Netgear PY310100129 N600WIRELESS DUAL BAND GIGABIT VDSL2 MODEM ROUTER User Manual
Add to My manuals38 Pages
advertisement
9.
Troubleshooting
Diagnosing and solving problems
9
This chapter provides information to help you diagnose and solve problems you might have with your wireless modem router. If you do not find the solution here, check the NETGEAR support site at http://support.netgear.com
for product and contact information.
This chapter contains the following sections:
• Router Not On
• No ISP Connection
• TCP/IP Network Not Responding
• Cannot Log in
• Changes Not Saved
• Firmware Needs to Be Reloaded
• Incorrect Date or Time
Chapter 9. Troubleshooting | 143
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Router Not On
When you turn the power on, the power, LAN, wireless, DSL, and Internet LEDs should light as described here. If they do not, refer to the sections that follow for help.
1.
When power is first applied, the Power LED lights.
2.
After approximately 10 seconds, other LEDs light as follows: a.
The LAN ports LED lights when any local port is connected.
b.
The 2.4 GHz and 5 GHz Wireless LEDs light.
c.
The DSL LED lights when there is a link via the ADSL phone lines.
d.
The Internet LED lights to indicate a connection to the ISP.
WPS On/Off button
Wireless On/Off button
USB port
Internet
DSL
5 GHZ Wireless
2.4 GHz Wireless
USB
LAN ports
Power
Figure 60. Front panel LEDs
Power LED Is Off
If the Power and other LEDs are off when your router is turned on:
• Check that the power cord is correctly connected to your router and the power supply adapter is correctly connected to a functioning power outlet.
• Check that you are using the 12-V DC power adapter supplied by NETGEAR for this product.
144 | Chapter 9. Troubleshooting
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
If the error persists, you could have a hardware problem and should contact NETGEAR
Technical Support.
Power LED Is Red
When the router is turned on, it performs a power-on self-test. If the Power LED turns red after a few seconds or at any other time during normal operation, there is a fault within the router.
If the Power LED turns red to indicate a router fault, turn the power off and on to see if the wireless modem router recovers. If the power LED is still red 1 minute after power-up:
• Turn the power off and on one more time to see if the wireless modem router recovers.
• Clear the router’s configuration to factory defaults as explained in Factory Settings on page 154. This sets the router’s IP address to 192.168.0.1.
If the error persists, you could have a hardware problem and should contact NETGEAR
Technical Support.
LAN LED Is Off
If the LAN LED does not light when the Ethernet connection is made, check the following:
• The Ethernet cable connections are secure at the wireless modem router and at the hub or workstation.
• The power is turned on to the connected hub or workstation.
Wireless LEDs Are Off
If the 2.4 GHz and 5 GHz Wireless LEDs do not light, the radios may be turned off. Press the
Wireless On/Off button on its front panel to turn the radios back on.
DSL or Internet LED Is Off
If the DSL or Internet LED does not light, check to make sure you are using the correct cable.
When connecting the ADSL or Ethernet WAN port, use the cables that were supplied with the wireless modem router. If the DSL or Internet LED is still off, this could mean that there is no
ADSL or Fiber/Cable modem service or the cable connected to the ADSL or Ethernet WAN port is bad.
See also DSL LED Is Off on page 146.
Chapter 9. Troubleshooting | 145
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
No ISP Connection
If your router cannot access the Internet, first check the ADSL connection, and then check the WAN TCP/IP connections. See Figure 4, Front panel LEDs on page 14 for the location of the LEDs.
ADSL Link
First determine whether you have a ADSL link with the service provider. The state of this connection is indicated by the DSL LED.
DSL LED Is Green or Blinking Green
You have a good ADSL connection. The service provider has connected your line correctly, and your wiring is correct.
DSL LED Is Blinking Amber
Your wireless modem router is attempting to make a ADSL connection with the service provider. The LED should turn green within several minutes.
If the DSL LED does not turn green, disconnect all telephones on the line. If this solves the problem, reconnect the telephones one at a time and use a microfilter on each telephone as described in ADSL Microfilters on page 18. If you connect the microfilters correctly, you should be able to connect all your telephones.
If disconnecting telephones does not result in a green DSL LED, there might be a problem with your wiring. If the telephone company has tested the ADSL signal at your network interface device (NID), you might have poor-quality wiring in your house.
DSL LED Is Off
First disconnect all telephones on the line. If this solves the problem, reconnect the telephones one at a time and use a microfilter on each telephone. If the microfilters are connected correctly, you should be able to connect all your telephones.
If disconnecting telephones does not result in a green DSL LED, check for the following:
• Check that the telephone company has made the connection to your line and tested it.
• Verify that you are connected to the correct telephone line. If you have more than one phone line, be sure that you are connected to the line with the ADSL service. It could be necessary to use a swapper if your ADSL signal is on pins 1 and 4 or the RJ-11 jack. The wireless modem router uses pins 2 and 3.
146 | Chapter 9. Troubleshooting
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Internet LED Is Red
If the Internet LED is red, the device could not connect to the Internet. Verify the following:
• Check that your log-in credentials are correct. See Log In to the N600 Modem Router on page 24 for more information.
• Check that the information you entered on the Basic Settings screen is correct. See
Manual Setup (Basic Settings) on page 28.
• Check with your ISP to verify that the multiplexing method, VPI, and VCI settings on the
ADSL settings screen are correct.
• Find out if the ISP is having a problem. If it is, wait until that problem is cleared up and try again.
Cannot Obtain an Internet IP Address
If your wireless modem router cannot access the Internet, and your Internet LED is green or blinking green, check whether the wireless modem router can obtain an Internet IP address from the ISP. Unless you have been assigned a static IP address, your wireless modem router must request an IP address from the ISP. You can determine whether the request was successful as follows:
1.
Access the router menus at http://192.168.0.1
and log in.
2.
