Configuring an IPSec connection between Nitix and a Netgear FVS318NA router

From Nitix Knowledgebase

Jump to: navigation, search


 

Problem

How do I configure an IPSec tunnel between my Nitix server and a Netgear FVS318NA router?

 

Solution

To configure an IPSec connection between Nitix and a Netgear FVS318NA router:

 

On the Nitix Server

Create a new IPsec route.

  1. Select VPN from the Network Setup WebConfig menu.
  2. Select IPsec Setup... and the IPsec Setup screen will be displayed:


    3. IPSec Main


  3. Select Add New Route. The Create IPsec Route screen will be displayed:


    4. Create IPsec Route screen


  4. In the Remote Server field, enter the public IP address or the fully qualified domain name (FQDN) of the remote server.
  5. To include a private subnet behind the remote server’s firewall, enter the internal subnet containing the internal IP address of the remote unit in the Remote Subnet field. For example, if the unit’s internal IP address is 192.168.10.1 with a subnet mask of 255.255.255.0, you would enter 192.168.10.0/24.
  6. Enter your the remote IKE key. This is a password that should be unique and entered on both ends of the IPSec connection.
  7. Enable the Perfect Forward Secrecy (PFS) feature. The two ends do not negotiate this automatically, so make sure that the setting is the same on both ends.
  8. In the section Enable this connection, click "Yes".
  9. Click Save Changes.

 

On the Netgear Router

The following parameters should be configured on the Netgear router:

Connection Name: Name this whatever you want. It has no bearing on the connection itself.

Local IPSec Identifier: Enter the Netgear’s external IP address.

Remote IPSec Identifier: Enter the Net Integrator’s external IP address.

Remote Site is a: Select the LAN option.

Remote LAN IP: To include a private subnet behind the remote server’s firewall, enter the internal subnet containing the internal IP address of the remote unit. For example, if the unit’s internal IP address is 192.168.10.1 with a subnet mask of 255.255.255.0, you would enter 192.168.10.0.

Remote LAN Subnet Mask: Enter the internal subnet mask of the Net Integrator.

Remote WAN IP or FQDN: Enter the external IP address of the Net Integrator

Secure Association: Select Main Mode.

Perfect Forward Secrecy: Select Enabled.

Encryption Protocol: Select 3DES.

Preshared Key: Enter the same key as on the Nitix server.

Key Lifetime: Enter the number 3600.

IKE Lifetime: Leave this at the default 28800.

Was this article helpful?

Similar Articles

Retrieved from "http://kb.nitix.com/5481"
Account Info
Was this article helpful?
How can we improve
this article?
Have more detailed feedback?
Email: