Click Apply to set Dynamic IP as the connection method. Wizard-Detected IP Over A TM Account Setup If the Setup W izard determines that your Intern et service account uses IP [...] 
- 
                            Página 37Reference Manual for the ADSL Firewall Router DG834 Connectin g th e Rou te r to the In te rn et 3-13 202-10005-0 5, June 2005 4. Click the T est button to test your Internet connecti on. If the NETGEAR W eb sit e does not appear within one minute, refer to Chapter 8, “T roubleshooting” . Wizard-Detected Fixed IP (S t atic) Account Setup If the[...] 
- 
                            Página 38Reference Manual for the ADSL Firewall Router DG834 3-14 Connecting the Router to the Intern et 202-10005-05, June 2005 DNS servers are required to perform the functio n of translating an Internet name such as www .netgear .com to a numeric IP address. For a fixe d IP address configuration, you must obtain DNS server addresses from your ISP and ent[...] 
- 
                            Página 39Reference Manual for the ADSL Firewall Router DG834 Connectin g th e Rou te r to the In te rn et 3-15 202-10005-0 5, June 2005 Figure 3-15: Basic Settings menu How to Perform Manual Configuration W e recommend that you start the manu al configuration from the Setup W izard: 1. Select your country and langua ge. Language choi ces are English, French[...] 
- 
                            Página 40Reference Manual for the ADSL Firewall Router DG834 3-16 Connecting the Router to the Intern et 202-10005-05, June 2005 • Internet Connection Does No t Require a Login 6. Usually the default ADSL Settings work fine for most ISPs and you can skip this st ep. If you have any problems with your connection, check the ADSL Settings. See “ADSL Settin[...] 
- 
                            Página 41Reference Manual for the ADSL Firewall Router DG834 Connectin g th e Rou te r to the In te rn et 3-17 202-10005-0 5, June 2005 Note : Disabling NA T will reboot the router and re set all the DG834 conf iguration settings to the factory default. Disable NA T only if you plan to install the DG834 in a setting where you will be manually administering [...] 
- 
                            Página 42Reference Manual for the ADSL Firewall Router DG834 3-18 Connecting the Router to the Intern et 202-10005-05, June 2005 Internet Connection Does Note Req uire A Login 1. If your Internet connection does not require a login, select No a nd fill in the settings according to the instructions below . 2. Enter your Account Name (may also be called Host [...] 
- 
                            Página 43Reference Manual for the ADSL Firewall Router DG834 Connectin g th e Rou te r to the In te rn et 3-19 202-10005-0 5, June 2005 6. Router MAC Address: This section determines the Ethernet MAC addres s that will be used by the router on the Internet port. Some ISPs will register the Ethe rnet MAC address of the network interface card in your computer[...] 
- 
                            Página 44Reference Manual for the ADSL Firewall Router DG834 3-20 Connecting the Router to the Intern et 202-10005-05, June 2005[...] 
- 
                            Página 45Protecting Your Network 4-1 202-10005-0 5, June 2005 Chapter 4 Protecting Y our Network This chapter describes how to use the basic fire wall features of the DG834 ADSL Firewall Router to protect your n etwork. Protecting Access to Y our DG 834 ADSL Firewall Router For security reasons, the router has its own user name and password. Also, after a p[...] 
- 
                            Página 46Reference Manual for the ADSL Firewall Router DG834 4-2 Protecting Your Networ k 202-10005-05, June 2005 Figure 4-2: Set Pass word menu 3. T o change the passw ord, first enter the old p assword, and then enter the new password twice. 4. Click Apply to sav e your changes. Note: After changing the password, you will be required to log in again to co[...] 
- 
                            Página 47Reference Manual for the ADSL Firewall Router DG834 Protecting Your Network 4-3 202-10005-0 5, June 2005 Blocking Keywords, Sites, and Services The router pr ovides a va riety of options for bloc king Internet based content and communications services. W ith its content filtering feature, the DG834 ADSL router prevents objectionable content from re[...] 
- 
                            Página 48Reference Manual for the ADSL Firewall Router DG834 4-4 Protecting Your Networ k 202-10005-05, June 2005 Figure 4-3: Block Sites menu 3. T o enab le keyword blockin g, sele ct one of the following: • Per Schedule—to turn on keyword blocking according to the settings on the Schedule page. • Always—to turn on keywo rd blocking all of the time[...] 
- 
                            Página 49Reference Manual for the ADSL Firewall Router DG834 Protecting Your Network 4-5 202-10005-0 5, June 2005 7. Click Apply to save your settings. Firewall Rules Firewall rules are used to block or allow specific traffic passing through from one side of the router to the other . Inbound rules (W AN to LAN) restri ct access by outsiders to private resou[...] 
- 
                            Página 50Reference Manual for the ADSL Firewall Router DG834 4-6 Protecting Your Networ k 202-10005-05, June 2005 • T o edit an existing rule, select its button on the left side of the table and click Edit. • T o delete an existing rule, select its button on the left side of the table and click Delet e. • T o move an existing rule to a different posit[...] 
- 
                            Página 51Reference Manual for the ADSL Firewall Router DG834 Protecting Your Network 4-7 202-10005-0 5, June 2005 Figure 4-5: Rule example: A Local Public W eb Server The parameters are: •S e r v i c e From this list, select the application or serv ice to be allowed or blocked. The list already displays many common serv ices, but you are not limited to th[...] 
- 
                            Página 52Reference Manual for the ADSL Firewall Router DG834 4-8 Protecting Your Networ k 202-10005-05, June 2005 •L o g Y ou can select whether the traffic will be l ogged. The choices are: – Never — no log entries will be made for this service. – Always — any traffic for this service type will be logged. – Match — traf fic of this type which[...] 
- 
                            Página 53Reference Manual for the ADSL Firewall Router DG834 Protecting Your Network 4-9 202-10005-0 5, June 2005 • If the IP address of the local server computer is assigned by DHCP , it may change when the computer is rebooted. T o avoid this, use the Re served IP address feature in the LAN IP menu to keep the computer ’ s IP address constant. • Loc[...] 
- 
                            Página 54Reference Manual for the ADSL Firewall Router DG834 4-10 Protecting Your Networ k 202-10005-05, June 2005 Figure 4-7: Rule example: Blocking Ins tan t Mes senger The parameters are: •S e r v i c e From this list, select the application or serv ice to be allowed or blocked. The list already displays many common services, but you are not limited to[...] 
- 
                            Página 55Reference Manual for the ADSL Firewall Router DG834 Protecting Your Network 4 -11 202-10005-0 5, June 2005 • W AN Users These settings determine which packets are cove red by the rule, based on their destination W AN IP address. Select the desired option: – Any — all IP addresses are covered by this rule. – Address range —if this option i[...] 
- 
                            Página 56Reference Manual for the ADSL Firewall Router DG834 4-12 Protecting Your Networ k 202-10005-05, June 2005 For any traffic attempting to pass through the fire wall, the packet informa tion is subjected to the rules in the order shown in the Rules T able, beg inning at the top and proceeding to th e default rules at the bottom. In some cases, the ord[...] 
- 
                            Página 57Reference Manual for the ADSL Firewall Router DG834 Protecting Your Network 4 -13 202-10005-0 5, June 2005 • T o c reate a new Service, clic k the Add Custom Service button. • T o edit an existing Service, select its button on the left side of the table and click Edit Service. • T o delete an existing Service, select its button on the left si[...] 
- 
                            Página 58Reference Manual for the ADSL Firewall Router DG834 4-14 Protecting Your Networ k 202-10005-05, June 2005 Figure 4-1 1: S chedule Services menu 3. Select your T ime Zone. This setting will be u sed for the blocking sc hedule according to your local time zone and for time-stamping log entries. Select the Adjust for daylight savings time check box if[...] 
- 
                            Página 59Reference Manual for the ADSL Firewall Router DG834 Protecting Your Network 4 -15 202-10005-0 5, June 2005 2. Select the Schedule link of the Security menu to display menu shown above in the Schedule Services menu . 3. T o block Internet services based on a schedule, select Every Day or select one or more days. If you want to limit access completel[...] 
- 
                            Página 60Reference Manual for the ADSL Firewall Router DG834 4-16 Protecting Your Networ k 202-10005-05, June 2005[...] 
- 
                            Página 61Managing Your Network 5-1 202-10005-0 5, June 2005 Chapter 5 Managing Y our Network This chapter describes how to perform networ k management tasks with your DG834 ADSL Firewall Router. Backing Up, Restoring, or Erasing Y our Settings The configuration settings of the DG834 ADSL router are stored in a configuration file in the router. This file can[...] 