Under Maintenance, select Router Status and check that an IP address shows for the WAN port. If 0.0.0.0 shows, your wireless modem router has not obtained an IP address from your
ISP.
If your router cannot obtain an IP address from the ISP, the problem might be one of the following:
• If you have selected a login program, the service name, user name, or password might be incorrect. See Debug PPPoE or PPPoA on page 148.
• Your ISP might check for your computer’s host name. Assign the computer host name of your ISP account to the wireless modem router in the browser-based Setup Wizard. See
Setup Wizard on page 27 for more information.
• Your ISP allows only one Ethernet MAC address to connect to the Internet, and might check for your computer’s MAC address. In this case, do one of the following:
Inform your ISP that you have bought a new network device and ask them to use the router’s MAC address.
Configure your router to spoof your computer’s MAC address through the Basic
Settings screen. See Manual Setup (Basic Settings) on page 28.
Chapter 9. Troubleshooting | 147
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Debug PPPoE or PPPoA
Debug the PPPoE or PPPoA connection as follows:
1.
Access the router menus at http://192.168.0.1
and log in.
2.
Under Maintenance, select Router Status .
3.
Click the Connection Status button.
4.
If all of the steps indicate OK, your PPPoE or PPPoA connection is working.
5.
If any of the steps indicate Failed, you can attempt to reconnect by clicking Connect .
The wireless modem router continues to attempt to connect indefinitely. If you do not connect after several minutes, check that the service name, user name, and password you are using are correct. Also check with your ISP to be sure that there is no problem with their service.
Note: Unless you connect manually, the wireless modem router does not authenticate with PPPoE or PPPoA until data is transmitted to the network.
Cannot Load an Internet Web Page
If your wireless modem router can obtain an IP address, but your browser cannot load any
Internet Web pages:
• Your computer might not recognize any DNS server addresses.
A DNS server is a host on the Internet that translates Internet names (such as www addresses) to numeric IP addresses. Typically your ISP provides the addresses of one or two DNS servers for your use. If you entered a DNS address during the wireless modem router’s configuration, reboot your computer, and verify the DNS address. Alternately, you can configure your computer manually with DNS addresses, as explained in your operating system documentation .
• Your computer might not have the wireless modem router configured as its TCP/IP wireless modem router.
If your computer obtains its information from the wireless modem router by DHCP, reboot the computer, and verify the wireless modem router address.
TCP/IP Network Not Responding
Most TCP/IP terminal devices and routers have a ping utility for sending an echo request packet to the designated device. The device responds with an echo reply to tell whether a
TCP/IP network is responding to requests.
148 | Chapter 9. Troubleshooting
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Test the LAN Path to Your Wireless Modem Router
You can ping the router from your computer to verify that the LAN path to your router is set up correctly.
To ping the router from a PC running Windows 95 or later:
1.
From the Windows task bar, click the Start button, and select Run .
2.
In the field provided, type ping followed by the IP address of the router, as in this example: ping 192.168.0.1
3.
Click OK .
You should see a message like this one:
“Pinging <IP address> with 32 bytes of data”
If the path is working, you see this message:
“Reply from < IP address >: bytes=32 time=NN ms TTL=xxx”
If the path is not working, you see this message:
“Request timed out”
If the path is not functioning correctly, you could have one of the following problems:
• Wrong physical connections
Make sure that the LAN port LED is on. If the LED is off, follow the instructions in LAN
LED Is Off on page 145.
Check that the corresponding link LEDs are on for your network interface card and for the hub ports (if any) that are connected to your workstation and router.
• Wrong network configuration
Verify that the Ethernet card driver software and TCP/IP software are both installed and configured on your PC or workstation.
Verify that the IP address for your router and your workstation are correct and that the addresses are on the same subnet.
Chapter 9. Troubleshooting | 149
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Test the Path from Your Computer to a Remote Device
After you verify that the LAN path works correctly, test the path from your PC to a remote device. In the Windows Run screen, type: ping -n 10 IP address where IP address is the IP address of a remote device such as your ISP’s DNS server.
If the path is functioning correctly, replies as described in Test the LAN Path to Your Wireless
Modem Router on page 149 display. If you do not receive replies:
• Check that your PC has the IP address of your router listed as the default wireless modem router. If the IP configuration of your PC is assigned by DHCP, this information is not visible in your PC’s Network Control Panel. Verify that the IP address of the router is listed as the default wireless modem router.
• Check that the network address of your PC (the portion of the IP address specified by the netmask) is different from the network address of the remote device.
• Check that your cable or ADSL modem is connected and functioning.
• If your ISP assigned a host name to your PC, enter that host name as the account name in the Basic Settings screen.
• Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many broadband ISPs restrict access by allowing traffic only from the MAC address of your modem, but some additionally restrict access to the MAC address of a single PC connected to that modem. In this case, configure your router to clone or spoof the MAC address from the authorized PC.
Cannot Log in
If you cannot log in to the wireless modem router from a computer on your local network, check the following:
• The router is plugged in and it is on.
• You are using the correct login information. The login name is admin , and the password is password . Make sure that Caps Lock is off when you enter this information.
• If you cannot connect wirelessly, try an Ethernet connection and view the router wireless settings and set up your wireless computer with corresponding wireless settings.
• If you are using an Ethernet-connected computer, check the Ethernet connection between the computer and the router. The LAN LED for the port you are using on the router should light up to show your connection.
• Your computer’s IP address is on the same subnet as the router. If you are using the recommended addressing scheme, your computer’s address should be in the range
192.168.0.2 to 192.168.0.254.
• If the computer IP address is 169.254.x.x, recent versions of Windows and Mac OS generate and assign an IP address when the computer cannot reach a DHCP server. The
150 | Chapter 9. Troubleshooting
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual auto-generated addresses are in the range 169.254.x.x. If your IP address is in this range, check the connection from the computer to the router and reboot your computer.
• If your router’s IP address was changed and you do not know the current IP address, clear the router’s configuration to factory defaults as explained in Factory Settings on page 154. This sets the router’s IP address to 192.168.0.1.
• Make sure that your browser has Java, JavaScript, or ActiveX enabled. If you are using
Internet Explorer, click Refresh to be sure that the Java applet is loaded.
• Try closing the browser and relaunching it.
Changes Not Saved
If the router does not save the changes you make in the router interface, check the following:
• When entering configuration settings, always click the Apply button before moving to another screen or tab, or your changes are lost.
• Click the Refresh or Reload button in the Web browser. The changes might have occurred, but the old settings might be in the Web browser’s cache.
Firmware Needs to Be Reloaded
When you attempt to connect to the Internet, the browser might display a message similar to the one below telling you that you need to reload the router’s firmware. This means a problem has been detected with the router’s firmware.
Figure 61. Reload firmware
1.
If you already have the firmware file on your PC, go directly to step 2 . If you do not have the firmware file on your PC, obtain the firmware from the NETGEAR support site at http://www.netgear.com/support through another working Internet connection.
2.
Click Browse .
3.
Navigate to the firmware file.
4.
Click Upgrade . A progress bar displays. The reload takes about 5 minutes to complete.
When the firmware recovery is completed, the login screen displays so you can log in.
Chapter 9. Troubleshooting | 151
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Incorrect Date or Time
Select Security > Schedule to display the current date and time. The wireless modem router uses the Network Time Protocol (NTP) to obtain the current time from one of several network time servers on the Internet. Each entry in the log is stamped with the date and time of day.
Problems with the date and time function can include the following:
• Date shown is January 1, 2000. This means the router has not yet successfully reached a network time server. Check that your Internet access is configured correctly. If you have just completed configuring the router, wait at least 5 minutes, and check the date and time again.
• Time is off by one hour. The router does not automatically sense daylight savings time. In the Schedule screen, select the Adjust for Daylight Savings Time check box.
152 | Chapter 9. Troubleshooting
A.
Supplemental Information
This appendix includes the factory default settings and technical specifications for the
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700, and instructions for wall-mounting the unit.
A
This appendix contains the following sections:
• Factory Settings
• Technical Specifications
Appendix A. Supplemental Information | 153
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Factory Settings
You can return the wireless modem router to its factory settings. On the bottom of the wireless modem router, use the end of a paper clip or some other similar object to press and hold the Restore Factory Settings button for at least 7 seconds. The wireless modem router resets, and returns to the factory settings. Your device will return to the factory configuration settings shown in the following table.
Table 22. Factory Settings Description
Feature
Router Login
User Login URL
User Name (case-sensitive)
Login Password (case-sensitive)
Internet Connection
WAN MAC Address
WAN MTU Size
Default Behavior http://www.routerlogin.net
admin password
Use default address
1492
AutoSense Port Speed
Local Network (LAN)
Lan IP
Subnet Mask
RIP Direction
RIP Version
RIP Authentication
DHCP Server
DHCP Starting IP Address
DHCP Ending IP Address
DMZ
Time Zone
192.168.0.1
255.255.255.0
None
Disabled
None
Enabled
192.168.0.2
192.168.0.254
Disabled
GMT
Time Zone Adjusted for Daylight Saving
Time
Disabled
SNMP Disabled or http://www.routerlogin.com
154 | Appendix A. Supplemental Information
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Table 22. Factory Settings Description
Feature
Firewall
Default Behavior
Inbound (communications coming in from the Internet)
Disabled (except traffic on port 80, the HTTP port)
Outbound (communications going out to the Internet)
Enabled (all)
Disabled Source MAC filtering
Wireless
Wireless Communication
Wi-Fi Network Name (SSID)
Enabled
2.4 GHz Wireless Network: NETGEAR
Wireless security
Broadcast SSID
Transmission Speed
Country/Region
5 GHz Wireless Network: NETGEAR-5G
Disabled
Enabled
Auto 1
United States (in North America; otherwise, varies by region)
RF Channel
Operating Mode
Data Rate
Output Power
Auto
Up to 145 Mbps
Best
Full
Access Point
Authentication Type
Enabled
Pre-Shared Key
Wireless Card Access List All wireless stations allowed
1. Maximum wireless signal rate derived from IEEE Standard 802.11 specifications. Actual throughput will vary. Network conditions and environmental factors, including volume of network traffic, building materials and construction, and network overhead, lower actual data throughput rate.
Appendix A. Supplemental Information | 155
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Technical Specifications
Table 23. Technical Specifications Description
Network Protocol and Standards Compatibility
Data and routing protocols: TCP/IP, RIP-1, RIP-2, DHCP, PPPoE or PPPoA, RFC 1483 Bridged or Routed Ethernet, and RFC 1577 Classical IP over ATM
Power Adapter
North America
UK, Australia
Europe:
120V, 60 Hz, input
240V, 50 Hz, input
230V, 50 Hz, input
All regions (output)
Physical
Dimensions
12 V AC @ 2.5A output
Weight
6.80 in. x 5.03 in. x 1.28 in.
172.7 mm x 127.7 mm x 32.5 mm
0.61 lbs.
0.275 kg
Environmental
Operating temperature
Operating humidity
Storage temperature
Storage humidity
Regulatory Compliance
Meets requirements of
Interface Specifications
LAN
WAN
0° to 40° C (32º to 104º F)
10% to 90% relative humidity, noncondensing
-20° to 70° C (-4º to 158º F)
5 to 95% relative humidity, noncondensing
FCC Part 15 Class B; VCCI Class B; EN 55 022 (CISPR 22), Class B
10BASE-T or 100BASE-Tx, RJ-45
ADSL, Dual RJ-11, pins 2 and 3
T1.413, G.DMT
156 | Appendix A. Supplemental Information
B.
NETGEAR VPN Configuration
Case study on how to set up a VPN
B
This appendix is a case study on how to configure a secure IPSec VPN tunnel from a NETGEAR
DGND3700 to a FVL328. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html
).
Configuration Profile
The configuration in this appendix follows the addressing and configuration mechanics defined by the VPN Consortium. Gather necessary information before you begin configuration. Verify that the firmware is up to date, and that you have all the addresses and parameters to be set on both sides. Check that there are no firewall restrictions.
Table 24. Wireless Modem Router to Gateway B Profile Summary
VPN Consortium Scenario
Type of VPN
Security scheme:
IP addressing:
NETGEAR-Gateway A
NETGEAR-Gateway B
Scenario 1 (Identity Using Preshared Secrets)
LAN-to-LAN or gateway-to-gateway (not PC/client-to-gateway)
IKE with pre-shared secret/key (not certificate based)
Static IP address
Static IP address
172.23.9.0/24
10.506.0/24
Gateway A
(DGND3700)
Gateway B
LAN IP
10.5.6.1
WAN IP
14.15.16.17
Internet
WAN IP
22.23.24.25
LAN IP
172.23.9.1
Figure 62. VPNC Example, Network Interface Addressing
Appendix B. NETGEAR VPN Configuration | 157
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Step-by-Step Configuration
1.
Use the VPN Wizard to configure Gateway A (DGND3700) for a gateway-to-gateway tunnel (see Setting Up a Gateway-to-Gateway VPN Configuration on page 99), being certain to use appropriate network addresses for the environment.
The LAN addresses used in this example are as follows:
Unit
DGND3700
FVL328
WAN IP
14.15.16.17
22.13.24.25
LAN IP
10.5.6.1
172.23.9.1
LAN Subnet Mask
255.255.255.0
255.255.255.0
a.
For the connection name, enter toGW_B .
b.
For the remote WAN’s IP address, enter 22.23.24.25
.
c.
Enter the following:
• IP Address. 172.23.9.1
• Subnet Mask. 255.255.255.0
d.
In the Summary screen, click Done .
2.
Use the VPN Wizard to configure the Gateway B for a gateway-to-gateway tunnel (see
Setting Up a Gateway-to-Gateway VPN Configuration on page 99), being certain to use appropriate network addresses for the environment.
a.
For the connection name, enter toGW_A .
b.
For the remote WAN’s IP address, enter 14.15.16.17
.
c.
Enter the following:
• IP Address. 10.5.6.1
• Subnet Mask. 255.255.255.0
d.
In the Summary screen, click Done .
158 | Appendix B. NETGEAR VPN Configuration
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
3.
On the Gateway B router menu, under VPN, select IKE Policies , and click the Edit button to display the IKE Policy Configuration screen: toGW_A
22.23.24.25
14.15.16.17
4.
On Gateway B router menu, under VPN, select VPN Policies , and click the Edit button to display the VPN - Auto Policy screen:
14.15.16.17
172 23 9 1
10 5 6
5.
Test the VPN tunnel by pinging the remote network from a PC attached to Gateway A
(wireless modem router).
a.
Open the command prompt (select Start > Run > cmd ).
Appendix B. NETGEAR VPN Configuration | 159
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual b.
Type ping 172.23.9
.
If the pings fail the first time, try the pings a second time.
Wireless Modem Router with FQDN to Gateway B
This section is a case study on how to configure a VPN tunnel from a NETGEAR wireless modem router to a gateway using a fully qualified domain name (FQDN) to resolve the public address of one or both routers. This case study follows the VPN Consortium interoperability profile guidelines (found at http://www.vpnc.org/InteropProfiles/Interop-01.html
).
Configuration Profile
The configuration in this section follows the addressing and configuration mechanics defined by the VPN Consortium. Gather the necessary information before you begin configuration.
Verify that the firmware is up to date, and that you have all the addresses and parameters to be set on both sides. Check that there are no firewall restrictions.
10.506.0/24
172.23.9.0/24
Gateway A
(DGND3700)
Gateway B
LAN IP
10.5.6.1
WAN IP example.org
(FQDN)
Internet
WAN IP example2.org
(FQDN)
LAN IP
172.23.9.1
Figure 63. VPNC Example, Network Interface Addressing
Table 25. Wireless Modem Router with FQDN to Gateway B Profile Summary
VPN Consortium Scenario
Type of VPN
Security scheme:
IP addressing:
Scenario 1
LAN-to-LAN or gateway-to-gateway (not PC/client-to-gateway)
IKE with pre-shared secret/key (not certificate based)
160 | Appendix B. NETGEAR VPN Configuration
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Table 25. Wireless Modem Router with FQDN to Gateway B Profile Summary
VPN Consortium Scenario
NETGEAR-Gateway A
NETGEAR-Gateway B
Scenario 1
Fully qualified domain name (FQDN)
FQDN
Using a Fully Qualified Domain Name (FQDN)
Many ISPs provide connectivity to their customers using dynamic instead of static IP addressing. This means that a user’s IP address does not remain constant over time, which presents a challenge for gateways attempting to establish VPN connectivity.
A Dynamic DNS (DDNS) service allows a user whose public IP address is dynamically assigned to be located by a host or domain name. It provides a central public database where information (such as email addresses, host names, and IP addresses) can be stored and retrieved. Now, a gateway can be configured to use a third-party service instead of a permanent and unchanging IP address to establish bidirectional VPN connectivity.
To use DDNS, you must register with a DDNS service provider. Some DDNS service providers include:
• DynDNS: www.dyndns.org
• TZO.com: netgear.tzo.com
• ngDDNS: ngddns.iego.net
In this example, Gateway A is configured using a sample FQDN provided by a DDNS service provider. In this case we established the hostname dgnd3300v2.dyndns.org for Gateway A using the DynDNS service. Gateway B uses the DDNS service provider when establishing a
VPN tunnel.
