How to connect GNU/Linux VPN Client (NetworkManager/vpnc) to NETGEAR ProSafeā„¢ Gigabit Quad WAN SSL VPN Firewall SRX5308 or NETGEAR ProSecure Unified Threat Management UTM9S

  {} - different setting for UTM9S

| NETGEAR ProSafeā„¢ SRX5308 { NETGEAR ProSecure UTM9S }

1. VPN -> IPSecVPN -> Mode Config -> Add:

	Record Name:			VPNCLientPool (example)
	First Pool:	Start IP:
			End IP:

	PFS Key Group (checked):	DH Group 2
	SA Lifetime:			3600 Seconds
	Ecryption Algorithm:		AES-256
	Integrity Algorithm:		SHA-1
	Local IP Address:
	Local Subnet Mask:

	[Note for SRX5308:
		- use in case of multi vpn setting of vpnc on client side
			Do not forget to set static route in vpnc settigs on client side.

		- use specified local subnet/mask in case of manaul settings of conf-variable
			"IPSEC target network " in vpnc configuration file
			on client side.
		  For example as local lan subnet behind the SRX5308.

2. VPN-> IPSecVPN -> IKE Policies -> Add:

	Do you want to use Mode Cofig Record: Yes
	Select Mode Config Record:	VPNClientPool

	Policy Name:			VPNClientAccess (example)
	Direction/Type:			Responder
	Exchange Mode:			Aggressive

	Select Local Gateway:		WAN4 (example, specify WAN1-4 which is used for vpn connection)
	Identifier Type:		FQDN
	Identifier: (exmple)

	Remote Identifier Type:		FQDN
	Identifier: (example) { }

	Ecryption Algorithm:		AES-256
	Autentification Algorithm:	SHA-1
	Autentification Method:		Pre-shared key
	Pre-shared key:			...pre_shared_key...
	DH Group:			Group 2
	SA-lifetime:			28800
	Enable Dead Peer Detection:	No

	XAUTH Configuration:		Edge Device

3. Users -> Users -> Add:

	User Name:			vpnuser
	User Type:			IPSEC VPN User
	Password:			...user_password...

| Network Manager / vpnc

1. Network Connection -> VPN tab -> Add:

	Choose a VPN Connection Type:	Cisco Compatible VPN (vpnc)

2. Editing VPN Connection:

	Connection Name:		VPNtoSRX3508
    VPN tab:
	User name:			vpnuser
	User password (Saved):		...user_password...
	Group name: { }
	Group password:			...pre_shared_key...

    VPN tab -> Advanced:
	Encryption Method:		Secure
	NAT traversal:			NAT-T when available
	IKE DH Group:			DH Group 2
	Perfect Forward Secrecy:	DH Group 2
	Disable Dead Peer Detection:	checked

    IPv4 Settings tab:
	Method:				Automatic (VPN)

    IPv4 Settings tab -> Routes:
	Add route:	Address:	(see Note above...)
			Gateway:	(IP address of SRX5308 LAN interface)
			Metric:		0
	Ignore automaticly obtained routes:			unchecked
	Use this connection only for resources on its network:	checked

	[Note for SRX5308:
		- use "Add route" in case of setting on SRX5308 Local IP Address/Subnet Mask.

		- leave Routes blank in case of manaul settings of conf-variable
			"IPSEC target network " in vpnc configuration file.
		  For example if as local lan subnet behind the SRX5308, use
			IPSEC target network