N600 Wireless Dual Band
Gigabit ADSL2+ Modem
Router DGND3700
User Manual
350 East Plumeria Drive
San Jose, CA 95134
USA
June 2011
202-10642-02
v1.0
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
© 2011 NETGEAR, Inc. All rights reserved
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language in any form or by any means without the written permission of NETGEAR, Inc.
Technical Support
Thank you for choosing NETGEAR. To register your product, get the latest product updates, get support online, or
for more information about the topics covered in this manual, visit the Support website at
http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR
Phone (Other Countries): Check the list of phone numbers at
http://support.netgear.com/app/answers/detail/a_id/984.
Trademarks
NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of
NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change
without notice. Other brand and product names are registered trademarks or trademarks of their respective
holders. © 2011 NETGEAR, Inc. All rights reserved.
Statement of Conditions
To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes
to the products described in this document without notice. NETGEAR does not assume any liability that may occur
due to the use, or application of, the product(s) or circuit layout(s) described herein.
2
Contents
Chapter 1 Hardware Setup
Chapter 2 Router Internet Setup
Unpack Your New Router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Hardware Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Back Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Position Your Wireless Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
ADSL Microfilters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
One-Line ADSL Microfilter (Not Included) . . . . . . . . . . . . . . . . . . . . . . .18
Two-Line ADSL Microfilter (Included). . . . . . . . . . . . . . . . . . . . . . . . . . .19
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Cable Your N600 Wireless Modem Router . . . . . . . . . . . . . . . . . . . . . . . .20
Verify the Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Router Setup Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Use Standard TCP/IP Properties for DHCP . . . . . . . . . . . . . . . . . . . . . .23
Replace an Existing Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Adapters and Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Gather ISP Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Log In to the N600 Modem Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Upgrade Router Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Router Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Manual Setup (Basic Settings) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
ADSL Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Unsuccessful Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Change Password and Login Time-Out . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Log Out Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Types of Logins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Chapter 3 Wireless Settings
Wireless Security Requirements and Recommendations . . . . . . . . . . . . .37
Wireless Security Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Turn Off Wireless Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Disable SSID Broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Restrict Access by MAC Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Wireless Security Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
3
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Add Clients (Devices) to Your Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Manual Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Wi-Fi Protected Setup (WPS) Method . . . . . . . . . . . . . . . . . . . . . . . . . .40
Wireless Settings Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Consider Every Device on Your Network . . . . . . . . . . . . . . . . . . . . . . . . 42
Configure Wireless Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Chapter 4 Security Settings
Keyword Blocking of HTTP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Delete a Keyword or Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Specify a Trusted Computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Firewall Rules to Control Network Access . . . . . . . . . . . . . . . . . . . . . . . . .50
Remote Computer Access Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Port Triggering to Open Incoming Ports. . . . . . . . . . . . . . . . . . . . . . . . . 51
Port Forwarding to Permit External Host Communications . . . . . . . . . . 53
How Port Forwarding Differs from Port Triggering . . . . . . . . . . . . . . . . .53
Configure Port Forwarding to Local Servers . . . . . . . . . . . . . . . . . . . . .54
Configure Port Triggering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Configure Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Set the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Schedule Firewall Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Enable Security Event Email Notification . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Log the Network Activity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Chapter 5 Network Maintenance
Upgrade the Router Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Automatic Firmware Checking Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Automatic Firmware Checking On . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Manually Check for Firmware Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Manage Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Back Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Restore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
View Router Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Show Statistics Button . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
Connection Status Button. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
View Attached Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Run Diagnostic Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
Chapter 6 USB Storage
USB Drive Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
File-Sharing Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Share Photos with Friends and Family. . . . . . . . . . . . . . . . . . . . . . . . . .76
Store Files in a Central Location for Printing . . . . . . . . . . . . . . . . . . . . . 76
Share Large Files with Colleagues. . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
USB Storage Basic Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
4
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Edit a Network Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Configure USB Storage Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . 80
Create a Network Folder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Unmount a USB Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Specify Approved USB Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Connect to the USB Drive from a Remote Computer. . . . . . . . . . . . . . . . .83
Locate the Internet Port IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Access the Router’s USB Drive Remotely Using FTP . . . . . . . . . . . . . .83
Connect to the USB Drive with Microsoft Network Settings . . . . . . . . . . . .83
Enable File and Printer Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Set Up a Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Chapter 7 Virtual Private Networking
Overview of VPN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Client-to-Gateway VPN Tunnels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Gateway-to-Gateway VPN Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Plan a VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
VPN Tunnel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Set Up a Client-to-Gateway VPN Configuration . . . . . . . . . . . . . . . . . . . . . 90
Step 1: Configure the Client-to-Gateway VPN Tunnel . . . . . . . . . . . . . .90
Step 2: Configure the NETGEAR ProSafe VPN Client. . . . . . . . . . . . . .93
Set Up a Gateway-to-Gateway VPN Configuration . . . . . . . . . . . . . . . . . 101
VPN Tunnel Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Activate a VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Verify the Status of a VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Deactivate a VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Delete a VPN Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Set Up VPN Tunnels in Special Circumstances . . . . . . . . . . . . . . . . . . . . 111
Use Auto Policy to Configure VPN Tunnels . . . . . . . . . . . . . . . . . . . . .112
Use Manual Policy to Configure VPN Tunnels . . . . . . . . . . . . . . . . . . .119
Chapter 8 Advanced Settings
WAN Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
WAN Preference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Disable Port Scan and DOS Protection . . . . . . . . . . . . . . . . . . . . . . . .123
Default DMZ Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Respond to Ping on Internet Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
MTU Size (in bytes) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
NAT Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
Disable SIP ALG. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Dynamic DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
LAN Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Set Up Quality of Service (QoS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128
Configure QoS for Internet Access. . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Advanced Wireless Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Wireless Advanced Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
WPS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
5
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Building Wireless Bridging and Repeating Networks . . . . . . . . . . . . . . . . 132
Point-to-Point Bridge Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Multi-Point Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Repeater with Wireless Client Association. . . . . . . . . . . . . . . . . . . . . . 136
Remote Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Static Route Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Configure Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Universal Plug and Play . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Advanced USB Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Traffic Meter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Chapter 9 Troubleshooting
Router Not On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Power LED Is Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146
Power LED Is Red . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
LAN LED Is Off. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Wireless LEDs Are Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
DSL or Internet LED Is Off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
No ISP Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
ADSL Link. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Internet LED Is Red . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Cannot Obtain an Internet IP Address . . . . . . . . . . . . . . . . . . . . . . . . . 149
Debug PPPoE or PPPoA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Cannot Load an Internet Web Page. . . . . . . . . . . . . . . . . . . . . . . . . . . 150
TCP/IP Network Not Responding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Test the LAN Path to Your Wireless Modem Router . . . . . . . . . . . . . . 151
Test the Path from Your Computer to a Remote Device . . . . . . . . . . . 152
Cannot Log In. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Changes Not Saved . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Firmware Needs to Be Reloaded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Incorrect Date or Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Appendix A Supplemental Information
Factory Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
Technical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Appendix B NETGEAR VPN Configuration
Configuration Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Step-by-Step Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Wireless Modem Router with FQDN to Gateway B . . . . . . . . . . . . . . . . . 162
Configuration Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Step-by-Step Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Configuration Summary (Telecommuter Example) . . . . . . . . . . . . . . . . .166
Set Up Client-to-Gateway VPN (Telecommuter Example). . . . . . . . . . . . 167
Step 1: Configure Gateway A (VPN Router at Main Office) . . . . . . . . . 168
6
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Step 2: Configure Gateway B (VPN Router at Regional Office). . . . . .169
Monitoring the VPN Tunnel (Telecommuter Example) . . . . . . . . . . . . . . . 175
View the VPN Router’s VPN Status and Log Information. . . . . . . . . . .176
Appendix C Notification of Compliance
Index
7
1. Hardware Setup
Getting to know your wireless router
1
The NETGEAR N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 is the
Ultimate Integrated ADSL Networking Gateway. It offers concurrent dual-band technology that
allows devices to avoid interference and also ensures top speeds and the greatest range for
demanding applications, such as streaming HD video and multiplayer gaming. Complete with a
built-in ADSL modem, it is compatible with all major ADSL Internet service providers. The
Gigabit port on the WAN side also has an option to connect to a fiber/cable modem.
• All-in-one. Built-in ADSL2+ modem and WAN Gigabit Ethernet port for cable/fiber
combined with a wireless router create the ultimate integrated home gateway.
• Concurrent dual band. Ensures top speeds and the greatest range while minimizing
interference.
• Faster multimedia streaming. Provides Wireless-N speed for streaming HD videos,
simultaneous downloads, and online gaming in addition to basic Internet applications.
• Shared storage. Two (2) ports for ReadySHARE® USB storage access provide fast and
easy shared access to an external USB storage device.
• Live Parental Controls. Keep your Internet experience safe.
• Guest network access. Provides separate security and access restrictions for guests
using the network.
• Secured connection. Push 'N' Connect ensures a quick and secure network connection.
• Broadband usage meter. Monitors Internet traffic and sends customized reports to help
keep costs under control.
• Easy installation. Connect to PC and open your browser to install.
• Compatibility. Compatible with all major ADSL Internet service providers (ISPs).
• Broadband usage meter. Monitors Internet traffic and sends customized reports to help
keep costs under control.
Product specifications
Package Contents
• N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
• Ethernet cable
• Phone cable and filter
• Power adapter, localized to country of sale
8
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Warranty
• NETGEAR 1-year warranty
System Requirements
• Broadband Internet service
- ADSL broadband Internet service
- Cable or fiber: Connects to cable modem or fiber termination node through the
Gigabit Ethernet WAN port
• 802.11 a/b/g/n 2.4 or 5.0 GHz specification wireless adapter or an Ethernet adapter and
cable for each computer
• Microsoft Windows 7, Vista, XP, 2000, Me, Mac OS, UNIX, or Linux
• Microsoft Internet Explorer 5.0, Firefox 2.0, Safari 1.4, or later
• Use with an N600 Wireless Dual Band USB Adapter (WNDA3100 for maximum
performance)
Standards
• IEEE 802.11 b/g/n 2.4 GHz
• IEEE 802.11 a/n 5.0 GHz
• Five (5) 10/100/1000 (1 WAN and 4 LAN) Gigabit Ethernet ports
• Two (2) USB 2.0 ports
• One (1) ADSL2+ port
Performance
• All-in-one. High-speed ADSL2+ modem (built-in) and WAN Gigabit Ethernet port for
cable/fiber
• Powerful dual-core (400 MHz each) processor
• High-speed access to external USB storage using two USB 2.0 ports
• Memory: 128 MB flash and 128 MB RAM
• Five (5) (1 WAN, 4 LAN) Gigabit Ethernet ports
• Advanced Quality of Service (QoS)
Security
• Wi-Fi Protected Access® (WPA/WPA2—PSK) and WEP
• Double firewall protection (SPI and NAT firewall)
• Denial-of-service (DoS) attack prevention
Ease of Use
• Easy installation. Connect to PC and open your browser to install
• Push 'N' Connect using Wi-Fi Protected Setup® (WPS)
Physical Specifications
• Dimensions: 223 x 153 x 31 mm (8.8 x 6.0 x 1.2 in)
Hardware Setup
9
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
• Weight: 0.5 kg (1.2 lb)
Advanced Features
• Live Parental Controls with flexible and customizable filter settings.
• Simultaneous dual band. 2.4 GHz and 5 GHz operation.
• Two (2) ports for ReadySHARE® USB storage access. Supports FAT16/32, NTFS
Read/Write.
• DLNA®. Stream media to DLNA media players.
• Multiple SSID guest networks (separate security and access restrictions).
• Broadband usage meter measures Internet usage.
• Power and Wi-Fi On/Off buttons.
NETGEAR Green Features
Power On/Off button
80% recycled packaging
CEC (California Efficiency)
RoHS
WEEE
If you have not already set up your new router using the installation guide that comes in the box,
this chapter walks you through the hardware setup. Chapter 2, Router Internet Setup, explains
how to set up your Internet connection.
This chapter contains the following sections:
• Unpack Your New Router
• Hardware Features
• Position Your Wireless Router
• ADSL Microfilters
• Cable Your N600 Wireless Modem Router
• Verify the Cabling
• For More Information
Hardware Setup
10
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Unpack Your New Router
Your box should contain the following items:
• N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
• AC power adapter (plug varies by region)
• Category 5 (Cat 5) Ethernet cable
• Telephone cable with RJ-11 connector
• Microfilters and splitters (quantity and type vary by region)
• Installation guide with cabling and router setup instructions
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep
the carton, including the original packing materials, in case you need to return the product for
repair. See Position Your Wireless Router on page 17 for information about where to place
and how to position your router.
N600 Wireless Modem Router
Figure 1. Box contents
Phone cable
Line
ADSL
Phone
ADSL filter
Ethernet cable
Power adapter
Hardware Setup
11
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Hardware Features
Before you cable your router, take a moment to become familiar with the label and the front
and back panels. Pay particular attention to the LEDs on the front panel.
Label
The label on the bottom of the wireless modem router shows the router’s Restore Factory
Settings button, WPS security PIN, MAC address, and serial number.
Restore Factory Settings
Figure 2. Label on router bottom
WPS Security PIN
Serial number
MAC address
See Factory Settings on page 156 for information about the Restore Factory Settings button
and the factory setting values.
Hardware Setup
12
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Back Panel
The back panel has the Power On/Off button and port connections shown in the figure:
1. ADSL line
2. Gigabit port for connecting to external cable/fiber modem
3. Gigabit Ethernet ports
4. USB port
5. Power On/Off button
6. AC power adapter input
Figure 3. Back panel port connections
Viewed from left to right, the rear panel contains the following elements:
1. RJ-11 asynchronous DSL (ADSL) port for connecting the wireless modem router to an
ADSL line
Note: An ADSL port is capable of sending data over an ADSL line at one
speed and receiving it at another speed.
2. Ethernet WAN port for connecting the wireless modem router to a fiber/cable modem
Note: You can use either the ADSL or Gigabit Ethernet port for WAN
connectivity.
3. Four Ethernet RJ-45 LAN ports for cabling the wireless modem router to the local computers
Hardware Setup
13
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
4. USB port for connecting USB storage devices like flash drives or hard drives
5. Power On/Off button
6. AC power adapter input
Front Panel
The wireless modem router front panel has the 10 status LEDs, icons, and ports shown in the
figure. Note that the Wireless and WPS icons are buttons.
WPS On/Off button
Wireless On/Off button
USB port
Internet
DSL
5 GHZ wireless
2.4 GHz wireless
USB
LAN ports
Power
Figure 4. Front panel LEDs
The following tables describe the LEDs, icons, and buttons on the front panel from top to
bottom.
Table 1. WPS button and LED
Icon LED Activity Description
Solid green Indicates that wireless security has been enabled.
Blinking green WPS-capable device is connecting to the device.
Off WPS is not enabled. For information about the use of this button, see Wi-Fi
Protected Setup (WPS) Method on page 40.
Hardware Setup
14
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Table 2. Wireless button
Icon Description
For information about the use of this button, see Turn Off Wireless Connectivity on page 38.
Table 3. USB port
Icon Description
USB port for connecting USB storage devices like flash drives or hard drives.
Table 4. Internet LED
Icon LED Activity Description
Solid green You have an Internet connection. If this connection is dropped due to an
idle time-out but the connection is still present, the light stays green. If the
Internet connection is dropped for any other reason, the light turns off.
Solid red The Internet (IP) connection failed. See No ISP Connection on page 148
for troubleshooting information.
Blinking green Data is being transmitted over the Internet connection.
Off No Internet connection is detected or the device is in bridge mode (an
external device handles the ISP connection).
Table 5. DSL LED
Icon LED Activity Description
Solid green You have an ADSL connection. In technical terms, the ADSL port is
synchronized with an ISP’s network-access device.
Blinking green Indicates that the wireless modem router is negotiating the best possible
speed on the ADSL line.
Off The unit is off or there is no IP connection.
Hardware Setup
15
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Table 6. 5 GHz Wireless LED
Icon LED Activity Description
Solid blue There is wireless connectivity.
Blinking blue Data is being transmitted or received over the 5 GHz wireless link.
Off There is no wireless connectivity. You can still plug an Ethernet cable into
one of the LAN ports to get wired connectivity.
Table 7. 2.4 GHz Wireless LED
Icon LED Activity Description
Solid green There is wireless connectivity.
Blinking green Data is being transmitted or received over the 2.4 GHz wireless link.
Off There is no wireless connectivity. You can still plug an Ethernet cable into
one of the LAN ports to get wired connectivity.
Table 8. USB LED
Icon LED Activity Description
Solid green A USB port has detected a USB device.
Blinking green Data is being transmitted or received.
Off No link is detected on these ports.
Table 9. LAN LED
Icon LED Activity Description
Solid green A LAN port has detected an Ethernet link with a device.
Blinking green Data is being transmitted or received.
Off No link is detected on these ports.
Hardware Setup
16
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Table 10. Power On/Off LED
Icon LED Activity Description
Solid green Power is supplied to the router.
Solid red POST (power-on self-test) failure or a device malfunction has occurred.
Off Power is not supplied to the router.
Restore Factory
Settings
Light blinks momentarily when the Restore Factory Settings button on the
bottom of the unit is pressed for 6 seconds. The Power LED then blinks red
three times when the Restore Factory Settings button is released and then
turns green as the gateway resets to the factory defaults.
Position Your Wireless Router
The wireless modem router lets you access your network from virtually anywhere within the
operating range of your wireless network. However, the operating distance or range of your
wireless connection can vary significantly depending on the physical placement of your
router. For example, the thickness and number of walls the wireless signal passes through
can limit the range. For best results, place your router:
• Near the center of the area where your computers and other devices operate, and
preferably within line of sight to your wireless devices.
• So it is accessible to an AC power outlet and near Ethernet cables for wired computers.
• In an elevated location such as a high shelf, keeping the number of walls and ceilings
between the wireless modem router and your other devices to a minimum.
• Away from electrical devices that are potential sources of interference, such as ceiling
fans, home security systems, microwaves, PCs, or the base of a cordless phone or 2.4
GHz cordless phone.
• Away from any large metal surfaces, such as a solid metal door or aluminum studs. Large
expanses of other materials such as glass, insulated walls, fish tanks, mirrors, brick, and
concrete can also affect your wireless signal.
Note: The DGND3700 should be put in a vertical position only.
Also be aware that when you use multiple access points, it is better if adjacent access points
use different radio frequency channels to reduce interference. The recommended channel
spacing between adjacent access points is five channels (for example, use Channels 1 and
6, or 6 and 11).
Hardware Setup
17
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
ADSL Microfilters
If this is the first time you have cabled a wireless router between an ADSL phone line and
your computer or laptop, you might not be familiar with ADSL microfilters. If you are, you can
skip this section and proceed to Cable Your N600 Wireless Modem Router on page 20.
An ADSL microfilter is a small in-line device that filters ADSL interference out of standard
phone equipment that shares the same line with your ADSL service. Every telephone device
that connects to a telephone line that provides ADSL service needs an ADSL microfilter to
filter out the ADSL interference. Example devices are telephones, fax machines, answering
machines, and caller ID displays. Note that not every phone line in your home necessarily
carries ADSL service. That depends on the ADSL service setup in your home.
Note: Often the ADSL microfilter is included in the box with the wireless
modem router. If you purchased the wireless modem router in a
country where a microfilter is not included, you have to acquire the
ADSL microfilter separately.
One-Line ADSL Microfilter (Not Included)
Plug the ADSL microfilter into the wall outlet and plug your phone equipment into the jack
labeled Phone. The wireless modem router plugs directly into a separate ADSL line. Plugging
the wireless modem router into the phone jack blocks the Internet connection. If you do not
have a separate ADSL line for the router, the best thing to do is to use an ADSL microfilter
with a built-in splitter.
Plugs into ADSL line
Figure 5. One-line ADSL microfilter
Second best when you do not have a separate ADSL line for the router is to get a separate
splitter. To use a one-line filter with a separate splitter, insert the splitter into the phone outlet,
connect the one-line filter to the splitter, and connect the phone to the filter.
Hardware Setup
18
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Two-Line ADSL Microfilter (Included)
Use an ADSL microfilter with a built-in splitter when there is a single wall outlet that provides
connectivity for both the wireless modem router and your telephone equipment. Plug the
ADSL microfilter into the wall outlet, plug your phone equipment into the jack labeled Phone,
and plug the wireless modem router into the jack labeled ADSL.
Plugs into the ADSL line
Figure 6. Two-line ADSL microfilter with built-in splitter
Summary
• One-line ADSL microfilter (not included). Use with a phone or fax machine.
• Splitter (not included). Use with a one-line ADSL microfilter to share an outlet with a
phone and the wireless modem router.
• Two-line ADSL microfilter with built-in splitter (included). Use to share an outlet with a
phone and the wireless modem router.
Hardware Setup
19
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Cable Your N600 Wireless Modem Router
WARNING!
DO not stack equipment, or place equipment in tight spaces, or in
drawers. Be sure your equipment is surrounded by at least
2 inches of air space. The unit should not be wall mounted.
The installation guide that came in the box has a cabling diagram on the first page.
Connect to ADSL
if connecting directly
to a DSL line.
Line
Phone
Internet
Note: Add an ADSL filter for every
telephone on the same phone line
as your wireless modem router.
ADSL
Step 1:
Connect to Internet with ADSL or Ethernet WAN.
Internet
Connect to Ethernet WAN
if connecting to a
fiber/cable modem.
Fiber/Cable modem
Figure 7. Cabling diagram
CAUTION:
Phone cable
Ethernet cable
Power On/Off
N600 Wireless Modem Router
Note: Keep the DGND3700
N600 Wireless Modem Router
in a vertical position.
Step 3:
Power on your router.
Wait until the 2.4 GHz
Wireless LED turns solid
green.
Step 2:
Cable your computer.
Ethernet cable
(not included)
Power adapter
Laptop or desktop
computer
2.4 GHz
Wireless LED
N600 Wireless Modem Router
Incorrectly connecting a filter to your wireless modem router blocks your
ADSL connection.
Verify the Cabling
Verify that your router is cabled correctly by checking the wireless modem router LEDs. Turn
on the wireless router by pressing the Power On/Off button on the back.
• The Power LED is green when the modem router is turned on.
•
•
The LAN port is green when a PC is cabled to the router by an Ethernet cable.
The Wireless LEDs are lit when the modem router is turned on.
Hardware Setup
20
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
• The DSL LED is green when you have an ADSL connection.
•
The Internet LED is red when there is no Internet connection.
Turn on your computer. If software usually logs you in to your Internet connection, do not run
that software. Cancel it if it starts automatically.
For More Information
For more information about the topics covered in this manual, visit the support website at
http://support.netgear.com.
Hardware Setup
21
2. Router Internet Setup
Connecting to the network
2
This chapter explains how to set up your Internet connection using one of two methods: Setup
Wizard or manual setup. If you have already set up your router using one of these methods, the
initial router setup is complete. Refer to this chapter if you want to become familiar with the
router menus, view or adjust the initial settings, or change the router password and login
time-out.
This chapter contains the following sections:
• Router Setup Preparation
• Log In to the N600 Modem Router
• Upgrade Router Firmware
• Router Interface
• Setup Wizard
• Manual Setup (Basic Settings)
• ADSL Settings
• Unsuccessful Internet Connection
• Change Password and Login Time-Out
• Log Out Manually
• Types of Logins
22
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Router Setup Preparation
You can set up your wireless modem router with the Setup Wizard as described in Setup
Wizard on page 27 or manually as described in Manual Setup (Basic Settings) on page 28.
However, before you start the setup process, you need to have your ISP information on hand
and make sure the laptops, PCs, and other devices in the network have the settings
described here.
Note: If you have a Macintosh or Linux system, you have to use the
manual setup method.
Use Standard TCP/IP Properties for DHCP
If you configured your computer to use a static IP address, you need to change the settings
back so that it uses Dynamic Host Configuration Protocol (DHCP). See
Supplemental Information for more information.
Appendix A,
Replace an Existing Router
To replace an existing router, disconnect it completely from your network and set it aside
before starting the router setup.
Adapters and Security Settings
A wireless adapter is the wireless radio in your PC or laptop that lets the PC or laptop
connect to a wireless network. Most PCs and laptops come with an adapter already installed,
but if it is outdated or slow, you can purchase a USB adapter to plug into a USB port.
Make sure the wireless adapter in each computer in your wireless network supports the same
security settings as the wireless modem router. See
Recommendations on page 37 for information about the router’s security settings.
Note: If you connect devices to your modem router using WPS as
described in
those devices assume the security settings of the router.
Wi-Fi Protected Setup (WPS) Method on page 40,
Wireless Security Requirements and
Gather ISP Information
You need the following information to set up your wireless modem router and to check that
your Internet configuration is correct. Your Internet service provider (ISP) should have
provided you with all of the information needed to connect to the Internet. If you cannot locate
Router Internet Setup
23
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
this information, ask your ISP to provide it. When your Internet connection is working, you no
longer need to launch the ISP’s login program on your computer to access the Internet. When
you start an Internet application, your wireless modem router automatically logs you in.
• Active Internet service provided by an ADSL account
• The ISP configuration information for your ADSL account
- ISP login name and password
- ISP Domain Name Server (DNS) addresses
- Fixed or static IP address
- Host and domain names
- Depending on how your ISP set up your Internet account, you could need to know
one or more of these settings for a manual setup:
- Virtual path identifier (VPI) and virtual channel identifier (VCI) parameters
- Multiplexing method
- Host and domain names
Log In to the N600 Modem Router
Log in to the wireless modem router to view or change settings or to set up the wireless
modem router.
To log in:
1. Type http://192.168.0.1 in the address field of your browser and press Enter to display
the login window. You can also enter either of these addresses to access the wireless
modem router: http://www.routerlogin.net or http://www.routerlogin.com.
Figure 8. Log in with user name and password
2. When prompted, enter admin for the router user name and password for the router
password, both in lowercase letters, and click OK.
Router Internet Setup
24
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Note: The router user name and password are probably different from the
user name and password for logging in to your Internet connection.
See Types of Logins on page 34 for more information.
The router screens display, where you can do things like changing settings or adding
other devices to your network. For a brief description of the available functionality, see
Router Interface on page 26. For information about adding devices to your network, see
Wi-Fi Protected Setup (WPS) Method on page 40.
If you do not see the login prompt:
1. Check the LEDs on the router front panel to make sure that the modem router is
plugged into an electrical outlet, its power is on, and the Ethernet cable between your
computer and the router is connected to a LAN port.
2. If you connected the Ethernet cable and quickly launched your browser and typed in the
router URL, your computer might need a minute or two to recognize the LAN connection.
Relaunch your browser and try again.
3. If you are having trouble accessing the router wirelessly, NETGEAR recommends that
during setup you use an Ethernet cable to connect your computer so that you can log in to
the wireless modem router.
Note: If you cannot connect to the wireless router, check the Internet
Protocol (TCP/IP) properties in the Network Connections section of
your PC Control Panel. They should be set to obtain both IP and
DNS server addresses automatically.
Upgrade Router Firmware
When you log in and if you are connected to the Internet, the Firmware Upgrade Assistant
screen displays so you can upgrade to the latest available firmware. For more information
about upgrading firmware, see
To upgrade the firmware:
1. Click Yes to check for new firmware (recommended). The modem router checks the
NETGEAR database for new firmware.
2. If no new firmware is available, click No to exit. You can check for new firmware later.
Chapter 5, Network Maintenance.
3. If new firmware is available, click Yes to upgrade the router with the latest firmware. After the
upgrade, the router restarts.
Router Internet Setup
25
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
CAUTION:
Do not try to go online, turn off the router, shut down the computer, or do
anything else to the router until the router finishes restarting.
You cannot upgrade firmware until you have established your Internet connection as
described in Setup Wizard on page 27.
Router Interface
The router interface gives you access to the router’s current settings so you can view or
change them (if needed). The left column has the router menus, and the right column
provides online help. The middle column is the screen for the current menu option.
Figure 9. Router interface
Setup Wizard
Specify the language and location, and automatically detect the Internet connection. See
Setup Wizard on page 27.
Add WPS Client
Add WPS-compatible wireless devices and other equipment to your wireless network. See
Add Clients (Devices) to Your Network on page 40.
Router Internet Setup
26
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Setup Menu
Set, upgrade, and check the ISP and wireless network settings of your router. See Manual
Setup (Basic Settings) on page 28 and ADSL Settings on page 32. See also Chapter 3,
Wireless Settings, for information about preset and basic security settings.
USB Storage Menu
Add removable storage to your network. See Chapter 6, USB Storage.
Content Filtering Menu
View and configure the router firewall settings to prevent objectionable content from reaching
your PCs. See
Chapter 4, Security Settings.
Maintenance Menu
Administer and maintain your router and network. See Chapter 5, Network Maintenance.
Advanced Menu
Set the router up for unique situations such as when remote access by IP or by domain name
from the Internet is needed. See
solid understanding of networking concepts.
Chapter 8, Advanced Settings. Using this menu requires a
Advanced – VPN Menu
Set up secure encrypted communications. See Chapter 7, Virtual Private Networking. Using
this menu requires a solid understanding of networking concepts.
Web Support
Go to the NETGEAR support site to get information, help, and product documentation. These
links work once you have an Internet connection.
Setup Wizard
You have to log in to the modem router to set the country, language, and Internet connection.
Router Internet Setup
27
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
To use the Setup Wizard:
1. Select Setup Wizard from the top of the router menus to display the following screen:
Figure 10. Country and language settings in Setup Wizard
2. Select your country and language:
• Country. It is important to specify the location where the wireless modem router
operates so that the Internet connection works correctly. The default is UK.
• Language. The default is English. You can select another language if you prefer.
3. Select either Yes or No, I want to configure the Router myself. If you select No, proceed
to Manual Setup (Basic Settings) on page 28.
4. If you selected Yes, click Next.
With automatic Internet detection, the Setup Wizard searches your Internet connection
for servers and protocols to determine your ISP configuration.
Note: The Setup Wizard cannot detect a Point-to-Point Tunneling Protocol
(PPTP) connection. If your ISP uses PPTP, you have to set your
Internet connection through the screen described in Manual Setup
(Basic Settings) on page 28.
Manual Setup (Basic Settings)
The Basic Settings screen displays when you select No. I want to configure the Router myself
in the Setup Wizard and is also available from the router menus. It is where you view or
change ISP information. The fields that display vary depending on whether or not your
Internet connection requires a login.
Note: Check that the country and language are set as described Setup
Wizard on page 27 before proceeding with the manual setup.
Router Internet Setup
28
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
To set up the basic settings manually:
1. Select Set Up > Basic Settings and select Yes or No depending on whether or not
your ISP requires a login.
Figure 11, Basic Settings screen without (left) and with (right)
login shows both forms of the Basic Settings screen.
• Yes. Select the encapsulation method and enter the login name. If you want to
change the login time-out, enter a new value in minutes.
• No. Enter the account and domain names, as needed.
2. Enter the settings for the IP address and DNS server. The default ADSL settings usually
work fine. If you have problems with your connection, check the ADSL settings and see
ADSL Settings on page 32 for more information.
3. If no login is required, you can specify the MAC Address setting.
4. Click Apply to save your settings.
5. Click Test to test your Internet connection. If the NETGEAR website does not appear within
1 minute, and see
Troubleshooting on page 145.
Router Internet Setup
29
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
ISP does not require login
ISP does require login
Figure 11. Basic Settings screen without (left) and with (right) login
The following table explains all of the possible fields in the Basic Settings screen. Note that
which fields appear in this screen depends on whether or not a login is required.
Table 11. Basic Settings Screen Description
Settings Description
Does Your ISP Require a Login? • Yes
These fields
display only if
no login is
required.
Account Name
(If required)
Domain Name
(If required)
• No
Enter the account name provided by your ISP. This might also be
called the host name.
Enter the domain name provided by your ISP.
Router Internet Setup
30
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Table 11. Basic Settings Screen Description
Settings Description
These fields
display only if
your ISP
requires a
login.
Internet IP
Address
Domain Name Server (DNS) Address The DNS server is used to look up site addresses based on their
Encapsulation Encapsulation is a method for enclosing multiple protocols. PPP
stands for Point-to-Point Protocol. The choices are:
• PPPoE (PPP over Ethernet)
• PPPoA (PPP over ATM)
Login The login name provided by your ISP. This is often an email address.
Password The password that you use to log in to your ISP.
Idle Timeout (In
minutes)
This field displays only
if no login is required.
If you want to change the login time-out, enter a new value in
minutes. This determines how long the wireless modem router keeps
the Internet connection active after there is no Internet activity from
the LAN. Entering a value of 0 (zero) means never log out.
• Get Dynamically from ISP. Your ISP uses DHCP to assign your
IP address. Your ISP automatically assigns these addresses.
• Use Static IP Address. Enter the IP address, IP subnet mask, and
the gateway IP address that your ISP assigned. The gateway is the
ISP’s wireless modem router to which your wireless modem router
will connect.
Use IP Over ATM (IPoA). Your ISP uses classical IP addresses (RFC
1577). Enter the IP address, IP subnet mask, and gateway IP
addresses that your ISP assigned.
names.
• Get Automatically from ISP. Your ISP uses DHCP to assign your
DNS servers. Your ISP automatically assigns this address.
• Use These DNS Servers. If you know that your ISP does not
automatically transmit DNS addresses to the wireless modem
router during login, select this option, and enter the IP address of
your ISP’s primary DNS server. If a secondary DNS server address
is available, enter it also.
Router Internet Setup
31
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Table 11. Basic Settings Screen Description
Settings Description
NAT (Network Address Translation) NAT automatically assigns private IP addresses (10.1.1.x) to
LAN-connected devices.
• Enable. Usually NAT is enabled.
• Disable. This disables NAT, but leaves the firewall active. Disable
NAT only if you are sure you do not need it. When NAT is disabled,
only standard routing is performed by this router. Classical routing
lets you directly manage the IP addresses that the wireless modem
router uses. Classical routing should be selected only by
experienced users.
• Disable firewall. This disables the firewall in addition to disabling
NAT. With the firewall disabled, the protections usually provided to
your network are disabled.
1
These fields
display only if
no login is
required.
1. Disabling NAT reboots the wireless modem router and resets its configuration settings to the factory defaults.
Disable NAT only if you plan to set up the wireless modem router in a setting where you will be manually
administering the IP address space on the LAN side of the router.
Router MAC Address The Ethernet MAC address used by the wireless modem router on
the Internet port. Some ISPs register the MAC address of the
network interface card in your computer when your account is first
opened. They will then accept traffic only from the MAC address of
that computer. This feature allows your wireless modem router to use
your computer’s MAC address (this is also called cloning).
• Use Default Address. Use the default MAC address.
• Use Computer MAC Address. The wireless modem router will
capture and use the MAC address of the computer that you are
now using. You must be using the one computer that is allowed by
the ISP.
• Use This MAC Address. Enter the MAC address that you want to
use.
ADSL Settings
ADSL settings of your wireless modem router work fine for most ISPs. However, some ISPs
use a specific multiplexing method and virtual circuit number for the virtual path identifier
(VPI) and virtual channel identifier (VCI).
Note: You must use the Setup Wizard to select the correct country for the
default ADSL settings to work.
Router Internet Setup
32
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
If your ISP provided you with a multiplexing method or VPI/VCI number, enter the
setting:
1. Select Setup > ADSL Settings to display the following screen:
Figure 12. ADSL Settings screen
2. In the Multiplexing Method drop-down list, select LLC-based or VC-based.
3. For the VPI, type a number between 0 and 255. The default is 8 for the U.S. version, 0 for
the worldwide version, and 1 for the German version.
4. For the VCI, type a number between 32 and 65535. The default is 35 for the U.S. version,
38 for the worldwide version, and 32 for the German version.
5. Click Apply.
Unsuccessful Internet Connection
1. Review your settings to be sure you have selected the correct options and typed
everything correctly.
2. Contact your ISP to verify that you have the correct configuration information.
3. Read Chapter 9, Troubleshooting. If problems persist, register your NETGEAR product and
contact NETGEAR technical support.
Note: If you cannot connect to the wireless router, check the Internet
Protocol (TCP/IP) properties in the Network Connections section of
your PC Control Panel. They should be set to obtain both IP and
DNS server addresses automatically.
Change Password and Login Time-Out
For security reasons, the wireless modem router has its own user name and password that
default to admin and password. You can and should change this password to a secure
password that is easy to remember. The ideal password contains no dictionary words from
any language and is a mixture of uppercase and lowercase letters, numbers, and symbols. It
can be up to 30 characters.
Router Internet Setup
33
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Note: The router user name and password are not the same as the user
name and password for logging in to your Internet connection. See
Types of Logins on page 34 for more information about login types.
To change your password or login time-out:
1. Select Maintenance > Set Password to display the following screen:
Figure 13. Set router login password
2. Enter the old password.
3. Enter the new password twice.
4. Change the login time-out to a value between 1 and 99 minutes if the default value of 5
minutes does not meet your needs.
The administrator’s login to the wireless modem router configuration times out after a
period of inactivity to prevent someone else from accessing the router interface when you
step away.
5. Click Apply to save your changes.
After changing the password, you are required to log in again to continue the
configuration. If you have backed up the wireless modem router settings previously, you
should do a new backup so that the saved settings file includes the new password. See
Back Up on page 67 for information about backing up your network configuration.
Log Out Manually
The router interface provides a Logout command at the bottom of the router menus. Log out
when you expect to be away from your computer for a relatively long period of time.
Types of Logins
There are three separate types of logins that have different purposes. It is important that you
understand the difference so that you know which login to use when.
• Router login logs you in to the router interface. See Log In to the N600 Modem Router
on page 24 for details about this login.
Router Internet Setup
34
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
• ISP login logs you in to your Internet service. Your service provider has provided you with
this login information in a letter or some other way. If you cannot find this login
information, contact your service provider.
• Wi-Fi network name and passphrase logs you in to your wireless network. This login is
preconfigured and can be found on the label on the bottom of your unit. See
Chapter 3,
Wireless Settings, for more information.
Router Internet Setup
35
3. Wireless Settings
Protecting your wireless network
3
This chapter describes how to use the Wireless Settings screen to view and change (if needed)
your wireless network settings. Security features to prevent objectionable content from reaching
your PCs are covered in
This chapter contains the following sections:
• Wireless Security Requirements and Recommendations
• Wireless Security Basics
• Add Clients (Devices) to Your Network
• Wireless Settings Screen
Note: If you use the Internet for activities like purchases or banking, those
Internet sites use a highly secure data encryption protocol called
Secure Sockets Layer (SSL). If a website uses SSL, the address
begins with https instead of http. If you do not see https, it is more
secure to do your business in person or over the phone.
Chapter 4, Security Settings.
36
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Wireless Security Requirements and Recommendations
You should set the following security:
• Wi-Fi network name (SSID) identifies your network so devices can find it.
- The default SSID for the 2.4 GHz wireless network is NETGEAR.
- The default SSID for the 5 GHz wireless is NETGEAR-5G.
• Security option is the type of security protocol applied to your wireless network. The
security protocol in force encrypts data transmissions and ensures that only trusted
devices receive authorization to connect to your network. The recommended security
option is WPA-PSK/WPA2-PSK mixed mode, described in
page 38.
• Passphrase controls access to your network. Devices that know the SSID and the
passphrase can find your wireless network and connect.
- Use a passphrase for the 2.4 GHz wireless network that is easy for you to remember,
but hard for others to guess.
Wireless Security Options on
- For maximum security, use a different passphrase for the 5 GHz wireless network that
is easy for you to remember, but hard for others to guess.
Note: Your network names (SSIDs) and passphrases are case-sensitive.
Your network name, security method, and passphrase has to be the
same for all the wireless devices connected to your router on a
network.
Wireless Security Basics
Unlike wired network data, wireless data transmissions extend beyond your walls and can be
received by any device with a compatible wireless adapter (radio). For this reason, it is very
important to maintain the preset security and understand the other security features available
to you. Besides the preset security settings described earlier, your wireless modem router
has the security features described here and in
• Turn off wireless connectivity
• Disable SSID broadcast
• Restrict access by MAC address
Chapter 4, Security Settings.
• Wireless security options
Wireless Settings
37
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Turn Off Wireless Connectivity
You can completely turn off the wireless connectivity of the wireless modem router by
pressing the Wireless On/Off button on its front panel
notebook computer to wirelessly connect to your wireless modem router and you take a
business trip, you can turn off the wireless portion of the modem router while you are
traveling. Other members of your household who use computers connected to the wireless
modem router through Ethernet cables can still use the wireless modem router.
. For example, if you use your
Disable SSID Broadcast
By default, the wireless modem router broadcasts its Wi-Fi network name (SSID) so devices
can find it. If you change this setting to not allow the broadcast, wireless devices will not find
your wireless modem router unless they are configured with the same SSID. See Wireless
Access Point Settings on page 44 for the procedure.
Note: Turning off SSID broadcast nullifies the wireless network discovery
feature of some products such as Windows XP, but the data is still
fully exposed to a determined snoop using specialized test
equipment like wireless sniffers. If you allow the broadcast, be sure
to keep wireless security enabled.
Restrict Access by MAC Address
You can enhance your network security by allowing access to only specific PCs based on
their Media Access Control (MAC) addresses. You can restrict access to only trusted PCs so
that unknown PCs cannot wirelessly connect to the wireless modem router. MAC address
filtering adds an obstacle against unwanted access to your network, but the data broadcast
over the wireless link is fully exposed (unencrypted).The Wireless Station Access List
determines which wireless hardware devices are allowed to connect to the wireless modem
router by MAC address. See Wireless Station Access List Settings on page 44 for the
procedure.
Wireless Security Options
A security option is the type of security protocol applied to your wireless network. The
security protocol in force encrypts data transmissions and ensures that only trusted devices
receive authorization to connect to your network. There are two types of encryption: Wired
Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WPA has several options
including pre-shared key (PSK) encryption and 802.1x encryption for enterprises.
This section presents an overview of the security options and provides guidance on when to
use which option. Note that it is also possible to disable wireless security. NETGEAR does
not recommend this.
Wireless Settings
38
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
WEP Encryption
WEP uses an old encryption method and can be easily decoded with today’s powerful
computers. Use this mode only when you have a very old legacy wireless client that does not
support WPA-PSK. The Wi-Fi alliance highly recommends against using WEP and plans to
make it obsolete. If you do decide to use WEP, see
Set WEP Encryption and Passphrase: on
page 46 for the procedure.
WPA Encryption
WPA encryption is built into all hardware that has the Wi-Fi-certified seal. This seal means
the product is authorized by the Wi-Fi Alliance (http://www.wi-fi.org/) because it complies with
the worldwide single standard for high-speed wireless local area networking. For information
about how to use the WPA home options, see
Passphrase: on page 46.
WPA-PSK uses a much stronger encryption algorithm than WEP so it is harder to decode.
This option uses a passphrase to perform the authentication and generate the initial data
encryption keys. Then it dynamically varies the encryption key. WPA-PSK uses Temporal Key
Integrity Protocol (TKIP) data encryption, implements most of the IEEE 802.11i standard, and
is designed to work with all wireless network interface cards, but not all wireless access
points. It is superseded by WPA2-PSK.
Change WPA Security Option and
WPA2-PSK is the strongest. It is advertised to be theoretically indecipherable due to the
greater degree of randomness in encryption keys that it generates. WPA2-PSK gets higher
speed because it is usually implemented through hardware, while WPA-PSK is usually
implemented through software. WPA2-PSK uses a passphrase to authenticate and generate
the initial data encryption keys. Then it dynamically varies the encryption key.
WPS-PSK + WPA2-PSK mixed mode is the preconfigured security mode on the wireless
modem router. NETGEAR recommends mixed mode because it provides broader support for
all wireless clients. WPA2-PSK clients get higher speed and security, and WPA-PSK clients
get decent speed and security. The product documentation for your wireless adapter and
WPA client software should have instructions about configuring their WPA settings.
WPA-802.1x is enterprise-level security and requires an authentication server to recognize
and authorize client access. The authentication server is called Remote Authentication Dial
In User Service (RADIUS). Every wireless client has a user login on the RADIUS server, and
the wireless modem router has a client login on the RADIUS server. Data transmissions are
encrypted with an automatically generated key. For information about how to use the WPA
enterprise option, see
Set WPA-802.1x Server and Passphrase: on page 46.
Wireless Settings
39
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Add Clients (Devices) to Your Network
Choose either the manual or the WPS method to add wireless devices, including guest
devices, and other equipment to your wireless network.
Manual Method
To add clients (devices) to your network manually:
1. Open the software that manages your wireless connections on the wireless device
(laptop computer, gaming device, iPhone) that you want to connect to your router. This
software scans for all wireless networks in your area.
2. Look for your network and select it. If you did not change the name of your network during
the setup process, look for the default Wi-Fi network name (SSID) and select it. The default
Wi-Fi network name (SSID) is located on the product label on the bottom of the router.
3. Enter the wireless modem router passphrase and click Connect. The default wireless
modem router passphrase is located on the product label on the bottom of the router.
4. Repeat steps 1–3 to add other wireless devices.
Wi-Fi Protected Setup (WPS) Method
Wi-Fi Protected Setup (WPS) is a standard for easily adding computers and other devices to
a home network while maintaining security. To use WPS, make sure that all wireless devices
to be connected to the network are Wi-Fi certified and support WPS. During the connection
process, the client gets the security settings from the router so that every device in the
network has the same security settings.
Note: However, if you find that the router is generating new security
settings for each added device, it means that the default value for
Keep Existing Wireless Settings has changed. See
page 131 for more information about this setting.
All Wi-Fi-certified and WPS-capable products are compatible with the NETGEAR products
that have Push 'N' Connect, which is based on WPS.
list of all wireless and wired devices connected to your modem router, see View Attached
Devices on page 72.
1
For information about how to view a
WPS Settings on
Note: WEP security does not support WPS. If you try to use WPS to
connect a WEP device to your network, it will not connect.
1. For a list of other Wi-Fi-certified products available from NETGEAR, go to http://www.wi-fi.org.
Wireless Settings
40
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
You can use the WPS (Push 'N' Connect) or router interface method to add wireless devices
and other equipment to your wireless network.
WPS (Push 'N' Connect) Method
If your wireless device supports WPS (Push 'N' Connect), follow these steps:
1. Press the WPS button on the router front panel
.
2. Within 2 minutes, press the WPS button on your wireless device, or follow the WPS
instructions that came with the device. The device is now connected to your router.
3. Repeat steps 1–2 to add other WPS wireless devices.
Router Interface Method
To add clients (devices) using the router interface:
1. Select Add WPS Client at the top of the router menus. If you cannot select Add WPS
Client, select Setup > Wireless Settings and make sure that WPS is selected.
2. Click Next. The following screen lets you select the method for adding the WPS client.
Figure 14. Add WPS Client with push button method
3. Select either Push Button or PIN Number. With either method, the client wireless device
attempts to detect the WPS signal from the wireless modem router and establish a
wireless connection in the time allotted.
The PIN method displays this screen so you can enter the client security PIN number:
Figure 15. Add WPS Client with PIN number method
• While the wireless modem router attempts to connect to a WPS-capable device, the
WPS LED on the front of the wireless modem router blinks green. When the wireless
modem router establishes a WPS connection, the LED is solid green.
• If a connection is established, the wireless modem router WPS screen displays a
confirmation message.
4. Repeat to add another WPS client to your network.
Wireless Settings
41
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Wireless Settings Screen
The Wireless Settings screen lets you view or configure the wireless network configuration.
Once you have established basic wireless connectivity, you can enable security settings
appropriate to your needs.
Note: If you use a wireless computer to change the wireless network name
(SSID) or other wireless security settings, you are disconnected
when you click Apply. To avoid this problem, use a computer with a
wired connection to access the modem router.
Consider Every Device on Your Network
Before you begin, check the following:
• Every wireless computer has to be able to obtain an IP address by DHCP from the router
as described in
• Each computer or wireless adapter in your network has to have the same SSID and
wireless mode (bandwidth/data rate) as the router. Check that the wireless adapter on
each computer can support the mode and security option you want to use.
• The security option on each wireless device in the network has to match the router. For
example, if you select a security option that requires a passphrase, be sure to use same
passphrase for each wireless computer in the network.
Use Standard TCP/IP Properties for DHCP on page 23.
Wireless Settings
42
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Configure Wireless Settings
To configure the wireless settings:
1. Select Setup > Wireless Settings to display the following screen.
Figure 16. Wireless Settings screen
2. Make any changes that are needed, and click Apply when done to save your settings.
Note: The screen sections, settings, and procedures are explained in the
following sections.
3. After you finish adjusting settings and click Apply, configure and test your computers for
wireless connectivity:
Wireless Settings
43
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
a. Program the wireless adapter of your computers to have the same SSID and channel
that you specified in the router.
b. Check that the adapters have a wireless link and can obtain an IP address by DHCP
from the wireless modem router.
Wireless Network Settings
Name (SSID). The SSID is also known as the wireless network name. Enter a 32-character
(maximum) name in this field. This field is case-sensitive.
Region. The location where the wireless modem router is used. It might not be legal to
operate the wireless modem router in a region other than the regions listed.
Channel. The wireless channel used by the gateway: 1 through 13. Do not change the
channel unless you experience interference (shown by lost connections or slow data
transfers). If this happens, experiment with different channels to see which is the best.
Mode. Up to 145 Mbps is the default and allows 802.11n and 802.11g wireless devices to join
the network. g & b supports up to 54 Mbps. Up to 65 Mbps supports up to 65 Mbps.
Wireless Access Point Settings
Enable. When this check box is selected, the router accepts wireless clients. When the check
box is not selected, the router accepts wired clients only. This check box is selected by
default.
Allow Broadcast of Name (SSID). This setting allows the wireless modem router to
broadcasts its SSID so wireless stations can see this wireless name (SSID) in its scanned
network list. This check box is selected by default. To turn off the SSID broadcast, clear the
Allow Broadcast of Name (SSID) check box and click Apply.
Wireless Isolation. When this check box is selected, wireless stations cannot communicate
with each other or with stations on the wired network. This check box is not selected by
default.
Wireless Station Access List Settings
The Wireless Stations Access List lets you restrict access to your network to a specific list of
devices based on their MAC addresses. This section explains how to set up the list.
To set up the wireless station access list:
1. On the Wireless Settings screen, click the Setup Access List button to display the
Wireless Station Access List screen shown in the figure that follows and introduced
here:
• The Turn Access Control On check box at the top is not selected by default to allow
any computer configured with the correct wireless network name (SSID) and
passphrase to access the network.
• Trusted Wireless Stations lists the trusted computers that have access to your
network.
Wireless Settings
44
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
• Available Wireless Stations lists the currently untrusted computers that are connected
to your network.
Figure 17. Wireless Station Access List
2. Select the Turn Access Control On check box to enable access restriction by MAC
address.
3. In the Add New Station Manually section, click Add to add your computer’s MAC address so
you do not lose your wireless connection when you click Apply. If you lose your wireless
connection, you have to access the wireless modem router from a wired computer or from a
wireless computer that is on the access control list.
4. If a wireless station that you want to add to the Trusted Wireless Stations list is connected to
the network, select it from the Available Wireless Stations list and click Add.
5. If the wireless station is not currently connected, you can enter its address manually. The
MAC address is usually printed on the wireless card, or it might appear in the wireless
modem router’s DHCP table. The MAC address is 12 hexadecimal digits.
You can also copy and paste the MAC addresses from the wireless modem router’s
Attached Devices screen (see View Attached Devices on page 72) into the MAC Address
field. To do this, configure each wireless computer to obtain a wireless link to the wireless
modem router. The computer should then appear in the Attached Devices screen.
6. Click Apply to save your settings and return to the Wireless Settings screen.
Security Options Settings
The Security Options section of the Wireless Settings screen lets you change the security
option and passphrase. See Wireless Security Options on page 38 for an explanation of the
security options and when to use which one. Please note that NETGEAR recommends that
you not change the security option or passphrase, but if you want to change these
settings, this section explains how. Do not disable security.
Wireless Settings
45
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Change WPA Security Option and Passphrase:
1. In the Security Options sections, select the WPA options you want.
Figure 18. WPA2-PSK Security Encryption
2. In the Passphrase field that displays when you select a WPA security option, enter the
network keys (passphrases) that you want to use. They are text strings from 8 to 63
characters (in the preceding figure, HomeNetwork1 and HomeNetwork2 are used as
examples).
Set WPA-802.1x Server and Passphrase:
1. In the Security Options section, select WPA-802.1x to display the following fields:
Figure 19. WPA-802.1x Settings
2. In the Radius Server Name/IP Address field, enter the name or IP address of the RADIUS
server on your LAN. This is a required field.
3. In the Radius Port field, enter the port number used for connections to the RADIUS server.
The default port is 1812.
4. In the Shared Key field, enter the RADIUS server passphrase for client logins. The router
has to have this passphrase to log in to the RADIUS server as a client.
Set WEP Encryption and Passphrase:
When configuring WEP from a wireless computer, you lose your wireless connection when
you click Apply. You have to either configure your wireless adapter to match the wireless
modem router WEP settings or access the wireless modem router from a wired computer.
Note: WEP encryption is available only when the Mode setting is Up to 54
Mbps.
Wireless Settings
46
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
1. In the Security Options section, select WEP to display the following screen:
Figure 20. WEP Security Encryption section
2. Select the authentication type. The default is Automatic. Other choices are Open System
(any client can authenticate itself to the network) and Shared Key (a passphrase and a
four-way challenge is needed for authentication).
3. Select the encryption strength setting, either 64 bit or 128 bit.
4. Enter the four data encryption keys either manually or automatically. These values have to
be identical on all computers and access points in your network.
• Automatic. Enter a word or group of printable characters in the Passphrase field, and
click Generate. The four key fields are automatically populated with key values.
• Manual. The number of hexadecimal digits that you enter depends on the encryption
strength setting:
- For 64-bit WEP, enter 10 hexadecimal digits (any combination of 0–9, a–f, or
A–F).
- For 128-bit WEP, enter 26 hexadecimal digits (any combination of 0–9, a–f, or
A–F).
5. Select the radio button for the key you want to make active.
Make sure that you understand how the WEP key settings are configured in your wireless
adapter. Wireless adapter configuration utilities such as the one in Windows XP allow one
key entry, which has to match the default key you set in the wireless modem router.
6. Click Save to save your settings or click Apply so your changes to take effect immediately.
Wireless Settings
47
4. Security Settings
Keeping unwanted content out of your network
4
This chapter explains how to use the basic firewall features of the wireless modem router to
prevent objectionable content from reaching the PCs and other devices connected to your
network.
This chapter contains the following sections:
• Keyword Blocking of HTTP Traffic
• Firewall Rules to Control Network Access
• Configure Services
• Set the Time Zone
• Schedule Firewall Services
• Enable Security Event Email Notification
• Log the Network Activity
48
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Keyword Blocking of HTTP Traffic
Use keyword blocking to prevent certain types of HTTP traffic from accessing your network.
The blocking can be always or according to a scheduled.
To set up keyword blocking:
1. Select Content Filtering > Block Sites.
Figure 21. Block Sites screen
.
2. Select one of the keyword blocking options:
• Per Schedule. Turn on keyword blocking according to the Schedule screen settings.
• Always. Turn on keyword blocking all the time, independent of the Schedule screen.
3. In the Keyword field, enter a keyword or domain, click Add Keyword, and click Apply.
The Keyword list supports up to 32 entries. Here are some sample entries:
• Specify XXX to block http://www.badstuff.com/xxx.html.
• Specify .com if you want to allow only sites with domain suffixes such as .edu or .gov.
• Enter a period (.) to block all Internet browsing access.
Delete a Keyword or Domain
To delete a keyword or domain:
1. Select the keyword you want to delete from the list.
2. Click Delete Keyword and click Apply to save your changes.
Specify a Trusted Computer
You can exempt one trusted computer from blocking and logging. The computer you exempt
has to have a fixed IP address.
Security Settings
49
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
To specify a trusted computer:
1. In the Trusted IP Address field, enter the IP address.
2. Click Apply to save your changes.
Firewall Rules to Control Network Access
By default your router blocks any inbound traffic from the Internet to your computers except
for replies to your outbound traffic. You might need to create exceptions to this rule to allow
remote computers to access a server on your local network or to allow certain applications
and games to work correctly. Your router provides port forwarding and port triggering for
creating these exceptions.
This section covers the following topics:
• Remote Computer Access Basics
• Port Triggering to Open Incoming Ports
• Port Forwarding to Permit External Host Communications
• How Port Forwarding Differs from Port Triggering
• Configure Port Forwarding to Local Servers
• Configure Port Triggering
Remote Computer Access Basics
When a computer on your network needs to access a computer on the Internet, your
computer sends your router a message containing the source and destination address and
process information. Before forwarding your message to the remote computer, your router
has to modify the source information and create and track the communication session so that
replies can be routed back to your computer.