To establish VPN connectivity, Gateway A must be configured to use Dynamic DNS, and
Gateway B must be configured to use a DNS host name provided by a DDNS service provider to find Gateway A. Again, the following step-by-step procedures assume that you have already registered with a DDNS service provider and have the configuration information necessary to set up the gateways.
Step-by-Step Configuration
1.
Log in to Gateway A (your wireless modem router) as described in Log In to the N600
Modem Router on page 24.
This example assumes that you have set the local LAN address as 10.5.6.1 for Gateway
A and have set your own password.
2.
On Gateway A, configure the Dynamic DNS settings.
Appendix B. NETGEAR VPN Configuration | 161
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual a.
Under Advanced, select Dynamic DNS .
b.
Fill in the fields with account and host name settings.
• Select the Use a Dynamic DNS Service check box.
• In the Host Name field, type dgnd3300v2.dyndns.org
.
• In the User Name field, enter the account user name.
• In the Password field, enter the account password.
c.
Click Apply .
d.
Click Show Status . The resulting screen should show Update OK: good:
3.
On NETGEAR Gateway B, configure the Dynamic DNS settings. Assume a correctly configured DynDNS account.
a.
From the main menu, select Dynamic DNS .
b.
Select the DynDNS.org
radio button.
162 | Appendix B. NETGEAR VPN Configuration
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
The Dynamic DNS screen displays: c.
Fill in the fields with the account and host name settings.
• In the Host and Domain Name field, enter fvl328.dyndns.org
.
• In the User Name field, enter the account user name.
• In the Password field, enter the account password.
d.
Click Apply.
e.
Click Show Status .
The resulting screen should show Update OK: good:
4.
Configure the N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 as in the gateway-to-gateway procedures using the VPN Wizard (see Setting Up a
Gateway-to-Gateway VPN Configuration on page 99), being certain to use appropriate network addresses for the environment.
The LAN addresses used in this example are as follows:
Device
DGND3700
FVL328
LAN IP Address
10.5.6.1
172.23.6.1
LAN Subnet Mask
255.255.255.0
255.255.255.0
Appendix B. NETGEAR VPN Configuration | 163
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual a.
For the connection name, enter toFVL328 .
b.
For the remote WAN's IP address, enter fvl328.dyndns.org
.
c.
Enter the following:
• IP Address. 172.23.9.1
• Subnet Mask. 255.255.255.0
5.
Configure the FVL328 as in the gateway-to-gateway procedures for the VPN Wizard (see
Setting Up a Gateway-to-Gateway VPN Configuration on page 99), being certain to use appropriate network addresses for the environment.
a.
For the connection name, enter toDGND3300v2 .
b.
For the remote WAN's IP address, enter dgnd3300v2.dyndns.org
.
c.
Enter the following:
• IP Address. 10.5.6.1
• Subnet Mask. 255.255.255.0
6.
Test the VPN tunnel by pinging the remote network from a PC attached to the N600
Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700.
a.
Open the command prompt (select Start > Run > cmd ) b.
Type ping 172.23.9.1
.
If the pings fail the first time, try the pings a second time.
Configuration Summary (Telecommuter Example)
The configuration in this section follows the addressing and configuration mechanics defined by the VPN Consortium. Gather the necessary information before you begin configuration.
Verify that the firmware is up to date, and make sure you have all the addresses and parameters to be set on both sides. Assure that there are no firewall restrictions.
Table 26. Configuration Summary (Telecommuter Example)
VPN Consortium Scenario
Type of VPN:
Security scheme:
IP addressing:
Scenario 1
PC/client-to-gateway, with client behind NAT router
IKE with pre-shared secret/key (not certificate based)
164 | Appendix B. NETGEAR VPN Configuration
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Table 26. Configuration Summary (Telecommuter Example)
VPN Consortium Scenario
Gateway
Client
Scenario 1
Fully qualified domain name (FQDN)
Dynamic
192.168.0.1/24
LAN IP
192.168.0.1
Gateway A
(main office)
WAN IP
FQDN ntgr.dyndns.org
“from_GW_A”
Internet
Gateway B
(regional office)
WAN IP
0.0.0.0
“toGW_A” IP: 192.168.2.3
Client PC
(running NETGEAR
ProSafe VPN client)
Figure 64. Telecommuter Example
Setting Up Client-to-Gateway VPN (Telecommuter
Example)
Setting up a VPN between a remote PC running the NETGEAR ProSafe VPN client and a network gateway involves two steps, described in the following sections:
• Step 1: Configure Gateway A (VPN Router at Main Office) on page 166.
• Step 2: Configure Gateway B (VPN Router at Regional Office) on page 167 describes configuring the NETGEAR ProSafe VPN client endpoint.
Appendix B. NETGEAR VPN Configuration | 165
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Step 1: Configure Gateway A (VPN Router at Main Office)
1.
Log in to the VPN router. Select VPN Policies to display the VPN Policies screen. Click
Add Auto Policy to proceed and enter the information.
fromGW_A (in the example)
IKE Keep Alive is optional; must match
Remote LAN IP Address when enabled
(remote PC must respond to pings)
192.168.2.3 (in this example)
(Remote NAT router must have
Address Reservation set and
VPN Passthrough enabled) fromGW_A.com (in this example) toGW_A.com (in this example)
2.
Click Apply when you are finished to display the VPN Policies screen.
To view or modify the tunnel settings, select the radio button next to the tunnel entry, and then click Edit .
166 | Appendix B. NETGEAR VPN Configuration
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Step 2: Configure Gateway B (VPN Router at Regional Office)
This procedure assumes that the PC running the client has a dynamically assigned IP address.
The PC must have a VPN client program installed that supports IPSec (in this case study, the
NETGEAR VPN ProSafe Client is used). Go to the NETGEAR website ( www.netgear.com
) for information about how to purchase the NETGEAR ProSafe VPN Client.
Note: Before installing the software, be sure to turn off any virus protection or firewall software you might be running on your PC.
1.
Install the NETGEAR ProSafe VPN Client on the remote PC, and then reboot.
a.
