NETGEAR FVS318N Router Manual PDF (Setup & Configuration Guide)

Page 216 / 414 Scroll up to view Page 211 - 215

Virtual Private Networking Using IPSec and L2TP Connections

216

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

The Active IPSec SA(s) table lists each active connection with the information that is

described in the following table. The default poll interval is 10 seconds. To change the poll

interval period, enter a new value in the Poll Interval field, and then click the

Set Interval

button. To stop polling, click the

Stop

button.

View the Wireless VPN Firewall IPSec VPN Log



To display the IPSec VPN log:

Select

Monitoring > VPN Logs > IPSec VPN Logs.

The IPSec VPN Logs screen displays:

Figure 136.

Table 49.

IPSec VPN Connection Status screen information

Item

Description

Policy Name

The name of the VPN policy that is associated with this SA.

Endpoint

The IP address on the remote VPN endpoint.

Tx (KB)

The amount of data that is transmitted over this SA.

Tx (Packets)

The number of IP packets that are transmitted over this SA.

State

The current status of the SA. Phase 1 is the authentication phase, and Phase 2 is key

exchange phase. If there is no connection, the status is IPSec SA Not Established.

Action

Click the

Connect

table button to build the connection, or click the

Disconnect

table

button to terminate the connection.

Page 217 / 414

Virtual Private Networking Using IPSec and L2TP Connections

217

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Manage IPSec VPN Policies

After you have used the VPN Wizard to set up a VPN tunnel, a VPN policy and an IKE policy

are stored in separate policy tables. The name that you selected as the VPN tunnel

connection name during the VPN Wizard setup identifies both the VPN policy and IKE policy.

You can edit existing policies, or manually add new VPN and IKE policies directly in the policy

tables.

Manage IKE Policies

The Internet Key Exchange (IKE) protocol performs negotiations between the two VPN

gateways and provides automatic management of the keys that are used for IPSec

connections. It is important to remember that:

•

An automatically generated VPN policy (auto policy) needs to use the IKE negotiation

protocol.

•

A manually generated VPN policy (manual policy) cannot use the IKE negotiation

protocol.

IKE policies are activated when the following situations occur:

1.

The VPN policy selector determines that some traffic matches an existing VPN policy:

•

If the VPN policy is of an auto policy type, the IKE policy that is specified in the Auto

Policy Parameters section of the Add VPN Policy screen (see

Figure 140

on

page 228) is used to start negotiations with the remote VPN gateway.

•

If the VPN policy is of a manual policy type, the settings that are specified in the

Manual Policy Parameters section of the Add VPN Policy screen (see

Figure 140

on

page 228) are accessed, and the first matching IKE policy is used to start

negotiations with the remote VPN gateway:

-

If negotiations fail, the next matching IKE policy is used.

-

If none of the matching IKE policies are acceptable to the remote VPN gateway,

then a VPN tunnel cannot be established.

2.

An IKE session is established, using the security association (SA) settings that are specified

in a matching IKE policy:

•

Keys and other settings are exchanged.

•

An IPSec SA is established, using the settings that are specified in the VPN policy.

The VPN tunnel is then available for data transfer.

When you use the VPN Wizard to set up a VPN tunnel, an IKE policy is established and

populated in the List of IKE Policies, and is given the same name as the new VPN connection

name. You can also edit exiting policies or add new IKE policies from the IKE Policies screen.

Page 218 / 414

Virtual Private Networking Using IPSec and L2TP Connections

218

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

IKE Policies Screen



To access the IKE Policies screen:

Select

VPN > IPSec VPN

. The IPSec VPN submenu tabs display with the IKE Policies

screen in view. In the upper right of the screen, the IPv4 radio button is selected by default.

The IKE Policies screen displays the IPv4 settings. (The following figure shows some

examples.) To display the IPv6 settings on the IKE Policies screen, select the

IPv6

radio

button.

Figure 137.

Each policy contains the data that are explained in the following table. These fields are

explained in more detail in

Table 51

on page 221.

Table 50.

IKE Policies screen information for IPv4 and IPv6

Item

Description

Name

The name that identifies the IKE policy. When you use the VPN Wizard to set up a VPN

policy, an accompanying IKE policy is automatically created with the same name that you

select for the VPN policy.

Note:

The name is not supplied to the remote VPN endpoint.

Mode

The exchange mode: Main or Aggressive.

Local ID

The IKE/ISAKMP identifier of the wireless VPN firewall. The remote endpoint needs to

have this value as its remote ID.

Remote ID

The IKE/ISAKMP identifier of the remote endpoint, which needs to have this value as its

local ID.

Encr

The encryption algorithm that is used for the IKE security association (SA). This setting

needs to match the setting on the remote endpoint.

Auth

The authentication algorithm that is used for the IKE SA. This setting needs to match the

setting on the remote endpoint.

DH

The Diffie-Hellman (DH) group that is used when keys are exchanged. This setting needs

to match the setting on the remote endpoint.

Page 219 / 414

Virtual Private Networking Using IPSec and L2TP Connections

219

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N



To delete one or more IKE polices:

1.

Select the check box to the left of each policy that you want to delete, or click the

Select

All

table button to select all IKE policies.

2.

Click the

Delete

table button.

For information about how to add or edit an IKE policy, see

Manually Add or Edit an IKE

Policy

on page 219.

Note:

You cannot delete or edit an IKE policy for which the VPN policy is

active without first disabling or deleting the VPN policy.

Manually Add or Edit an IKE Policy



To manually add an IKE policy for IPv4 or IPv6:

1.

Select

VPN > IPSec VPN

. The IPSec VPN submenu tabs display with the IKE Policies

screen for IPv4 in view (see

Figure 137

on page 218).

2.

Under the List of IKE Policies table, click the

Add

table button. The Add IKE Policy screen

displays the IPv4 settings (see the next screen).

3.

Specify the IP version for which you want to add an IKE policy:

•

IPv4

. In the upper right of the screen, the IPv4 radio button is already selected by

default. Go to

Step 4

.

•

IPv6

. Select the

IPv6

radio button. The Add IKE Policy screen for IPv6 displays. This

screen is identical to the Add IKE Policy screen for IPv4 (see the next screen).

Page 220 / 414

Virtual Private Networking Using IPSec and L2TP Connections

220

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Figure 138.

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share