Here is an example of normal outbound traffic and the resulting inbound responses:
1. You open a browser and your operating system assigns port number 5678 to this
browser session.
2. You type http://www.example.com into the URL field, and your computer creates a web page
request message with the following address and port information. The request message is
sent to your router.
Source address. Your computer’s IP address.
Source port number. 5678, which is the browser session.
Destination address. The IP address of www.example.com, which your computer finds
by asking a DNS server.
Destination port number. 80, which is the standard port number for a web server
process.
Security Settings
50
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
3. Your router creates an entry in its internal session table describing this communication
session between your computer and the web server at www.example.com. Before sending
the web page request message to www.example.com, your router stores the original
information and then modifies the source information in the request message, performing
Network Address Translation (NAT):
• The source address is replaced with your router’s public IP address. This is
necessary because your computer uses a private IP address that is not globally
unique and cannot be used on the Internet.
• The source port number is changed to a number chosen by the router, such as 33333.
This is necessary because two computers could independently be using the same
session number.
Your router then sends this request message through the Internet to the web server at
www.example.com.
4. The web server at www.example.com composes a return message with the requested web
page data. The return message contains the following address and port information. The
web server then sends this reply message to your router.
Source address. The IP address of www.example.com.
Source port number. 80, which is the standard port number for a web server process.
Destination address. The public IP address of your router.
Destination port number. 33333.
5. Upon receiving the incoming message, your router checks its session table to determine
whether there is an active session for port number 33333. Finding an active session, the
router then modifies the message to restore the original address information replaced by
NAT. Your router sends this reply message to your computer, which displays the web
page from www.example.com. The message now contains the following address and port
information.
Source address. The IP address of www.example.com.
Source port number. 80, which is the standard port number for a web server process.
Destination address. Your computer’s IP address.
Destination port number. 5678, which is the browser session that made the initial
request.
6. When you finish your browser session, your router eventually detects a period of inactivity in
the communications. Your router then removes the session information from its session
table, and incoming traffic is no longer accepted on port number 33333.
Port Triggering to Open Incoming Ports
In the preceding example, requests are sent to a remote computer by your router from a
particular service port number, and replies from the remote computer to your router are
directed to that port number. If the remote server sends a reply back to a different port
number, your router does not recognize it and discards it. However, some application servers
(such as FTP and IRC servers) send replies back to multiple port numbers. Using the port
Security Settings
51
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
triggering function of your router, you can tell the router to open additional incoming ports
when a particular outgoing port originates a session.
An example is Internet Relay Chat (IRC). Your computer connects to an IRC server at
destination port 6667. The IRC server not only responds to your originating source port, but
also sends an “identify” message to your computer on port 113. Using port triggering, you can
tell the router, “When you initiate a session with destination port 6667, you have to also allow
incoming traffic on port 113 to reach the originating computer.” Using steps similar to the
preceding example, the following sequence shows the effects of the port triggering rule you
have defined:
1. You open an IRC client program to start a chat session on your computer.
2. Your IRC client composes a request message to an IRC server using a destination port
number of 6667, the standard port number for an IRC server process. Your computer then
sends this request message to your router.
3. Your router creates an entry in its internal session table describing this communication
session between your computer and the IRC server. Your router stores the original
information, performs Network Address Translation (NAT) on the source address and port,
and sends this request message through the Internet to the IRC server.
4. Noting your port triggering rule and having observed the destination port number of 6667,
your router creates an additional session entry to send any incoming port 113 traffic to your
computer.
5. The IRC server sends a return message to your router using the NAT-assigned source port
(as in the previous example, let’s say port 33333) as the destination port. The IRC server
also sends an “identify” message to your router with destination port 113.
6. Upon receiving the incoming message to destination port 33333, your router checks its
session table to determine whether there is an active session for port number 33333.
Finding an active session, the router restores the original address information replaced by
NAT and sends this reply message to your computer.
7. Upon receiving the incoming message to destination port 113, your router checks its session
table and learns that there is an active session for port 113, associated with your computer.
The router replaces the message’s destination IP address with your computer’s IP address
and forwards the message to your computer.
8. When you finish your chat session, your router eventually senses a period of inactivity in the
communications. The router then removes the session information from its session table,
and incoming traffic is no longer accepted on port numbers 33333 or 113.
To configure port triggering, you need to know which inbound ports the application needs.
Also, you need to know the number of the outbound port that will trigger the opening of the
inbound ports. You can usually determine this information by contacting the publisher of the
application, or user groups or newsgroups.
Note: Only one computer at a time can use the triggered application.
Security Settings
52
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Port Forwarding to Permit External Host Communications
In both of the preceding examples, your computer initiates an application session with a
server computer on the Internet. However, you might need to allow a client computer on the
Internet to initiate a connection to a server computer on your network. Normally, your router
ignores any inbound traffic that is not a response to your own outbound traffic. You can
configure exceptions to this default rule by using the port forwarding feature.
A typical application of port forwarding can be shown by reversing the client-server
relationship from the previous web server example. In this case, a remote computer’s
browser needs to access a web server running on a computer in your local network. Using
port forwarding, you can tell the router, “When you receive incoming traffic on port 80 (the
standard port number for a web server process), forward it to the local computer at
192.168.1.123.” The following sequence shows the effects of the port forwarding rule you
have defined:
1. The user of a remote computer opens a browser and requests a web page from
www.example.com, which resolves to the public IP address of your router. The remote
computer composes a web page request message with the following destination
information:
Destination address. The IP address of www.example.com, which is the address of your
router.
Destination port number. 80, which is the standard port number for a web server
process.
The remote computer then sends this request message through the Internet to your
router.
2. Your router receives the request message and looks in its rules table for any rules covering
the disposition of incoming port 80 traffic. Your port forwarding rule specifies that incoming
port 80 traffic should be forwarded to local IP address 192.168.1.123. Therefore, your router
modifies the destination information in the request message:
The destination address is replaced with 192.168.1.123.
Your router then sends this request message to your local network.
3. Your web server at 192.168.1.123 receives the request and composes a return message
with the requested web page data. Your web server then sends this reply message to your
router.
4. Your router performs Network Address Translation (NAT) on the source IP address, and
sends this request message through the Internet to the remote computer, which displays the
web page from www.example.com.
To configure port forwarding, you need to know which inbound ports the application needs.
You usually can determine this information by contacting the publisher of the application or
the relevant user groups and newsgroups.
How Port Forwarding Differs from Port Triggering
The following points summarize the differences between port forwarding and port triggering:
Security Settings
53
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
• Port triggering can be used by any computer on your network, although only one
computer can use it at a time.
• Port forwarding is configured for a single computer on your network.
• Port triggering does not need to know the computer’s IP address in advance. The IP
address is captured automatically.
• Port forwarding requires that you specify the computer’s IP address during configuration,
and the IP address can never change.
• Port triggering requires specific outbound traffic to open the inbound ports, and the
triggered ports are closed after a period of no activity.
• Port forwarding is always active and does not need to be triggered.
Configure Port Forwarding to Local Servers
Using the port forwarding feature, you can allow certain types of incoming traffic to reach
servers on your local network. For example, you might want to make a local web server, FTP
server, or game server visible and available to the Internet.
Use the Port Forwarding screen to configure the router to forward specific incoming protocols
to computers on your local network. In addition to servers for specific applications, you can
also specify a default DMZ server to which all other incoming protocols are forwarded.
Before starting, you need to determine which type of service, application, or game you want
to provide, and the local IP address of the computer that will provide the service. The server
computer has to always have the same IP address.
Tip: To ensure that your server computer always has the same IP address,
use the reserved IP address feature of your product.
To configure port forwarding:
1. Select Content Filtering > Port Forwarding/Port Triggering to display the following
screen:
Figure 22. Setting up port forwarding
2. Select the Port Forwarding radio button as the service type.
3. From the Service Name list, select the service or game that you will host on your network. If
the service does not appear in the list, see Add a Custom Service on page 55.
Security Settings
54
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
4. In the corresponding Server IP Address field, enter the last digit of the IP address of your
local computer that will provide this service.
5. Click Add. The service appears in the list in the screen.
Add a Custom Service
To define a service, game, or application that does not appear in the Service Name list, you
have to first determine which port number or range of numbers is used by the application.
You can usually determine this information by contacting the publisher of the application or
user groups or newsgroups.
When you have the port number information, follow these steps:
1. Select Content Filtering > Port Forwarding/Port Triggering.
2. Select the Port Forwarding radio button as the service type.
3. Click the Add Custom Service button to display the following screen:
Figure 23. Set up custom services
4. In the Service Name field, enter a descriptive name.
5. In the Protocol field, select the protocol. If you are unsure, select TCP/UDP.
6. In the Starting Port field, enter the beginning port number.
• If the application uses a single port, enter the same port number in the Ending Port
field.
• If the application uses a range of ports, enter the ending port number of the range in
the Ending Port field.
7. In the Server IP Address field, enter the IP address of your local computer that will provide
this service.
8. Click Apply. The service appears in the list in the Port Forwarding/Port Triggering screen.
Edit or Delete a Port Forwarding Entry
To edit or delete a port forwarding entry:
1. In the table, select the button next to the service name.
2. Click Edit Service or Delete Service.
Application Example: Making a Local Web Server Public
If you host a web server on your local network, you can use port forwarding to allow web
requests from anyone on the Internet to reach your web server.
Security Settings
55
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
To make a local web server public:
1. Assign your web server either a fixed IP address or a dynamic IP address using DHCP
address reservation. In this example, your router will always give your web server an IP
address of 192.168.1.33.
2. In the Port Forwarding screen, configure the router to forward the HTTP service to the local
address of your web server at 192.168.1.33. HTTP (port 80) is the standard protocol for web
servers.
3. (Optional) Register a host name with a Dynamic DNS service, and configure your router to
use the name. To access your web server from the Internet, a remote user has to know the
IP address that has been assigned by your ISP. However, if you use a Dynamic DNS
service, the remote user can reach your server by a user-friendly Internet name, such as
mynetgear.dyndns.org.
Configure Port Triggering
Port triggering is a dynamic extension of port forwarding that is useful in these cases:
• More than one local computer needs port forwarding for the same application (but not
simultaneously).
• An application needs to open incoming ports that are different from the outgoing port.
When port triggering is enabled, the router monitors outbound traffic looking for a specified
outbound “trigger” port. When the router detects outbound traffic on that port, it remembers
the IP address of the local computer that sent the data. The router then temporarily opens the
specified incoming port or ports, and forwards incoming traffic on the triggered ports to the
triggering computer.
While port forwarding creates a static mapping of a port number or range to a single local
computer, port triggering can dynamically open ports to any computer that needs them and
can close the ports when they are no longer needed.
Note: If you use applications such as multiplayer gaming, peer-to-peer
connections, real-time communications such as instant messaging,
or remote assistance (a feature in Windows XP), you should also
enable Universal Plug and Play (UPnP).
To configure port triggering, you need to know which inbound ports the application needs.
Also, you need to know the number of the outbound port that will trigger the opening of the
inbound ports. You can usually determine this information by contacting the publisher of the
application or user groups or newsgroups.
To set up port triggering:
1. Select Content Filtering > Port Forwarding/Port Triggering to display the following
screen:
Security Settings
56
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
2. Select the Port Triggering radio button to display the port triggering information.
Figure 24. Set up port triggering
3. Clear the Disable Port Triggering check box.
Note: If the Disable Port Triggering check box is selected after you
configure port triggering, port triggering is disabled. However, any
port triggering configuration information you added to the router is
retained even though it is not used.
4. In the Port Triggering Timeout field, enter a value up to 9999 minutes. This value controls
the inactivity timer for the designated inbound ports. The inbound ports close when the
inactivity time expires. This is required because the router cannot be sure when the
application has terminated.
5. Click Add Service.
Figure 25. Add a service for port triggering
6. In the Service Name field, type a descriptive service name.
7. In the Service User field, select Any (the default) to allow this service to be used by any
computer on the Internet. Otherwise, select Single address, and enter the IP address of
one computer to restrict the service to a particular computer.
8. Select the service type, either TCP or UDP or both (TCP/UDP). If you are not sure, select
TCP/UDP.
9. In the Triggering Port field, enter the number of the outbound traffic port that will cause the
inbound ports to be opened.
Security Settings
57
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
10. Enter the inbound connection port information in the Connection Type, Starting Port, and
Ending Port fields.
11. Click Apply. The service appears in the Port Triggering Portmap table.
Configure Services
Services are functions performed by server computers at the request of client computers. For
example, web servers serve web pages, time servers serve time and date information, and
game hosts serve data about other players’ moves. When a computer on the Internet sends a
request for service to a server computer, the requested service is identified by a service or
port number. This number appears as the destination port number in the transmitted IP
packets. For example, a packet that is sent with destination port number 80 is an HTTP (web
server) request.
The service numbers for many common protocols are defined by the Internet Engineering
Task Force (IETF at http://www.ietf.org/) and published in RFC1700, “Assigned Numbers.”
Service numbers for other applications are typically chosen from the range 1024 to 65535 by
the authors of the application. Although the wireless modem router already holds a list of
many service port numbers, you are not limited to these choices.
To create your own service definitions:
1. Select Content Filtering > Services to display the following screen:
Figure 26. Services screen
• To create a new service, click the Add Custom Service button to display the Add
Services screen.
• To edit a service, select its button on the left side of the table, and click Edit Service.
• To delete a service, select its button on the left side of the table, and click Delete
Service.
2. Use the following screen to define or edit a service.
Figure 27. Add Services screen
• Name. Enter a meaningful name for the service.
Security Settings
58
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
• Type. Select the correct type for this service. If in doubt, select TCP/UDP. The options
are TCP, UDP, TCP/UDP.
• Start Port and End Port. If a port range is required, enter the range here. If a single
port is required, enter the same value in both fields.
3. Click Apply to save your changes.
Set the Time Zone
The wireless modem router uses the Network Time Protocol (NTP) to obtain the current time
and date from one of several network time servers on the Internet.
To set the time zone:
1. Select Content Filtering > Schedule to display the following screen:
Figure 28. Schedule screen
2. Select your time zone. This setting determines the blocking schedule and time-stamping of
log entries.
3. If your time zone is in daylight savings time, select the Adjust for Daylight Savings Time
check box to add one hour to standard time.
Note: If your region uses daylight savings time, select Adjust for Daylight
Savings Time on the first day and clear it after the last day.
