Netgear FVS318, VPN05L, FVG318 Installation Manual

Internet

Spoke 2

192.168.0.x/24

VPN Box to Box connection

VPN Client to Box connection

(

mode config

)

LAN2

LAN1

Client connection to LAN

via VPN Client connection to LAN

FVS338 (Spoke 1)

Public IP: 83.71.251.20 LAN IP : 172.22.102.102

VPN Information:

BoxToBox (To FVX538) LAN2toClient (FVS338 To VPN clients via FVX538)

FVX538

Public IP: 83.71.251.19 LAN IP: 172.22.101.101

VPN Information:

BoxToBox (To FVS338) LAN1toVPN (FVX538 To VPN clients) LAN2toClient (VPN Clients to FVS338 via FVX538)

LAN1

Hub and Spoke VPN using the VPN Prosafe Client

This document describes the steps to undertake in configuring a Hub-and-Spoke network over the Internet using VPNs (box-to-box and client-to-box).

In particular it describes how to allow VPN clients (Spoke) to access Remote LANs (Spokes) via a single VPN connection to a central (Hub) Firewall/Router.

The configuration can apply to any of the VPN Firewall/Router from firmware version 3.5.0.24 and above, and VPN clients from version 10.8.3 and above.

The diagram below shows a typical scenario.

Version 1.0

Table of Contents

NETWORK SETUP .......................................................................................................... 3

Physical setup ............................................................................................................... 3

Logical setup ................................................................................................................. 3

Configuration of VPN policies on the Firewall/Routers .............................................. 4

FVX538 VPN Config (Policy name: BoxtoBox) ....................................................... 4

FVS338 VPN Config (Policy name: BoxtoBox) ....................................................... 4

FVX538 VPN Config (Policy name: LAN1toVPN) ................................................... 5

FVX538 VPN Config (Policy name: LAN2Client) .................................................... 6

FVS338 VPN Config (Policy name: LAN2Client) .................................................... 6

VPN client configuration .................................................................................................. 7

Testing the connection .................................................................................................... 8

Version 1.0

NETWORK SETUP

Physical setup

FVX538 connected to the Internet via a modem or modem/router FVS338 connected to the Internet via a modem or modem/router VPN Client PCs connected Wireless/Wired to the Internet (via a LAN allowing IPSEC

traffic)

Logical setup

FVX538

LAN IP: 172.22.101.101/24 DHCP: 172.22.101.0/24 Mode Config DHCP: 192.168.0.0/24 Firmware version: 3.5.0.24

FVS338

LAN IP: 172.22.102.102/24 DHCP: 172.22.102.0/24

Firmware version: 3.5.0.24

VPN Client Version: 10.8.3 NIC IP: 192.168.0.x/24

VPN configuration The setup will require the creation of multiple VPN policies: FVX538

- 1x Box-to-box policy from the FVX538 to the FVS338 (Policy name: BoxtoBox)

- 1x Client-to-Box policy on the FVX538 to connect to the VPN clients (Policy name:

LAN1toVPN)

- 1x Manual VPN policy using the IKE policy used for the box-to-box connection to

allow the VPN clients to connect to the LAN behind the FVS338 (Policy name: LAN2toClient)

FVS338

- 1x Box-to-box policy from the FVS338 to the FVX538 (Policy name: BoxtoBox)

- 1x Manual VPN policy using the IKE policy used for the box-to-box connection to

allow the FVS338 to connect to the VPN clients (Policy name: LAN2toClient)

VPN Client

- 1x Policy connecting to the Public address of the FVS338 specifying as the IP range for the Remote party 172.22.0.0 mask 255.255.0.0 (class full only mask accepted)

Version 1.0

+ 5 hidden pages