VPN Case Study Banner

Service Vertical Line Case Studies Vertical Line Technical Docs Vertical Line FAQ Vertical Line URL Links Vertical Line Nav Blank Vertical Line Netgear Demo Vertical Line NETGEAR Forum

FAQ






  1. What is VPN?
  2. What is Internet Key Exchange (IKE)?
  3. What is IPSec?
  4. What is the difference of VPN the Netgear uses and Cisco?
  5. What is a Security Association?
  6. What kind of broadband speed does it requires for VPN?
  7. Which is broadband services is better?
  8. Where can I find maximum throughput for my Negear Prosafe VPN Router?
  9. I have established VPN Tunnel between FVX538 and FVS318v3 routersm but why I can't copy files over a mapped Network drive?
  10. What is Virutal Adapter in VPN Client?
  11. Do I need to setup any ports setting in my router for VPN Tunnel?
  12. Why I can't ping the router when my VPN is connected?
  13. I have VPN Tunnel establish but I can't ping or map the drive. Is there anything I can try?
  14. What is the jumbo frame supported by switches and adapters?
  15. Do I need to make my DSL modem/router to bridge mode?
  16. How do I make my DSL modem/router into bridge mode?
  17. What is difference between NAT and Portforwarding?
  18. Why do I need to configure Port Forwarding on my router?
  19. Where can I find Port Forwarding information and how to setup?
  20. Why my SBC Speedstream 5100B modem causes install and connection to fail?
  21. What is PPPoE ?
  22. What is MTU Setting?
  23. I have cable services with comcast, do I need to make my modem to bridge modem?
  24. Why internet connection drops repeatedly?
  25. How can I do MAC Spoofing?
  26. How do I find my current broadband speed?
  27. What are Benefits of a Wireless Network?
  28. What is a Wireless Network's SSID?
  29. What is WEP/WPA Encryption for Wireless Networks?
  30. Is there compatible wireless card and driver for my Mac?
  31. Is there other compatible Wireless card without purchase from OrangWare?








  • What is VPN?
    • Virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. The idea of the VPN is to give the company the same capabilities at much lower cost by using the shared public infrastructure rather than a private one.

  • What is Internet Key Exchange (IKE)?
    • Internet Key Exchange is a negotiation and key exchange protocol specified by the Internet Engineering Task Force (IETF). An IKE Security Association (SA) automatically negotiates encryption and authentication keys. With IKE, and initial exchange authenticates the VPN session and automatically negotiates keys that will be used to pass IP traffic.

  • What is IPSec?
    • Internet Protocol Security is a robust VPN standard that covers authentication and encryption of data traffic over the Internet. VPN technology using IPSec encrypts outgoing data and decrypts incoming data.

      IPSec has two encryption modes: transport and tunnel. Transport mode encrypts the packet data but leaves the header unencrypted. The more secure the tunnel mode encrypts both the header and the data. At the receiving end, an IPSec-compliant device decrypts each packet. For IPSec to work, the sending and receiving devices must share a key.

      IKE protocol is a key management protocol standard which is commonly used in conjunction with the IPSec standard.

      Unlike PPTP, IPSec is specific only to the Internet Protocol (IP) and does not provide security for other protocols.

      PPTP supports multiple protocols, but is not as secure.

  • What is the difference of VPN the Netgear uses and Cisco?
    • Netgear
      • Pure IPSec vpn tunnel
        =====================

        In a pure IPSec vpn tunnel, only ip traffic is encrypted/decrypted.

        If you have non ip traffic, example, ipx, then it is not able to go into the vpn tunnel.

        OSPF, EIGRP, are not transferred in the tunnel.

        The url below might be helpful for you about IPSec,

        An Introduction to IP Security (IPSec) Encryption
    • Cisco
      • GRE over IPSec vpn tunnel
        =========================

        In a GRE over IPSec vpn tunnel, the original packet whether ip, ipx, etc... is first going to be GRE encapsulated and then this packet is then subjected to IPSec encapsulation.