You might need to insert your Windows CD to complete the installation.
b.
If you do not have a modem or dial-up adapter installed in your PC, you might see the warning message stating “The NETGEAR ProSafe VPN Component requires at least one dial-up adapter be installed.” You can disregard this message.
c.
Install the IPSec component. You might have the option to install either the VPN adapter or the IPSec component or both. The VPN adapter is not necessary.
d.
The system should show the ProSafe icon ( ) in the system tray after you reboot.
e.
Double-click the system tray icon to open the Security Policy Editor.
2.
Add a new connection.
a.
Run the NETGEAR ProSafe Security Policy Editor program, and create a VPN connection.
b.
From the Edit menu of the Security Policy Editor, select Add > Connection . A New
Connection listing appears in the list of policies. c.
Rename the new connection to match the connection name you entered in the VPN settings of Gateway A. Choose connection names that make sense to the people using and administrating the VPN.
Appendix B. NETGEAR VPN Configuration | 167
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Note: In this example, the connection name on the client side of the VPN tunnel is toGW_A. It does not have to match the VPN_client connection name used on the gateway side of the VPN tunnel because connection names do not affect how the VPN tunnel functions.
d.
In the Connection Security section, select Secure .
toGW_A e.
In the ID Type drop-down list, select IP Subnet .
f.
In this example, in the Subnet field, type 192.168.0.1
as the network address of the wireless modem router.
g.
In the Mask field, enter 255.255.255.0
as the LAN subnet mask of the wireless modem router.
h.
In the Protocol drop-down list, select All to allow all traffic through the VPN tunnel. i.
Select the Connect using Secure Gateway Tunnel check box. j.
In the ID Type drop-down list, select Domain Name , and enter fromGW_A.com
(in this example). k.
Select Gateway Hostname and enter ntgr.dyndns.org
(in this example).
3.
Configure the security policy in the wireless modem router software.
a.
In the Network Security Policy list, expand the new connection by double-clicking its name or clicking the + symbol. My Identity and Security Policy appear below the connection name.
168 | Appendix B. NETGEAR VPN Configuration
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual b.
Click Security Policy to show the Security Policy screen.
c.
In the Select Phase 1 Negotiation Mode group, select the Main Mode radio button.
4.
Configure the VPN client identity.
In this step, you provide information about the remote VPN client PC. You must provide the pre-shared key that you configured in the wireless modem router and either a fixed IP address or a fixed virtual IP address of the VPN client PC.
a.
In the Network Security Policy list on the left side of the Security Policy Editor window, click My Identity .
b.
In the Select Certificate list, select None .
c.
In the ID Type list, select Domain Name , and enter toGW_A.com
(in this example). d.
In the Virtual Adapter list, select Disabled .
Appendix B. NETGEAR VPN Configuration | 169
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual e.
In the Internet Interface section, select Intel PRO/100VE Network Connection (in this example; your Ethernet adapter might be different) in the Name list, and then in the IP Addr list, enter 192.168.2.3
(in this example). f.
Click the Pre-Shared Key button.
g.
In the Pre-Shared Key screen, click Enter Key . Enter the N600 Wireless Dual Band
Gigabit ADSL2+ Modem Router DGND3700’s pre-shared key and click OK . In this example, 12345678 is entered, though the screen shows asterisks. This field is case-sensitive.
5.
Configure the VPN Client Authentication Proposal.
In this step, you provide the type of encryption (DES or 3DES) to be used for this connection. This selection must match your selection in the VPN router configuration.
a.
In the Network Security Policy list on the left side of the Security Policy Editor window, expand the Security Policy heading by double-clicking its name or clicking the + symbol.
b.
Expand the Authentication subheading by double-clicking its name or clicking the + symbol. Then select Proposal 1 below Authentication. c.
In the Authentication Method drop-down list, select Pre-Shared Key .
d.
In the Encrypt Alg drop-down list, select the type of encryption. In this example, use
Triple DES .
e.
In the Hash Alg drop-down list, select SHA-1 .
f.
In the SA Life drop-down list, select Unspecified .
g.
In the Key Group drop-down list, select Diffie-Hellman Group 2 .
6.
Configure the VPN Client Key Exchange Proposal.
170 | Appendix B. NETGEAR VPN Configuration
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
In this step, you provide the type of encryption (DES or 3DES) to be used for this connection. This selection must match your selection in the VPN router configuration.
a.
Expand the Key Exchange subheading by double-clicking its name or clicking the + symbol. Then select Proposal 1 below Key Exchange. b.
In the SA Life drop-down list, select Unspecified .
c.
In the Compression drop-down list, select None .
d.
Select the Encapsulation Protocol (ESP) check box. e.
In the Encrypt Alg drop-down list, select the type of encryption. In this example, use
Triple DES .
f.
In the Hash Alg drop-down list, select SHA-1 .
g.
In the Encapsulation drop-down list, select Tunnel .
h.
Leave the Authentication Protocol (AH) check box cleared.
7.
Save the VPN client settings.
From the File menu at the top of the Security Policy Editor window, select Save .
After you have configured and saved the VPN client information, your PC automatically opens the VPN connection when you attempt to access any IP addresses in the range of the remote VPN router’s LAN.
8.
Check the VPN connection.
Appendix B. NETGEAR VPN Configuration | 171
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
To check the VPN connection, you can initiate a request from the remote PC to the VPN router’s network by using the Connect option in the wireless modem router screen:
Right-click the system tray icon to open the pop-up menu.
My Connections\DGD3300v2
Since the remote PC has a dynamically assigned WAN IP address, it must initiate the request.
a.
Right-click the system tray icon to open the pop-up menu. b.
Select Connect to open the My Connections list.
c.
Select toDGND3300v2 .
The wireless modem router reports the results of the attempt to connect. Once the connection is established, you can access resources of the network connected to the
VPN router.
Right-click the system tray icon to open the pop-up menu.
My Connections\DGD3300v2
To perform a ping test using this example, start from the remote PC: a.
Establish an Internet connection from the PC.
b.
On the Windows taskbar, click the Start button, and then select Run .
c.
Type ping -t 192.168.0.1
, and then click OK .
172 | Appendix B. NETGEAR VPN Configuration
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
This causes a continuous ping to be sent to the VPN router. Within 2 minutes, the ping response should change from timed out to reply .
Once the connection is established, you can open the browser on the PC and enter the LAN
IP address of the VPN router. After a short wait, you should see the login screen of the VPN router (unless another PC already has the VPN router management interface open).
Note: You can use the VPN router diagnostics to test the VPN connection from the VPN router to the client PC. To do this, select Diagnostics on the wireless modem router main menu.
Monitoring the VPN Tunnel (Telecommuter Example)
To view information about the progress and status of the VPN client connection, open the Log
Viewer. In Windows, click Start , and select Programs > N600 Wireless Dual Band Gigabit
ADSL2+ Modem Router DGND3700 > Log Viewer .
Note: Use the active VPN tunnel information and pings to determine whether a failed connection is due to the VPN tunnel or some reason outside the VPN tunnel.
The Connection Monitor screen displays:
While the connection is being established, the connection name listed in this screen shows
SA before the name of the connection. When the connection is successful, the SA changes to the yellow key symbol.
Appendix B. NETGEAR VPN Configuration | 173
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Note: While your PC is connected to a remote LAN through a VPN, you might not have normal Internet access. If this is the case, you need to close the VPN connection to have normal Internet access.
Viewing the VPN Router’s VPN Status and Log Information
To view information about the status of the VPN client connection, open the VPN router’s
VPN Status screen:
1.
On the wireless modem router main menu, select Router Status , and then click the
VPN Status button. The VPN Status/Log screen displays:
2.
To view the VPN tunnels status, click VPN Status .
174 | Appendix B. NETGEAR VPN Configuration
C.
Notification of Compliance
NETGEAR Wireless Routers, Gateways, APs
Regulatory Compliance Information
Placeholder for dual-band compliance appendix.
Interference Reduction Table
The table below shows the Recommended Minimum Distance between NETGEAR equipment and household appliances to reduce interference (in feet and meters).
Table 27. Interference Reduction Table
Household Appliance
Microwave ovens
Baby Monitor - Analog
Baby Monitor - Digital
Cordless phone - Analog
Cordless phone - Digital
Bluetooth devices
ZigBee
Recommended Minimum Distance
(in feet and meters)
30 feet / 9 meters
20 feet / 6 meters
40 feet / 12 meters
20 feet / 6 meters
30 feet / 9 meters
20 feet / 6 meters
20 feet / 6 meters
C
Appendix C. Notification of Compliance | 175
Index
A
AC power adapter input 14 access lists 43 accessing remote computer 49 adapter, wireless 23 adding custom service 53 addresses, DNS 30
ADSL see also DSL statistics, viewing 69
ADSL microfilter filter, described 18
ADSL microfilters 18
ADSL settings 32
ADSLport 13
Advanced Wireless Settings screen 128 alerts, emailing 59
Application Level Gateway (ALG), disabling 123 approved USB devices 80 attached devices, viewing 71 authentication proposal 95
,
96
Auto Policy to configure VPN tunnels 110 automatic firmware checking 64 automatic Internet connection 28
B back panel 13 backing up configuration 66
Basic Settings screen described 29 manual setup 28 blocking content and services 47 blocking keywords, examples 48 blocking settings examples 48 box contents 11 bridged networks 130
C changes not saved, router 151 client-to-gateway VPN tunnels 85 compliance 175 configuration file backing up 66 erase 66 managing 66 restoring 66 configuration, wireless network 41 configuring port forwarding 53 port triggering 55 security policy 94
VPN tunnels 86
,
88
,
99
,
160 connecting USB drive 81 connecting wirelessly 17 content filtering 47 custom service (port forwarding) 53
D date and time 152 daylight savings time 58
,
152 deactivating VPN tunnels 107 , 108 default demilitarized zone (DMZ) server 122 default factory settings, see factory settings deleting
VPN tunnels 109 denial of service (DoS) port scans 121 protection 47 devices, adding 39 diagnostic utilities 71 disable SSID 37 disabling firewalls 31
SIP ALG 123
SSID broadcast 37 disconnecting USB drive 80
DNS servers 49
Domain Name Server (DNS) addresses 30 , 123
Domain Name Server (DNS), secondary 30
DSL port LED 15
DSL settings 31
Index | 176
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Dynamic DNS 123
Dynamic Host Configuration Protocol (DHCP) server
125
E email notices 59 encryption algorithm 96 encryption keys 38 erasing configuration file 66
F factory settings list of 154 resetting 12 file and printer sharing 82 file sharing 73 filtering content 47 firmware automatic check 64 reload firmware message 151 upgrade 64
,
136 upgrade at log in 25 upgrade manually 65 front panel 14 front panel LEDs 14
FTP, sharing files using 75 fully qualified domain name (FQDN), configuring VPN tunnels using 160
G gateway IP address 30 gateway-to-gateway VPN tunnels 86
,
99 guest devices, adding 39
H host name 29 host trusted 48
I
IKE protocol 110 installing manual setup 28
Internet port 28
Internet port LEDs 15
Internet port, no connection 32
Internet Relay Chat (IRC) 50
Internet Service Provider (ISP), see ISP
Internet traffic statistics 142
IP address 81
DHCP 23
LAN service 124 reserved 125
