NETGEAR FVS328 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

NETGEAR

FVS328

Page 81 / 224 Scroll up to view Page 76 - 80

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

Virtual Private Networking

7-7

December 2003, M-10041-01

The VPN Auto Policy fields are defined in the following table.

Table 7-1.

VPN Auto Policy Configuration Fields

Field

Description

General

These settings identify this policy and determine its major characteristics.

Policy Name

The descriptive name of the VPN policy. Each policy should have a unique

policy name. This name is not supplied to the remote VPN endpoint. It is only

used to help you identify VPN policies.

IKE Policy

The existing IKE policies are presented in a drop-down list.

Note:

Create the IKE policy BEFORE creating a VPN - Auto policy.

Remote VPN Endpoint

The address used to locate the remote VPN firewall or client to which you want

to connect. The remote VPN endpoint must have this FVS328’s Local Identity

Data entered as its “Remote VPN Endpoint”:

•

By its IP Address.

•

By its Fully Qualified Domain Name (FQDN) – your domain name.

SA Life Time

The duration of the Security Association before it expires.

•

Seconds - the amount of time before the SA expires. Over an hour is common

(3600).

•

Kbytes - the amount of traffic before the SA expires.

One of these can be set without setting the other.

IPSec PFS

If enabled, security is enhanced by ensuring that the key is changed at regular

intervals. Also, even if one key is broken, subsequent keys are no easier to

break. Each key has no relationship to the previous key.

PFS Key Group

If PFS is enabled, this setting determines the DH group bit size used in the key

exchange. This must match the value used on the remote gateway. Select

Group 1 (768 bit) or Group 2 (1024 bit).

Traffic Selector

These settings determine if and when a VPN tunnel will be established. If

network traffic meets

all

criteria, then a VPN tunnel will be created.

Page 82 / 224

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

7-8

Virtual Private Networking

December 2003, M-10041-01

Local IP

The drop-down menu allows you to configure the source IP address of the

outbound network traffic for which this VPN policy will provide security.

Usually, this address will be from your network address space. The choices are:

•

ANY for all valid IP addresses in the Internet address space

Note

: Choosing ANY sends

all

traffic through the tunnel, which will eliminate

activities such as Web access.

•

Single IP Address

•

Range of IP Addresses

•

Subnet Address

Remote IP

The drop-down menu allows you to configure the destination IP address of the

outbound network traffic for which this VPN policy will provide security. Usually,

this address will be from the remote site's corporate network address space.

The choices are:

•

ANY for all valid IP addresses in the Internet address space

Note

: Choosing ANY sends

all

traffic to the WAN through the tunnel,

preventing for example, remote management or response to ping.

•

Single IP Address

•

Range of IP Addresses

•

Subnet Address

Authenticating Header

(AH) Configuration

AH specifies the authentication protocol for the VPN header. These settings

must match the remote VPN endpoint.

Enable Authentication

Use this check box to enable or disable AH for this VPN policy.

Authentication

Algorithm

If you enable AH, then select the authentication algorithm:

MD5 – the default, or SHA1 - more secure

Encapsulated Security

Payload (ESP)

Configuration

ESP provides security for the payload (data) sent through the VPN tunnel.

Generally, you will want to enable both Encryption and Authentication. Two ESP

modes are available:

Plain ESP encryption or ESP encryption with authentication

These settings must match the remote VPN endpoint.

Enable Encryption

Use this check box to enable or disable ESP Encryption.

Encryption

Algorithm

If you enable ESP encryption, then select the encryption algorithm:

DES – the default, or 3DES - more secure

Enable Authentication

Use this check box to enable or disable ESP transform for this VPN policy.

Table 7-1.

VPN Auto Policy Configuration Fields

Field

Description

Page 83 / 224

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

Virtual Private Networking

7-9

December 2003, M-10041-01

VPN Policy Configuration for Manual Key Exchange

With Manual Key Management, you will not use an IKE policy. You must manually type in all the

required key information. Click the VPN Policies link from the VPN section of the main menu to

display the menu shown below.

Authentication

Algorithm

If you enable AH, then use this menu to select which authentication algorithm

will be employed. The choices are:

MD5 – the default, or SHA1 – more secure

NetBIOS Enable

Check this if you want NetBIOS traffic to be forwarded over the VPN tunnel.

The NetBIOS protocol is used by Microsoft Networking for such features as

Network Neighborhood.

Table 7-1.

VPN Auto Policy Configuration Fields

Field

Description

Page 84 / 224

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

7-10

Virtual Private Networking

December 2003, M-10041-01

Figure 7-4:

VPN - Manual Policy Menu

Page 85 / 224

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

Virtual Private Networking

7-11

December 2003, M-10041-01

The VPN Manual Policy fields are defined in the following table.

Table 7-1.

VPN Manual Policy Configuration Fields

Field

Description

General

These settings identify this policy and determine its major characteristics.

Policy Name

The name of the VPN policy. Each policy should have a unique policy name.

This name is not supplied to the remote VPN Endpoint. It is used to help you

identify VPN policies.

Remote VPN Endpoint

The WAN Internet IP address or Fully Qualified Domain Name of the remote

VPN firewall or client to which you want to connect. The remote VPN endpoint

must have this FVS328’s WAN Internet IP address entered as its “Remote

VPN Endpoint.”

Traffic Selector

These settings determine if and when a VPN tunnel will be established. If

network traffic meets

all

criteria, then a VPN tunnel will be created.

Local IP

The drop-down menu allows you to configure the source IP address of the

outbound network traffic for which this VPN policy will provide security.

Usually, this address will be from your network address space. The choices

are:

•

ANY for all valid IP addresses in the Internet address space

Note

: Choosing ANY sends

all

traffic through the tunnel, which will eliminate

activities such as Web access.

•

Single IP Address

•

Range of IP Addresses

•

Subnet Address

Remote IP

The drop-down menu allows you to configure the destination IP address of the

outbound network traffic for which this VPN policy will provide security.

Usually, this address will be from the remote site's corporate network address

space. The choices are:

•

ANY for all valid IP addresses in the Internet address space

Note

: Choosing ANY sends

all

traffic to the WAN through the tunnel,

preventing for example, remote management or response to ping.

•

Single IP Address

•

Range of IP Addresses

•

Subnet Address

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share