        Therefore, in a GRE over IPSec tunnel, all routing traffic (ip and non ip) can be routed through because when the original packet (ip/non ip) is GRE encapsulated, then it will have an ip header (as defined by the GRE tunnel (normally the tunnel interface ip addresses)) then the IPSec protocol can understand the ip packet and and can therefore be able to encapsulate the GRE packet to make it GRE over IPSec.

        please visit the urls below for more info.,
    • Which VPN Solution is Right for You?
      How Virtual Private Networks Work

  • What is a Security Association?
    • A group of security settings related to a specific VPN tunnel. A Security Association groups together all the necessary settings needed to create a VPN tunnel. Different SAs may be created to connect branch offices, allow secure remote management, and pass unsupported traffic. All SAs require a specified encryption method, IPSec gateway address and destination network address. IKE includes a shared secret.

  • What kind of broadband speed does it requires for VPN?
    • Faster upload/download will be most optimum performace. You can make your VPN tunnel with standard residential package. It will not transfer the same compare to LAN but it will get the job done. If you can match your uploads speed close to download speed will enhance the most.
  • Which is broadband services is better?
    • Personal experiences shows me that cable seems to run better then DSL services.

  • Where can I find maximum throughput for my Negear Prosafe VPN Router?
  • I have established VPN Tunnel between FVX538 and FVS318v3 routersm but why I can't copy files over a mapped Network drive?
    • This situation may also apply generally to other VPN routers and other applications.Workaround. On the Rule menu of the FVX538, there is an option to Drop fragmented IP packets. Uncheck it.

  • What is Virutal Adapter in VPN Client?
  • The Virtual Adapter (VA) is a method to present to the local client machine an interface using remote access service (RAS) or dial-up networking (DUN). It appears to the operating system as another adapter. It is considered a “virtual” adapter since the packets never actually leave the client machine through that adapter. Rather they are intercepted by the IPSec component and sent via a real, physical adapter (e.g. modem, Ethernet, etc.). >>more information

  • Do I need to setup any ports setting in my router for VPN Tunnel?
    • This describes VPN support tested by model. Depending on your ISP configuration and other issues, you may need to open ports for passthrough to work. These ports are:
      • IPSec: 500
      • L2TP: 1701 and 500
      • PPTP: 1723 and 500
      Each VPN passthrough must have its own 500 port open. The first port is opened normally, as described in port forwarding documents. The other instances of port 500 must each be opened by selecting a unique range of ports that include 500, e.g., 499-501, 498-502, etc.
      "VPN passthrough Connections" is the total tunnels of all types supported. For example, the first model, CG814M, supports 1 IPSec or L2TP or PPTP passthrough, not three.

  • Why I can't ping the router when my VPN is connected?
    • I'm using FVS318v3 router (firmware v3.0_20) and I am connecting to a remote client.
  • I have VPN Tunnel establish but I can't ping or map the drive. Is there anything I can try?
    • You need to tweak the windows firewall, its to do with Microsof-DS and alternative subnets.
      • CONTROL PANEL > WINDOWS FIREWALL > EXCEPTIONS TAB > FILE AND PRINTER SHARING, Select TCP 445 and press CHANGE SCOPE, add the subnet address of the remote network and also add the subnet address of the local network. i.e

        If addresses were like this:

        LOCAL 192.168.1.1
        REMOTE 192.168.2.1

        Add them into the scope like this:

        192.168.1.0/255.255.255.0,192.168.2.0/255.255.255.0

        Make sure you dont use spaces and make sure that you enter the / between the address and subnet. Apply the settings and try to access the resources through \\ip address\sharename

  • What is the jumbo frame supported by switches and adapters?

