background image

Security Settings

50

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700 

To specify a trusted computer:

1. 

In the 

Trusted IP Address

 field, enter the IP address.

2. 

Click 

Apply 

to save your changes.

Firewall Rules to Control Network Access

By default your router blocks any inbound traffic from the Internet to your computers except 
for replies to your outbound traffic. You might need to create exceptions to this rule to allow 
remote computers to access a server on your local network or to allow certain applications 
and games to work correctly. Your router provides port forwarding and port triggering for 
creating these exceptions. 

This section covers the following topics:

•     Remote Computer Access Basics 

•     Port Triggering to Open Incoming Ports 

•     Port Forwarding to Permit External Host Communications 

•     How Port Forwarding Differs from Port Triggering 

•     Configure Port Forwarding to Local Servers 

•     Configure Port Triggering 

Remote Computer Access Basics

When a computer on your network needs to access a computer on the Internet, your 
computer sends your router a message containing the source and destination address and 
process information. Before forwarding your message to the remote computer, your router 
has to modify the source information and create and track the communication session so that 
replies can be routed back to your computer. 

Here is an example of normal outbound traffic and the resulting inbound responses:

1. 

You open a browser and your operating system assigns port number 5678 to this 

browser session. 

2. 

You type http://www.example.com into the URL field, and your computer creates a web page 

request message with the following address and port information. The request message is 

sent to your router.

Source address

. Your computer’s IP address.

Source port number

. 5678, which is the browser session. 

Destination address

. The IP address of www.example.com, which your computer finds 

by asking a DNS server.

Destination port number

. 80, which is the standard port number for a web server 

process.

Summary of Contents for DGND3700

Page 1: ...350 East Plumeria Drive San Jose CA 95134 USA June 2011 202 10642 02 v1 0 N600 Wireless Dual Band Gigabit ADSL2 Modem Router DGND3700 User Manual ...

Page 2: ...ntries Check the list of phone numbers at http support netgear com app answers detail a_id 984 Trademarks NETGEAR the NETGEAR logo and Connect with Innovation are trademarks and or registered trademarks of NETGEAR Inc and or its subsidiaries in the United States and or other countries Information is subject to change without notice Other brand and product names are registered trademarks or tradema...

Page 3: ...tandard TCP IP Properties for DHCP 23 Replace an Existing Router 23 Adapters and Security Settings 23 Gather ISP Information 23 Log In to the N600 Modem Router 24 Upgrade Router Firmware 25 Router Interface 26 Setup Wizard 27 Manual Setup Basic Settings 28 ADSL Settings 32 Unsuccessful Internet Connection 33 Change Password and Login Time Out 33 Log Out Manually 34 Types of Logins 34 Chapter 3 Wir...

Page 4: ...Configure Port Forwarding to Local Servers 54 Configure Port Triggering 56 Configure Services 58 Set the Time Zone 59 Schedule Firewall Services 60 Enable Security Event Email Notification 60 Log the Network Activity 62 Chapter 5 Network Maintenance Upgrade the Router Firmware 65 Automatic Firmware Checking Off 65 Automatic Firmware Checking On 66 Manually Check for Firmware Upgrades 66 Manage Con...

Page 5: ...t to Gateway VPN Configuration 90 Step 1 Configure the Client to Gateway VPN Tunnel 90 Step 2 Configure the NETGEAR ProSafe VPN Client 93 Set Up a Gateway to Gateway VPN Configuration 101 VPN Tunnel Control 105 Activate a VPN Tunnel 105 Verify the Status of a VPN Tunnel 108 Deactivate a VPN Tunnel 109 Delete a VPN Tunnel 111 Set Up VPN Tunnels in Special Circumstances 111 Use Auto Policy to Config...

Page 6: ... Is Red 149 Cannot Obtain an Internet IP Address 149 Debug PPPoE or PPPoA 150 Cannot Load an Internet Web Page 150 TCP IP Network Not Responding 150 Test the LAN Path to Your Wireless Modem Router 151 Test the Path from Your Computer to a Remote Device 152 Cannot Log In 152 Changes Not Saved 153 Firmware Needs to Be Reloaded 153 Incorrect Date or Time 154 Appendix A Supplemental Information Factor...

Page 7: ...SL2 Modem Router DGND3700 Step 2 Configure Gateway B VPN Router at Regional Office 169 Monitoring the VPN Tunnel Telecommuter Example 175 View the VPN Router s VPN Status and Log Information 176 Appendix C Notification of Compliance Index ...

Page 8: ...ming Provides Wireless N speed for streaming HD videos simultaneous downloads and online gaming in addition to basic Internet applications Shared storage Two 2 ports for ReadySHARE USB storage access provide fast and easy shared access to an external USB storage device Live Parental Controls Keep your Internet experience safe Guest network access Provides separate security and access restrictions ...

Page 9: ...Standards IEEE 802 11 b g n 2 4 GHz IEEE 802 11 a n 5 0 GHz Five 5 10 100 1000 1 WAN and 4 LAN Gigabit Ethernet ports Two 2 USB 2 0 ports One 1 ADSL2 port Performance All in one High speed ADSL2 modem built in and WAN Gigabit Ethernet port for cable fiber Powerful dual core 400 MHz each processor High speed access to external USB storage using two USB 2 0 ports Memory 128 MB flash and 128 MB RAM F...

Page 10: ...ctions Broadband usage meter measures Internet usage Power and Wi Fi On Off buttons NETGEAR Green Features Power On Off button 80 recycled packaging CEC California Efficiency RoHS WEEE If you have not already set up your new router using the installation guide that comes in the box this chapter walks you through the hardware setup Chapter 2 Router Internet Setup explains how to set up your Interne...

Page 11: ...and splitters quantity and type vary by region Installation guide with cabling and router setup instructions If any of the parts are incorrect missing or damaged contact your NETGEAR dealer Keep the carton including the original packing materials in case you need to return the product for repair See Position Your Wireless Router on page 17 for information about where to place and how to position y...

Page 12: ...attention to the LEDs on the front panel Label The label on the bottom of the wireless modem router shows the router s Restore Factory Settings button WPS security PIN MAC address and serial number MAC address Serial number Restore Factory Settings WPS Security PIN Figure 2 Label on router bottom See Factory Settings on page 156 for information about the Restore Factory Settings button and the fac...

Page 13: ... port connections Viewed from left to right the rear panel contains the following elements 1 RJ 11 asynchronous DSL ADSL port for connecting the wireless modem router to an ADSL line Note An ADSL port is capable of sending data over an ADSL line at one speed and receiving it at another speed 2 Ethernet WAN port for connecting the wireless modem router to a fiber cable modem Note You can use either...

Page 14: ...ons are buttons Power LAN ports DSL Internet 5 GHZ wireless USB port Wireless On Off button WPS On Off button 2 4 GHz wireless USB Figure 4 Front panel LEDs The following tables describe the LEDs icons and buttons on the front panel from top to bottom Table 1 WPS button and LED Icon LED Activity Description Solid green Indicates that wireless security has been enabled Blinking green WPS capable de...

Page 15: ...t turns off Solid red The Internet IP connection failed See No ISP Connection on page 148 for troubleshooting information Blinking green Data is being transmitted over the Internet connection Off No Internet connection is detected or the device is in bridge mode an external device handles the ISP connection Table 5 DSL LED Icon LED Activity Description Solid green You have an ADSL connection In te...

Page 16: ...itted or received over the 2 4 GHz wireless link Off There is no wireless connectivity You can still plug an Ethernet cable into one of the LAN ports to get wired connectivity Table 8 USB LED Icon LED Activity Description Solid green A USB port has detected a USB device Blinking green Data is being transmitted or received Off No link is detected on these ports Table 9 LAN LED Icon LED Activity Des...

Page 17: ...gh can limit the range For best results place your router Near the center of the area where your computers and other devices operate and preferably within line of sight to your wireless devices So it is accessible to an AC power outlet and near Ethernet cables for wired computers In an elevated location such as a high shelf keeping the number of walls and ceilings between the wireless modem router...

Page 18: ...t depends on the ADSL service setup in your home Note Often the ADSL microfilter is included in the box with the wireless modem router If you purchased the wireless modem router in a country where a microfilter is not included you have to acquire the ADSL microfilter separately One Line ADSL Microfilter Not Included Plug the ADSL microfilter into the wall outlet and plug your phone equipment into ...

Page 19: ...outlet plug your phone equipment into the jack labeled Phone and plug the wireless modem router into the jack labeled ADSL Plugs into the ADSL line Figure 6 Two line ADSL microfilter with built in splitter Summary One line ADSL microfilter not included Use with a phone or fax machine Splitter not included Use with a one line ADSL microfilter to share an outlet with a phone and the wireless modem r...

Page 20: ...dd an ADSL filter for every telephone on the same phone line as your wireless modem router Internet Internet Power On Off N600 Wireless Modem Router Note Keep the DGND3700 N600 Wireless Modem Router in a vertical position Connect to Internet with ADSL or Ethernet WAN Phone cable Ethernet cable Ethernet cable not included Power adapter N600 Wireless Modem Router 2 4 GHz Wireless LED Figure 7 Cablin...

Page 21: ... Internet LED is red when there is no Internet connection Turn on your computer If software usually logs you in to your Internet connection do not run that software Cancel it if it starts automatically For More Information For more information about the topics covered in this manual visit the support website at http support netgear com ...

Page 22: ...omplete Refer to this chapter if you want to become familiar with the router menus view or adjust the initial settings or change the router password and login time out This chapter contains the following sections Router Setup Preparation Log In to the N600 Modem Router Upgrade Router Firmware Router Interface Setup Wizard Manual Setup Basic Settings ADSL Settings Unsuccessful Internet Connection C...

Page 23: ...rom your network and set it aside before starting the router setup Adapters and Security Settings A wireless adapter is the wireless radio in your PC or laptop that lets the PC or laptop connect to a wireless network Most PCs and laptops come with an adapter already installed but if it is outdated or slow you can purchase a USB adapter to plug into a USB port Make sure the wireless adapter in each...

Page 24: ...on how your ISP set up your Internet account you could need to know one or more of these settings for a manual setup Virtual path identifier VPI and virtual channel identifier VCI parameters Multiplexing method Host and domain names Log In to the N600 Modem Router Log in to the wireless modem router to view or change settings or to set up the wireless modem router To log in 1 Type http 192 168 0 1...

Page 25: ...ter might need a minute or two to recognize the LAN connection Relaunch your browser and try again 3 If you are having trouble accessing the router wirelessly NETGEAR recommends that during setup you use an Ethernet cable to connect your computer so that you can log in to the wireless modem router Note If you cannot connect to the wireless router check the Internet Protocol TCP IP properties in th...

Page 26: ... Interface The router interface gives you access to the router s current settings so you can view or change them if needed The left column has the router menus and the right column provides online help The middle column is the screen for the current menu option Figure 9 Router interface Setup Wizard Specify the language and location and automatically detect the Internet connection See Setup Wizard...

Page 27: ...ity Settings Maintenance Menu Administer and maintain your router and network See Chapter 5 Network Maintenance Advanced Menu Set the router up for unique situations such as when remote access by IP or by domain name from the Internet is needed See Chapter 8 Advanced Settings Using this menu requires a solid understanding of networking concepts Advanced VPN Menu Set up secure encrypted communicati...

Page 28: ...If you selected Yes click Next With automatic Internet detection the Setup Wizard searches your Internet connection for servers and protocols to determine your ISP configuration Note The Setup Wizard cannot detect a Point to Point Tunneling Protocol PPTP connection If your ISP uses PPTP you have to set your Internet connection through the screen described in Manual Setup Basic Settings on page 28 ...

Page 29: ...he login name If you want to change the login time out enter a new value in minutes No Enter the account and domain names as needed 2 Enter the settings for the IP address and DNS server The default ADSL settings usually work fine If you have problems with your connection check the ADSL settings and see ADSL Settings on page 32 for more information 3 If no login is required you can specify the MAC...

Page 30: ...ields in the Basic Settings screen Note that which fields appear in this screen depends on whether or not a login is required Table 11 Basic Settings Screen Description Settings Description Does Your ISP Require a Login Yes No These fields display only if no login is required Account Name If required Enter the account name provided by your ISP This might also be called the host name Domain Name If...

Page 31: ...s Your ISP automatically assigns these addresses Use Static IP Address Enter the IP address IP subnet mask and the gateway IP address that your ISP assigned The gateway is the ISP s wireless modem router to which your wireless modem router will connect This field displays only if no login is required Use IP Over ATM IPoA Your ISP uses classical IP addresses RFC 1577 Enter the IP address IP subnet ...

Page 32: ...th the firewall disabled the protections usually provided to your network are disabled These fields display only if no login is required Router MAC Address The Ethernet MAC address used by the wireless modem router on the Internet port Some ISPs register the MAC address of the network interface card in your computer when your account is first opened They will then accept traffic only from the MAC ...

Page 33: ...ou have selected the correct options and typed everything correctly 2 Contact your ISP to verify that you have the correct configuration information 3 Read Chapter 9 Troubleshooting If problems persist register your NETGEAR product and contact NETGEAR technical support Note If you cannot connect to the wireless router check the Internet Protocol TCP IP properties in the Network Connections section...

Page 34: ...nt someone else from accessing the router interface when you step away 5 Click Apply to save your changes After changing the password you are required to log in again to continue the configuration If you have backed up the wireless modem router settings previously you should do a new backup so that the saved settings file includes the new password See Back Up on page 67 for information about backi...

Page 35: ...has provided you with this login information in a letter or some other way If you cannot find this login information contact your service provider Wi Fi network name and passphrase logs you in to your wireless network This login is preconfigured and can be found on the label on the bottom of your unit See Chapter 3 Wireless Settings for more information ...

Page 36: ... chapter contains the following sections Wireless Security Requirements and Recommendations Wireless Security Basics Add Clients Devices to Your Network Wireless Settings Screen Note If you use the Internet for activities like purchases or banking those Internet sites use a highly secure data encryption protocol called Secure Sockets Layer SSL If a website uses SSL the address begins with https in...

Page 37: ... Use a passphrase for the 2 4 GHz wireless network that is easy for you to remember but hard for others to guess For maximum security use a different passphrase for the 5 GHz wireless network that is easy for you to remember but hard for others to guess Note Your network names SSIDs and passphrases are case sensitive Your network name security method and passphrase has to be the same for all the w...

Page 38: ...ess sniffers If you allow the broadcast be sure to keep wireless security enabled Restrict Access by MAC Address You can enhance your network security by allowing access to only specific PCs based on their Media Access Control MAC addresses You can restrict access to only trusted PCs so that unknown PCs cannot wirelessly connect to the wireless modem router MAC address filtering adds an obstacle a...

Page 39: ...network interface cards but not all wireless access points It is superseded by WPA2 PSK WPA2 PSK is the strongest It is advertised to be theoretically indecipherable due to the greater degree of randomness in encryption keys that it generates WPA2 PSK gets higher speed because it is usually implemented through hardware while WPA PSK is usually implemented through software WPA2 PSK uses a passphras...

Page 40: ...other wireless devices Wi Fi Protected Setup WPS Method Wi Fi Protected Setup WPS is a standard for easily adding computers and other devices to a home network while maintaining security To use WPS make sure that all wireless devices to be connected to the network are Wi Fi certified and support WPS During the connection process the client gets the security settings from the router so that every d...

Page 41: ...WPS Client select Setup Wireless Settings and make sure that WPS is selected 2 Click Next The following screen lets you select the method for adding the WPS client Figure 14 Add WPS Client with push button method 3 Select either Push Button or PIN Number With either method the client wireless device attempts to detect the WPS signal from the wireless modem router and establish a wireless connectio...

Page 42: ...ction to access the modem router Consider Every Device on Your Network Before you begin check the following Every wireless computer has to be able to obtain an IP address by DHCP from the router as described in Use Standard TCP IP Properties for DHCP on page 23 Each computer or wireless adapter in your network has to have the same SSID and wireless mode bandwidth data rate as the router Check that...

Page 43: ...ess Settings to display the following screen Figure 16 Wireless Settings screen 2 Make any changes that are needed and click Apply when done to save your settings Note The screen sections settings and procedures are explained in the following sections 3 After you finish adjusting settings and click Apply configure and test your computers for wireless connectivity ...

