1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS328
    5. /
  5. 17
Page 81 / 224 Scroll up to view Page 76 - 80
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Virtual Private Networking
7-7
December 2003, M-10041-01
The VPN Auto Policy fields are defined in the following table.
Table 7-1.
VPN Auto Policy Configuration Fields
Field
Description
General
These settings identify this policy and determine its major characteristics.
Policy Name
The descriptive name of the VPN policy. Each policy should have a unique
policy name. This name is not supplied to the remote VPN endpoint. It is only
used to help you identify VPN policies.
IKE Policy
The existing IKE policies are presented in a drop-down list.
Note:
Create the IKE policy BEFORE creating a VPN - Auto policy.
Remote VPN Endpoint
The address used to locate the remote VPN firewall or client to which you want
to connect. The remote VPN endpoint must have this FVS328’s Local Identity
Data entered as its “Remote VPN Endpoint”:
By its IP Address.
By its Fully Qualified Domain Name (FQDN) – your domain name.
SA Life Time
The duration of the Security Association before it expires.
Seconds - the amount of time before the SA expires. Over an hour is common
(3600).
Kbytes - the amount of traffic before the SA expires.
One of these can be set without setting the other.
IPSec PFS
If enabled, security is enhanced by ensuring that the key is changed at regular
intervals. Also, even if one key is broken, subsequent keys are no easier to
break. Each key has no relationship to the previous key.
PFS Key Group
If PFS is enabled, this setting determines the DH group bit size used in the key
exchange. This must match the value used on the remote gateway. Select
Group 1 (768 bit) or Group 2 (1024 bit).
Traffic Selector
These settings determine if and when a VPN tunnel will be established. If
network traffic meets
all
criteria, then a VPN tunnel will be created.
Page 82 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
7-8
Virtual Private Networking
December 2003, M-10041-01
Local IP
The drop-down menu allows you to configure the source IP address of the
outbound network traffic for which this VPN policy will provide security.
Usually, this address will be from your network address space. The choices are:
ANY for all valid IP addresses in the Internet address space
Note
: Choosing ANY sends
all
traffic through the tunnel, which will eliminate
activities such as Web access.
Single IP Address
Range of IP Addresses
Subnet Address
Remote IP
The drop-down menu allows you to configure the destination IP address of the
outbound network traffic for which this VPN policy will provide security. Usually,
this address will be from the remote site's corporate network address space.
The choices are:
ANY for all valid IP addresses in the Internet address space
Note
: Choosing ANY sends
all
traffic to the WAN through the tunnel,
preventing for example, remote management or response to ping.
Single IP Address
Range of IP Addresses
Subnet Address
Authenticating Header
(AH) Configuration
AH specifies the authentication protocol for the VPN header. These settings
must match the remote VPN endpoint.
Enable Authentication
Use this check box to enable or disable AH for this VPN policy.
Authentication
Algorithm
If you enable AH, then select the authentication algorithm:
MD5 – the default, or SHA1 - more secure
Encapsulated Security
Payload (ESP)
Configuration
ESP provides security for the payload (data) sent through the VPN tunnel.
Generally, you will want to enable both Encryption and Authentication. Two ESP
modes are available:
Plain ESP encryption or ESP encryption with authentication
These settings must match the remote VPN endpoint.
Enable Encryption
Use this check box to enable or disable ESP Encryption.
Encryption
Algorithm
If you enable ESP encryption, then select the encryption algorithm:
DES – the default, or 3DES - more secure
Enable Authentication
Use this check box to enable or disable ESP transform for this VPN policy.
Table 7-1.
VPN Auto Policy Configuration Fields
Field
Description
Page 83 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Virtual Private Networking
7-9
December 2003, M-10041-01
VPN Policy Configuration for Manual Key Exchange
With Manual Key Management, you will not use an IKE policy. You must manually type in all the
required key information. Click the VPN Policies link from the VPN section of the main menu to
display the menu shown below.
Authentication
Algorithm
If you enable AH, then use this menu to select which authentication algorithm
will be employed. The choices are:
MD5 – the default, or SHA1 – more secure
NetBIOS Enable
Check this if you want NetBIOS traffic to be forwarded over the VPN tunnel.
The NetBIOS protocol is used by Microsoft Networking for such features as
Network Neighborhood.
Table 7-1.
VPN Auto Policy Configuration Fields
Field
Description
Page 84 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
7-10
Virtual Private Networking
December 2003, M-10041-01
Figure 7-4:
VPN - Manual Policy Menu
Page 85 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Virtual Private Networking
7-11
December 2003, M-10041-01
The VPN Manual Policy fields are defined in the following table.
Table 7-1.
VPN Manual Policy Configuration Fields
Field
Description
General
These settings identify this policy and determine its major characteristics.
Policy Name
The name of the VPN policy. Each policy should have a unique policy name.
This name is not supplied to the remote VPN Endpoint. It is used to help you
identify VPN policies.
Remote VPN Endpoint
The WAN Internet IP address or Fully Qualified Domain Name of the remote
VPN firewall or client to which you want to connect. The remote VPN endpoint
must have this FVS328’s WAN Internet IP address entered as its “Remote
VPN Endpoint.”
Traffic Selector
These settings determine if and when a VPN tunnel will be established. If
network traffic meets
all
criteria, then a VPN tunnel will be created.
Local IP
The drop-down menu allows you to configure the source IP address of the
outbound network traffic for which this VPN policy will provide security.
Usually, this address will be from your network address space. The choices
are:
ANY for all valid IP addresses in the Internet address space
Note
: Choosing ANY sends
all
traffic through the tunnel, which will eliminate
activities such as Web access.
Single IP Address
Range of IP Addresses
Subnet Address
Remote IP
The drop-down menu allows you to configure the destination IP address of the
outbound network traffic for which this VPN policy will provide security.
Usually, this address will be from the remote site's corporate network address
space. The choices are:
ANY for all valid IP addresses in the Internet address space
Note
: Choosing ANY sends
all
traffic to the WAN through the tunnel,
preventing for example, remote management or response to ping.
Single IP Address
Range of IP Addresses
Subnet Address

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top