    • Ethernet traffic moves in units called frames. The maximum size of frames is called the Maximum Transmission Unit (MTU). When a network device gets a frame larger than its MTU, the data is fragmented (broken into smaller frames) or dropped. Historically, Ethernet has a maximum frame size of 1500 bytes, so most devices use 1500 as their default MTU. An Ethernet packet larger than 1500 bytes is called a Jumbo Frame. In NETGEAR products, this feature is disabled by default. >>more information

  • Do I need to make my DSL modem/router to bridge mode?
    • Wether you are using for regular internet browsing or VPN Tunnel, you should change to bridge mode. Bridge mode will disable router function and only acts a modem. You will need to setup your router-static IP, PPPoE and PPPoA.

  • How do I make my DSL modem/router into bridge mode?
    • It's common that your unit will be shipped as bridge mode. In order to achieve bridge mode most manufacture uses two methods, hard reset or log-in to modem and specifiy.
  • What is difference between NAT and Portforwarding?
  • Why do I need to configure Port Forwarding on my router?
    • Software ports are numbered connections that a computer uses to sort types of network traffic. A port may support incoming traffic, outgoing traffic, or both. A few services, such as FTP (on port 21), and HTTP (on port 80), are assigned by default to open ports where operating systems can easily find them easily. When a port is opened a service is assigned to it, for example, an online game. For security, by default all ports to the Internet, and most LAN ports are closed so that traffic cannot flow through them. >>more information

  • Where can I find Port Forwarding information and how to setup?
      • Visit Port Forward site. Great site setup your gaming or specify ports.

  • Why my SBC Speedstream 5100B modem causes install and connection to fail?
  • What is PPPoE ?
    • PPPoE (Point-to-Point Protocol Over Ethernet) is a software protocol used to connect several computer users to the Internet through one connection, without any special ISP support. Using PPPoE, several computers in an apartment building could share an Internet connection while keeping track of how much usage people should be billed for.

      PPPoE combines PPP and Ethernet protocols. As it simulates a dial-up connnection, users avoid running login programs such as WinPOET and Enternet

  • What is MTU Setting?
    • MTU, Partial Loss of Internet Connection, and Performance
      MTU (Maximum Transmission Unit) is the largest packet a network device transmits. The best MTU setting for NETGEAR equipment is often just the default value. MTU is sometimes presented as something that can be easily changed to improve performance. >>more information

  • I have cable services with comcast, do I need to make my modem to bridge modem?
    • No. all the cable modem is just a modem. Most come with USB for single PC hook up for computer without ethernet card. In order to hook up more then one PC requires router.

  • Why internet connection drops repeatedly?
  • How can I do MAC Spoofing?
    • This document is relevant if you had an Internet connection, but lost it when adding a router to your network, or using a different Ethernet adapter card or computer than the one your ISP used during installation.
  • How do I find my current broadband speed?
  • What are Benefits of a Wireless Network?
    • Wireless LANs offer the following productivity, convenience, and cost advantages over wired networks:
      • Mobility: Wireless LAN systems can provide LAN users with access to real-time information anywhere in their organization. This mobility supports productivity and service opportunities not possible with wired networks.
      • There are now thousands of universities, hotels and public places with public wireless connection. These free you from having to be at home or at work to access the Internet.
      • Installation Speed and Simplicity: Installing a wireless LAN system can be fast and easy and can eliminate the need to pull cable through walls and ceilings.
      • Reduced Cost-of-Ownership: While the initial investment required for wireless LAN hardware can be higher than the cost of wired LAN hardware, overall installation expenses and life-cycle costs can be significantly lower. Long-term cost benefits are greatest in dynamic environments requiring frequent moves and changes.
      • Scalability: Wireless LAN systems can be configured in a variety of topologies to meet the needs of specific applications and installations. Configurations are easily changed and range from peer-to-peer networks suitable for a small number of users to full infrastructure networks of thousands of users that enable roaming over a broad area.

  • What is a Wireless Network's SSID?
    • An SSID is a 32-character alphanumeric key uniquely identifying a wireless LAN. Its purpose is stop other wireless equipment accessing your LAN — whether accidentally or intentionally. To communicate, wireless devices must be configured with the same SSID. Most NETGEAR products have a "site survey" tool that automatically looks for other wireless devices, and displays their SSID.

      If you unselect Allow broadcast of SSID in a router or access point, the SSID of that device will not be visible in another device's site survey, and must be entered manually.
      The SSID is not a strong security measure, and should be used in conjunction with other security such as WEP or WPA.

      The Extended Service Set Identification (ESSID) is one of two types of Service Set Identification (SSID). An Ad-hoc wireless network with no access points uses the Basic Service Set Identification (BSSID). In an infrastructure wireless network that includes an access point, the Extended Service Set Identification (ESSID) is used — although it may still be referred in a loose sense as SSID. Some vendors refer to the SSID as the "network name"

  • What is WEP/WPA Encryption for Wireless Networks?
    • WPA
      • Wi-Fi Protected Access (WPA and WPA2) are systems to secure wireless (Wi-Fi) networks. They were created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA is designed to work with all wireless network interface cards, but not necessarily with first generation wireless access points. WPA2 implements the full standard, but will not work with some older network cards. Both provide good security, with two significant issues:
        • either WPA or WPA2 must be enabled and chosen in preference to WEP. WEP is usually presented as the first security choice in most installation instructions.
        • in the "Personal" mode, the most likely choice for homes and small offices, a passphrase is required that, for full security, must be longer than the typical 6 to 8 character passwords users are taught to employ.
      • WPA is designed for use with an 802.1X authentication server, which distributes different keys to each user; however, it can also be used in a less secure "pre-shared key" (PSK) mode, where every user is given the same passphrase. The Wi-Fi Alliance calls the pre-shared key version WPA-Personal or WPA2-Personal and the 802.1X authentication version WPA-Enterprise or WPA2-Enterprise.
    • WEP
      • Wired Equivalent Privacy (WEP) is a security protocol for wireless networks that encrypts transmitted data . It's easy to configure. Without any security your data can be intercepted without difficulty.

        However, WEP was an early attempt to secure wireless networks, and better security is now available such as DES, VPN, and WPA. WEP has three settings: Off (no security), 64-bit (weak security), 128-bit (a bit better security). WEP is not difficult to crack, and using it reduces performance slightly.

        If you run a network with only the default security, where WEP is turned off, any of your neighbors can immediately log on to your network and use your Internet connection.
      • For wireless devices to communicate, all of them must use the same WEP setting. (40-bit and 64-bit WEP encryption are the same thing — 40-bit devices can communicate with 64-bit devices.)
      • While there is no extra performance cost to encrypting the longer key, there is a cost to transmitting the extra data over the network. 128-bit security is not much more difficult than 64-bit to crack, so if you are concerned about performance, consider using 64-bit. If you're very concerned about security, use WPA, which replaces WEP with a protocol that is — given current technology — impossible to crack.

        The WEP concept of passphrase is introduced so that you do not have to enter complicated strings for keys by hand. The passphrase you enter is converted into complicated keys. Choose passphrases with the same care you would important passwords.
      • With 128-bit encryption, you need to enter a passphrase to generate each key.
      • All four keys must be specified, because WEP switches between them to make your traffic more difficult to break.
      • All devices within your LAN must use the same passphrases (i.e., the same keys).
        WEP is not necessary if you have a gaming console such as PlayStation or Xbox, and there are no other computers on the network.

        Instructions on how to set up WEP are available in the User Manuals and Reference Manuals for wireless products (available on the Product page on this site as downloads).

  • Is there compatible wireless card and driver for my Mac?
  • Is there other compatible Wireless card without purchase from OrangWare?

  • © 2006~2010 VPN Case Study | All Rights Reserved |

    Disclaimer: This site has no relationship with Netgear Corporation nor sponsored and endorsed by Netgear Corporation to post these informations. If you feel that this site has represent in manner which does not correspond to "

    Trademark & Advertising Guidelines" (section II-B) , please E-mail i....@vpncasestudy.com