1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS114
    5. /
  5. 20
Page 96 / 212 Scroll up to view Page 91 - 95
Reference Manual for the ProSafe VPN Firewall FVS114
6-8
Advanced Virtual Private Networking
202-10098-01, April 2005
Traffic Selector
These settings determine if and when a VPN tunnel will be established. If
network traffic meets
all
criteria, then a VPN tunnel will be created.
Local IP
The drop-down menu allows you to configure the source IP address of the
outbound network traffic for which this VPN policy will provide security.
Usually, this address is from your network address space. The choices are:
ANY for all valid IP addresses in the Internet address space
Single IP Address
Range of IP Addresses
Subnet Address
Remote IP
The drop-down menu allows you to configure the destination IP address of
the outbound network traffic for which this VPN policy will provide security.
Usually, this address is from the remote site's corporate network address
space. The choices are:
ANY for all valid IP addresses in the Internet address space
Single IP Address
Range of IP Addresses
Subnet Address
Authenticating Header (AH)
Configuration
AH specifies the authentication protocol for the VPN header. These
settings must match the remote VPN endpoint.
Enable Authentication
Use this check box to enable or disable AH for this VPN policy.
Authentication Algorithm
If you enable AH, then select the authentication algorithm:
MD5 — the default
SHA1 — more secure
Encapsulated Security
Payload (ESP) Configuration
ESP provides security for the payload (data) sent through the VPN tunnel.
Generally, you will want to enable both Encryption and Authentication. Two
ESP modes are available:
Plain ESP encryption
ESP encryption with authentication
These settings must match the remote VPN endpoint.
Enable Encryption
Use this check box to enable or disable ESP Encryption.
Encryption Algorithm
If you enable ESP encryption, then select the encryption algorithm:
DES — the default
3DES — more secure
Enable Authentication
Use this check box to enable or disable ESP transform for this VPN policy.
You can select the ESP mode also with this menu.
Two ESP modes are available:
Plain ESP
ESP with authentication
Table 6-1.
VPN – Auto Policy Configuration Fields
Field
Description
Page 97 / 212
Reference Manual for the ProSafe VPN Firewall FVS114
Advanced Virtual Private Networking
6-9
202-10098-01, April 2005
VPN Policy Configuration for Manual Key Exchange
With Manual Key Management, you will not use an IKE policy. You must manually type in all the
required key information. Click the
VPN Policies
link from the VPN section of the main menu to
display the menu shown below.
Authentication Algorithm
If you enable AH, then use this menu to select which authentication
algorithm will be employed.
The choices are:
MD5 — the default
SHA1 — more secure
NETBIOS Enable
Check this if you wish NETBIOS traffic to be forwarded over the VPN
tunnel. The NETBIOS protocol is used by Microsoft Networking for such
features as Network Neighborhood.
Table 6-1.
VPN – Auto Policy Configuration Fields
Field
Description
Page 98 / 212
Reference Manual for the ProSafe VPN Firewall FVS114
6-10
Advanced Virtual Private Networking
202-10098-01, April 2005
Figure 6-4: VPN - Manual Policy menu
Page 99 / 212
Reference Manual for the ProSafe VPN Firewall FVS114
Advanced Virtual Private Networking
6-11
202-10098-01, April 2005
The VPN Manual Policy fields are defined in the following table.
Table 6-1.
VPN Manual Policy Configuration Fields
Field
Description
General
These settings identify this policy and determine its major characteristics.
Policy Name
The name of the VPN policy. Each policy should have a unique policy
name. This name is not supplied to the remote VPN Endpoint. It is used to
help you identify VPN policies.
Remote VPN Endpoint
The WAN Internet IP address of the remote VPN firewall or client to which
you wish to connect. The remote VPN endpoint must have this FVS114’s
WAN Internet IP address entered as its Remote VPN Endpoint.
Traffic Selector
These settings determine if and when a VPN tunnel will be established. If
network traffic meets
all
criteria, then a VPN tunnel will be created.
Local IP
The drop down menu allows you to configure the source IP address of the
outbound network traffic for which this VPN policy will provide security.
Usually, this address is from your network address space. The choices are:
ANY for all valid IP addresses in the Internet address space
Single IP Address
Range of IP Addresses
Subnet Address
Remote IP
The drop down menu allows you to configure the destination IP address of
the outbound network traffic for which this VPN policy will provide security.
Usually, this address is from the remote site's corporate network address
space. The choices are:
ANY for all valid IP addresses in the Internet address space
Single IP Address
Range of IP Addresses
Subnet Address
Authenticating Header (AH)
Configuration
AH specifies the authentication protocol for the VPN header. These
settings must match the remote VPN endpoint.
Note:
The Incoming settings here must match the Outgoing settings on the
remote VPN endpoint, and the Outgoing settings here must match the
Incoming settings on the remote VPN endpoint.
SPI - Incoming
Enter a hexadecimal value (3 - 8 chars). Any value is acceptable, provided
the remote VPN endpoint has the same value in its Outgoing SPI field.
SPI - Outgoing
Enter a hexadecimal value (3 - 8 chars). Any value is acceptable, provided
the remote VPN endpoint has the same value in its Incoming SPI field.
Enable Authentication
Use this check box to enable or disable AH. Authentication is often not
used. In this case, leave the check box unchecked.
Page 100 / 212
Reference Manual for the ProSafe VPN Firewall FVS114
6-12
Advanced Virtual Private Networking
202-10098-01, April 2005
Authentication Algorithm
If you enable AH, then select the authentication algorithm:
MD5 — the default
SHA1 — more secure
Enter the keys in the fields provided. For MD5, the keys should be 16
characters. For SHA-1, the keys should be 20 characters.
Key - In
Enter the keys.
For MD5, the keys should be 16 characters.
For SHA-1, the keys should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm Key - Out field.
Key - Out
Enter the keys in the fields provided.
For MD5, the keys should be 16 characters.
For SHA-1, the keys should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm Key - In field.
Encapsulated Security
Payload (ESP) Configuration
ESP provides security for the payload (data) sent through the VPN tunnel.
Generally, you will want to enable both encryption and authentication.
when you use ESP. Two ESP modes are available:
Plain ESP encryption
ESP encryption with authentication
These settings must match the remote VPN endpoint.
SPI - Incoming
Enter a hexadecimal value (3 - 8 chars). Any value is acceptable, provided
the remote VPN endpoint has the same value in its Outgoing SPI field.
SPI - Outgoing
Enter a hexadecimal value (3 - 8 chars). Any value is acceptable, provided
the remote VPN endpoint has the same value in its Incoming SPI field.
Enable Encryption
Use this check box to enable or disable ESP Encryption.
Encryption Algorithm
If you enable ESP Encryption, then select the Encryption Algorithm:
DES — the default
3DES — more secure
Key - In
Enter the key in the fields provided.
For DES, the key should be eight characters.
For 3DES, the key should be 24 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Encryption Algorithm Key - Out field.
Key - Out
Enter the key in the fields provided.
For DES, the key should be eight characters.
For 3DES, the key should be 24 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Encryption Algorithm Key - In field.
Table 6-1.
VPN Manual Policy Configuration Fields
Field
Description

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top