4. The wireless modem router has a list of NETGEAR NTP servers. If you would prefer to use
a particular NTP server as the primary server, select the Use this NTP Server check box,
and enter its IP address.
5. Click Apply to save your settings.
Security Settings
59
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Schedule Firewall Services
If you enabled services blocking in the Block Services screen or port forwarding in the Port
Forwarding/Port Triggering screen, you can set up a schedule for when blocking occurs or
when access is not restricted.
To schedule firewall services:
1. Select Content Filtering > Schedule to display the following screen:
Figure 29. Schedule screen
2. To block Internet services based on a schedule, select Every Day, or select one or more
days. If you want to limit access completely for the selected days, select All Day. Otherwise,
to limit access during certain times for the selected days, enter times in the Start Time and
End Time fields.
Note: Enter the values in 24-hour time format. For example, 10:30 a.m.
would be 10 hours and 30 minutes, and 10:30 p.m. would be 22
hours and 30 minutes. If you set the start time after the end time, the
schedule is effective through midnight the next day.
3. Click Apply to save your settings.
Enable Security Event Email Notification
To receive logs and alerts by email, provide your email information in the E-mail screen, and
specify which alerts you want to receive and how often.
Security Settings
60
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
To enable security event email notification:
1. Select Content Filtering > E-mail to display the following screen:
Figure 30. E-Mail screen
• Turn E-mail Notification On. Select this check box if you want to receive email logs and
alerts from the wireless modem router.
• Send To This E-mail Address. Enter the email address where you want logs and alerts
sent. This email address is also used as the From address. If you leave this field blank,
log and alert messages are not sent by email.
• Outgoing Mail Server. Enter the name or IP address of your ISP’s outgoing (SMTP) mail
server (such as mail.myISP.com). You might be able to find this information in the
configuration settings of your email program. Enter the email address to which logs and
alerts are sent. This email address is also used as the From address. If you leave this
field blank, log and alert messages are not sent by email.
• My Mail Server requires authentication. If you use an outgoing mail server provided by
your current ISP, you do not need to select this check box. If you use an email account
that is not provided by your ISP, select this check box, and enter the required user name
and password information.
• Send E-Mail alerts immediately. Select the corresponding check box if you would like
immediate notification of a significant security event, such as a known attack, port scan,
or attempted access to a blocked site.
• Send Logs According to this Schedule. Specifies how often to send the logs: Hourly,
Daily, Weekly, or When Full.
- Day for sending logs specifies which day of the week to send the log. This is relevant
when the log is sent weekly.
- Time for sending log specifies the time of day to send the log. This is relevant when
the log is sent daily or weekly.
Security Settings
61
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Note: If the Weekly, Daily, or Hourly option is selected and the log fills up
before the specified period, the log is automatically emailed to the
specified email address. After the log is sent, it is cleared from the
wireless modem router’s memory. If the wireless modem router
cannot email the log file, the log buffer might fill up. In this case, the
wireless modem router overwrites the log and discards its contents.
Log the Network Activity
A log is a detailed record of the websites that users on your network have accessed or
attempted to access. If you have set up content filtering on the Block Sites screen, the Logs
screen shows you when someone on your network tried to access a blocked site. If you have
email notification on, you will receive these logs in an email message. If you do not have
email notification set up, you can view the logs on the Logs screen.
To log the network activity:
1. Select Content Filtering > Logs to display the Logs screen:
Figure 31. Logs screen
a. To delete all the log entries, click Clear Log.
b. To see the most recent access attempts, click Refresh.
c. To send the log file to your e-mail account, click Send Log. This feature is useful for
testing your e-mail settings.
Security Settings
62
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
2. Use the Include in Log check boxes to determine which events are included in the log.
Selecting all check boxes will increase the size of the log, so it is good practice to disable
any events that are not really required.
• Attempted access to blocked sites. If selected, attempted Internet accesses that
were blocked are logged.
• Connections to the Web-based interface of this Router. If selected, connections
are logged to this router, rather than through this router to the Internet.
• Router operation. If selected, router operations not covered by the preceding
selections are logged.
• Known DoS attacks and Port Scans. If selected, denial of service attacks, as well
as port scans, are logged.
3. The logs can be sent to a syslog server. Enable one of the three options in the Syslog
section, as required:
• Disable. Select this if you do not have a syslog server.
• Broadcast on LAN. The syslog data is broadcast rather than sent to a specific syslog
server. Use this if your syslog server does not have a fixed IP address.
• Send to this Syslog server IP address. If your syslog server has a fixed IP address,
select this option, and enter the IP address of your syslog server.
4. Click Apply to save your changes.
Security Settings
63
5. Network Maintenance
Administering your network
5
This chapter describes the wireless modem router settings for administering and maintaining the
router and home network.
Note: For security reasons, the wireless modem router has its own user
name and password that default to admin and password. You can
and should update your password regularly. See
and Login Time-Out on page 33.
This chapter contains the following sections:
• Upgrade the Router Firmware
• Manually Check for Firmware Upgrades
• Manage Configuration File
• View Router Status
• View Attached Devices
• Run Diagnostic Utilities
Change Password
64
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Upgrade the Router Firmware
The wireless modem router firmware (routing software) is stored in flash memory. By default,
when you log in to your wireless modem router, it checks the NETGEAR website for new
firmware and alerts you if there is a newer version.
WARNING!
When uploading firmware to the wireless modem router, do not
interrupt the web browser by closing the window, clicking a link,
or loading a new page. If the browser is interrupted, it could
corrupt the firmware.
Automatic Firmware Checking Off
You can turn the automatic firmware checking off and check for firmware updates manually if
you prefer. See Manually Check for Firmware Upgrades on page 66. To turn off the automatic
firmware check at login:
To turn off automatic firmware checking:
1. Select Maintenance > Router Upgrade.
2. Clear the Check for Updated Firmware Upon Log-in check box at the bottom of this
screen:
Figure 32. Checking for Firmware Updates screen
Network Maintenance
65
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Automatic Firmware Checking On
When automatic firmware checking is on, the wireless modem router performs the check and
notifies you if an upgrade is available or not as shown here.
Figure 33. Firmware check notification screens
To turn on automatic firmware checking:
1. Click Yes to allow the wireless modem router to download and install the new firmware.
The upgrade process could take a few minutes. When the upload is complete, your
wireless modem router restarts.
2. Go to the DGND3700 support page at http://www.netgear.com/support and read the new
firmware release notes to determine whether you need to reconfigure the modem router
after upgrading.
Note: If you get a “Firmware needs to be reloaded” message, it means a
problem has been detected with the router’s firmware. Follow the
prompts to correct the problem, or see Firmware Needs to Be
Reloaded on page 153 for a description of the steps.
Manually Check for Firmware Upgrades
You can use the Router Upgrade screen to manually check the NETGEAR website for newer
versions of firmware for your product.
WARNING!
When uploading firmware to the wireless modem router, do not
interrupt the web browser by closing the window, clicking a link,
or loading a new page. If the browser is interrupted, it could
corrupt the firmware.
To check for firmware upgrades manually:
1. Select Maintenance > Router Status and make a note of the wireless modem router
firmware version number.
Network Maintenance
66
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
2. Go to the DGND3700 support page on the NETGEAR website at
http://www.netgear.com/support.
3. If the firmware version on the NETGEAR website is newer than the firmware on your
wireless modem router, download the file to your computer.
4. Select Maintenance > Router Upgrade to display the following screen:
Figure 34. Router Upgrade screen
5. Click Browse, and locate the firmware you downloaded (the file ends in .img).
6. Click Upload to send the firmware to the wireless modem router.
When the upload is done, your wireless modem router restarts. The upgrade process
typically takes about 1 minute. Read the new firmware release notes to determine
whether or not you need to reconfigure the wireless modem router after upgrading.
Manage Configuration File
The router configuration settings are stored in a configuration file (*.cfg). This file can be
backed up to your computer, restored, or reverted to factory default settings.
Back Up
To back up the configuration file:
1. Select Maintenance > Backup Settings to display the following screen:
Figure 35. Backup Settings screen
2. Click Backup to save a copy of the current settings.
3. Choose a location to store the .cfg file that is on a computer on your network.
Network Maintenance
67
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Restore
To restore a configuration file:
1. Enter the full path to the file on your network, or click the Browse button to find the file.
2. When you have located the .cfg file, click the Restore button to upload the file to the
wireless modem router.
Upon completion, the wireless modem router reboots.
Erase
Click the Erase button to reset the wireless modem router to its factory default settings.
Alternately, press the Wireless On/Off and WPS buttons on the side panel of the wireless
modem router simultaneously for 6 seconds.
Erase sets the password to password and the LAN IP address to 192.168.0.1, and enables
the wireless modem router’s DHCP.
Network Maintenance
68
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
View Router Status
Select Maintenance > Router Status. The Router Status screen provides the status and
usage information described in the following figure.
Figure 36. Router Status screen
Use the Router Status screen to check the current settings and statistics for your router. This
screen shows you the current settings. If something needs to be changed, you have to
change it on the relevant screen.
Account Name. This is the account name that you entered in the Setup Wizard or Basic
Settings screen.
Network Maintenance
69
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Firmware Version. This is the current software the router is using. This will change if you
upgrade your router.
Internet Port. These are the current settings that you set in the Setup Wizard or Basic
Settings screen.
• MAC Address. The physical address of the router, as seen from the Internet.
• IP Address. Current Internet IP address. If assigned dynamically, and no Internet
connection exists, this is blank or 0.0.0.0.
• Network Type. Indicates either Client (IP address is obtained dynamically) or None.
• IP Subnet Mask. The subnet mask associated with the Internet IP address.
• Domain Name Server. Displays the address of the current DNS.
LAN Port. These are the current settings, as set in the LAN IP Setup screen.
• MAC Address. The physical address of the router, as seen from the LAN.
• IP Address. LAN IP address of the router.
• DHCP. Indicates if the router is acting as a DHCP server for devices on your LAN.
• IP Subnet Mask. Subnet mask associated with the LAN IP address.
Modem. The current modem status and settings are shown in this section.
• ADSL Firmware Version. This is the version number of the low-level ADSL firmware.
This is contained within the router firmware.
• Modem Status. The current state of the ADSL connection to your phone company.
• DownStream Connection Speed. The connection speed of the ADSL connection from
the phone company to your router.
• UpStream Connection Speed. The connection speed of the ADSL connection from your
router to the phone company.
• VPI. The VPI setting entered on the ADSL Settings screen.
• VCI. The VCI setting entered on the ADSL Settings screen.
Wireless Port. These are the current settings, as set in the Wireless Settings screen.
• Name (SSID). SSID of the router.
• Region. The location (country).
• Channel. The current channel in use.
• Wireless AP. Indicates if the access point feature of the router is enabled or not. If not
enabled, the Wireless LED on the front panel is off.
• Broadcast Name. Indicates if the router is broadcasting its SSID.
To see router performance statistics such as the number of packets sent and number of
packets received for each port, click Show Statistics.
To see information about your current connection, click Connection Status.
Network Maintenance
70
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Show Statistics Button
Click the Show Statistics button on the Router Status screen to display a screen similar to
this:
Figure 37. Router statistics screen
• Port. The statistics for the WAN (Internet), LAN (local), and wireless LAN (WLAN) ports.
For each port, the screen displays the following:
- Status. The link status of the port.
- TxPkts. The number of packets transmitted since reset or manual clear.
- RxPkts. The number of packets received since reset or manual clear.
- Collisions. The number of collisions since reset or manual clear.
- Tx B/s. The current line utilization—percentage of current bandwidth used.
- Rx B/s. The average line utilization.
- Up Time. The time elapsed since the last power cycle or reset.
• ADSL Link Downstream or Upstream. The statistics for the upstream and downstream
ADSL link. These statistics are of interest to your technical support representative if you
have problems obtaining or maintaining a connection.
• Connection Speed. Typically, the downstream speed is faster than the upstream speed.
• Line Attenuation. The line attenuation increases the farther you are physically located
from your ISP’s facilities.
• Noise Margin. The signal-to-noise ratio, which is a measure of the quality of the signal on
the line.
• Poll Interval. The interval at which the statistics are updated in this window. Click the
Stop button to freeze the display.
Network Maintenance
71
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Connection Status Button
In the Router Status screen, click the Connection Status button to display a screen similar to
this:
Figure 38. Connection Status screen
Connection Time. The time elapsed since the last connection to the Internet through the
ADSL port.
Connecting to sender. The connection status.
Negotiation. Success or Failed.
Authentication. Success or Failed.
Obtaining IP Address. The IP address assigned to the WAN port by the ISP.
Obtaining Network Mask. The network mask assigned to the WAN port by the ISP.
View Attached Devices
The Attached Devices screen presents a table of all IP devices that the wireless modem
router has discovered on the local network. Select Maintenance > Attached Devices to view
the following table:
Figure 39. Attached Devices screen
For each device, the table shows the IP address, device name if available, and the Ethernet
MAC address. Note that if the wireless modem router is rebooted, the table data is lost until
the wireless modem router rediscovers the devices. To force the wireless modem router to
look for attached devices, click the Refresh button.
Network Maintenance
72
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Run Diagnostic Utilities
The wireless modem router has a diagnostics feature that you can use to perform the
following functions:
• Ping an IP address to test connectivity to see if you can reach a remote host.
• Perform a DNS lookup to test if an Internet name resolves to an IP address to verify that
the DNS server configuration is working.
• Display the Routing table to identify what other wireless modem routers the wireless
modem router is communicating with.
• Reboot the wireless modem router to enable new network configurations to take effect or
to clear problems with the wireless modem router’s network connection.
Select Maintenance > Diagnostics to display the following screen.
Figure 40. Diagnostics screen
Network Maintenance
73
6. USB Storage
Adding removable storage to your network
This chapter describes how to access and configure a USB storage drive attached to your
wireless modem router.
6
Note: The USB ports on the wireless modem router can be used only to
connect USB storage devices like flash drives or hard drives. Do not
connect computers, USB modems, printers, CD drives, or DVD
drives to the these USB ports.
This chapter includes the following sections:
• USB Drive Requirements
74
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
• File-Sharing Scenarios
• USB Storage Basic Settings
• Edit a Network Folder
• Configure USB Storage Advanced Settings
• Unmount a USB Drive
• Specify Approved USB Devices
• Connect to the USB Drive from a Remote Computer
• Connect to the USB Drive with Microsoft Network Settings
• Set Up a Media Server
USB Drive Requirements
The wireless modem router works with 1.0 and 1.1 (USB Full Speed) and 2.0 (USB High
Speed) standards. The approximate USB bus speeds are shown in the following table.
Table 12. USB Bus Speeds
Bus Speed/Second
USB 1.1 12 Mbits
USB 2.0 480 Mbits
Actual bus speeds can vary, depending on the CPU speed, memory, speed of the network,
and other variables. The wireless modem router should work with USB 2.0-compliant or
1.1-compliant external flash and hard drives. For the most up-to-date list of USB drives
supported by the wireless modem router, go to
http://support.netgear.com/app/answers/detail/a_id/18620.
When selecting a USB device, bear in mind the following:
• The USB port on the wireless modem router can be used with one USB hard drive at a
time. Do not attempt to use a USB hub attached to the USB port.
• According to the USB 2.0 specification, the maximum available power is 5V @ 0.5A.
Some USB devices might exceed this requirement, in which case the device might not
function or might function erratically. Check the documentation for your USB device to be
sure.
• The wireless modem router supports FAT, FAT32, and NTFS (read only) file systems.
File-Sharing Scenarios
You can share files on the USB drive for a wide variety of business and recreational
purposes. The files can be any PC, Mac, or Linux file type including text, Word, PowerPoint,
Excel, MP3, pictures, and multimedia files. USB drive applications include:
USB Storage
75
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
• Sharing multimedia with friends and family. You can share MP3 files, pictures, and other
multimedia with local and remote users.
• Sharing resources on your network. Store files in a central location so that you do not
have to power up a computer to perform local sharing. In addition, you can share files
between Macintosh, Linux, and PC computers by using the USB drive as a go-between.
• Sharing files with offsite coworkers. Share files such as Word documents, PowerPoint
presentations, and text files with remote users.
A few common uses are described in the following sections.
Share Photos with Friends and Family
You can create your own central storage location for photos and multimedia. This eliminates
the need to log in to (and pay for) an external photo-sharing site.
To share files with your friends and family:
1. Insert your USB drive into the USB port on the wireless modem router either directly or
with a USB cable.
Computers on your local area network (LAN) can access this USB drive using a web
browser or Microsoft Networking.
2. If you want to specify read-only access, or to allow access from the Internet, see Configure
USB Storage Advanced Settings on page 80.
Store Files in a Central Location for Printing
This scenario is for a family that has one high-quality color printer directly attached to a PC,
but not shared on the local area network (LAN). This family does not have a print server:
• The family’s color printer is directly attached to the mother’s PC.
• The daughter has some photos on her Macintosh computer that she wants to print.
• Their computers are not visible to each other on the network.
To print her photos on the color printer:
1. The daughter types \\readyshare in the address field of her web browser.
This gives her access to the USB drive in the router.
2. She copies the photos from the Mac to the router USB drive.
3. The mother uses a her web browser or Microsoft Networking to transfer the files from the
USB drive to her PC. Then she prints the files.
Share Large Files with Colleagues
Sending files larger than 5 MB can pose a problem for many e-mail systems. The router
allows you to share very large files such as PowerPoint presentations or .zip files with
USB Storage
76
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
colleagues at another site. Rather than tying up their mail systems will large files, your
colleagues can use FTP to easily download shared files from the wireless modem router.
To share files with a remote colleague:
1. To protect your network, set up security. Create a user name and password for the
colleague with appropriate access.
2. If you want to limit USB drive access to only read access, from the wireless modem router
USB Storage (Basic Settings) screen, click Edit a Network folder. In the Write Access
field, select admin, and then click Apply.
Note: The password for admin is the same one that you use to access the
wireless modem router. By default it is password.
3. In the USB Storage (Advanced Settings) screen, select the check box next to FTP via
Internet. See Configure USB Storage Advanced Settings on page 80.
USB Storage Basic Settings
You can view or edit basic settings for the USB storage device attached to your wireless
modem router. On the wireless modem router main menu under USB, select Basic Settings:
By default, the USB storage device is available to all computers on your local area network
(LAN). To access your USB device from this screen, you can click the network/device name
or the share name.
USB Storage
77
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Network/device name:
\\readyshare
Share name:
\\readyshare\USB_Storage
You can also type \\readyshare in the address field of your web browser. If you logged in to
the wireless modem router before you connected your USB device, you might not see your
USB device in the wireless modem router screens until you log out and then log in again.
Table 13. USB Storage (Basic Settings)
Fields and Buttons Description
Network/Device Name The default is \\readyshare. This is the name used to access the
USB device connected to the wireless modem router.
Available
Network folders
Edit button You can click the Edit button to edit the Available Network Folders
Safely Remove USB Device
button
Shared Name • You can click the name shown, or you can type it in the address
field of your web browser.
• If Not Shared is shown, then the default share has been deleted
and no other share for the root folder exists. Click the link to
change this setting.
Read/Write
Access
Folder Name Full path of the used by the network folder.
Volume name Volume name from the storage device (either USB drive or HDD).
Total/Free
Space
Shows the network folder permissions and access controls.
• All-no password allows all users to access the network folder.
• admin uses the same password that you use to log in to the
wireless modem router main menu.
Shows the current utilization of the storage device.
settings. See Edit a Network Folder on page 79.
Click to safely remove the USB device attached to your wireless
modem router. See Unmount a USB Drive on page 82.
USB Storage
78
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Edit a Network Folder
This process is the same from either the USB Storage (Basic Settings) screen or the USB
Storage (Advanced Settings) screen. Click the Edit button to open the USB Storage
(Advanced Settings) screen:
You can use this screen to select a folder, to change the Shared Name, or to change Read
Access or Write Access from All-no password to admin. The password for admin is the
same one that is used to log in to the router main menu. By default it is password.
Note: You have to click Apply for your changes to take effect.
USB Storage
79
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Configure USB Storage Advanced Settings
To configure advanced USB settings, from the router menu, under USB, select Advanced
Settings. The USB Storage (Advanced Settings) screen displays:
You can use this screen to specify access to the USB storage device. The following table
explains the fields and buttons in the USB Storage (Advanced Settings) screen.
Table 14. USB Storage (Advanced Settings)
Fields Description
Network Device Name The default is readyshare. This is the name used to access the USB
device connected to the wireless modem router from your computer.
Workgroup If you are using a Windows workgroup rather than a domain, the
workgroup name is displayed here.
Access Method Network
Connection
HTTP Disabled by default. If you enable this setting, you can type
HTTP (via
Internet)
FTP Disabled by default.
FTP (via
Internet)
Enabled by default, this allows all users on the LAN to have access
to the USB drive.
http://readyshare to access the USB drive.
Disabled by default. If you enable this setting, remote users can type
http://readyshare to access the USB drive over the Internet.
Disabled by default. If you enable this setting, remote users can
access the USB drive through FTP over the Internet.
USB Storage
80
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Table 14. USB Storage (Advanced Settings) (Continued)
Fields Description
Available
Network Folders
Shared Name • You can click the name shown or you can type it into the address
field of your web browser.
• If Not Shared is shown, then the default share has been deleted
and no other share for the root folder exists. Click the link to
change this setting.
Read/Write
Access
Folder Name Full path of the used by the network folder.
Volume Name Volume name from the storage device (either USB drive or HDD).
Total/Free
Space
• Shows the permissions and access controls on the network
folder.
• All-no password allows all users to access the network folder.
• admin prompts you to enter the same password that you use to
log in to the wireless modem router main menu.
The current utilization of the storage device.
Create a Network Folder
To create a network folder:
1. From the USB Storage (Advanced Settings) screen, click the Create a Network Folder
button to open the Create Network Folder screen:
2. Create a folder.
• You can specify the folder’s shared name, and change Read Access and Write
Access from All-no password to admin.
• The password for admin is the same one that is used to log in to the wireless modem
router main menu. By default it is password.
3. Click Apply so that your changes take effect.
USB Storage
81
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Unmount a USB Drive
WARNING!
Unmount the USB drive first before physically unplugging it from
the wireless modem router. If the USB disk is removed or a cable
is pulled while data is being written to the disk, it could result in
file or disk corruption.
To unmount a USB disk drive so that no users can access it, from the USB Settings screen,
click the Safely Remove USB button. This takes the drive offline.
Specify Approved USB Devices
You can specify which USB devices are approved for use when connected to the router.
To specify a USB device:
1. On the router main menu, under Advanced, select USB Settings.
2. Click Approved Devices.
3. On the USB Drive Approved Devices screen, select the USB device from the Available
USB Devices list.
4. Click Add.
USB Storage
82
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
5. Select the Allow only approved devices check box.
6. Click Apply so that your change takes effect.
If you want to approve another USB device, you have to first click the Safely Remove USB
Device button to unmount the currently connected USB device. Connect the other USB
device, and then repeat this process.
Connect to the USB Drive from a Remote Computer
To connect to the USB drive from remote computers using a web browser, you have to use
the router’s Internet port IP address.
Locate the Internet Port IP Address
The Router Status screen shows the Internet port IP address:
To locate the Internet port IP address:
1. Log in to the wireless modem router.
2. In the main menu, under Maintenance, select Router Status.
3. Record the IP address that is listed for the Internet port. This is the IP address you can use
to connect to the router remotely.
Access the Router’s USB Drive Remotely Using FTP
You can connect to the router’s USB drive using a web browser:
1. Connect to the router by typing ftp:// and the Internet port IP address in the address field
of Internet Explorer or Netscape Navigator, for example, ftp://10.1.65.4. If you are using
Dynamic DNS, you can type the DNS name rather than the IP address.
2. Type the account name and password that has access rights to the USB drive.
The directories of the USB drive that your account has access to display, for example,
share/partition1/directory1. You can now read and copy files from the USB directory.
Connect to the USB Drive with Microsoft Network Settings
You can access the USB drive from local computers on your home or office network using
Microsoft Networking settings. You have to be running Microsoft Windows 2000, XP, or older
versions of Windows with Microsoft Networking enabled. You can use normal Explorer
operations such as dragging and dropping, opening files, or cutting and pasting files from:
• Microsoft Windows Start menu, Run option
• Windows Explorer
• Network Neighborhood or My Network Place
USB Storage
83
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Enable File and Printer Sharing
Each computer’s network properties have to be set to enable network communication with
the USB drive. File and Printer Sharing for Microsoft Networking have to be enabled, as
described in the following sections.
Note: In Windows 2000 and Windows XP, File and Printer Sharing is
enabled by default.
Configure Windows 98SE and Windows ME
The easiest way to get to your network properties is to go to your desktop, right-click
Network Neighborhood and then select Properties. File and Printer Sharing for Microsoft
Windows should be listed. If it is not, click Add and follow the installation prompts.
Note: If you have any questions about File and Printer Sharing, contact
Microsoft for assistance.
Configure Windows 2000 and Windows XP
Right-click the network connection for your local area network. File and Printer Sharing for
Microsoft Windows should be listed. If it is not, click Install and follow the installation prompts.
Set Up a Media Server
Setting the N600 Wireless Modem Router as a ReadyDLNA media server enables playback
of videos, movies, and pictures on DLNA/UPnP AV-compliant media players like Xbox360,
Playstation, and NETGEAR's Digital Entertainer Live.
ReadyDLNA means the N600 Wireless Modem Router serves media in DLNA-compatible
form to DLNA/UPnP AV-compliant media players.
USB Storage
84
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
To set up a media server:
1. On the main menu, under USB Storage, select Media Server.
• Enable Media Server enables the N600 Wireless Modem Router to act as a media
server.
• Media Server Name is the name that shows up on media players.
• Under Content Scan, Automatic scans for media files whenever new files are added
to the ReadyShare USB storage.
• You can also schedule scan periodically or click Scan Now to scan for new media
immediately.
2. Click Apply to save your settings.
USB Storage
85
7. Virtual Private Networking
Setting up secure encrypted communications
7
This chapter describes how to use the virtual private networking (VPN) features of the wireless
modem router. VPN communications paths are called tunnels. VPN tunnels provide secure,
encrypted communications between your local network and a remote network or computer. See
Appendix B, NETGEAR VPN Configuration.
This chapter is organized as follows:
• Overview of VPN Configuration
• Plan a VPN
• VPN Tunnel Configuration
• Set Up a Client-to-Gateway VPN Configuration
• Set Up a Gateway-to-Gateway VPN Configuration
• VPN Tunnel Control
• Set Up VPN Tunnels in Special Circumstances
86
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Overview of VPN Configuration
Two common scenarios for VPN tunnels are between a remote PC and a network gateway,
and between two or more network gateways. The N600 Wireless Dual Band Gigabit ADSL2+
Modem Router DGND3700 supports both types. It supports up to five concurrent tunnels.
Client-to-Gateway VPN Tunnels
Client-to-gateway VPN tunnels provide secure access from a remote PC, such as a
telecommuter connecting to an office network.
Modem Router DGND3700
Figure 41. Telecommuter VPN tunnel
VPN Tunnel
Internet
PC running NETGEAR
ProSafe VPN client
A VPN client access allows a remote PC to connect to your network from any location on the
Internet. The remote PC is one tunnel endpoint, running the VPN client software. The
wireless modem router on your network is the other tunnel endpoint. See Set Up a
Client-to-Gateway VPN Configuration on page 90 for information about how to set up this
configuration.
Gateway-to-Gateway VPN Tunnels
Gateway-to-gateway VPN tunnels provide secure access between networks, such as a
branch or home office and a main office.
Modem Router DGND3700
Gateway A
(Home)
Figure 42. VPN Tunnel between networks
VPN Tunnel
Internet
Virtual Private Networking
87
Modem Router DGND3700
Gateway B
(Office)
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
A VPN between two or more NETGEAR VPN-enabled routers is a good way to connect
branch or home offices and business partners over the Internet. VPN tunnels also enable
access to network resources across the Internet. In this case, use gateways on each end of
the tunnel to form the VPN tunnel endpoints. See Set Up a Gateway-to-Gateway VPN
Configuration on page 101 for information about how to set up this configuration.
Plan a VPN
When you set up a VPN, it is helpful to plan the network configuration and record the
configuration parameters on a worksheet:
Table 15. VPN tunnel configuration worksheet
Parameter Value to Be Entered Field Selection
Connection Name N/A
Pre-Shared Key N/A
Secure Association N/A Main Mode Manual Keys
Perfect Forward Secrecy N/A Enabled Disabled
Encryption Protocol N/A DES 3DES
Authentication Protocol N/A MD5 SHA-1
Diffie-Hellman (DH) Group N/A Group 1 Group 2
Key Life in seconds N/A
IKE Life Time in seconds N/A
VPN Endpoint Local IPSecID LAN IP Address Subnet Mask FQDN or Gateway
IP (WAN IP Address
To set up a VPN connection, you have to configure each endpoint with specific identification
and connection information describing the other endpoint. You have to configure the
outbound VPN settings on one end to match the inbound VPN settings on other end, and vice
versa.
This set of configuration information defines a security association (SA) between the two
VPN endpoints. When planning your VPN, you should make a few choices first:
• Will the local end be any device on the LAN, a portion of the local network (as defined by
a subnet or by a range of IP addresses), or a single PC?
• Will the remote end be any device on the remote LAN, a portion of the remote network (as
defined by a subnet or by a range of IP addresses), or a single PC?
Virtual Private Networking
88
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
• Will either endpoint use fully qualified domain names (FQDNs)? FQDNs supplied by
Dynamic DNS providers (see Use a Fully Qualified Domain Name (FQDN) on page 163)
can allow a VPN endpoint with a dynamic IP address to initiate or respond to a tunnel
request. Otherwise, the side using a dynamic IP address has to always be the initiator.
• Which method will you use to configure your VPN tunnels?
- The VPN Wizard using VPNC defaults (see the following table)
- The typical automated Internet Key Exchange (IKE) setup (see Use Auto Policy to
Configure VPN Tunnels on page 112)
- A manual keying setup in which you have to specify each phase of the connection
(see Use Manual Policy to Configure VPN Tunnels on page 119)
Table 16. Parameters recommended by the VPNC and used in the VPN Wizard
Parameter Factory Default Setting
Secure Association Main Mode
Authentication Method Pre-Shared Key
Encryption Method 3DES
Authentication Protocol SHA-1
Diffie-Hellman (DH) Group Group 2 (1024 bit)
Key Life 8 hours
IKE Life Time 1 hour
• What level of IPSec VPN encryption will you use?
- DES. The Data Encryption Standard (DES) processes input data that is 64 bits wide,
encrypting these values using a 56-bit key. Faster but less secure than 3DES.
- 3DES. Triple DES achieves a higher level of security by encrypting the data three
times using DES with three different, unrelated keys.
• What level of authentication will you use?
- MDS. 128 bits, faster but less secure.
- SHA-1. 160 bits, slower but more secure.
VPN Tunnel Configuration
There are two tunnel configurations and three ways to configure them:
• Use the VPN Wizard to configure a VPN tunnel (recommended for most situations):
- See Set Up a Client-to-Gateway VPN Configuration on page 90.
- See Set Up a Gateway-to-Gateway VPN Configuration on page 101.
• When the VPN Wizard and its VPNC defaults (see Table 16 on page 89) are not
appropriate for your special circumstances, but you want to automate the Internet Key
Exchange (IKE) setup, see Use Auto Policy to Configure VPN Tunnels on page 112.
Virtual Private Networking
89
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
• When the VPN Wizard and its VPNC defaults (see Table 16 on page 89) are not
appropriate for your special circumstances and you have to specify each phase of the
connection, see Use Manual Policy to Configure VPN Tunnels on page 119. You
manually enter all the authentication and key parameters. You have more control over the
process; however, the process is more complex, and there are more opportunities for
errors or configuration mismatches between your N600 Wireless Dual Band Gigabit
ADSL2+ Modem Router DGND3700 and the corresponding VPN endpoint gateway or
client workstation.
Set Up a Client-to-Gateway VPN Configuration
Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN client and a
network gateway involves two steps, described in the following sections:
• Step 1: Configure the Client-to-Gateway VPN Tunnel on page 90 describes how to use
the VPN Wizard to configure the VPN tunnel between the remote PC and network
gateway.
• Step 2: Configure the NETGEAR ProSafe VPN Client on page 93 shows how to configure
the NETGEAR ProSafe VPN client endpoint.
IP: 192.168.3.1
22.23.24.25
Figure 43. Wireless Modem Router DGND3700 client-to-gateway VPN tunnel
VPN tunnel
Internet
0.0.0.0
PC running NETGEAR
ProSafe VPN client
Step 1: Configure the Client-to-Gateway VPN Tunnel
This section describes using the VPN Wizard to set up the VPN tunnel using the VPNC
default parameters listed in Table 16 on page 89. If you have special requirements not
covered by these VPNC-recommended parameters, see Set Up VPN Tunnels in Special
Circumstances on page 111 for information about how to set up the VPN tunnel.
Virtual Private Networking
90
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
The following worksheet identifies the parameters used in this procedure. For a blank
worksheet, see Plan a VPN on page 88.
Table 17. VPN tunnel configuration worksheet
Parameter Value to Be Entered Field Selection
Connection Name RoadWarrior N/A
Pre-Shared Key 12345678 N/A
Secure Association N/A Main Mode Manual Keys
Perfect Forward secrecy N/A Enabled Disabled
Encryption Protocol N/A DES 3DES
Authentication Protocol N/A MD5 SHA-1
Diffie-Hellman (DH) Group N/A Group 1 Group 2
Key Life in seconds 28800 (8 hours) N/A
IKE Life Time in seconds 3600 (1 hour) N/A
VPN Endpoint Local IPSecID LAN IP Address Subnet Mask FQDN or Gateway
IP (WAN IP
Address)
Client toGateway N/A N/A Dynamic
Gateway toClient 192.168.3.1 255.255.255.0 22.23.24.25
To configure a client-to-gateway VPN tunnel using the VPN Wizard:
1. Log in to the wireless modem router. On the main menu under Advanced - VPN, select
VPN Wizard.
Virtual Private Networking
91
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
2. Click Next to proceed.
3. Fill in the Connection Name and pre-shared key fields.
The connection name is for convenience and does not affect how the VPN tunnel
functions.
4. Select the radio button for the type of target end point, and click Next.
5. Enter the remote IP address, and click Next.
Virtual Private Networking
92
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
The Summary screen displays:
Note: To view the VPNC-recommended authentication and encryption
settings used by the VPN Wizard, click the here link.
6. Click Done on the Summary screen. The VPN Policies screen displays, showing that the
new tunnel is enabled:
To view or modify the tunnel settings, select its radio button and click Edit.
Note: See Use Auto Policy to Configure VPN Tunnels on page 112 for
information about how to enable the IKE keep-alive capability on an existing
VPN tunnel.
Step 2: Configure the NETGEAR ProSafe VPN Client
This section describes how to configure the NETGEAR ProSafe VPN client on a remote PC.
These instructions assume that the PC running the client has a dynamically assigned IP
address.
Virtual Private Networking
93
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
The PC has to have the NETGEAR ProSafe VPN Client program installed, which supports
IPSec. Go to the NETGEAR website (http://www.netgear.com) for information about how to
purchase the NETGEAR ProSafe VPN client.
Note: Before installing the NETGEAR ProSafe VPN Client software, be
sure to turn off any virus protection or firewall software you might be
running on your PC. You might need to insert your Windows CD to
complete the installation.
To configure the NETGEAR ProSafe VPN client:
1. Install the NETGEAR ProSafe VPN client on the remote PC, and then reboot.
a. Install the IPSec component. You might have the option to install either the VPN
adapter or the IPSec component or both. The VPN adapter is not necessary.
If you do not have a modem or dial-up adapter installed in your PC, you might see the
warning message stating, “The NETGEAR ProSafe VPN Component requires at least
one dial-up adapter be installed.” You can disregard this message.
b. Reboot the remote PC.
The ProSafe icon (
) is in the system tray.
c. Double-click the ProSafe icon to open the Security Policy Editor.
2. Add a new connection.
a. Run the NETGEAR ProSafe Security Policy Editor program, and, using Table 17 on
page 91, create a VPN connection.
b. From the Edit menu of the Security Policy Editor, select Add, and then click
Connection.
A New Connection listing appears in the list of policies.
Virtual Private Networking
94
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
c. Rename the new connection so that it matches the Connection Name field in the
VPN Settings screen of the wireless modem router on LAN A. Choose connection
names that make sense to the people using and administering the VPN.
Note: In this example, the connection name used on the client side of the
VPN tunnel is togw_a, and it does not have to match the
RoadWarrior connection name used on the gateway side of the VPN
tunnel because connection names are irrelevant to how the VPN
tunnel functions.
d. Enter the following settings:
• Connection Security. Select Secure.
• ID Type. Select IP Subnet.
• Subnet. In this example, type 192.168.3.1 as the network address of the wireless
modem router.
• Mask. Enter 255.255.255.0 as the LAN subnet mask of the wireless modem
router.
• Protocol. Select All to allow all traffic through the VPN tunnel.
e. Select the Connect using Secure Gateway Tunnel check box.
f. In the ID Type drop-down list, select IP Address.
g. Enter the public WAN IP address of the wireless modem router in the field directly
below the ID Type drop-down list. In this example, 22.23.24.25 is used.
The resulting connection settings are shown in the figure that follows.
3. Configure the security policy in the NETGEAR ProSafe VPN Client software:
a. In the Network Security Policy list, expand the new connection by double-clicking its
name or clicking the + symbol. My Identity and Security Policy subheadings appear
below the connection name.
Virtual Private Networking
95
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
b. Click the Security Policy subheading to view the Security Policy settings.
Figure 44. Security Policy settings, Client-to-Gateway A
c. In the Select Phase 1 Negotiation Mode section of the screen, select the Main Mode
radio button.
4. Configure the VPN client identity.
In this step, you provide information about the remote VPN client PC. You have to provide
the pre-shared key that you configured in the wireless modem router and either a fixed IP
address or a fixed virtual IP address of the VPN client PC.
a. In the Network Security Policy list on the left side of the Security Policy Editor window,
click My Identity.
b. In the Select Certificate drop-down list, select None.
Virtual Private Networking
96
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
c. In the ID Type drop-down list, select IP Address. If you are using a virtual fixed IP
address, enter this address in the Internal Network IP Address field. Otherwise,
leave this field empty.
d. In the Internet Interface section of the screen, select the adapter that you use to
access the Internet. If you have a dial-up Internet account, in the Name list, select
PPP Adapter. If you have a dedicated cable or ADSL line, select your Ethernet
adapter. If you will be switching between adapters or if you have only one adapter,
select Any.
e. In the My Identity section of the screen, click the Pre-Shared Key button. The
Pre-Shared Key screen displays:
f. Click Enter Key. Enter the wireless modem router pre-shared key, and then click
OK. In this example, 12345678 is entered, though asterisks are displayed in the
field. This field is case-sensitive.
5. Configure the VPN client authentication proposal.
In this step, you provide the type of encryption (DES or 3DES) to be used for this
connection. This selection has to match your selection in the wireless modem router
configuration.
a. In the Network Security Policy list on the left side of the Security Policy Editor window,
expand the Security Policy heading by double-clicking its name or clicking the +
symbol.
b. Expand the Authentication subheading by double-clicking its name or clicking the +
symbol. Then select Proposal 1 below Authentication.
c. In the Authentication Method drop-down list, select Pre-Shared key.
Virtual Private Networking
97
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
d. In the Encrypt Alg drop-down list, select the type of encryption that is configured for
the encryption protocol in the wireless modem router, as listed in Table 15 on
page 88. This example uses Triple DES.
e. In the Hash Alg drop-down list, select SHA-1.
f. In the SA Life drop-down list, select Unspecified.
g. In the Key Group drop-down list, select Diffie-Hellman Group 2.
6. Configure the VPN client key exchange proposal.
In this step, you provide the type of encryption (DES or 3DES) to be used for this
connection. This selection has to match your selection in the wireless modem router
configuration.
a. Expand the Key Exchange subheading by double-clicking its name or clicking the +
symbol. Then select Proposal 1 below Key Exchange.
b. In the SA Life drop-down list, select Unspecified.
c. In the Compression drop-down list, select None.
d. Select the Encapsulation Protocol (ESP) check box.
e. In the Encrypt Alg drop-down list, select the type of encryption that is configured for
the encryption protocol in the wireless modem router, as listed in Table 15 on
page 88. This example uses Triple DES.
f. In the Hash Alg drop-down list, select SHA-1.
g. In the Encapsulation drop-down list, select Tunnel.
h. Leave the Authentication Protocol (AH) check box cleared.
7. Save the VPN client settings.
In the Security Policy Editor window, select File > Save.
After you have configured and saved the VPN client information, your PC automatically
opens the VPN connection when you attempt to access any IP addresses in the range of
the remote VPN router’s LAN.
8. Check the VPN connection.
Virtual Private Networking
98
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
To check the VPN connection, you can initiate a request from the remote PC to the
wireless modem router’s network by using the Connect option in the NETGEAR ProSafe
menu bar. The NETGEAR ProSafe client reports the results of the attempt to connect.
Since the remote PC has a dynamically assigned WAN IP address, it has to initiate the
request.
To perform a ping test using our example, start from the remote PC:
a. Establish an Internet connection from the PC.
b. On the Windows taskbar, click the Start button, and then select Run.
c. Type ping -t 192.168.3.1, and then click OK.
This causes a continuous ping to be sent to the first wireless modem router. After
between several seconds and 2 minutes, the ping response should change from
timed out to reply.
Once the connection is established, you can open a browser on the PC and enter the
LAN IP address of the remote gateway. After a short wait, you should see the login
screen of the wireless modem router (unless another PC is already logged in to the
wireless modem router).
You can view information about the progress and status of the VPN client connection by
opening the NETGEAR ProSafe Log Viewer.
Virtual Private Networking
99
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
To launch this function, click the Windows Start button, then select Programs >
NETGEAR ProSafe VPN Client > Log Viewer. The VPN Status/Log screen for a
successful connection is shown in the following figure:
Note: Use the active VPN tunnel information and pings to determine
whether a failed connection is due to the VPN tunnel or some reason
outside the VPN tunnel.
The Connection Monitor screen for this connection is shown in the following figure:
In this example you can see these settings:
• The wireless modem router has a GW address (public IP WAN address) of 22.23.24.25.
• The wireless modem router has a remote address (LAN IP address) of 192.168.3.1.
• The VPN client PC has a local address (dynamically assigned address) of 192.168.2.2.
While the connection is being established, the Connection Name field in this screen displays
SA before the name of the connection. When the connection is successful, the SA changes
to the yellow key symbol shown in the previous figure.
Virtual Private Networking
100
Loading...