- 
                            Página 62Reference Manual for the ADSL Firewall Router DG834 5-2 Managi ng Your Netw ork 202-10005-05, June 2005 4. St o r e t h e .cfg file on a computer on your network. How to Restore the Conf iguration from a File 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin , default password of password ,[...] 
- 
                            Página 63Reference Manual for the ADSL Firewall Router DG834 Managing Your Network 5-3 202-10005-0 5, June 2005 How to Upgrade the Router Firmware Note: NETG EAR recommends that you b ack up your configuration b efore doing a firmware upgrade. After the upgrade is complete, you may need to rest ore your configuration settings. 1. Download and unzip the new [...] 
- 
                            Página 64Reference Manual for the ADSL Firewall Router DG834 5-4 Managi ng Your Netw ork 202-10005-05, June 2005 Network Management Information The DG834 provide s a variety of status an d usage information which is discussed below . V iewing Router St atus and Usage St atistics From the Main Menu, under Main tenance, sel ect Router Status to view the scree[...] 
- 
                            Página 65Reference Manual for the ADSL Firewall Router DG834 Managing Your Network 5-5 202-10005-0 5, June 2005 Click the Show S tatistics button to disp lay router usage statistics, as shown in Figure 5-3 below: T able 5-1. Menu 3.2 - Router S t atus Fields Field Description Account Name The Host Name assigned to the router in the Basic Settings menu. Firm[...] 
- 
                            Página 66Reference Manual for the ADSL Firewall Router DG834 5-6 Managi ng Your Netw ork 202-10005-05, June 2005 Figure 5-4: Router S t atistics screen This screen shows the following statistics:. Click the Connection S tatus bu tton to display router conn ection status, as shown in Figure 5-5 and Figure 5-6 . T able 5-1. Router St atistic s Fields Field De[...] 
- 
                            Página 67Reference Manual for the ADSL Firewall Router DG834 Managing Your Network 5-7 202-10005-0 5, June 2005 Figure 5-5: Connectio n St atus screen for Dynamic IP Clicking the Renew button updates the status information. This screen shows the following statistics: T able 5-1. Connection S t atus Fields for Dynamic IP Field Description IP Address The IP A[...] 
- 
                            Página 68Reference Manual for the ADSL Firewall Router DG834 5-8 Managi ng Your Netw ork 202-10005-05, June 2005 An alternate view of the Connection Status screen is shown in Figure 5-6 belo w: Figure 5-6: Connection St atus screen for PPPoA Clicking the Renew button updates the status information. This screen shows the following statistics: T able 5-1. Con[...] 
- 
                            Página 69Reference Manual for the ADSL Firewall Router DG834 Managing Your Network 5-9 202-10005-0 5, June 2005 V iewing Att ached Devices The Attached Devices me nu contains a table of all IP devic es that the router ha s discovered on the local network. From the Main Menu of the browser interface, under the Maintenance heading, select Attached Devices to [...] 
- 
                            Página 70Reference Manual for the ADSL Firewall Router DG834 5-10 Managi ng Your Netw ork 202-10005-05, June 2005 Figure 5-8: Security Logs menu Log entries are described in T able 5-1 below:[...] 
- 
                            Página 71Reference Manual for the ADSL Firewall Router DG834 Managing Your Network 5-11 202-10005-0 5, June 2005 Log action buttons are described in Ta b l e 5 - 2 below: Selecting What Information to Log Besides the standard information listed above, you can choose to log additional info rmation. Those optional selections are as follows: • Attempted acce[...] 
- 
                            Página 72Reference Manual for the ADSL Firewall Router DG834 5-12 Managi ng Your Netw ork 202-10005-05, June 2005 Saving Log Files on a Server Y ou can choose to write the logs to a computer ru nning a syslog program. T o activate this feature, select to Broadcast on Lan or enter the IP address of the server where the Syslog file will be written. Examples o[...] 
- 
                            Página 73Reference Manual for the ADSL Firewall Router DG834 Managing Your Network 5-13 202-10005-0 5, June 2005 Enabling Security Event E-mail Notification In order to receive logs and alerts by e-mail, you mu st provide your e- mail information in the E-mail subheading: Figure 5-9: E-mail menu • T urn e-mail notification on . Select this ch eck box if y[...] 
- 
                            Página 74Reference Manual for the ADSL Firewall Router DG834 5-14 Managi ng Your Netw ork 202-10005-05, June 2005 If the W eekly , Daily or Hourly option is selecte d and the log fills up before the specified period, the log is automatica lly e-mailed to the specified e-mail address. After the log is sent, it is cleared from the router’ s memory . If the [...] 
- 
                            Página 75Reference Manual for the ADSL Firewall Router DG834 Managing Your Network 5-15 202-10005-0 5, June 2005 Enabling Remote Management Using the Remote Manageme nt page , you can allow a user or users on the Internet to configure, upgrade an d check the status of your DG834 ADSL Firewall Router. Configuring Remote Management 1. Log in to the router at [...] 
- 
                            Página 76Reference Manual for the ADSL Firewall Router DG834 5-16 Managi ng Your Netw ork 202-10005-05, June 2005 When accessing your router from the Internet, you will type your router's W AN IP address in your browser's Addre ss (in IE) or Loc ation (in Netscape) box, follo wed by a colon (:) and the custom port number . For example, if your ext[...] 
- 
                            Página 77Advanced Configuration 6-1 202-10005-0 5, June 2005 Chapter 6 Advanced Configuration This chapter describes how to configure the ad vanced features of your DG834 ADSL Firewall Router. Configuring Advanced Security The DG834 ADSL Firewall Ro uter provides a variety of advanced features, such as: • Setting up a Demilitarized Zone (DMZ) Server • C[...] 
- 
                            Página 78Reference Manual for the ADSL Firewall Router DG834 6-2 Advanced Configuration 202-10005-05, June 2005 Incoming traf fic from the Internet is normally disc arded by the router unless the traffic is a response to one of your local comp uters or a service that you have configured in the Ports menu. Instead of disc arding this traffic, you can have it[...] 
- 
                            Página 79Reference Manual for the ADSL Firewall Router DG834 Advanced Configuration 6-3 202-10005-0 5, June 2005 Connect Automatica lly , as Required Normally , this option should be en abled, so that an Internet conn ection will be made automatically , whenever Internet-bound traf fic is detected. If this causes high connection costs, you can disable this [...] 
- 
                            Página 80Reference Manual for the ADSL Firewall Router DG834 6-4 Advanced Configuration 202-10005-05, June 2005 These addresses are part of the Internet Engineering T a sk Force (IETF)-designated private address range for use in private networks, and should be suitable in most applications. If your network has a requirement to use a different IP addressing [...] 
- 
                            Página 81Reference Manual for the ADSL Firewall Router DG834 Advanced Configuration 6-5 202-10005-0 5, June 2005 • RIP V ersion This controls the format and th e broadcasting met hod o f the RIP packets that the router sends. It recognizes both formats when receiving. By default, this is set for RIP-1. — RIP-1 is universally supported . RIP-1 is probabl[...] 
- 
                            Página 82Reference Manual for the ADSL Firewall Router DG834 6-6 Advanced Configuration 202-10005-05, June 2005 • An IP Address from the range you have defined • Subnet Mas k • Gateway IP Address is the router ’ s LAN IP address • Primary DNS Server , if you entered a Primary DNS address in the Basic Settings menu; otherwise, the router ’ s LAN [...] 
- 
                            Página 83Reference Manual for the ADSL Firewall Router DG834 Advanced Configuration 6-7 202-10005-0 5, June 2005 How to Configure LAN TCP/IP Settings 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin , default password of password , or using whatever User Name, Password and LAN address you have chos[...] 
- 
                            Página 84Reference Manual for the ADSL Firewall Router DG834 6-8 Advanced Configuration 202-10005-05, June 2005 The router contains a client that can connect to a dynamic DNS service provider . T o use this feature, you must select a service provider and obtain an account with them. After you have configured your acco unt inform ation in the router , whenev[...] 
- 
                            Página 85Reference Manual for the ADSL Firewall Router DG834 Advanced Configuration 6-9 202-10005-0 5, June 2005 7. T ype the User Name for your dynamic DNS account. 8. T ype the Password (or key) for your dynamic DNS accoun t. 9. If your dynamic DNS provider allows the use of wildcards in resolving your URL, you can select the Use wildcards chec k box to a[...] 
