Netgear FVS318Gv2 – ProSAFE VPN Firewall Series 用户手册
Configure VPN Tunnels
39
NETGEAR ProSAFE VPN Client
This computer (the client) appears in the LAN with this IP address. You can also enter
another LAN IP address or even 0.0.0.0 as the IP address.
another LAN IP address or even 0.0.0.0 as the IP address.
Both the local IP address of your computer and the remote LAN address can be part of
the same subnet. To enable such a configuration, select the Automatically open this
tunnel on traffic detection check box on the Advanced IPSec pane (see
the same subnet. To enable such a configuration, select the Automatically open this
tunnel on traffic detection check box on the Advanced IPSec pane (see
45). When the VPN tunnel is opened in this
configuration, all traffic with the remote LAN is allowed but communication with the local
network becomes impossible.
network becomes impossible.
Note:
If Mode Config is enabled and the remote VPN gateway issued an IP
address to the VPN Client, the IP address is displayed in the VPN
Client address field.
address to the VPN Client, the IP address is displayed in the VPN
Client address field.
6.
In the Address Type menu, select the remote endpoint’s type of address:
•
Single address. The remote endpoint is a single computer. Specify the remote host
address and the subnet mask.
address and the subnet mask.
•
Subnet address. The remote endpoint is a LAN. Specify the remote LAN address
and the subnet mask.
and the subnet mask.
•
To force all traffic from the computer to pass through the VPN tunnel, select Subnet
address, and enter 0.0.0.0 as the subnet mask.
address, and enter 0.0.0.0 as the subnet mask.
•
Range address. The remote endpoint is a LAN that consists of a range of addresses.
Specify the start and end addresses.
Specify the start and end addresses.
Depending on your selection, the pane adjusts to display the associated address fields:
Note:
When you select Range address and the Automatically open this
tunnel on traffic detection check box on the Advanced IPSec pane
(see
tunnel on traffic detection check box on the Advanced IPSec pane
(see
automatically opens when traffic is detected for a specific range of IP
addresses. However, this range of IP addresses must be specified in
the configuration of VPN gateway.
addresses. However, this range of IP addresses must be specified in
the configuration of VPN gateway.
7.
In the Remote LAN address field, enter the remote IP address, or LAN network address, of
the VPN gateway.
the VPN gateway.
8.
In the Subnet Mask field, enter the subnet mask of the gateway.
9.
In the Encryption menu, select the encryption algorithm.
For a NETGEAR router, select 3DES.
10.
In the Authentication menu, select an authentication method.
For a NETGEAR router, select SHA1.
11.
Select the IPSec encapsulation mode:
•
Tunnel. The mode that is commonly used when either end of a security association
(SA) is a security gateway or when both ends of an SA are security gateways that
function as proxies for the hosts behind them. Tunnel mode encrypts both the payload
and the entire header (UDP/TCP and IP). This is the default setting.
(SA) is a security gateway or when both ends of an SA are security gateways that
function as proxies for the hosts behind them. Tunnel mode encrypts both the payload
and the entire header (UDP/TCP and IP). This is the default setting.