background image

 

www.cnetusa.com 

2

Connect securely to home/work computers over the Internet. You could be at work, at a 
friend’s house or on the road. 
 

Equipment Needed: 

1-

 

A solid broadband connection to the Internet at home or work where CWR-854 is 

      used.  CWR-854 needs to be configured for IPSec VPN capability 
2-

 

A client system with a VPN client software. We used SSH-Sentinel VPN client 
software  ( a trial version is available on the Internet) 

 

Configuration Overview: 

In the first scenario we will be working with two computers and a CWR-854 VPN router.  
The assumption is that we are away from home and need to access a computer on the 
home network connected to CWR-854.  The computer we’re working from is connected 
to the Internet through a Cable/DSL modem or we are dialing up using a modem. 
 
In the second scenario, the client system is also behind a NAT route.  In this case the 
computer we’re working on is connected to a router and through a Cable/DSL modem to 
the Internet.  
 

First Scenario: 

 
To configure VPN both on the client system as well as the router, we need to know about 
the IP address schema used on the home network.  By default the LAN IP of CWR-854 is 
192.168.1.254.  Computers that are be accessed from the Internet are better to have a 
fixed IP address assigned to them.  Below are what we need to know: 
 
Home WAN IP address (this is the WAN IP of the VPN router CWR-854 used at home 
or work) for example: 204.30.90.120 
Home LAN IP address: (Default LAN IP of CWR-854 is 192.168.1.254) 
Home LAN IP Network : (Default is 192.168.1.0, Subnet 255.255.255.0) 
Computer to be accessed on the home network: 192.168.1.100 
VPN Client (remote) computer on the Internet for example: 204.30.90.200 
 
  

 

Summary of Contents for CWR-854

Page 1: ...g an IPSec client to connect CNet s wireless broadband router CWR 854 F with VPN capability The VPN feature can be used for secure remote access to a home or work network from anywhere on the Internet VPN Client Software used for this test is SSH Sentinel v1 4 which is free for non commercial use Applications ...

Page 2: ...SL modem or we are dialing up using a modem In the second scenario the client system is also behind a NAT route In this case the computer we re working on is connected to a router and through a Cable DSL modem to the Internet First Scenario To configure VPN both on the client system as well as the router we need to know about the IP address schema used on the home network By default the LAN IP of ...

Page 3: ...www cnetusa com 3 Router s VPN Configuration Please use the routers s default IP address 192 168 1 254 to access its configuration ...

Page 4: ...ite choose Subnet Address to allow access to the whole LAN network For remote site choose Any Address so that the router accepts VPN requests from any IP address Both local and remote systems are identified by IP Key management is auto IKE Click the advance key to see the settings for phase 1 and 2 negotiations In phase 1 peers are authenticated to each other and a secure encrypted link is establi...

Page 5: ...www cnetusa com 5 The last step to finalize VPN configuration is to enter the PSK Pre Shared Key and save settings The router is now ready to accept incoming VPN connections ...

Page 6: ...www cnetusa com 6 ...

Page 7: ...T router for example another CWR 854 The connection is from VPN client NAT router Cable DSL modem Internet Cable DSL modem VPN router The only difference in the configuration with scenario one is to configure the VPN router s remote site to be NAT T any address as below picture shows ...

Page 8: ...rst one involves the creation of a key management and the second one is the actual VPN security policy After the software is installed right click on the Sentinel icon in the task bar and select Run Policy Editor Configuring SSH Sentinel Key Management From the SSH Sentinel policy editor click on Key Management tab Then select the add button under My Keys folder ...

Page 9: ...www cnetusa com 9 From the New Authentication Key window select the create a pre shared key radio button and click next ...

Page 10: ...www cnetusa com 10 In the next window type a name and the same exact key you have entered in the router s VPN configuration and click Finish ...

Page 11: ... VPN connections and click on Add button In the Add VPN Connection window enter an IP address or a Domain Name associated with the WAN IP of the CNet router For remote network click the micro button and enter the remote network information The default LAN network address of CWR 854 is 192 168 1 0 with 255 255 255 0 for subnet mask ...

Page 12: ...www cnetusa com 12 Click OK to save the changes and return to the Rule Properties window ...

Page 13: ...www cnetusa com 13 Click on the IPSec IKE proposal settings button to view proposal parameters ...

Page 14: ...operties window Click on the Advanced tab to view Security association lifetimes as well as Audit and some other advanced settings If the VPN client system is sitting behind a NAT device you ll need to check the box next to Pass NAT device using NAT T ...

Page 15: ...test Click OK to go back to the SSH Sentinel Policy Editor window and click Apply to update security policy changes we ve made Now click on Diagnostics to start probing the connection to the VPN server If Diagnostics complete successfully it means that you can establish an IPSec protected connection to the VPN server ...

Page 16: ...www cnetusa com 16 We can now use the SSH Sentinel icon in the task bar select the VPN server and establish the VPN tunnel ...

Page 17: ...t the VPN connection bring up a DOS window and try a ping to the IP address of one of the computers at home If ping is successful then the connection is established and you should be able to see and map network drives to systems behind the VPN router ...

Reviews: