How to connect GNU/Linux VPN Client (NetworkManager/vpnc) to NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 or NETGEAR ProSecure Unified Threat Management UTM9S


  {} - different setting for UTM9S


+--------------------------
| NETGEAR ProSafe™ SRX5308 { NETGEAR ProSecure UTM9S }


1. VPN -> IPSecVPN -> Mode Config -> Add:

	Record Name:			VPNCLientPool (example)
	First Pool:	Start IP:	10.20.1.100
			End IP:		10.20.1.200

	
	PFS Key Group (checked):	DH Group 2
	SA Lifetime:			3600 Seconds
	Ecryption Algorithm:		AES-256
	Integrity Algorithm:		SHA-1
	Local IP Address:		0.0.0.0
	Local Subnet Mask:		0.0.0.0

	[Note for SRX5308:
		- use 0.0.0.0/0.0.0.0 in case of multi vpn setting of vpnc on client side
			Do not forget to set static route in vpnc settigs on client side.

		- use specified local subnet/mask in case of manaul settings of conf-variable
			"IPSEC target network " in vpnc configuration file
			on client side.
		  For example 10.10.1.0/255.255.255.0 as local lan subnet behind the SRX5308.
	]

2. VPN-> IPSecVPN -> IKE Policies -> Add:

	Do you want to use Mode Cofig Record: Yes
	Select Mode Config Record:	VPNClientPool

	Policy Name:			VPNClientAccess (example)
	Direction/Type:			Responder
	Exchange Mode:			Aggressive

	Select Local Gateway:		WAN4 (example, specify WAN1-4 which is used for vpn connection)
	Identifier Type:		FQDN
	Identifier:			vpn.domain.com (exmple)

	Remote Identifier Type:		FQDN
	Identifier:			remote.domain.com (example) { 0.0.0.0 }

	Ecryption Algorithm:		AES-256
	Autentification Algorithm:	SHA-1
	Autentification Method:		Pre-shared key
	Pre-shared key:			...pre_shared_key...
	DH Group:			Group 2
	SA-lifetime:			28800
	Enable Dead Peer Detection:	No

	XAUTH Configuration:		Edge Device


3. Users -> Users -> Add:

	User Name:			vpnuser
	User Type:			IPSEC VPN User
	Password:			...user_password...



+--------------------------
| Network Manager / vpnc


1. Network Connection -> VPN tab -> Add:

	Choose a VPN Connection Type:	Cisco Compatible VPN (vpnc)


2. Editing VPN Connection:

	Connection Name:		VPNtoSRX3508
	
    VPN tab:
	Gateway:			vpn.domain.com
	User name:			vpnuser
	User password (Saved):		...user_password...
	Group name:			remote.domain.com { 0.0.0.0 }
	Group password:			...pre_shared_key...

    VPN tab -> Advanced:
	Encryption Method:		Secure
	NAT traversal:			NAT-T when available
	IKE DH Group:			DH Group 2
	Perfect Forward Secrecy:	DH Group 2
	Disable Dead Peer Detection:	checked


    IPv4 Settings tab:
	Method:				Automatic (VPN)

    IPv4 Settings tab -> Routes:
	Add route:	Address:	10.10.1.0	(see Note above...)
			Netmask:	255.255.255.0
			Gateway:	10.10.1.1	(IP address of SRX5308 LAN interface)
			Metric:		0
	Ignore automaticly obtained routes:			unchecked
	Use this connection only for resources on its network:	checked

	[Note for SRX5308:
		- use "Add route" in case of 0.0.0.0/0.0.0.0 setting on SRX5308 Local IP Address/Subnet Mask.

		- leave Routes blank in case of manaul settings of conf-variable
			"IPSEC target network " in vpnc configuration file.
		  For example if 10.10.1.0/255.255.255.0 as local lan subnet behind the SRX5308, use
			IPSEC target network 10.10.1.0/255.255.255.0
	]