Since I have configured enough IPSec tunnels to Netgear VPN gateways that i can do it in my sleep, I thought I would share with the community.
We use Netgears FVS gateways to connect to technical networks at customers site for data acquisition and control. We have found that Netgear provides cheap and stable VPN gateways for that pourpose. However, they are not the simplest to configure.
I have used FSV318, FSV318G and FSV338. But I guess that the other models is similar if not the same.
First of all upgrade the firmware to be sure that you eliminate that source of trouble. Next do the basic setup: Set admin password, setup network (192.168.10.1/24 in this guide) and set timezone. It's important that the time is correct when dealing with IPSEC so use a NTP server (pool.ntp.org for example). If you don't have a static IP make sure that you use DynDNS or similar (example.dyndns.org in this guide). Also enable Remote management under "Administration -> Remote Management", at least until you have a stable tunnel.
Now you have to configure the tunnel. First create a IKE policy under "VPN -> Policies -> IKE Policies", see first attachment for settings. Make sure you use a strong password. For example, generate one from https://www.random.org/passwords/. You could change settings to your liking, but make sure you use the same settings in your ASG. These settings is the one I use and have worked like a charm for me.
Next, create a VPN policy under "VPN -> Policies -> VPN Policies", see second attachment for correct settings. Here you point the config at your ASG, which can either be a domain name or a IP. And you have to specify the remote network (192.168.1.0/24 or 192.168.1.0/255.255.255.0 in this guide). As before, if you change settings, make sure there reflected in the ASG config.
Now your finished with the Netgear gateway, lets do the ASG. First you have to make a new policy that matches the Netgear under "Site-to-site VPN -> IPSec -> Policies". See attachment three for config that matches this guide.
Then add the Netgear gateway under "Site-to-site VPN -> IPSec -> Remote Gateways". See attachment four for configuration. Define Gateway address and remote network (i.e. example.dyndns.org and 192.168.10.0/24). Leave VPN ID blank.
Last step: Add the connection in "Site-to-site VPN -> IPSec -> Connections". See last attachment for configuration. Local interface means your WAN interface and local networks must match the configured in the Netgear config (192.168.1.0/24). If you don't select Auto packet filter you must manually add Packet filter rules for the traffic you want over the tunnel.
And your done!
This thread was automatically locked due to age.