- 
                            Página 86Reference Manual for the ADSL Firewall Router DG834 6-10 Advanced C onfiguration 202-10005-05, June 2005 In this case you must define a static route, tell ing your router that 134.177.0.0 should be accessed through the ISDN router at 192.1 68 . 0.1 00. The static route would look like Figure 6-6 . In this ex ample: • The Destination IP Address an[...] 
- 
                            Página 87Reference Manual for the ADSL Firewall Router DG834 Advanced Configuration 6-11 202-10005-0 5, June 2005 3. T o add or edit a Static Route: a. Click the Edit button to open the Edit Menu, shown in Figure 6-6 . Figure 6-6: S tat ic Route Entry and Edit Menu b. T ype a route name for this static route in the Route Name box under the table. This is fo[...] 
- 
                            Página 88Reference Manual for the ADSL Firewall Router DG834 6-12 Advanced C onfiguration 202-10005-05, June 2005 Universal Plug and Play (UPnP) Universal Plug and Play (UPnP) helps devices, su ch as Internet appliances and computers, access the network and conne ct to other devices as need ed. UPnP devic es ca n automatically discover the services from oth[...] 
- 
                            Página 89Reference Manual for the ADSL Firewall Router DG834 Advanced Configuration 6-13 202-10005-0 5, June 2005 • UPnP Portmap T able : The UPnP Portmap T able displays the IP address of each UPnP device that is currently accessing the Router and which ports (Internal and External) that device has opene d. The UPnP Portmap T able also displays what type[...] 
- 
                            Página 90Reference Manual for the ADSL Firewall Router DG834 6-14 Advanced C onfiguration 202-10005-05, June 2005[...] 
- 
                            Página 91Virtual Private Networking (Advanced Featur e) 7-1 202-10005-0 5, June 2005 Chapter 7 V irtual Private Networking (Advanced Feature) This chapter describes how to u se the virtual private network i ng (VPN) features of the DG834 ADSL router. VPN communications paths are ca lled tunnels. VPN tunnels provide secure, encrypted communications between y[...] 
- 
                            Página 92Reference Manual for the ADSL Firewall Router DG834 7-2 Virtual Private Networking (Advanced Feature) 202-10005-05, June 2005 Overview of VPN Configuration T wo common sc enarios for config uring VPN tunnels are between a remote personal computer an d a network gateway and between two or more network gateways. The DG834 suppo rts both of these type[...] 
- 
                            Página 93Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking (Advanced Feature) 7-3 202-10005-0 5, June 2005 Figure 7-2: Gateway-to-Gateway VPN T unnel A VPN between two or more NETGEAR VPN-enabled routers is a good way to connect branch or home offices and business partners ove r the Inte rne t. VPN tunnels also enable access to [...] 
- 
                            Página 94Reference Manual for the ADSL Firewall Router DG834 7-4 Virtual Private Networking (Advanced Feature) 202-10005-05, June 2005 T o set up a VPN connection, you must configure e ach endpoint with spec ific identification and connection information describing the other endp oin t. Y ou must configure the outbound VPN settings on one end to matc h the [...] 
- 
                            Página 95Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking (Advanced Feature) 7-5 202-10005-0 5, June 2005 • What method will you use to configure your VP N tun nels? — The VPN Wizard using VPNC defaults (see Ta b l e 7 - 2 ) — The typical automated Internet Key Exchange (IKE) setup (see “Using Auto Policy to Configure V[...] 
- 
                            Página 96Reference Manual for the ADSL Firewall Router DG834 7-6 Virtual Private Networking (Advanced Feature) 202-10005-05, June 2005 VPN T unnel Configuration There are two tunnel configurations and three ways to configure them: • Use the VPN W izard to configure a VPN tunnel (recommended fo r most situations): — See “How to Set Up a Client-to-Gatew[...] 
- 
                            Página 97Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking (Advanced Feature) 7-7 202-10005-0 5, June 2005 Figure 7-3: Client-to -Gateway VPN T unnel S tep 1: Configuring the Clien t-to-Gateway VPN T unnel on th e DG834 Note: This section uses the VPN W izard to set up the VPN tunnel using the VPNC default parameters listed in T[...] 
- 
                            Página 98Reference Manual for the ADSL Firewall Router DG834 7-8 Virtual Private Networking (Advanced Feature) 202-10005-05, June 2005 The works heet below iden tifies the parameters used in th e following pro cedure. A blank worksheet is at “Planning a VP N” on page 7-3 . Follow this procedure to configure a client-t o-gateway VPN tunnel using the VPN [...] 
- 
                            Página 99Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking (Advanced Feature) 7-9 202-10005-0 5, June 2005 Figure 7-4: VPN Wizard S ta rt Screen 2. Fill in the Connection Na me and the pre-shared key , select the type of target end point, and click Next to proceed. Note: The Connection Name is arbitrary and not relevant to how t[...] 
- 
                            Página 100Reference Manual for the ADSL Firewall Router DG834 7-10 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 The Summary screen below displays. Figure 7-6: VPN Wizard Summary[...] 
- 
                            Página 101Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 11 202-10005-0 5, June 2005 T o view the VPNC recommended authenticatio n and encry ptio n settings used by the VPN W izard, click the “ here ” link (see Figure 7-6 ). Click Back to return to the Summary sc reen. Figure 7-7: VPNC Recommende d S[...] 
- 
                            Página 102Reference Manual for the ADSL Firewall Router DG834 7-12 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 Note : Refer to “Using Auto Policy to Co nfigure VPN T unnels” on pa ge 7-36 to enable the IKE keepalive capability on an existing VPN tunnel. S tep 2: Configuring the NETGE AR ProSafe VPN C lient on the Remote PC This[...] 
- 
                            Página 103Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 13 202-10005-0 5, June 2005 Note: In this example, the Connection Name used on the client side of t he VPN tunnel is toDG834 and it does n ot have to match the RoadW arrior Connection Name used on the gateway side of the VPN tunnel (see Figu re 7-5[...] 
- 
                            Página 104Reference Manual for the ADSL Firewall Router DG834 7-14 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 • In this example, type 192.168.3.1 in the Subnet field as the network address of the DG834. •E n t e r 255.255 .255.0 in the Mask field as the LA N Subnet Mask of the DG834. • Select All in the Protocol menu to a ll[...] 
- 
                            Página 105Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 15 202-10005-0 5, June 2005 • In the Network Security Policy list on the le ft side of the Security Policy Editor window , click on My Identity . Figure 7-12: Security Po licy Editor My Identity • Choose None in the Select Certificate menu. •[...] 
- 
                            Página 106Reference Manual for the ADSL Firewall Router DG834 7-16 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 5. Configure the VPN Client Authentication Proposal. In this step, yo u will provide the type of encryption (DES or 3DES) to b e used for this connection. This selection must match your selection in the DG834 configura tio[...] 
- 
                            Página 107Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 17 202-10005-0 5, June 2005 • Expand the Key Exchange subheading by doub le clicking its name or clicking on the “+” symbol. Then select Propo sal 1 below Key Exchange. Figure 7-15: Security Po licy Editor Key Exchange • In the SA Life menu[...] 
- 
                            Página 108Reference Manual for the ADSL Firewall Router DG834 7-18 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 8. Check the VPN Connection. T o check the VPN Connection, you can initiate a request from the remote PC to the DG834’ s network by using the “Con nect” option in the NETGEAR ProSafe me nu bar . Th e NETGEAR ProSafe [...] 
- 
                            Página 109Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 19 202-10005-0 5, June 2005 Information on the progress and status of the VPN client connection can be viewed by opening the NETGEAR ProSafe Log V i ewer . 1. T o launch this function, click on the W indow s S tart button, then sele ct Programs , t[...] 
- 
                            Página 110Reference Manual for the ADSL Firewall Router DG834 7-20 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 • The DG834 has a LAN IP address of 192.168.3.1. • The VPN client PC has a dyna mically assigned address of 192.168.2.2. While the connection is being esta blished, the Connection Name fiel d in this menu will say “S[...] 
- 
                            Página 111Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 21 202-10005-0 5, June 2005 Note: The LAN IP address ranges of each VPN endpoint must be dif ferent. The connection will fail if both are using the NETGEAR default address range of 192.168.0.x. T able 7-4. VPN T unnel Configuration W orksheet Conne[...] 
- 
                            Página 112Reference Manual for the ADSL Firewall Router DG834 7-22 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 Follow this procedure to configure a gateway- to-gateway VPN tunnel using the VPN W izard. 1. Log in to the DG834 on LAN A at its default LAN address of http://192.168.0.1 with its default user name of ad min and password [...] 
- 
                            Página 113Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 23 202-10005-0 5, June 2005 3. Fill in the IP Address or FQDN for the ta rget VPN end point W AN connection and click Next . Figure 7-23: Remote IP 4. Identify the IP addresses at the tar get endp oint which can us e th is tunnel, and click Next . [...] 
- 
                            Página 114Reference Manual for the ADSL Firewall Router DG834 7-24 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 The Summary screen below displays. Figure 7-25: VPN Wizard Summary[...] 
- 
                            Página 115Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 25 202-10005-0 5, June 2005 T o view the VPNC recommended authenticatio n and encry ptio n settings used by the VPN W izard, click the “ here ” link (see Figure 7-2 5 ). Click Back to return to the Summary screen. Figure 7-26: VPN Recommended S[...] 
- 
                            Página 116Reference Manual for the ADSL Firewall Router DG834 7-26 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 6. Repeat for the DG834 on LAN B and pa y special attentio n to use the following network settings as appropriate. • W AN IP of the remote VPN gateway (e.g., 14.15.16.17 ) • LAN IP settings of the remote VPN gateway: ?[...] 
- 
                            Página 117Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 27 202-10005-0 5, June 2005 Figure 7-29: Current VPN T unnels (SAs) Screen c. Look at the VPN S tatus/Log screen ( Figure 7 -28 ) to verify that the tunnel is conn ec te d. VPN T unnel Control Activating a VPN T unnel There are three ways to activa[...] 
- 
                            Página 118Reference Manual for the ADSL Firewall Router DG834 7-28 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 Figure 7-30: VPN St atus/Log Screen 3. Click on VPN S tatus ( Figure 7-30 ) to get the Current VPN T unnels (SAs) screen ( Figure 7-31 ). Click on Connect for the VPN tunnel you want to activate. Figure 7-31: Current VPN T[...] 
- 
                            Página 119Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 29 202-10005-0 5, June 2005 T o activate the VPN tunnel by pinging the remote endpoint (e.g., 192.168.3.1), d o the following steps depending on whether your configuration is client -to-gateway or gateway-to-gateway: • Client-to-Gateway Configura[...] 
- 
                            Página 120Reference Manual for the ADSL Firewall Router DG834 7-30 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 Once the connection is establish e d, yo u can op en the browser of the PC and enter the LAN IP address of the remote DG834. After a short wait, you should see the login screen of the Router (unless another PC alread y has[...] 
- 
                            Página 121Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 31 202-10005-0 5, June 2005 Figure 7-35: VPN St atus/Log Screen 3. Click on VPN S tatus ( Figure 7-30 ) to get the Current VPN T unnels (SAs) screen ( Figure 7-31 ). This table lists the following da ta for each active VPN T unnel. • SPI —each [...] 
- 
                            Página 122Reference Manual for the ADSL Firewall Router DG834 7-32 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 Figure 7-36: Current VPN T unnels (SAs) Screen Deactivating a VPN T unnel Sometimes a VPN tunnel must be deactivated for testing purposes. There are two ways to deactivate a VPN tunnel: • Policy table on VPN Policies pag[...] 
- 
                            Página 123Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 33 202-10005-0 5, June 2005 Figure 7-37: VPN Policies 3. Clear the Enable check box for the VPN tunnel you want to d eactivate and click Apply . (T o reactivate the tunnel, check th e Enable box and click Apply .) Using the VPN S tatus Pag e to Dea[...] 
- 
                            Página 124Reference Manual for the ADSL Firewall Router DG834 7-34 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 Figure 7-38: VPN St atus/Log Screen 3. Click VPN S tatus ( Figure 7-38 ) to get the Current VPN T unnels (SAs) screen ( Figure 7-39 ). Click Drop for the VPN tunnel you want to deactivate. Figure 7-39: Current VPN T unnels[...] 
- 
                            Página 125Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 35 202-10005-0 5, June 2005 Deleting a VPN T unnel T o delete a VPN tunnel: 1. Log in to the Router. 2. Open the DG834 management interface and c lick VPN Policies to displ ay the VPN Policies screen ( Figure 7-40 ). Select the radio button for the[...] 
- 
                            Página 126Reference Manual for the ADSL Firewall Router DG834 7-36 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 • Manual Policy —for a Manual Keying setup in whic h you must specify each phase of the connection, see “Using Manual Policy to Configure VPN T unnels” on page 7 -48 . Manual Policy does not use IKE. Rather, you ma[...] 
- 
                            Página 127Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 37 202-10005-0 5, June 2005 Figure 7-41: DG834 VPN T unnel Auto Policy Configuration Menu[...] 
- 
                            Página 128Reference Manual for the ADSL Firewall Router DG834 7-38 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 The DG834 VPN tunnel ne twork connection fields are defined as follows: General These settings identify this policy and determine its major characteristics. • Policy Name —Enter a unique name to identify this po licy .[...] 
- 
                            Página 129Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 39 202-10005-0 5, June 2005 Remote LAN This identifies which PCs on the re mote LAN are covered by this policy . For ea ch selection, data must be provided as follows: • Single PC - no Subnet — select this option if there is no L AN (only a sin[...] 
- 
                            Página 130Reference Manual for the ADSL Firewall Router DG834 7-40 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 Local Identity Data —enter the data for the selection above. (If "W AN IP Address" is selected, no input is required.) Remote Identity T ype —select the desired option to match the "Local Identity T ype&[...] 
- 
                            Página 131Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 41 202-10005-0 5, June 2005 This setting applies to both IK E and IPSe c SAs. When configurin g the remote endpoint to match this setting, you may h ave to spec ify the "K ey Group" used. For this device, t he "Key Group" is the[...] 
- 
                            Página 132Reference Manual for the ADSL Firewall Router DG834 7-42 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 T able 7-1. VPN T unnel Configuration W orksheet Connection Name: GtoG Pre-Shared Key: 12345678 Secure Association -- Main Mode or Manua l Keys: Main Perfect Forward Secrecy -- Enabled or Disabled: Disabled NETBIOS -- Enab[...] 
- 
                            Página 133Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 43 202-10005-0 5, June 2005 2. Open the DG834 on LAN A management interface and click on VPN Policies. Figure 7-43: VPN Policies Screen 3. Click Add Auto Policy . 4. Enter policy settings (see Figure 7-44 ). • General — Policy Name = GtoG — R[...] 
- 
                            Página 134Reference Manual for the ADSL Firewall Router DG834 7-44 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 — Remote Identity T ype = use default se tting • Parameters — Encryption Al gorithm = 3DES — Authentication Algorithm = MD5 — Pre-shared Key = 12345678[...] 
- 
                            Página 135Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 45 202-10005-0 5, June 2005 Figure 7-44: VPN Auto Policies Scre en[...] 
- 
                            Página 136Reference Manual for the ADSL Firewall Router DG834 7-46 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 5. Click Apply . The Get VPN Policies web page is displayed. Figure 7-45: VPN Policies Screen 6. Repeat for the DG834 on LAN B and pa y special attentio n to use the following network settings as appropriate. • General, [...] 
- 
                            Página 137Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 47 202-10005-0 5, June 2005 Figure 7-46: VPN St atus/Log Screen b. Click VPN S tatus ( Figure 7-46 ) to display the Current VPN T unnels (SAs) screen ( Figure 7-47 ). Click on Connect for the VPN tunnel you want to activate. Figure 7-47: Current VP[...] 
- 
                            Página 138Reference Manual for the ADSL Firewall Router DG834 7-48 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 Using Manual Policy to Configure VPN T unnels As an alternative to IKE, you may use Manual Ke yin g, in which you must specify each phase of the connectio n. A "Manual" VPN po licy requires all set tings for th e[...] 
- 
                            Página 139Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking ( Advanced Feature) 7- 49 202-10005-0 5, June 2005 General The DG834 VPN tunnel ne twork connection fields are defined as follows: • Policy Name —enter a unique name to identify this po licy . This name is not supplied to the remote VPN endpoint. It is used o nly to [...] 
- 
                            Página 140Reference Manual for the ADSL Firewall Router DG834 7-50 Virtual Private Networking ( Advanced Feature) 202-10005-05, June 2005 • Range address —enter the starting IP address in the "Single/S tart IP address" field, and the finish IP address in the "Finish IP address" fiel d. This must be an address range used on the remote [...] 
