Page 221 / 234 Scroll up to view Page 216 - 220
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328
H-9
May 2004, 202-10030-02
Figure H-8:
NETGEAR FVL328 IKE Policy Configuration – Part 2
From the Encryption Algorithm drop-down box, select 3DES.
From the Authentication Algorithm drop-down box, select MD5.
From the Authentication Method radio button, select Pre-shared Key.
In the Pre-Shared Key field, type
hr5xb84l6aa9r6
. You must make sure the key is the
same for both gateways.
From the Diffie-Hellman (DH) Group drop-down box, select Group 1 (768 Bit).
In the SA Life Time field, type 28800.
3.
Click Apply. This will bring you back to the IKE Policies Menu.
Figure H-9:
NETGEAR FVL328 IKE Policies (Post Configuration)
The FVS318
IKE Policy is now displayed in the IKE Policies page.
4.
Click the VPN Policies link under the VPN category on the left side of the Settings
management GUI. This will take you to the VPN Policies Menu page. Click Add Auto Policy.
This will open a new screen titled VPN – Auto Policy.
Page 222 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
H-10
NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328
May 2004, 202-10030-02
Figure H-10:
NETGEAR FVL328 VPN – Auto Policy (part 1)
Enter a unique name to identify this policy. This name is not supplied to the remote VPN
endpoint. In our example we have used to318 as the Policy Name. In the Policy Name
field type
to318
.
From the IKE policy drop-down box, select the IKE Policy that was set up in the earlier
step – the FVS318 IKE Policy.
From the Remote VPN Endpoint Address Type drop-down box, select IP Address.
Type the WAN IP Address of Gateway A (
14.15.16.17
in our example) in the Remote
VPN Endpoint Address Data field.
Type
300
in the SA Life Time (Seconds) field.
Type
0
in the SA Life Time (Kbytes) field.
Check the IPSec PFS check box.
From the PFS Key Group drop-down box, select Group 2 (1024 Bit).
From the Traffic Selector Local IP drop-down box, select Subnet address.
Type the starting LAN IP Address of Gateway B (
172.23.9.1
in our example) in the Local
IP Start IP Address field.
Type the finishing LAN IP Address of Gateway B (
0.0.0.0
in our example) in the Local IP
Finish IP Address field.
Type the LAN Subnet Mask of Gateway B (
255.255.255.0
in our example) in the Local IP
Subnet Mask field.
Page 223 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328
H-11
May 2004, 202-10030-02
Figure H-11:
NETGEAR FVL328 VPN – Auto Policy (part 2)
From the Traffic Selector Remote IP drop-down box, select Subnet address.
Type the starting LAN IP Address of Gateway A (
10.5.6.1
in our example) in the Remote
IP Start IP Address field.
Type the finishing LAN IP Address of Gateway A (
0.0.0.0
in our example) in the Remote
IP Finish IP Address field.
Type the LAN Subnet Mask of Gateway A (
255.255.255.0
in our example) in the Remote
IP Subnet Mask field.
From the AH Configuration Authentication Algorithm drop-down box, select MD5.
Select the Enable Encryption check box.
From the ESP Configuration Encryption Algorithm drop-down box, select 3DES.
Select the Enable Authentication check box.
From the ESP Configuration Authentication Algorithm drop-down box, select MD5.
Select the NETBIOS Enable check box.
5.
Click the Apply Button. You will be taken back to the VPN Policies Menu page.
Page 224 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
H-12
NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328
May 2004, 202-10030-02
Figure H-12:
NETGEAR FVL328 VPN Policies Menu (Post Configuration)
6.
When the screen returns to the VPN Policies, make sure the Enable check box is selected.
Click the Apply button.
Test the VPN Connection
1.
From a PC behind the NETGEAR FVS318 or FVM318 Gateway A, attempt to ping the
remote FVL328 Gateway B LAN Interface address (example address 172.23.9.1).
2.
From the FVS318 or FVM318, click the Router Status link on the left side of the Settings
management menu. Click the Show VPN Status button. This will take you to the IPSec
Connection Status Screen. If the connection is functioning properly, the State fields will show
“Estab.”
3.
From the FVL328, click the VPN Status link under the VPN section of the main menu. The
VPN Logs and status are displayed.
Page 225 / 234
May 2004, 202-10030-02
Glossary
1
Glossary
10BASE-T
IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring.
100BASE-Tx
IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring.
3DES
3DES (Triple DES) achieves a high level of security by encrypting the data
three times using DES with three different, unrelated keys.
802.11b
IEEE specification for wireless networking at 11 Mbps using direct-sequence
spread-spectrum (DSSS) technology and operating in the unlicensed radio
spectrum at 2.5GHz.
AH
Authentication Header
CA
Certificate Authority. A trusted third-party organization or company that
issues digital certificates used to create digital signatures and public-private
key pairs. The role of the CA in this process is to guarantee that the individual
granted the unique certificate is, in fact, who he or she claims to be. Usually,
this means that the CA has an arrangement with a financial institution, such as
a credit card company, which provides it with information to confirm an
individual's claimed identity. CAs are a critical component in data security
and electronic
commerce because they guarantee that the two parties
exchanging information are really who they claim to be.
CRL
Certificate Revocation List. Each Certificate Authority (CA) maintains a
revoked certificates list.
Denial of Service
attack
DoS. A hacker attack designed to prevent your computer or network from
operating or communicating.
DES
The Data Encryption Standard (DES) processes input data that is 64 bits wide,
encrypting these values using a 56 bit key.
See
also 3DES.
Deffie Helman
Deffie Helman shared secret algorithm.Deffie Helman shared secret algorithm
is a method for securely exchanging a shared secret between two parties, in
real-time, over an untrusted network. A shared secret allows two parties, who
may not have ever communicated previously, to encrypt their
communications. As such, it is used by several protocols, including Secure
Sockets Layer (SSL) and Internet Protocol Security (IPSec).

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top