The FVS318G supports up to five Site-to-Site and Client-to-Site IPsec tunnels (total, not each). All typical encryption algorithms are supported, including DES, 3DES, AES-128, AES-192, and AES-256.
The 318G comes with a single license for NETGEAR's ProSafe VPN Client software, version 10.8.3, which installed easily on my Windows Vista laptop. The ProSafe VPN Client is a NETGEAR-branded version of SafeNet's SoftRemote software (Figure 12) , which SafeNet lists on their website for $149 / license.
Figure 12: VPN client info
Unlike the 336G, the 318G doesn't also support Client-to-Site SSL VPN tunnels, which provide secure access via web browser, or browser-downloaded applet. (However, I must point out that I recently had trouble with my 336G's SSL VPN certificate, and haven't been able to get it resolved.)
I was pleasantly surprised at how easy it was to configure an IPSec Client-to-Site tunnel on the 318G. I used NETGEAR's Wizard to set up the router's VPN Client configurations, and I found the NETGEAR manual useful in walking me through the configurations on the ProSafe Client Software. It took only a couple minutes to create the IKE and VPN policies on the router, install and configure the software on my laptop, and make a connection.
As with the 336G, NETGEAR offers a Mode Config option that allows remote VPN clients to be assigned an IP address in a different subnet than the devices on the LAN. This is a useful feature to restrict remote clients from accessing various services on the LAN.
I liked the fact that the 318G has a pop-up window within its menus that shows all the default values used by the VPN Wizard (Figure 13). One of the biggest challenges in configuring VPN tunnels is getting all the values on both ends to match. Matching values can be difficult when the end devices, such as a router and client software, have different field names and menu locations for the various values. So NETGEAR's pop-up display listing the default values is very handy.
Figure 13: VPN wizard defaults
However, it would be more useful if all the values shown in the pop-up matched all the values used by the Wizard. The pop-up says the wizard's default local and remote WAN ID values are fvx_local.com and fvx_remote.com as shown in Figure 13. Unfortunately, the 318G’s actual default local and remote WAN ID values are fvs318g_local.com and fvs318g_remote.com.
I caught this error when configuring my IPSec VPN Client tunnel. But folks less experienced with IPsec setup might not have caught it. I hope NETGEAR sorts this out in a firmware update.
I had no problem setting up an IPSec Site-to-Site tunnel between an FVS318G and an FVS336G. Since both are NETGEAR routers with similar menus, I used the VPN Wizard on both to create and enable a tunnel in minutes.
I also set up an IPSec Site-to-Site tunnel between the 318G and a ZyXEL USG100 to see if the NETGEAR would play well with another brand. It did, and was also quick and easy, using the VPN Wizards on both the NETGEAR and the ZyXEL to set up the configurations.
The FVS318G is rated to support up to 5 simultaneous IPSec VPN tunnels. Using my two other VPN routers, I was able to run 2 simultaneous Site-to-Site tunnels and a Client-to-Site tunnel for a total of 3 simultaneous IPSec VPN tunnels on the 318G (Figure 14).
Figure 14: Three tunnels up
Additional VPN features on the 318G include the ability to add new certificates for security identification. NETGEAR includes a self-signed certificate, which worked fine for my IPSec VPN tests, but isn't as secure as a certificate signed by a third party.