- 
                            Página 141Troubleshooting 8-1 202-10005-0 5, June 2005 Chapter 8 T roubleshooting This chapter gives informatio n about troublesho oting your DG834 ADSL Firewall Router. After each problem description, instructions are provided to help you di agnose and solve the problem. For the common problems listed, go to the section indicated. • Is the router on? • [...] 
- 
                            Página 142Reference Manual for the ADSL Firewall Router DG834 8-2 Troubleshooting 202-10005- 05 , June 2005 If a port’ s LED is lit, a link has been establis hed to the connected device. If a LAN port is connected to a 100 Mbps device, verify that the port’ s LED is green. If the port is 10 Mbps, the LED will be amber . If any of these conditions does no[...] 
- 
                            Página 143Reference Manual for the ADSL Firewall Router DG834 Troubleshooting 8- 3 202-10005- 05 , June 2005 • Make sure that power is turned on to the co nnected hu b or workstatio n. • Be sure you are using the correct cable: — When connectin g th e router ’ s W AN ADSL port , us e the c able that was supp lie d with the DG834. T roubleshooting the[...] 
- 
                            Página 144Reference Manual for the ADSL Firewall Router DG834 8-4 Troubleshooting 202-10005- 05 , June 2005 • Click the Refresh or Reload button in the W e b browser . The changes may have occurred, but the W eb browser may be caching the old configuration. T roubleshooting the ISP Connection If your router is unable to access the Internet , you should che[...] 
- 
                            Página 145Reference Manual for the ADSL Firewall Router DG834 Troubleshooting 8- 5 202-10005- 05 , June 2005 If disconnecting telephon es does not result in a green W AN LED the problem may be one of the following: • Check that the telephone company has made the connection to your line and tested it. • V erify that you are connected t o the correct te le[...] 
- 
                            Página 146Reference Manual for the ADSL Firewall Router DG834 8-6 Troubleshooting 202-10005- 05 , June 2005 • Y our ISP only allows one Ethernet MAC address to connect to Internet, and may check for your computer ’ s MAC address. In this case: Inform your ISP that you have bought a new network de vice, and ask them to use the router ’ s MAC address. OR[...] 
- 
                            Página 147Reference Manual for the ADSL Firewall Router DG834 Troubleshooting 8- 7 202-10005- 05 , June 2005 A DNS server is a host on the Internet that translates Interne t names (such as www addresses) to numeric IP addresses. T ypically your ISP will provide the addresses of one or two DNS servers for your use. If yo u entered a DNS address dur ing the ro[...] 
- 
                            Página 148Reference Manual for the ADSL Firewall Router DG834 8-8 Troubleshooting 202-10005- 05 , June 2005 • W rong physical connections — Make sure the LAN port LED is on. If the LED is of f, follow the instructions in “LAN or W AN Port LEDs Not On” on page 8-2 . — Check that the co rresponding Link LEDs are on for yo ur network interface card an[...] 
- 
                            Página 149Reference Manual for the ADSL Firewall Router DG834 Troubleshooting 8- 9 202-10005- 05 , June 2005 Restoring the Default Co nfiguration and Password This section explains how to restore the fact ory default configuratio n settings, changing the router ’ s administration passwo rd to password and the IP address to 192.16 8.0.1. Y ou can erase the [...] 
- 
                            Página 150Reference Manual for the ADSL Firewall Router DG834 8-10 Troubleshooting 202-10005- 05 , June 2005[...] 
- 
                            Página 151Technical Specifications A-1 202-10005-0 5, June 2005 Appendix A T echnical S pecifications This appendix provides tech nical specifications for the DG834 ADSL Firewall Router. Network Protocol and St andards Comp atibility Data and Routing Protocols: TCP/IP , RIP-1, RI P-2, DHCP , PPP over Ethernet (PPPoE) or PPP over A TM (PPPoA), RFC 1483 Bridge[...] 
- 
                            Página 152Reference Manual for the ADSL Firewall Router DG834 A-2 Technical Specifications 202-10005-05, June 2005 Electromagnetic Emissions Meets requirements of: FCC Part 15 Class B VCCI Class B EN 55 022 (CISPR 22), Class B Interface S pecifications LAN: 10BASE-T or 100BASE-Tx, RJ-45 W AN: ADSL, Dual RJ-1 1, pins 2 and 3 T1.413, G .DMT , G .Lite ITU Annex[...] 
- 
                            Página 153Network and Routing Basics B-1 202-10005-0 5, June 2005 Appendix B Network and Routing Basics This chapter provides an overview of IP networks and routing. Related Publications As you read this document, you may be dire cted to various RFC documents for further information. An RFC is a Request For Comment (RFC) published by the In ternet Engineerin[...] 
- 
                            Página 154Reference Manual for the ADSL Firewall Router DG834 B-2 Network and Routing Basics 202-10005-05, June 2005 Routing Information Protocol One of the protocol s used by a rout er to build an d maintain a picture of the network is the Routing Information Protocol (RIP). Us ing RIP , routers periodically update one anoth er and check for changes to add [...] 
- 
                            Página 155Reference Manual for the ADSL Firewall Router DG834 Network and Routing Basics B-3 202-10005-0 5, June 2005 Figure 8-1: Three Main Add ress Classes The five address classes are: • Class A Class A addresses can hav e up to 16,777,214 hosts on a sin gle network. They use an eigh t-bit network number and a 24-bit node number . Class A address es are[...] 
- 
                            Página 156Reference Manual for the ADSL Firewall Router DG834 B-4 Network and Routing Basics 202-10005-05, June 2005 This addressing structure allows IP addresses to uniquely identify each physical network and each node on each ph ysical network . For each unique value o f the network portion of the address, the base address of the range (host address of all[...] 
- 
                            Página 157Reference Manual for the ADSL Firewall Router DG834 Network and Routing Basics B-5 202-10005-0 5, June 2005 Subnet addressing al lows us to split one IP network ad dress into smaller multiple physical networks known as su bnetworks. Some of the node numbers are used as a su bnet number instead . A Class B address gives us 16 bits of node numbers tr[...] 
- 
                            Página 158Reference Manual for the ADSL Firewall Router DG834 B-6 Network and Routing Basics 202-10005-05, June 2005 The following table di splays several common netm ask values in both the dotted-decimal and the masklength formats. NETGEAR strongly recommends that y ou configur e all hosts on a LAN se gment to use the same netmask for the following reasons:[...] 
- 
                            Página 159Reference Manual for the ADSL Firewall Router DG834 Network and Routing Basics B-7 202-10005-0 5, June 2005 When a device broadcasts to its segment neighb ors, it uses a destination address of the local network address with al l ones for the host address. In order for this schem e to work, all devices on the segment must agree on which bits compris[...] 
- 
                            Página 160Reference Manual for the ADSL Firewall Router DG834 B-8 Network and Routing Basics 202-10005-05, June 2005 Figure 8-3: Sing le IP Address Operation Using NA T This scheme of fers the additional benefit of firewall-like protection because the internal LAN addresses are not available to the Internet thro ugh the translated connection. All inc oming i[...] 
- 
                            Página 161Reference Manual for the ADSL Firewall Router DG834 Network and Routing Basics B-9 202-10005-0 5, June 2005 Related Document s The station with the correct IP address responds with its own MAC address directly to the sending device. The receivin g station provides the tr ansmitting station with the required destination MAC address. The IP address d[...] 
- 
                            Página 162Reference Manual for the ADSL Firewall Router DG834 B-10 Network and Routing Ba si cs 202-10005-05, June 2005 The DG834 ADSL router also functions as a DHCP c lient when connecting to the ISP . The router can automatically obtain an IP address, subnet mask, DNS server addresses, and a gateway addre ss if the ISP provides this information by DHCP . [...] 
- 
                            Página 163Reference Manual for the ADSL Firewall Router DG834 Network and Routing Basics B-1 1 202-10005-0 5, June 2005 Denial of Service Att ack A hacker may be able to prevent your network from op erating or communicating by launching a Denial of Service (DoS) attack. Th e method used for such an att ack can be as simple as merely flooding your site with m[...] 
- 
                            Página 164Reference Manual for the ADSL Firewall Router DG834 B-12 Network and Routing Ba si cs 202-10005-05, June 2005 10 ft. (3 m) from the wall outlet to the desktop device The patch panel and other connecting hardware must meet the requirements for 100 Mbps operation (Categor y 5 ). Only 0.5 inch (1.5 cm ) o f untwist in the wire pa ir is allowed at any [...] 
- 
                            Página 165Reference Manual for the ADSL Firewall Router DG834 Network and Routing Basics B-1 3 202-10005-0 5, June 2005 Figure B-2: Crossover T wisted-Pair Cable Figure B-3: Category 5 UTP Cable with Male RJ -45 Plug at Each End Note : Flat “silver satin” tele phone cable may h ave the same RJ-45 plug. However , using telephone cable results in excessive[...] 
- 
                            Página 166Reference Manual for the ADSL Firewall Router DG834 B-14 Network and Routing Ba si cs 202-10005-05, June 2005 When connecting a PC to a PC, or a hub port to another hub port, the transmit pair must be exchanged with the receive pair . This exchange is done by one of two mechanisms. Most hubs provide an Uplink switch which w ill exchange the pairs o[...] 
- 
                            Página 167Preparing Your Ne twork C-1 202-10005-0 5, June 2005 Appendix C Prep aring Y our Network This appendix describes how to prepare you r ne twork to connect to the Internet through the DG834 ADSL Firewall Router and how to verify th e readiness of broadband Internet service from an Internet service provider (ISP). Prep aring Y our Computers for TCP/IP[...] 
- 
                            Página 168Reference Manual for the ADSL Firewall Router DG834 C-2 Preparing Your Networ k 202-10005-05, June 2005 In your IP network, each PC and the router must be assigned a unique IP addresses. Each PC must also have certain other IP config uratio n informa tion such as a subnet mask (netmask), a domain name server (DNS) address, and a de fault gatewa y a[...] 
- 
                            Página 169Reference Manual for the ADSL Firewall Router DG834 Preparing Your Ne twork C-3 202-10005-0 5, June 2005 Y ou must have an Ethernet adapter , the TCP/IP protocol, and Client for Micro soft Networks. If you need to install a ne w adapter , follow these steps: a. Click the Add button. b. Select Adapter , and then click Add. c. Select the manufacturer[...] 
- 
                            Página 170Reference Manual for the ADSL Firewall Router DG834 C-4 Preparing Your Networ k 202-10005-05, June 2005 If you need Clie nt for Micro soft Networks: a. Click the Add button. b. Select Client, and then click Ad d. c. Select Microsoft. d. Select Client for Microsoft Networks, and then click OK. 3. Restart your PC for the changes to take ef fect. Enab[...] 
- 
                            Página 171Reference Manual for the ADSL Firewall Router DG834 Preparing Your Ne twork C-5 202-10005-0 5, June 2005 V erify the following settings as shown: • Client for Microsoft Network exists • Ethernet adapter is present • TCP/IP is present • Primary Network Logon is set to W indows logon Click on the Properties button. The following TCP/IP Proper[...] 
- 
                            Página 172Reference Manual for the ADSL Firewall Router DG834 C-6 Preparing Your Networ k 202-10005-05, June 2005 Selecting the W indows’ Internet Access Method 1. On the W indows taskbar , click the S tart button, point to Settings, and th en click Control Panel. 2. Double-click the Internet Options icon. 3. Select “I want to set up my Internet connecti[...] 
- 
                            Página 173Reference Manual for the ADSL Firewall Router DG834 Preparing Your Ne twork C-7 202-10005-0 5, June 2005 2. Ty p e winipcfg , and then click OK. The IP Configuration window opens, which lists (a mong other things), your IP address, subnet mask, and default gateway . 3. From the drop-down bo x, select your Ethernet adapter . The window is updated to[...] 
- 
                            Página 174Reference Manual for the ADSL Firewall Router DG834 C-8 Preparing Your Networ k 202-10005-05, June 2005 DHCP Configuration of TCP/IP in Windows XP , 2000, or NT4 Y ou will find there are many similarities in th e procedures for different W indows systems when using DHCP to config ure TCP/IP . The following steps will walk you through the configura [...] 
- 
                            Página 175Reference Manual for the ADSL Firewall Router DG834 Preparing Your Ne twork C-9 202-10005-0 5, June 2005 • Now you should be at the Local Area Network Connection S tatus window . This box displays the co nn ection status, duration, speed, and activity statistics. • Administrator logon access rights are needed to use this window . • Click the [...] 
- 
                            Página 176Reference Manual for the ADSL Firewall Router DG834 C-10 Prep arin g Your Network 202-10005-05, June 2005 DHCP Configuration of TC P/IP in Windows 2000 Once again, after you have installed the network card, TCP/IP for W indows 2000 is configured. TCP/IP should be added by de fault and set to DHCP without your having to configure it. However , if th[...] 
- 
                            Página 177Reference Manual for the ADSL Firewall Router DG834 Preparing Your Ne twork C-11 202-10005-0 5, June 2005 • Click on the My Network Places icon on the W indows desktop. This will bring up a window called Network and Dial-up Co nnections. • Right click on Local Ar ea Connection and select Properties . •T h e Local Area Connection Pr operties d[...] 
- 
                            Página 178Reference Manual for the ADSL Firewall Router DG834 C-12 Prep arin g Your Network 202-10005-05, June 2005 • W ith Internet Protocol (TCP/IP) selected, click on Pr operties to open the Internet Protocol (TCP/IP) Propert ies dialogue box. • V erify that • Obtain an IP address automatically is selected. • Obtain DNS server address automaticall[...] 
- 
                            Página 179Reference Manual for the ADSL Firewall Router DG834 Preparing Your Ne twork C-13 202-10005-0 5, June 2005 DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to co nfigure the TCP/IP environment for W indows NT 4. 0. Follow this procedure to config ure TCP/IP with DHCP in W indows NT 4.0. • Choose Settin[...] 
- 
                            Página 180Reference Manual for the ADSL Firewall Router DG834 C-14 Prep arin g Your Network 202-10005-05, June 2005 • Highlight the TCP/IP Pr otocol in the Network Pro tocols box, and click on the Properties button.[...] 
- 
                            Página 181Reference Manual for the ADSL Firewall Router DG834 Preparing Your Ne twork C-15 202-10005-0 5, June 2005 V erifying TCP/IP Properties fo r Windows XP , 2000, and NT4 T o check your PC’ s TCP/IP configuration: 1. On the W indows taskbar , click the Start button, and then click Run. The Run window open s. 2. Ty p e cmd and then click OK. A command[...] 
- 
                            Página 182Reference Manual for the ADSL Firewall Router DG834 C-16 Prep arin g Your Network 202-10005-05, June 2005 • The default gateway i s 192.168.0.1 4. Ty p e exit Configuring the Macintos h for TCP/IP Networking Beginning with Macintosh Operating Sy stem 7, TCP/ IP is already installed on the Macintosh. On each networked Macintosh, you need to config[...] 
- 
                            Página 183Reference Manual for the ADSL Firewall Router DG834 Preparing Your Ne twork C-17 202-10005-0 5, June 2005 2. If not already selected, select Built- in Ethernet in the Configure list. 3. If not already selected, Select Using DHCP in the TCP/IP tab. 4. Click Save. V erifying TCP/IP Properties for Macintosh Computers After your Macintosh is confi gure[...] 
- 
                            Página 184Reference Manual for the ADSL Firewall Router DG834 C-18 Prep arin g Your Network 202-10005-05, June 2005 V erifying the Readiness of Y our Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL mode m. This modem must b[...] 
- 
                            Página 185Reference Manual for the ADSL Firewall Router DG834 Preparing Your Ne twork C-19 202-10005-0 5, June 2005 • An IP address and subnet mask • A gateway IP address, which is the address of the ISP’ s router • One or more domain name server (DNS) IP addresses • Host name and domain suffix For example, your account’ s full server names may l[...] 
- 
                            Página 186Reference Manual for the ADSL Firewall Router DG834 C-20 Prep arin g Your Network 202-10005-05, June 2005 If an IP address appears under Installed Gatewa ys, write down the address. This is the ISP’ s gateway address. Select the address and then click Re move to remove the gateway address. 6. Select the DNS Configuration tab. If any DNS server ad[...] 
- 
                            Página 187Reference Manual for the ADSL Firewall Router DG834 Preparing Your Ne twork C-21 202-10005-0 5, June 2005 Rest arting the Network Once you have set up your computers to work with the rou ter , you must reset the network for the devices to be able to communicat e correctly . Restart any computer that is connec ted to the firewall. After configuring [...] 
- 
                            Página 188Reference Manual for the ADSL Firewall Router DG834 C-22 Prep arin g Your Network 202-10005-05, June 2005[...] 
- 
                            Página 189Virtual Private Networking D-1 202-10005-0 5, June 2005 Appendix D V irtual Private Networking There have been many improvem ents in the Internet including Quality of Service, network performance, and inexpensive technologies, such as DSL. But one of the most important advances has been in V irtual Private Networking (VPN) Inte rnet Protocol securi[...] 
- 
                            Página 190Reference Manual for the ADSL Firewall Router DG834 D-2 Virtual Private Networking 202-10005-05, June 2005 • Remote Access: Remote access enables telecommuters and mobile workers to access e-mail and business applications. A dia l-up connection to an organization’ s modem pool is one method of access for remote workers, but is expensive because[...] 
- 
                            Página 191Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking D-3 202-10005-0 5, June 2005 • Encapsulating Security Payload (ESP) : Provides confidentiality , authentication, and integrity . • Authentication Header (AH) : Provides authentication and integrity . • Internet Key Exchange (IKE) : Provides key management and Secur[...] 
- 
                            Página 192Reference Manual for the ADSL Firewall Router DG834 D-4 Virtual Private Networking 202-10005-05, June 2005 The ESP header is inserted into the packet betw een the IP header and any subsequent packet contents. However , because ESP encrypts the data, the payload is changed. ESP does not encrypt the ESP header , nor does it encrypt the ESP authentica[...] 
- 
                            Página 193Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking D-5 202-10005-0 5, June 2005 Mode SAs operate using modes. A mode is the method in which the IPSec protocol is applied to the packet. IPSec can be used in tunne l mode or tran sport mode. T ypically , the tunnel mode is used for gateway-to-gateway IPSec tunnel protection[...] 
- 
                            Página 194Reference Manual for the ADSL Firewall Router DG834 D-6 Virtual Private Networking 202-10005-05, June 2005 Key Management IPSec uses the Internet Key Exchange (IKE) protoc ol to facilitate and automate the SA setup and the exchange of keys between parties transferring data. Using keys ensures that only the sender and receiver of a message can acc e[...] 
- 
                            Página 195Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking D-7 202-10005-0 5, June 2005 VPN Process Overview Even though IPSec is standards-based, e ach vendo r has its own set of terms and procedures for implementing the standard. Because of these differences, it may be a good idea to review some of the terms and the generic pr[...] 
- 
                            Página 196Reference Manual for the ADSL Firewall Router DG834 D-8 Virtual Private Networking 202-10005-05, June 2005 It will also be importan t to know the subnet mask of both gateway LAN Connections. Use the worksheet in Ta b l e 7 - 1 on page 7-4 to gather the nec ess ary addr ess and subnet mask information to aid in the configuration and troubleshooting [...] 
- 
                            Página 197Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking D-9 202-10005-0 5, June 2005 Figure D-5: VPN T u nnel SA The SA contains all the information necessary for gateway A to negotiate a secure and encrypted communication stream with gateway B. This comm unicat ion is often referred to as a “tunnel.” The gateways contain[...] 
- 
                            Página 198Reference Manual for the ADSL Firewall Router DG834 D-10 Virtual Private Networking 202-10005-05, June 2005 2. IKE Phase I. a. The two parties negotia te the en cr yption and au thenti cation algorithms to use in the IKE SAs. b. The two parties authenticate each other us ing a predetermined mechanism, such as preshared keys or digital certificates.[...] 
- 
                            Página 199Reference Manual for the ADSL Firewall Router DG834 Virtual Private Networking D-11 202-10005-0 5, June 2005 VPNC IKE Phase II Parameters The IKE Phase 2 parameters used in Scenario 1 are: •T r i p l e D E S • SHA-1 • ESP tunnel mode • MODP grou p 1 • Perfect forward secrecy for rekeying • SA lifetime of 28800 seconds (one hour) T estin[...] 
- 
                            Página 200Reference Manual for the ADSL Firewall Router DG834 D-12 Virtual Private Networking 202-10005-05, June 2005 • [RFC 791] Internet Pr otocol DARP A Internet Pr ogram Pr otocol Specifi cation , Information Sciences Institute, US C, September 1981. • [RFC 1058] Routing Informa tion Pr otocol , C Hedrick, Rutgers University , June 1988. • [RFC 148[...] 
- 
                            Página 201NETGEAR VPN Configuration E-1 202-10005-0 5, June 2005 Appendix E NETGEAR VPN Configuration DG834 to FVL328 This appendix is a case study on how to configure a secure IPSec VPN tunnel from a NETGEAR DG834 to a FVL328. This case study follows the VPN Consor tium interoperability profile guidelines (fou nd at http://www .vpnc.or g/Inter opPr ofiles/I[...] 
- 
                            Página 202Reference Manual for the ADSL Firewall Router DG834 E-2 NETGEAR VPN Configuration 202-10005-05, June 2005 Figure E-1: Addressing and Subnet Used for Examples S tep-By-Step Configuration 1. Configure the DG834 as in the Gateway-to-Gatew ay procedures using the VPN W izard (see “How to Set Up a Gateway-to-Gateway VPN Configur ation“ on page 7-20 [...] 
- 
                            Página 203Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-3 202-10005-0 5, June 2005 Figure E-2: Viewing and editing the VPN para meters of the DG834 at gateway A toFVL 328 10.5.6.1 172.23.9 .1 toFVL328 22.23.24 .25 10 10 5 6 172 23 9 Click VPN Policies under Advanced - VPN to invoke this screen[...] 
- 
                            Página 204Reference Manual for the ADSL Firewall Router DG834 E-4 NETGEAR VPN Configuration 202-10005-05, June 2005 2. Configure the FVL328 as in the Gateway-to-Gatewa y procedures for the VPN W izard (see “How to Set Up a Gateway-to-Gateway VPN Configur ation“ on page 7-20 ), being certain to use appropriate network addresses for the environment. a. In [...] 
- 
                            Página 205Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-5 202-10005-0 5, June 2005 Figure E-3: Viewing and editing the VPN p ara meters of the FVL328 at gateway B toDG834 toDG834 toDG834 toDG834 toDG834 22.23.24.25 14.1 5.16.17 14.15.16.17 22.23.24.25 14.15.16.17 172.23.9.1 10.5.6.1 172 23 9 10 5 6 1 Click IKE Policies u nde[...] 
- 
                            Página 206Reference Manual for the ADSL Firewall Router DG834 E-6 NETGEAR VPN Configuration 202-10005-05, June 2005 3. T est the VPN tunnel by pinging the remote network from a PC attached to the DG834. a. Open the command prompt (S tart -> Run -> cmd) b. ping 172.23.9 .1 Figure E-4: ping 172.23.9.1 Note: The pings may fail the first time. If this happ[...] 
- 
                            Página 207Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-7 202-10005-0 5, June 2005 Figure E-5: Addressing and Subnet Used for Examples The Use of a Fully Qualified Domain Nam e (FQDN) Many ISPs (Internet Service Pr oviders) provide connectivity to their customers using dynamic instead of static IP addressing. This means that[...] 
- 
                            Página 208Reference Manual for the ADSL Firewall Router DG834 E-8 NETGEAR VPN Configuration 202-10005-05, June 2005 A Dynamic DNS (DDNS) service allows a user whose public IP address is dyna mically assigned to be located by a host or domain name. It pr ovides a central public database where information (such as email addresses, host names and IP addresses) [...] 
- 
                            Página 209Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-9 202-10005-0 5, June 2005 3. On the DG834, configure the Dynamic DNS settings. a. Browse to the Dynamic DNS Setup Screen (see Figure E-6 ) in the Advanced menu. Figure E-6: Dynamic DNS Setup Screen b. Configure this screen with appropriate ac count and hostname setting[...] 
- 
                            Página 210Reference Manual for the ADSL Firewall Router DG834 E-10 NETGEAR VPN Configuration 202-10005-05, June 2005 4. On the FVL328, configure th e Dynamic DNS settings. Assume a properly c onfigured DynDNS account. a. Browse to the Dynamic DNS Setup Screen (see Figure E-8 ) in the Advanced menu. Figure E-8: Dynamic DNS Setup Screen b. Select the DynDNS.or[...] 
- 
                            Página 211Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-11 202-10005-0 5, June 2005 Figure E-9: Dynamic DNS Setup Screen[...] 
