1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVL328
    5. /
  5. 16
Page 76 / 234 Scroll up to view Page 71 - 75
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
6-6
Virtual Private Networking
May 2004, 202-10030-02
VPN Policy Configuration for Auto Key Negotiation
An already defined IKE policy is required for VPN - Auto Policy configuration. From the VPN
Policies section of the main menu, you can navigate to the VPN - Auto Policy configuration menu.
Figure 6-3:
VPN - Auto Policy Menu
Page 77 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Virtual Private Networking
6-7
May 2004, 202-10030-02
The VPN Auto Policy fields are defined in the following table.
Table 6-1.
VPN Auto Policy Configuration Fields
Field
Description
General
These settings identify this policy and determine its major characteristics.
Policy Name
The descriptive name of the VPN policy. Each policy should have a unique
policy name. This name is not supplied to the remote VPN endpoint. It is only
used to help you identify VPN policies.
IKE Policy
The existing IKE policies are presented in a drop-down list.
Note:
Create the IKE policy BEFORE creating a VPN - Auto policy.
Remote VPN Endpoint
The address used to locate the remote VPN firewall or client to which you want
to connect. The remote VPN endpoint must have this FVL328’s Local Identity
Data entered as its “Remote VPN Endpoint”:
By its IP Address.
By its Fully Qualified Domain Name (FQDN) – your domain name.
SA Life Time
The duration of the Security Association before it expires.
Seconds - the amount of time before the SA expires. Over an hour is common
(3600).
Kbytes - the amount of traffic before the SA expires.
One of these can be set without setting the other.
IPSec PFS
If enabled, security is enhanced by ensuring that the key is changed at regular
intervals. Also, even if one key is broken, subsequent keys are no easier to
break. Each key has no relationship to the previous key.
PFS Key Group
If PFS is enabled, this setting determines the DH group bit size used in the key
exchange. This must match the value used on the remote gateway. Select
Group 1 (768 bit) or Group 2 (1024 bit).
Page 78 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
6-8
Virtual Private Networking
May 2004, 202-10030-02
Traffic Selector
These settings determine if and when a VPN tunnel will be established. If
network traffic meets
all
criteria, then a VPN tunnel will be created.
Local IP
The drop-down menu allows you to configure the source IP address of the
outbound network traffic for which this VPN policy will provide security.
Usually, this address will be from your network address space. The choices are:
ANY for all valid IP addresses in the Internet address space
Note
: Choosing ANY sends
all
traffic through the tunnel, which will eliminate
activities such as Web access.
Single IP Address
Range of IP Addresses
Subnet Address
Remote IP
The drop-down menu allows you to configure the destination IP address of the
outbound network traffic for which this VPN policy will provide security. Usually,
this address will be from the remote site's corporate network address space.
The choices are:
ANY for all valid IP addresses in the Internet address space
Note
: Choosing ANY sends
all
traffic to the WAN through the tunnel,
preventing for example, remote management or response to ping.
Single IP Address
Range of IP Addresses
Subnet Address
Authenticating Header
(AH) Configuration
AH specifies the authentication protocol for the VPN header. These settings
must match the remote VPN endpoint.
Enable Authentication
Use this check box to enable or disable AH for this VPN policy.
Authentication
Algorithm
If you enable AH, then select the authentication algorithm:
MD5 – the default, or SHA1 - more secure
Table 6-1.
VPN Auto Policy Configuration Fields
Field
Description
Page 79 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Virtual Private Networking
6-9
May 2004, 202-10030-02
VPN Policy Configuration for Manual Key Exchange
With Manual Key Management, you will not use an IKE policy. You must manually type in all the
required key information. Click the VPN Policies link from the VPN section of the main menu to
display the menu shown below.
Encapsulated Security
Payload (ESP)
Configuration
ESP provides security for the payload (data) sent through the VPN tunnel.
Generally, you will want to enable both Encryption and Authentication. Two ESP
modes are available:
Plain ESP encryption or ESP encryption with authentication
These settings must match the remote VPN endpoint.
Enable Encryption
Use this check box to enable or disable ESP Encryption.
Encryption
Algorithm
If you enable ESP encryption, then select the encryption algorithm:
DES – the default, or 3DES - more secure
Enable Authentication
Use this check box to enable or disable ESP transform for this VPN policy.
Authentication
Algorithm
If you enable AH, then use this menu to select which authentication algorithm
will be employed. The choices are:
MD5 – the default, or SHA1 – more secure
NetBIOS Enable
Check this if you want NetBIOS traffic to be forwarded over the VPN tunnel.
The NetBIOS protocol is used by Microsoft Networking for such features as
Network Neighborhood.
Table 6-1.
VPN Auto Policy Configuration Fields
Field
Description
Page 80 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
6-10
Virtual Private Networking
May 2004, 202-10030-02
Figure 6-4:
VPN - Manual Policy Menu

Rate

124.8 / 5 based on 304 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top