IP setup, LAN 124
ISP account information 23
Basic Settings screen 29
DSL settings 31
DSL synchronization 15
ISP login 24
K keep-alive, IKE 111 keywords blocking 48 deleting 48
L
LAN setup 124
LAN port LEDs 16
LAN ports 13
LAN setup 124 large files, sharing 75
LEDs troubleshooting 144 verifying cabling 20 local servers, port forwarding to 53
Log Viewer 98 logging in cannot 150 changing password 32
,
63
ISP 24 router 24 time-out 33 types 33 upgrade firmware 25 login time-out 32 , 63 logs, emailing 59
M
MAC addresses configuring 31 described 37 filtering by 44 rejected 150 restricting access by 43 , 45 spoofing 147
Index | 177
maintenance settings 63 manual logout 33 manual setup 28 manual setup, Basic Settings screen 28 manually configuring VPN policies 117
Maximum Transmit Unit (MTU) 122
MD5 authentication 112 menus, described 26 metric, number of routers 138 mixed mode security options 38 multi-point bridge mode 132
N
NAT (Network Address Translation) 49
NETGEAR ProSafe VPN Client 92
Network Address Translation (NAT) 31 network folder creating 79 editing 77
Network Time Protocol (NTP) 58 , 152 network troubleshooting 148 no Internet connection 32
O
On/Off button 14
On/Off LED 17 one-line ADSL microfilter 18 online help, router 26
P passphrases 46 changing 45
WPA-802.1x
45 passwords, see passphrases ping 98 , 172 pinging WAN port 122
Plug and Play, Universal (UPnP) 139 plug and play, universal (UPnP) 139 point-to-point bridge mode 131
Point-to-Point Tunneling Protocol (PPTP) 28 port forwarding 51 , 52 , 53 configuring 53 example 51 port numbers 57 port scanning, disabling 121 port triggering 50
,
52
,
55 configuring 55 example 50
178 | Index
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual ports listed, back panel 13 positioning the router 17 power adapter, AC 14 preset security passphrase 36
,
45 security option 36
SSID 36 pre-shared key 38 primary DNS addresses 30
Push ’N’ Connect, see WPS
Q
Quality of Service (QoS) 126
,
127
R
RADIUS server 38 range of wireless connections 17 remote management 81
,
135 removing USB drive 80 repeater mode with wireless client association 134 replace existing router 23 reserved IP address 125 restore configuration file 66 factory settings button 154 restricting wireless access by MAC addresses 45 router interface, described 26 router, status 67
Routing Information Protocol (RIP} 124
S secondary DNS 30
Secure Sockets Layer (SSL) 35 security 37 see also security options security association (SA) 87 security features 36 security options described 37 settings 37 security PIN 12 , 40 security policy, configuring 94 security settings 47 sending logs by email 59 services 57
Session Initiation Protocol (SIP), disabling 123 setting time zone 58
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual
Setup Wizard 28
SHA-1 authentication 112 sharing files 73
Simple Mail Transfer Protocol (SMTP) 60 sites, blocking 48
SSID described 43 disable 37 static routes 137
,
138 statistics, viewing 69 status
Internet connection 70 router 67 storage drive. See USB storage
T
TCP/IP network troubleshooting 148 no Internet connection 32 technical specifications 156 technical support 2
Temporal Key Integrity Protocol (TKIP) 38 time of day 152 time zone, setting 58 time-out port triggering 56 time-stamping 58 trademarks 2 traffic metering 141 , 142 troubleshooting 143 cannot log in 150 date or time incorrect 152 firmware reload 151
LEDs 144
,
145 network 148 router changes not saved 151 router not on 144 trusted host 48
Trusted IP Address field 48 trusted wireless stations 44 turn off wireless connectivity 37 , 145 two-line ADSL microfilter 19
U
Universal Plug and Play (UPnP) 139 unmounting USB drive 80 upgrading firmware 64 , 136
USB devices, approved 80
USB drive requirements 73
USB drive, unmounting 80
USB port 15
USB port LED 16
USB storage 72 advanced 78
,
140 basic settings 75 connecting 81 creating a network folder 79 editing a network folder 77 file sharing scenarios 73
V
Virtual Channel Identifier (VCI) 24
,
31
Virtual Path Identifier (VPI) 24
,
31
VPN Auto Policy 110
,
114
,
115
VPN client 92
VPN Log Viewer 98
,
173
VPN Manual Policy 117
VPN network connections 110
VPN tunnels activating 103
,
105 client-to-gateway 85 configuring 160 control 103 deactivating 107
,
108 deleting 109 gateway-to-gateway 86
,
99 monitoring 173 special setup 109 status 106
VPN Wizard 101 , 102
VPNs 85
,
86 overview 85 pinging 172 planning 86 status 103 , 174
W
WAN 121 advanced setup 121 ping response 122 settings 121 , 122
WAN port scanning 121
Wi-Fi Protected Setup (WPS) 39 , 40 adding devices 39 keep existing settings 129 settings 128
Wi-Fi-certified products 39
Wired Equivalent Privacy (WEP) encryption 46 passphrase 46 when to use 38
Index | 179
N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 User Manual wireless access points 43 wireless adapter 23 wireless advanced settings 128 wireless bridging and repeating 130 wireless channel 43 wireless connections 17 wireless connectivity 37
,
145 wireless distribution system (WDS) 130 , 131 , 132 , 134 wireless isolation 43
Wireless LAN (WLAN) 69 wireless LED 15 , 16 wireless mode 43 wireless network configuration 41 wireless network settings 43 wireless region 43 wireless security 36 wireless security options 37
Wireless Settings screen 41 wireless settings, SSID broadcast 43
Wireless Stations Access List 43
WPA encryption 38
WPA2 encryption 38
WPA2-PSK encryption 38
WPA-802.1x encryption 38 passphrases 45
RADIUS servers 38
WPA-PSK encryption 38
WPA-PSK/WPA2-PSK mixed mode 38
WPS button 40
WPS LED 14
WPS, see Wi-Fi Protected Setup (WPS)
WPS-capable devices 39
WPS-PSK encryption 38
WPS-PSK+ WPA2-PSK encryption 38 wrong date or time 152
180 | Index
advertisement