- 
                            Página 212Reference Manual for the ADSL Firewall Router DG834 E-12 NETGEAR VPN Configuration 202-10005-05, June 2005 c. Click Show S tatus . The resulting screen should show Update OK: good (see Figure E-10 ). Figure E-10: S tat us Scre en 5. Configure the DG834 as in the Gateway-to-Gatew ay procedures using the VPN W izard (see “How to Set Up a Gateway-to[...] 
- 
                            Página 213Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-13 202-10005-0 5, June 2005 6. Configure the FVL328 as in the Gateway-to-Gatewa y procedures for the VPN W izard (see “How to Set Up a Gateway-to-Gateway VPN Configur ation“ on page 7-20 ), being certain to use appropriate network addresses for the environment. a. I[...] 
- 
                            Página 214Reference Manual for the ADSL Firewall Router DG834 E-14 NETGEAR VPN Configuration 202-10005-05, June 2005 Figure E-12: Addressing and subnet used for telecommuter example Setting Up the Client-to-Gateway VPN Configuration (T elecommuter Example) Setting up a VPN between a remote PC runn ing the NETGEAR ProSafe VPN Client and a network gateway invo[...] 
- 
                            Página 215Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-15 202-10005-0 5, June 2005 S tep 1: Configuring the Clien t-to-Gateway VPN T unnel on th e VPN Router at the Employer ’ s Main Office Follow this procedure to configure a client-to- gateway VPN tunnel by filling out the VPN Auto Policy screen. 1. Log in to the VPN ro[...] 
- 
                            Página 216Reference Manual for the ADSL Firewall Router DG834 E-16 NETGEAR VPN Configuration 202-10005-05, June 2005 Figure E-13: VPN Auto Policy screen Fully Qu a lified Doma in Name toDG834G .com (in this example) Fully Qu a lified Doma in Name from DG834G .com (in this example) fromDG834G (in the ex ample) Dynamic IP addr ess Subnet addr ess Single addr e[...] 
- 
                            Página 217Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-17 202-10005-0 5, June 2005 2. Click Apply when done to get the VPN Policies scre en. Figure E-14: VPN Policies screen T o view or modify the tunnel sett ings, select th e radio button next to the tunnel entry and click Edit . S tep 2: Configuring the NETGE AR ProSafe V[...] 
- 
                            Página 218Reference Manual for the ADSL Firewall Router DG834 E-18 NETGEAR VPN Configuration 202-10005-05, June 2005 b. If you do not have a mod em or dial-up adapter installed in yo ur PC, you ma y see the warning message stating “The NETGEAR ProSafe VPN Component requires at least one dial-up adapter be installed.” Y ou can disregard this message. c. I[...] 
- 
                            Página 219Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-19 202-10005-0 5, June 2005 Figure E-16: Security Policy Editor Connection s ettings c. Select Secur e in the Connection Security check box. d. Select IP Subnet in the ID T ype menu. e. In this example, type 192.168.0.1 in the Subnet field as the network address of the [...] 
- 
                            Página 220Reference Manual for the ADSL Firewall Router DG834 E-20 NETGEAR VPN Configuration 202-10005-05, June 2005 b. Click on the Security Policy subheading to show the Security Policy menu. Figure E-17: Security Po licy Editor security policy c. Select the Main Mode in the Select Phase 1 Negotiation Mode check box. 4. Configure the VPN Client Identity . [...] 
- 
                            Página 221Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-21 202-10005-0 5, June 2005 a. In the Network Security Policy list on the left side of the Securit y Policy Editor window , click My Identity . Figure E-18: Security Policy Editor my identity b. Choose None in the Select Certificate menu. c. Select Domain Name in the ID[...] 
- 
                            Página 222Reference Manual for the ADSL Firewall Router DG834 E-22 NETGEAR VPN Configuration 202-10005-05, June 2005 e. Click the Pre-Shar ed Key button. In the Pr e-Shared Key dialog box, click the Enter Key button. Enter the DG83 4's Pre-Shar ed Key and click OK . In this example, 1234 5678 is entered. This field is case sensitive. Figure E-19: Securi[...] 
- 
                            Página 223Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-23 202-10005-0 5, June 2005 b. Expand the Au thentication subheading by double clicking its name or clicking on the “+” symbol. Then select Propo sal 1 below Authentication . Figure E-20: Security Po licy Editor authentication c. In the Authentication Method menu, s[...] 
- 
                            Página 224Reference Manual for the ADSL Firewall Router DG834 E-24 NETGEAR VPN Configuration 202-10005-05, June 2005 a. Expand the Key Exchange subheading by double clickin g its name or c licking on the “+ ” symbol. Then select Propo sal 1 below Key Exchang e . Figure E-21: Security Po lic y Edito r key ex cha n ge b. In the SA Li fe menu, select Unspec[...] 
- 
                            Página 225Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-25 202-10005-0 5, June 2005 8. Check the VPN Connection . T o chec k the VPN Connection , you can initiate a request from the remote PC to the VPN router ’ s network by using th e Connect option in the DG834 ADSL router menu bar (see Figure E-22 ). Since the remote PC[...] 
- 
                            Página 226Reference Manual for the ADSL Firewall Router DG834 E-26 NETGEAR VPN Configuration 202-10005-05, June 2005 c. Ty p e ping -t 192.168. 0.1 , and then click OK . Figure E-23: Running a ping test to the LAN from the PC This will cause a continuous ping to be sent to the VPN router . After between several seconds and two minutes, the pi ng response sho[...] 
- 
                            Página 227Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-27 202-10005-0 5, June 2005 2. The Connection Monitor screen i s shown below: Figure E-25: Connection Monitor scre en While the connection is being established, the Connection Name field in this menu will show SA before the name of the connection. When the connection is[...] 
- 
                            Página 228Reference Manual for the ADSL Firewall Router DG834 E-28 NETGEAR VPN Configuration 202-10005-05, June 2005 V iewing the VPN Router ’ s VPN S t atus and Log Information T o view information on the status of the VPN client connection, open the VPN ro uter ’ s VPN S tatus scre en by following the steps below: 1. T o view this screen, click the Rou[...] 
- 
                            Página 229Reference Manual for the ADSL Firewall Router DG834 NETGEAR VPN Configuration E-29 202-10005-0 5, June 2005 2. T o view the VPN tunnels status, click the VPN S tatus link on the right side of the main menu. Current VPN T unnels (SAs) screen[...] 
- 
                            Página 230Reference Manual for the ADSL Firewall Router DG834 E-30 NETGEAR VPN Configuration 202-10005-05, June 2005[...] 
- 
                            Página 231Glossary 1 Glossary 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. 802.1 1b IEEE specification for wireless networking at 11 Mbps using direct-sequence spread-spectrum (DSSS) technol ogy and operating in the unlicensed radio spectru[...] 
- 
                            Página 232Reference Manual for the ADSL Firewall Router DG834 2 Glossary Cat 5 Category 5 unshield ed twisted pair (UTP) cab ling. An Ethernet network operating at 10 Mbits/second (10BASE-T) will o ften tolerate low quality cables, but at 100 Mbits/second (10BAS E-Tx) the cable must be rated as Category 5, or Cat 5 or Cat V , by the Electronic Industry Assoc[...] 
- 
                            Página 233Reference Manual for the ADSL Firewall Router DG834 Glossary 3 IP Address A four-byte number uniquely defining each host on the Internet. Ranges of addresses are assigned by Internic, an or ganization formed for thi s pu rpo se. Usually written in dotte d-d ecimal notation with periods separ ating the bytes (for example, 134 .177.244.57). IPSec Int[...] 
- 
                            Página 234Reference Manual for the ADSL Firewall Router DG834 4 Glossary Netmask A number that explains which p art of an IP add ress comprises the netw ork address and which part is the host address on that network. It can be expressed in dotted-decimal notat ion or as a number appended to the IP address. For example, a 28-bit mask st arting from the MSB ca[...] 
- 
                            Página 235Reference Manual for the ADSL Firewall Router DG834 Glossary 5 router A device that for wards data between n etworks. An IP rout er forwards data based on IP source and destination addresses. Routing Information Protocol A protocol in which routers periodically exchange in formation with one another so that they can determine minimum distance paths[...] 
- 
                            Página 236Reference Manual for the ADSL Firewall Router DG834 6 Glossary Windows Internet Naming Service WINS. W indows Internet Naming Servi ce is a server process for resolving W indows-based computer names to IP addresses. If a remote network contains a WINS server , your W indows PCs can gather i nformation from that WINS server about its local hosts. Th[...] 