Page 44: ...epts wireless clients When the check box is not selected the router accepts wired clients only This check box is selected by default Allow Broadcast of Name SSID This setting allows the wireless modem router to broadcasts its SSID so wireless stations can see this wireless name SSID in its scanned network list This check box is selected by default To turn off the SSID broadcast clear the Allow Bro...

Page 45: ...rently connected you can enter its address manually The MAC address is usually printed on the wireless card or it might appear in the wireless modem router s DHCP table The MAC address is 12 hexadecimal digits You can also copy and paste the MAC addresses from the wireless modem router s Attached Devices screen see View Attached Devices on page 72 into the MAC Address field To do this configure ea...

Page 46: ...Figure 19 WPA 802 1x Settings 2 In the Radius Server Name IP Address field enter the name or IP address of the RADIUS server on your LAN This is a required field 3 In the Radius Port field enter the port number used for connections to the RADIUS server The default port is 1812 4 In the Shared Key field enter the RADIUS server passphrase for client logins The router has to have this passphrase to l...

Page 47: ...network Automatic Enter a word or group of printable characters in the Passphrase field and click Generate The four key fields are automatically populated with key values Manual The number of hexadecimal digits that you enter depends on the encryption strength setting For 64 bit WEP enter 10 hexadecimal digits any combination of 0 9 a f or A F For 128 bit WEP enter 26 hexadecimal digits any combin...

Page 48: ...router to prevent objectionable content from reaching the PCs and other devices connected to your network This chapter contains the following sections Keyword Blocking of HTTP Traffic Firewall Rules to Control Network Access Configure Services Set the Time Zone Schedule Firewall Services Enable Security Event Email Notification Log the Network Activity ...

Page 49: ...ng all the time independent of the Schedule screen 3 In the Keyword field enter a keyword or domain click Add Keyword and click Apply The Keyword list supports up to 32 entries Here are some sample entries Specify XXX to block http www badstuff com xxx html Specify com if you want to allow only sites with domain suffixes such as edu or gov Enter a period to block all Internet browsing access Delet...

Page 50: ...figure Port Triggering Remote Computer Access Basics When a computer on your network needs to access a computer on the Internet your computer sends your router a message containing the source and destination address and process information Before forwarding your message to the remote computer your router has to modify the source information and create and track the communication session so that re...

Page 51: ...ss The public IP address of your router Destination port number 33333 5 Upon receiving the incoming message your router checks its session table to determine whether there is an active session for port number 33333 Finding an active session the router then modifies the message to restore the original address information replaced by NAT Your router sends this reply message to your computer which di...

Page 52: ...the destination port number of 6667 your router creates an additional session entry to send any incoming port 113 traffic to your computer 5 The IRC server sends a return message to your router using the NAT assigned source port as in the previous example let s say port 33333 as the destination port The IRC server also sends an identify message to your router with destination port 113 6 Upon recei...

Page 53: ...the following destination information Destination address The IP address of www example com which is the address of your router Destination port number 80 which is the standard port number for a web server process The remote computer then sends this request message through the Internet to your router 2 Your router receives the request message and looks in its rules table for any rules covering the...

Page 54: ... make a local web server FTP server or game server visible and available to the Internet Use the Port Forwarding screen to configure the router to forward specific incoming protocols to computers on your local network In addition to servers for specific applications you can also specify a default DMZ server to which all other incoming protocols are forwarded Before starting you need to determine w...

Page 55: ...lay the following screen Figure 23 Set up custom services 4 In the Service Name field enter a descriptive name 5 In the Protocol field select the protocol If you are unsure select TCP UDP 6 In the Starting Port field enter the beginning port number If the application uses a single port enter the same port number in the Ending Port field If the application uses a range of ports enter the ending por...

Page 56: ...ts that are different from the outgoing port When port triggering is enabled the router monitors outbound traffic looking for a specified outbound trigger port When the router detects outbound traffic on that port it remembers the IP address of the local computer that sent the data The router then temporarily opens the specified incoming port or ports and forwards incoming traffic on the triggered...

Page 57: ...the inactivity timer for the designated inbound ports The inbound ports close when the inactivity time expires This is required because the router cannot be sure when the application has terminated 5 Click Add Service Figure 25 Add a service for port triggering 6 In the Service Name field type a descriptive service name 7 In the Service User field select Any the default to allow this service to be...

Page 58: ...number 80 is an HTTP web server request The service numbers for many common protocols are defined by the Internet Engineering Task Force IETF at http www ietf org and published in RFC1700 Assigned Numbers Service numbers for other applications are typically chosen from the range 1024 to 65535 by the authors of the application Although the wireless modem router already holds a list of many service ...

Page 59: ...net To set the time zone 1 Select Content Filtering Schedule to display the following screen Figure 28 Schedule screen 2 Select your time zone This setting determines the blocking schedule and time stamping of log entries 3 If your time zone is in daylight savings time select the Adjust for Daylight Savings Time check box to add one hour to standard time Note If your region uses daylight savings t...

Page 60: ...very Day or select one or more days If you want to limit access completely for the selected days select All Day Otherwise to limit access during certain times for the selected days enter times in the Start Time and End Time fields Note Enter the values in 24 hour time format For example 10 30 a m would be 10 hours and 30 minutes and 10 30 p m would be 22 hours and 30 minutes If you set the start t...

Page 61: ... which logs and alerts are sent This email address is also used as the From address If you leave this field blank log and alert messages are not sent by email My Mail Server requires authentication If you use an outgoing mail server provided by your current ISP you do not need to select this check box If you use an email account that is not provided by your ISP select this check box and enter the ...

Page 62: ...ed record of the websites that users on your network have accessed or attempted to access If you have set up content filtering on the Block Sites screen the Logs screen shows you when someone on your network tried to access a blocked site If you have email notification on you will receive these logs in an email message If you do not have email notification set up you can view the logs on the Logs ...

Page 63: ...this router to the Internet Router operation If selected router operations not covered by the preceding selections are logged Known DoS attacks and Port Scans If selected denial of service attacks as well as port scans are logged 3 The logs can be sent to a syslog server Enable one of the three options in the Syslog section as required Disable Select this if you do not have a syslog server Broadca...

Page 64: ...s the wireless modem router has its own user name and password that default to admin and password You can and should update your password regularly See Change Password and Login Time Out on page 33 This chapter contains the following sections Upgrade the Router Firmware Manually Check for Firmware Upgrades Manage Configuration File View Router Status View Attached Devices Run Diagnostic Utilities ...

Page 65: ... not interrupt the web browser by closing the window clicking a link or loading a new page If the browser is interrupted it could corrupt the firmware Automatic Firmware Checking Off You can turn the automatic firmware checking off and check for firmware updates manually if you prefer See Manually Check for Firmware Upgrades on page 66 To turn off the automatic firmware check at login To turn off ...

Page 66: ... notes to determine whether you need to reconfigure the modem router after upgrading Note If you get a Firmware needs to be reloaded message it means a problem has been detected with the router s firmware Follow the prompts to correct the problem or see Firmware Needs to Be Reloaded on page 153 for a description of the steps Manually Check for Firmware Upgrades You can use the Router Upgrade scree...

Page 67: ...wireless modem router When the upload is done your wireless modem router restarts The upgrade process typically takes about 1 minute Read the new firmware release notes to determine whether or not you need to reconfigure the wireless modem router after upgrading Manage Configuration File The router configuration settings are stored in a configuration file cfg This file can be backed up to your com...

Page 68: ...the Restore button to upload the file to the wireless modem router Upon completion the wireless modem router reboots Erase Click the Erase button to reset the wireless modem router to its factory default settings Alternately press the Wireless On Off and WPS buttons on the side panel of the wireless modem router simultaneously for 6 seconds Erase sets the password to password and the LAN IP addres...

Page 69: ...e information described in the following figure Figure 36 Router Status screen Use the Router Status screen to check the current settings and statistics for your router This screen shows you the current settings If something needs to be changed you have to change it on the relevant screen Account Name This is the account name that you entered in the Setup Wizard or Basic Settings screen ...

Page 70: ...e LAN IP address Modem The current modem status and settings are shown in this section ADSL Firmware Version This is the version number of the low level ADSL firmware This is contained within the router firmware Modem Status The current state of the ADSL connection to your phone company DownStream Connection Speed The connection speed of the ADSL connection from the phone company to your router Up...

Page 71: ... s The current line utilization percentage of current bandwidth used Rx B s The average line utilization Up Time The time elapsed since the last power cycle or reset ADSL Link Downstream or Upstream The statistics for the upstream and downstream ADSL link These statistics are of interest to your technical support representative if you have problems obtaining or maintaining a connection Connection ...

Page 72: ... assigned to the WAN port by the ISP Obtaining Network Mask The network mask assigned to the WAN port by the ISP View Attached Devices The Attached Devices screen presents a table of all IP devices that the wireless modem router has discovered on the local network Select Maintenance Attached Devices to view the following table Figure 39 Attached Devices screen For each device the table shows the I...

Page 73: ...orm a DNS lookup to test if an Internet name resolves to an IP address to verify that the DNS server configuration is working Display the Routing table to identify what other wireless modem routers the wireless modem router is communicating with Reboot the wireless modem router to enable new network configurations to take effect or to clear problems with the wireless modem router s network connect...

Page 74: ...ve attached to your wireless modem router Note The USB ports on the wireless modem router can be used only to connect USB storage devices like flash drives or hard drives Do not connect computers USB modems printers CD drives or DVD drives to the these USB ports This chapter includes the following sections USB Drive Requirements ...

Page 75: ...or 1 1 compliant external flash and hard drives For the most up to date list of USB drives supported by the wireless modem router go to http support netgear com app answers detail a_id 18620 When selecting a USB device bear in mind the following The USB port on the wireless modem router can be used with one USB hard drive at a time Do not attempt to use a USB hub attached to the USB port According...

Page 76: ...ork LAN can access this USB drive using a web browser or Microsoft Networking 2 If you want to specify read only access or to allow access from the Internet see Configure USB Storage Advanced Settings on page 80 Store Files in a Central Location for Printing This scenario is for a family that has one high quality color printer directly attached to a PC but not shared on the local area network LAN ...

Page 77: ...it a Network folder In the Write Access field select admin and then click Apply Note The password for admin is the same one that you use to access the wireless modem router By default it is password 3 In the USB Storage Advanced Settings screen select the check box next to FTP via Internet See Configure USB Storage Advanced Settings on page 80 USB Storage Basic Settings You can view or edit basic ...

Page 78: ... it in the address field of your web browser If Not Shared is shown then the default share has been deleted and no other share for the root folder exists Click the link to change this setting Read Write Access Shows the network folder permissions and access controls All no password allows all users to access the network folder admin uses the same password that you use to log in to the wireless mod...

Page 79: ... Settings screen Click the Edit button to open the USB Storage Advanced Settings screen You can use this screen to select a folder to change the Shared Name or to change Read Access or Write Access from All no password to admin The password for admin is the same one that is used to log in to the router main menu By default it is password Note You have to click Apply for your changes to take effect...

Page 80: ...s is the name used to access the USB device connected to the wireless modem router from your computer Workgroup If you are using a Windows workgroup rather than a domain the workgroup name is displayed here Access Method Network Connection Enabled by default this allows all users on the LAN to have access to the USB drive HTTP Disabled by default If you enable this setting you can type http readys...

Page 81: ...twork Folders Shared Name You can click the name shown or you can type it into the address field of your web browser If Not Shared is shown then the default share has been deleted and no other share for the root folder exists Click the link to change this setting Read Write Access Shows the permissions and access controls on the network folder All no password allows all users to access the network...

Page 82: ... or disk corruption To unmount a USB disk drive so that no users can access it from the USB Settings screen click the Safely Remove USB button This takes the drive offline Specify Approved USB Devices You can specify which USB devices are approved for use when connected to the router To specify a USB device 1 On the router main menu under Advanced select USB Settings 2 Click Approved Devices 3 On ...

Page 83: ...motely Access the Router s USB Drive Remotely Using FTP You can connect to the router s USB drive using a web browser 1 Connect to the router by typing ftp and the Internet port IP address in the address field of Internet Explorer or Netscape Navigator for example ftp 10 1 65 4 If you are using Dynamic DNS you can type the DNS name rather than the IP address 2 Type the account name and password th...

Page 84: ...haring for Microsoft Windows should be listed If it is not click Add and follow the installation prompts Note If you have any questions about File and Printer Sharing contact Microsoft for assistance Configure Windows 2000 and Windows XP Right click the network connection for your local area network File and Printer Sharing for Microsoft Windows should be listed If it is not click Install and foll...

Page 85: ... Server enables the N600 Wireless Modem Router to act as a media server Media Server Name is the name that shows up on media players Under Content Scan Automatic scans for media files whenever new files are added to the ReadyShare USB storage You can also schedule scan periodically or click Scan Now to scan for new media immediately 2 Click Apply to save your settings ...

Page 86: ...d tunnels VPN tunnels provide secure encrypted communications between your local network and a remote network or computer See Appendix B NETGEAR VPN Configuration This chapter is organized as follows Overview of VPN Configuration Plan a VPN VPN Tunnel Configuration Set Up a Client to Gateway VPN Configuration Set Up a Gateway to Gateway VPN Configuration VPN Tunnel Control Set Up VPN Tunnels in Sp...

Page 87: ...ernet PC running NETGEAR ProSafe VPN client Modem Router DGND3700 Figure 41 Telecommuter VPN tunnel A VPN client access allows a remote PC to connect to your network from any location on the Internet The remote PC is one tunnel endpoint running the VPN client software The wireless modem router on your network is the other tunnel endpoint See Set Up a Client to Gateway VPN Configuration on page 90 ...

Page 88: ...ect Forward Secrecy N A Enabled Disabled Encryption Protocol N A DES 3DES Authentication Protocol N A MD5 SHA 1 Diffie Hellman DH Group N A Group 1 Group 2 Key Life in seconds N A IKE Life Time in seconds N A VPN Endpoint Local IPSecID LAN IP Address Subnet Mask FQDN or Gateway IP WAN IP Address To set up a VPN connection you have to configure each endpoint with specific identification and connect...

Page 89: ...ethod Pre Shared Key Encryption Method 3DES Authentication Protocol SHA 1 Diffie Hellman DH Group Group 2 1024 bit Key Life 8 hours IKE Life Time 1 hour What level of IPSec VPN encryption will you use DES The Data Encryption Standard DES processes input data that is 64 bits wide encrypting these values using a 56 bit key Faster but less secure than 3DES 3DES Triple DES achieves a higher level of s...

Page 90: ...PC running the NETGEAR ProSafe VPN client and a network gateway involves two steps described in the following sections Step 1 Configure the Client to Gateway VPN Tunnel on page 90 describes how to use the VPN Wizard to configure the VPN tunnel between the remote PC and network gateway Step 2 Configure the NETGEAR ProSafe VPN Client on page 93 shows how to configure the NETGEAR ProSafe VPN client e...

Page 91: ... Mode Manual Keys Perfect Forward secrecy N A Enabled Disabled Encryption Protocol N A DES 3DES Authentication Protocol N A MD5 SHA 1 Diffie Hellman DH Group N A Group 1 Group 2 Key Life in seconds 28800 8 hours N A IKE Life Time in seconds 3600 1 hour N A VPN Endpoint Local IPSecID LAN IP Address Subnet Mask FQDN or Gateway IP WAN IP Address Client toGateway N A N A Dynamic Gateway toClient 192 1...

Page 92: ...00 2 Click Next to proceed 3 Fill in the Connection Name and pre shared key fields The connection name is for convenience and does not affect how the VPN tunnel functions 4 Select the radio button for the type of target end point and click Next 5 Enter the remote IP address and click Next ...

Page 93: ...ys showing that the new tunnel is enabled To view or modify the tunnel settings select its radio button and click Edit Note See Use Auto Policy to Configure VPN Tunnels on page 112 for information about how to enable the IKE keep alive capability on an existing VPN tunnel Step 2 Configure the NETGEAR ProSafe VPN Client This section describes how to configure the NETGEAR ProSafe VPN client on a rem...

Page 94: ...e remote PC and then reboot a Install the IPSec component You might have the option to install either the VPN adapter or the IPSec component or both The VPN adapter is not necessary If you do not have a modem or dial up adapter installed in your PC you might see the warning message stating The NETGEAR ProSafe VPN Component requires at least one dial up adapter be installed You can disregard this m...

Page 95: ...ype Select IP Subnet Subnet In this example type 192 168 3 1 as the network address of the wireless modem router Mask Enter 255 255 255 0 as the LAN subnet mask of the wireless modem router Protocol Select All to allow all traffic through the VPN tunnel e Select the Connect using Secure Gateway Tunnel check box f In the ID Type drop down list select IP Address g Enter the public WAN IP address of ...

Page 96: ...screen select the Main Mode radio button 4 Configure the VPN client identity In this step you provide information about the remote VPN client PC You have to provide the pre shared key that you configured in the wireless modem router and either a fixed IP address or a fixed virtual IP address of the VPN client PC a In the Network Security Policy list on the left side of the Security Policy Editor w...

Page 97: ...k the Pre Shared Key button The Pre Shared Key screen displays f Click Enter Key Enter the wireless modem router pre shared key and then click OK In this example 12345678 is entered though asterisks are displayed in the field This field is case sensitive 5 Configure the VPN client authentication proposal In this step you provide the type of encryption DES or 3DES to be used for this connection Thi...

Page 98: ...ding by double clicking its name or clicking the symbol Then select Proposal 1 below Key Exchange b In the SA Life drop down list select Unspecified c In the Compression drop down list select None d Select the Encapsulation Protocol ESP check box e In the Encrypt Alg drop down list select the type of encryption that is configured for the encryption protocol in the wireless modem router as listed i...

Page 99: ...Internet connection from the PC b On the Windows taskbar click the Start button and then select Run c Type ping t 192 168 3 1 and then click OK This causes a continuous ping to be sent to the first wireless modem router After between several seconds and 2 minutes the ping response should change from timed out to reply Once the connection is established you can open a browser on the PC and enter th...

Page 100: ...son outside the VPN tunnel The Connection Monitor screen for this connection is shown in the following figure In this example you can see these settings The wireless modem router has a GW address public IP WAN address of 22 23 24 25 The wireless modem router has a remote address LAN IP address of 192 168 3 1 The VPN client PC has a local address dynamically assigned address of 192 168 2 2 While th...

Page 101: ...n Special Circumstances on page 111 for information about how to set up the VPN tunnel Follow this procedure to configure a gateway to gateway VPN tunnel using the VPN Wizard VPN tunnel Internet IP 192 168 0 1 IP 192 168 3 1 Gateway B Gateway A 22 23 24 25 14 15 16 17 Figure 45 Gateway to gateway VPN tunnel Set the LAN IPs on each wireless modem router to different subnets and configure each corre...

Page 102: ... 2 Fill in the Connection Name and pre shared key fields Select the radio button for the type of target endpoint and click Next and the Step 2 of 3 screen displays Authentication Protocol N A MD5 SHA 1 Diffie Hellman DH Group N A Group 1 Group 2 Key Life in seconds 28800 8 hours N A IKE Life Time in seconds 3600 1 hour N A VPN Endpoint Local IPSecID LAN IP Address Subnet Mask FQDN or Gateway IP WA...

Page 103: ...ep 3 of 3 screen displays 4 Fill in the IP Address and Subnet Mask fields for the target endpoint that can use this tunnel and click Next The VPN Wizard Summary screen displays To view the VPNC recommended authentication and encryption settings used by the VPN Wizard click the here link 5 Click Done on the Summary screen The VPN Policies screen displays showing that the new tunnel is enabled ...

Page 104: ...ettings WAN IP of the remote VPN gateway for example 14 15 16 17 LAN IP settings of the remote VPN gateway IP address for example 192 168 0 1 Subnet mask for example 255 255 255 0 Pre shared key for example 12345678 7 Use the VPN Status screen to activate the VPN tunnel by performing the following steps Note The VPN Status screen is only one of three ways to active a VPN tunnel See Activate a VPN ...

Page 105: ...nel is connected VPN Tunnel Control Activate a VPN Tunnel There are three ways to activate a VPN tunnel Use the VPN Status screen Ping the remote endpoint Start using the VPN tunnel Note See Use Auto Policy to Configure VPN Tunnels on page 112 for information about how to enable the IKE keep alive capability on an existing VPN tunnel Use the VPN Status Screen to Activate a VPN Tunnel To use the VP...

Page 106: ...the Remote Endpoint Note This section uses 192 168 3 1 for a sample remote endpoint LAN IP address To activate the VPN tunnel by pinging the remote endpoint for example 192 168 3 1 perform the following steps depending on whether your configuration is client to gateway or gateway to gateway Client to gateway configuration To check the VPN connection you can initiate a request from the remote PC to...

Page 107: ... to the first N600 Wireless Dual Band Gigabit ADSL2 Modem Router DGND3700 Within 2 minutes the ping response should change from timed out to reply Note You can use Ctrl C to stop the pinging Once the connection is established you can open a browser on the PC and enter the LAN IP address of the remote N600 Wireless Dual Band Gigabit ADSL2 Modem Router DGND3700 After a short wait you should see the ...

Page 108: ...hat VPN tunnel Verify the Status of a VPN Tunnel To use the VPN Status screen to determine the status of a VPN tunnel 1 Log in to the wireless modem router 2 On the main menu select VPN Status to display the VPN Status Log screen This log shows the details of recent VPN activity including the building of the VPN tunnel If there is a problem with the VPN tunnel refer to the log for information abou...

Page 109: ...Endpoint The IP address on the remote VPN endpoint Action Either a Drop or a Connect button SLifeTime Secs The remaining soft lifetime for this security association SA in seconds When the soft lifetime becomes 0 zero the SA is renegotiated HLifeTime Secs The remaining hard lifetime for this SA in seconds When the hard lifetime becomes 0 zero the SA is terminated It is reestablished if required Dea...

Page 110: ... Policy Table clear the Enable check box for the VPN tunnel that you want to deactivate and then click Apply To reactivate the tunnel select the Enable check box and then click Apply Use the VPN Status Screen to Deactivate a VPN Tunnel To deactivate a VPN tunnel 1 Log in to the wireless modem router 2 On the main menu select VPN Policies to display the VPN Policies screen ...

Page 111: ...in Special Circumstances When the VPN Wizard and its VPNC defaults see Table 16 on page 89 are not appropriate for your circumstances use one of these alternatives Auto Policy For a typical automated Internet Key Exchange IKE setup see Use Auto Policy to Configure VPN Tunnels on page 112 Auto Policy uses the IKE protocol to define the authentication scheme and automatically generate the encryption...

Page 112: ...n one end has to match to the inbound VPN settings on other end and vice versa For an example of using Auto Policy see Example of Using Auto Policy on page 116 Configure VPN Network Connection Parameters All VPN tunnels on the wireless modem router require that you configure several network parameters This section describes those parameters and how to access them The most common configuration scen...

Page 113: ...ould be made as narrow as possible to meet this objective Local LAN The remote VPN endpoint has to have these IP addresses entered as its remote addresses Subnet Mask The network mask Single Start IP Address Enter the IP address for a single address or the starting address for an address range A single address setting is used when you want to make a single server on your LAN available to remote us...

Page 114: ...ndpoint IP Address The Internet IP address of the remote VPN endpoint Fully Qualified Domain Name The domain name of the remote VPN endpoint Fully Qualified User Name The name email address or other ID of the remote VPN endpoint Remote Identity Data Enter the data for the remote identity type that you selected If IP Address is selected no input is required Parameters Encryption Algorithm The encry...

Page 115: ...the remote endpoint has a dynamic IP address select Dynamic IP address No address data input is required You can set up multiple remote dynamic IP policies but only one such policy can be enabled at a time Otherwise select an option IP address or domain name and enter the address of the remote VPN endpoint to which you want to connect IKE Keep Alive If you want to ensure that a connection is kept ...

Page 116: ...ation N A Main Mode Manual Keys Perfect Forward secrecy N A Enabled Disabled Encryption Protocol N A DES 3DES Authentication Protocol N A MD5 SHA 1 Diffie Hellman DH Group N A Group 1 Group 2 Key Life in seconds 28800 8 hours N A IKE Life Time in seconds 3600 1 hour N A VPN Endpoint Local IPSecID LAN IP Address Subnet Mask FQDN or Gateway IP WAN IP Address Gateway_A GW_A 192 168 0 1 255 255 255 0 ...

Page 117: ... 2 Enter these policy settings Auto Policy Field Description General Policy Name GtoG Remote VPN Endpoint Address Type Fixed Remote VPN Endpoint Address Data 22 23 24 25 Local LAN Use the default settings Remote LAN IP Address Select Subnet address from the drop down list Start IP Address 192 168 3 1 Subnet Mask 255 255 255 0 ...

Page 118: ... 168 0 1 Subnet Mask for example 255 255 255 0 Pre shared Key for example 12345678 5 Use the VPN Status screen to activate the VPN tunnel Note The VPN Status screen is only one of three ways to active a VPN tunnel See Activate a VPN Tunnel on page 105 for information about the other ways IKE Direction Initiator and Responder Exchange Mode Main Mode Diffie Hellman DH Group Group 2 1024 Bit Local Id...

Page 119: ...s screen b Click Connect for the VPN tunnel that you want to activate Review the VPN Status Log screen Figure a on page 104 to verify that the tunnel is connected Use Manual Policy to Configure VPN Tunnels As an alternative to IKE you can use manual keying in which you have to specify each phase of the connection A manual VPN policy requires all settings for the VPN tunnel to be manually input at ...

Page 120: ...tunnel network connection fields Policy Name Enter a unique name to identify this policy This name is not supplied to the remote VPN endpoint It is used only to help you manage the policies Remote VPN Endpoint The remote VPN endpoint has to have this VPN s gateway address entered as its remote VPN endpoint If the remote endpoint has a dynamic IP address select Dynamic IP Address No address data in...

Page 121: ...server For a range of addresses enter the starting IP address This has to be an address range used on the remote LAN Any Any outgoing traffic from specified Local IP computers triggers an attempted VPN connection to the remote VPN endpoint Be sure you want this option before selecting it Finish IP Address Enter the finish IP address for a range of addresses This must be an address range used on th...

Page 122: ...cepts who want to set the router up for unique situations such as when remote access from the Internet by IP or domain name is needed This chapter contains the following sections WAN Setup Dynamic DNS LAN Setup Set Up Quality of Service QoS Advanced Wireless Settings Building Wireless Bridging and Repeating Networks Remote Management Static Routes Universal Plug and Play Advanced USB Settings Traf...

Page 123: ...e default demilitarized zone DMZ server feature is helpful when you use online games and video conferencing applications that are incompatible with NAT The wireless modem router is programmed to recognize some of these applications and to work correctly with them but there are other applications that might not function well In some cases one local computer can run the application correctly if that...

Page 124: ...s check box This should be used only as a diagnostic tool because it allows your wireless modem router to be discovered which can be a security problem Do not select this check box unless you have a specific reason to do so MTU Size in bytes The normal maximum transmission unit MTU value for most Ethernet networks is 1500 bytes 1492 bytes for PPPoE connections and 1458 for PPPoA connections For so...

Page 125: ...o your frequently changing IP address The router has a client that can connect to a Dynamic DNS service provider Once you have configured your ISP account information in the router whenever your ISP assigned IP address changes your router contacts your Dynamic DNS service provider logs in to your account and registers your new IP address To enable dynamic DNS 1 Select Advanced Dynamic DNS to displ...

Page 126: ...P services such as DHCP and Routing Information Protocol RIP The wireless modem router is shipped preconfigured to use private IP addresses on the LAN side and to act as a DHCP server The wireless modem router s default LAN IP configuration is as follows LAN IP address 192 168 0 1 Subnet mask 255 255 255 0 These addresses are part of the private address range designated by the Internet Engineering...

Page 127: ...re local to it and which have to be reached through a gateway or wireless modem router Use Router as DHCP Server By default the wireless modem router functions as a Dynamic Host Configuration Protocol DHCP server allowing it to assign IP DNS server and default gateway addresses to all computers connected to the wireless modem router s LAN The assigned default gateway address is the LAN address of ...

Page 128: ... address entry 1 Select the radio button next to the reserved address that you want to edit or delete 2 Click Edit or Delete Set Up Quality of Service QoS Quality of Service QoS is an advanced feature that can be used to prioritize some types of traffic ahead of others The modem router can provide QoS prioritization over the wireless link and on the Internet connection The modem router supports Wi...

Page 129: ...cify prioritization of traffic you have to add or create a policy for the type of traffic To configure QoS for Internet access 1 From the main menu under Advanced select QoS Setup 2 Click Setup QoS rule The QoS Priority Rule list displays 3 To change a rule select its radio button 4 Scroll down to the bottom of the screen ...

Page 130: ...7 In the QoS Setup screen click Apply Advanced Wireless Settings To configure the advanced wireless settings 1 Select Advanced Wireless Settings to display the following screen Figure 51 Advanced Wireless Settings screen Note The WPS Settings section is not displayed if you selected WEP as the security option 2 If you make changes click Apply Note that the WLAN settings come from the settings you ...

Page 131: ...istrar for example from the Network Explorer on a Vista Windows PC to configure the wireless modem router s wireless settings through WPS You can also find the PIN on the wireless modem router s product label Disable Router s PIN The PIN function might temporarily be disabled when the wireless modem router detects suspicious attempts to break into the wireless modem router s wireless settings by u...

Page 132: ...n by specifying IP addresses Here are some examples of wireless bridged configurations Point to point bridge The wireless modem router communicates with another bridge mode wireless station See Point to Point Bridge Configuration on page 133 Multi point bridge The wireless modem router is the master for a group of bridge mode wireless stations Then all traffic is sent to this master rather than to...

Page 133: ...communication Wireless Base Station Select this only if this router is the master for a group of repeater mode wireless stations The other repeater mode wireless stations have to be set to wireless repeater mode using this router s MAC address They then send all traffic to this master rather than communicating directly with each other WEP can and should be used to protect this traffic If this opti...

Page 134: ...D3700 s MAC address in its Remote MAC Address field 3 Configure both APs and verify that both APs are using the same SSID channel authentication mode if any and security settings if security is in use 4 Disable the DHCP server on AP 2 AP 1 will then be the DHCP server 5 Verify connectivity across LAN Segment 1 and LAN Segment 2 A computer on either LAN segment should be able to connect to the Inte...

Page 135: ...GND3700 wireless modem router Configure the access point AP 3 on LAN segment 3 in point to point bridge mode with the remote MAC address of the DGND3700 wireless modem router 2 Disable the DHCP server on AP 2 and AP 3 AP 1 will then be the DHCP server 3 Verify the following for all access points The LAN network configuration of the wireless modem router and other access points are configured to op...

Page 136: ...router or access points If you require wireless stations to access any LAN segment you can use additional access points configured in wireless access point mode in any LAN segment Repeater with Wireless Client Association In the repeater mode with wireless client association the DGND3700 wireless modem router sends all traffic to a remote access point For the repeater mode you have to enter the MA...

Page 137: ...he Remote MAC Address field 2 Verify the following for both access points The LAN network configuration of each access point is configured to operate in the same LAN network address range as the LAN devices The access points have to be on the same LAN That is the LAN IP addresses for the access points have to be in the same network If you are using DHCP for all access points in the Basic Settings ...

Page 138: ...ed range To allow access from any IP address on the Internet select Everyone 4 Specify the port number to be used for accessing the router interface Web browser access usually uses the standard HTTP service port 80 For greater security you can change it so the remote router interface uses a custom port by entering that number in the field provided Choose a number between 1024 and 65535 but do not ...

Page 139: ... ISP as the wireless modem router and a second static route was created to your local network for all 192 168 0 x addresses With this configuration if you attempt to access a device on the 134 177 0 0 network your router forwards your request to the ISP The ISP forwards your request to the company where you are employed and the request is likely to be denied by the company s firewall In this case ...

Page 140: ...dentification purpose only c Select Private if you want to limit access to the LAN only The static route will not be reported in RIP d Select Active to make this route effective e Enter the IP address of the final destination f Enter the IP subnet mask for this destination If the destination is a single host type 255 255 255 255 g Enter the gateway IP address which has to be a router on the same L...

Page 141: ...sources such as port forwarding mapping of the wireless modem router Advertisement Period The advertisement period is how often the wireless modem router advertises broadcasts its UPnP information This value can range from 1 to 1440 minutes The default period is 30 minutes Shorter durations ensure that control points have current device status at the expense of additional network traffic Longer du...

Page 142: ...e To save the new settings to the wireless modem router click Apply To disregard any unsaved changes click Cancel To update the portmap table and to show the active ports that are currently opened by UPnP devices click Refresh Advanced USB Settings For added security the router can be set up to share only approved USB devices To enable this feature select No and click Apply To define the approved ...

Page 143: ...t traffic passing through your wireless modem router s Internet port With the Traffic Meter utility you can set limits for traffic volume set a monthly limit and get a live update of traffic usage To monitor traffic on your router 1 Under Advanced on the main menu select Traffic Meter 2 To enable the Traffic Meter select the Enable Traffic Meter check box ...

Page 144: ...4 You can limit the amount of data traffic allowed per month By specifying how many Mbytes per month are allowed By specifying how many hours of traffic are allowed 5 Set the Traffic Counter to begin at a specific time and date 6 Set up Traffic Control to issue a warning message before the monthly limit of Mbytes or hours is reached You can select one of the following to occur when the limit is at...

Page 145: ... your wireless modem router If you do not find the solution here check the NETGEAR support site at http support netgear com for product and contact information This chapter contains the following sections Router Not On No ISP Connection TCP IP Network Not Responding Cannot Log In Changes Not Saved Firmware Needs to Be Reloaded Incorrect Date or Time ...

Page 146: ...he 2 4 GHz and 5 GHz Wireless LEDs light c The DSL LED lights when there is a link through the ADSL phone lines d The Internet LED lights to indicate a connection to the ISP Power LAN ports DSL Internet 5 GHZ Wireless USB port Wireless On Off button WPS On Off button 2 4 GHz Wireless USB Figure 60 Front panel LEDs Power LED Is Off If the Power and other LEDs are off when your router is turned on C...

Page 147: ...8 0 1 If the error persists you could have a hardware problem and should contact NETGEAR technical support LAN LED Is Off If the LAN LED does not light when the Ethernet connection is made check the following The Ethernet cable connections are secure at the wireless modem router and at the hub or workstation The power is turned on to the connected hub or workstation Wireless LEDs Are Off If the 2 ...

Page 148: ...phone as described in ADSL Microfilters on page 18 If you connect the microfilters correctly you should be able to connect all your telephones If disconnecting telephones does not result in a green DSL LED there might be a problem with your wiring If the telephone company has tested the ADSL signal at your network interface device NID you might have poor quality wiring in your house DSL LED Is Off...

Page 149: ...t an IP address from the ISP You can determine whether the request was successful as follows 1 Access the router menus at http 192 168 0 1 and log in 2 Under Maintenance select Router Status and check that an IP address shows for the WAN port If 0 0 0 0 shows your wireless modem router has not obtained an IP address from your ISP If your router cannot obtain an IP address from the ISP the problem ...

Page 150: ... wireless modem router can obtain an IP address but your browser cannot load any Internet web pages Your computer might not recognize any DNS server addresses A DNS server is a host on the Internet that translates Internet names such as www addresses to numeric IP addresses Typically your ISP provides the addresses of one or two DNS servers for your use If you entered a DNS address during the wire...

Page 151: ...see this message Reply from IP address bytes 32 time NN ms TTL xxx If the path is not working you see this message Request timed out If the path is not functioning correctly you could have one of the following problems Wrong physical connections Make sure that the LAN port LED is on If the LED is off follow the instructions in LAN LED Is Off on page 147 Check that the corresponding link LEDs are o...

Page 152: ...ing the Ethernet MAC addresses of all but one of your PCs Many broadband ISPs restrict access by allowing traffic only from the MAC address of your modem but some additionally restrict access to the MAC address of a single PC connected to that modem In this case configure your router to clone or spoof the MAC address from the authorized PC Cannot Log In If you cannot log in to the wireless modem r...

Page 153: ...settings always click the Apply button before moving to another screen or tab or your changes are lost Click the Refresh or Reload button in the web browser The changes might have occurred but the old settings might be in the web browser s cache Firmware Needs to Be Reloaded When you attempt to connect to the Internet the browser might display a message similar to the following one telling you tha...

Page 154: ...stamped with the date and time of day Problems with the date and time function can include the following Date shown is January 1 2000 This means the router has not yet successfully reached a network time server Check that your Internet access is configured correctly If you have just completed configuring the router wait at least 5 minutes and check the date and time again Time is off by one hour T...

Page 155: ...the factory default settings and technical specifications for the N600 Wireless Dual Band Gigabit ADSL2 Modem Router DGND3700 and instructions for wall mounting the unit This appendix contains the following sections Factory Settings Technical Specifications ...

Page 156: ...tion settings shown in the following table Table 22 Factory settings description Feature Default Behavior Router Login User Login URL http www routerlogin net or http www routerlogin com User Name case sensitive admin Login Password case sensitive password Internet Connection WAN MAC Address Use default address WAN MTU Size 1492 Port Speed AutoSense Local Network LAN Lan IP 192 168 0 1 Subnet Mask...

Page 157: ...st SSID Enabled Transmission Speed Auto1 Country Region United States in North America otherwise varies by region RF Channel Auto Operating Mode Up to 145 Mbps Data Rate Best Output Power Full Access Point Enabled Authentication Type Pre Shared Key Wireless Card Access List All wireless stations allowed 1 Maximum wireless signal rate derived from IEEE Standard 802 11 specifications Actual throughp...

Page 158: ...50 Hz input All regions output 12V AC 2 5A output Physical Dimensions 6 80 in x 5 03 in x 1 28 in 172 7 mm x 127 7 mm x 32 5 mm Weight 0 61 lbs 0 275 kg Environmental Operating temperature 0 to 40 C 32º to 104º F Operating humidity 10 to 90 relative humidity noncondensing Storage temperature 20 to 70 C 4º to 158º F Storage humidity 5 to 95 relative humidity noncondensing Regulatory Compliance Meet...

Page 159: ...nnel Telecommuter Example Configuration Profile The configuration in this appendix follows the addressing and configuration mechanics defined by the VPN Consortium Gather necessary information before you begin configuration Verify that the firmware is up to date and that you have all the addresses and parameters to be set on both sides Check that there are no firewall restrictions Table 24 Wireles...

Page 160: ...ses used in this example are as follows Unit WAN IP LAN IP LAN Subnet Mask DGND3700 14 15 16 17 10 5 6 1 255 255 255 0 FVL328 22 13 24 25 172 23 9 1 255 255 255 0 a For the connection name enter toGW_B b For the remote WAN s IP address enter 22 23 24 25 c Enter the following IP Address 172 23 9 1 Subnet Mask 255 255 255 0 d In the Summary screen click Done 2 Use the VPN Wizard to configure the Gat...

Page 161: ...IKE Policy Configuration screen toGW_A 14 15 16 17 22 23 24 25 4 On Gateway B router menu under VPN select VPN Policies and click the Edit button to display the VPN Auto Policy screen toGW_A toGW_A 172 23 9 10 5 6 1 14 15 16 17 toGW_A toGW_A 5 Test the VPN tunnel by pinging the remote network from a PC attached to Gateway A wireless modem router a Open the command prompt select Start Run cmd ...

Page 162: ...onfiguration in this section follows the addressing and configuration mechanics defined by the VPN Consortium Gather the necessary information before you begin configuration Verify that the firmware is up to date and that you have all the addresses and parameters to be set on both sides Check that there are no firewall restrictions Gateway A WAN IP Internet 10 506 0 24 DGND3700 LAN IP 10 5 6 1 exa...

Page 163: ... In this example Gateway A is configured using a sample FQDN provided by a DDNS service provider In this case the hostname dgnd3300v2 dyndns org for Gateway A was provided using the DynDNS service Gateway B uses the DDNS service provider when establishing a VPN tunnel To establish VPN connectivity Gateway A has to be configured to use Dynamic DNS and Gateway B has to be configured to use a DNS hos...

Page 164: ...check box In the Host Name field type dgnd3300v2 dyndns org In the User Name field enter the account user name In the Password field enter the account password c Click Apply d Click Show Status The resulting screen should show Update OK good 3 On NETGEAR Gateway B configure the Dynamic DNS settings Assume a correctly configured DynDNS account a From the main menu select Dynamic DNS b Select the Dy...

Page 165: ...he User Name field enter the account user name In the Password field enter the account password d Click Apply e Click Show Status The resulting screen should show Update OK good 4 Configure the N600 Wireless Dual Band Gigabit ADSL2 Modem Router DGND3700 as in the gateway to gateway procedures using the VPN Wizard see Set Up a Gateway to Gateway VPN Configuration on page 101 being certain to use ap...

Page 166: ...tion on page 101 being certain to use appropriate network addresses for the environment a For the connection name enter toDGND3300v2 b For the remote WAN s IP address enter dgnd3300v2 dyndns org c Enter the following IP Address 10 5 6 1 Subnet Mask 255 255 255 0 6 Test the VPN tunnel by pinging the remote network from a PC attached to the N600 Wireless Dual Band Gigabit ADSL2 Modem Router DGND3700...

Page 167: ...eway Fully qualified domain name FQDN Client Dynamic Gateway A main office Gateway B LAN IP 192 168 0 1 192 168 0 1 24 FQDN ntgr dyndns org from_GW_A WAN IP Internet WAN IP 0 0 0 0 toGW_A IP 192 168 2 3 regional office Client PC running NETGEAR ProSafe VPN client Figure 64 Telecommuter example Set Up Client to Gateway VPN Telecommuter Example Setting up a VPN between a remote PC running the NETGEA...

Page 168: ...er the information toGW_A com in this example fromGW_A com in this example fromGW_A in the example 192 168 2 3 in this example IKE Keep Alive is optional has to match Remote LAN IP Address when enabled remote PC must respond to pings Remote NAT router has to have Address Reservation set and VPN Passthrough enabled 2 Click Apply when you are finished to display the VPN Policies screen To view or mo...

Page 169: ...installation b If you do not have a modem or dial up adapter installed in your PC you might see the warning message stating The NETGEAR ProSafe VPN Component requires at least one dial up adapter be installed You can disregard this message c Install the IPSec component You might have the option to install either the VPN adapter or the IPSec component or both The VPN adapter is not necessary d The ...

Page 170: ... ID Type drop down list select IP Subnet f In this example in the Subnet field type 192 168 0 1 as the network address of the wireless modem router g In the Mask field enter 255 255 255 0 as the LAN subnet mask of the wireless modem router h In the Protocol drop down list select All to allow all traffic through the VPN tunnel i Select the Connect using Secure Gateway Tunnel check box j In the ID T...

Page 171: ...tiation Mode group select the Main Mode radio button 4 Configure the VPN client identity In this step you provide information about the remote VPN client PC You have to provide the pre shared key that you configured in the wireless modem router and either a fixed IP address or a fixed virtual IP address of the VPN client PC a In the Network Security Policy list on the left side of the Security Pol...

Page 172: ...e the VPN Client Authentication Proposal In this step you provide the type of encryption DES or 3DES to be used for this connection This selection has to match your selection in the VPN router configuration a In the Network Security Policy list on the left side of the Security Policy Editor window expand the Security Policy heading by double clicking its name or clicking the symbol b Expand the Au...

Page 173: ...d c In the Compression drop down list select None d Select the Encapsulation Protocol ESP check box e In the Encrypt Alg drop down list select the type of encryption In this example use Triple DES f In the Hash Alg drop down list select SHA 1 g In the Encapsulation drop down list select Tunnel h Leave the Authentication Protocol AH check box cleared 7 Save the VPN client settings From the File men...

Page 174: ...e request a Right click the system tray icon to open the pop up menu b Select Connect to open the My Connections list c Select toDGND3300v2 The wireless modem router reports the results of the attempt to connect Once the connection is established you can access resources of the network connected to the VPN router Right click the system tray icon to open the pop up menu My Connections DGD3300v2 To ...

Page 175: ...the VPN router to the client PC To do this on the wireless modem router main menu select Diagnostics Monitoring the VPN Tunnel Telecommuter Example To view information about the progress and status of the VPN client connection open the Log Viewer In Windows click Start and select Programs N600 Wireless Dual Band Gigabit ADSL2 Modem Router DGND3700 Log Viewer Note Use the active VPN tunnel informat...

Page 176: ...se the VPN connection to have normal Internet access View the VPN Router s VPN Status and Log Information To view information about the status of the VPN client connection open the VPN router s VPN Status screen To view status and log information 1 On the wireless modem router main menu select Router Status and then click the VPN Status button The VPN Status Log screen displays 2 To view the VPN t...

Page 177: ... 328 2 4Ghz EN301 489 17 EN301 893 5Ghz EN60950 1 For complete DoC please visit the NETGEAR EU Declarations of Conformity website at http support netgear com app answers detail a_id 11621 EDOC in Languages of the European Community Language Statement Cesky Czech NETGEAR Inc tímto prohlašuje že tento Radiolan je ve shode se základními požadavky a dalšími príslušnými ustanoveními smernice 1999 5 ES ...

Page 178: ...n overeenstemming is met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999 5 EG Malti Maltese Hawnhekk NETGEAR Inc jiddikjara li dan Radiolan jikkonforma mal htigijiet essenzjali u ma provvedimenti ohrajn relevanti li hemm fid Dirrettiva 1999 5 EC Magyar Hungarian Alulírott NETGEAR Inc nyilatkozom hogy a Radiolan megfelel a vonatkozó alapvetõ követelményeknek és az 1999 5 EC...

Page 179: ...use harmful interference and This device must accept any interference received including interference that may cause undesired operation FCC Radio Frequency Interference Warnings Instructions This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful ...

Page 180: ...have priority of 5250 5350 MHz and 5650 5850 MHz and these radars could cause interference and or damage to LE LAN devices Ce dispositif est conforme à la norme CNR 210 d Industrie Canada applicable aux appareils radio exempts de licence Son fonctionnement est sujet aux deux conditions suivantes 1 le dispositif ne doit pas produire de brouillage préjudiciable et 2 ce dispositif doit accepter tout ...

Page 181: ...ds examples 49 box contents 11 bridged networks 132 C case study setting up VPN 159 changes not saved router 153 clients adding to network 40 client to gateway VPN tunnels 87 90 compliance 177 configuration file 67 68 connecting to UBS drive 83 connecting wirelessly 17 connection status 72 content filtering 48 58 custom service port forwarding 55 D date and time 154 daylight savings time 59 154 de...

Page 182: ...ort forwarding 53 inbound traffic See port forwarding port triggering Internet port 28 Internet port LEDs 15 Internet port no connection 33 Internet Relay Chat IRC 52 Internet Service Provider ISP See ISP Internet traffic statistics 144 IP address 83 IP addresses 83 DHCP 23 LAN service 126 reserved 127 IP setup LAN 126 ISP account information 23 Basic Settings screen 30 DSL settings 32 DSL synchro...

Page 183: ...g 54 example 53 port numbers 58 port scanning disabling 123 port triggering 51 53 56 configuring 56 example 51 ports back panel 13 positioning the router 17 power adapter AC 14 preset security 37 46 pre shared key 39 primary DNS addresses 31 Push N Connect See WPS Q Quality of Service QoS 128 129 R RADIUS server 39 range of wireless connections 17 remote access 50 remote computer connecting from 8...

Page 184: ...SB drive unmounting 82 USB port 15 USB port LED 16 USB storage 74 advanced 80 142 basic settings 77 connecting 83 creating a network folder 81 editing a network folder 79 file sharing scenarios 75 V virtual channel identifier VCI 32 virtual path identifier VPI 32 VPN Auto Policy 112 116 117 VPN client 93 VPN Log Viewer 99 175 VPN Manual Policy 119 VPN network connections 112 VPN tunnels activating...

Page 185: ...Settings screen 42 wireless settings SSID broadcast 44 Wireless Stations Access List 44 WPA encryption 39 WPA2 encryption 39 WPA2 PSK encryption 39 WPA 802 1x encryption 39 passphrases 46 RADIUS servers 39 WPA PSK encryption 39 WPA PSK WPA2 PSK mixed mode 39 WPS button 41 WPS LED 14 WPS See Wi Fi Protected Setup WPS WPS capable devices 40 WPS PSK encryption 39 WPS PSK WPA2 PSK encryption 39 wrong ...

Reviews: