Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall
6-4 Virtual Private Networking
Linking Two Networks Together
A VPN between two NETGEAR VPN-enabled routers is a good way to connect branch offices
and business partners over the Internet, offering an affordable, high-performance alternative to
leased site-to-site lines. The VPN also provides access to remote network resources when NAT is
enabled and remote computers have been assigned private IP addresses.
Planning the VPN
When planning your VPN, you must make a few choices first:
• Will the remote end be a network or a single PC?
If Network: The two endpoint networks must have different LAN IP address ranges. For
example, if both ends are using the NETGEAR default address range of 192.168.0.x, the
connection will not work. Change one router’s LAN IP Address and DHCP range to a
different range such as 192.168.1.x.
If Single PC: If the remote endpoint is a single PC running a VPN client, its destination
address must be a single IP address, with a subnet mask of 255.255.255.255.
• Does one side have a dynamic IP address?
At least one side must have a fixed IP address.
The side with a dynamic IP address must always be the initiator of the connection.
• Will you be using the simpler Internet Key Exchange (IKE) setup, or Manual Keying, in which
you must specify each phase of the connection?
• What level of encryption will you use (56 bit DES or 168 bit 3DES)?
Configuring a VPN Between Two LANs
This procedure describes linking two LANs using an FVS318 at each end.
INTERNET
VPN
ROUTER
VPN
ROUTER
LA
N
L
AN