1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS328
    5. /
  5. 20
Page 96 / 224 Scroll up to view Page 91 - 95
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
7-22
Virtual Private Networking
December 2003, M-10041-01
2.
To test connectivity between the FVS328 Gateway A and Gateway B WAN ports, follow these
steps:
a.
Using our example, log in to the FVS328 on LAN A, go to the main menu Maintenance
section and click the Diagnostics link.
b.
To test connectivity to the WAN port of Gateway B, enter
22.23.24.25
, and then click
Ping.
c.
This will cause a ping to be sent to the WAN interface of Gateway B. After between
several seconds and two minutes, the ping response should change from “timed out” to
“reply.” You may have to run this test several times before you get the “reply” message
back from the target FVS328.
d.
At this point the connection is established.
Note
: If you want to ping the FVS328 as a test of network connectivity, be sure the FVS328 is
configured to respond to a ping on the Internet WAN port by checking the check box seen in
“Rules menu” on page 6-6
. However, to preserve a high degree of security, you should turn off
this feature when you are finished with testing.
3.
To view the FVS328 event log and status of Security Associations, follow these steps:
a.
Go to the FVS328 main menu VPN section and click the VPN Status link.
b.
The log screen will display a history of the VPN connections, and the IPSec SA and IKE
SA tables will report the status and data transmission statistics of the VPN tunnels for each
policy.
FVS328 Scenario 2: Authenticating with RSA Certificates
The following is a typical gateway-to-gateway VPN that uses Public Key Infrastructure X.509
(PKIX) certificates for authentication. The network setup is identical to the one given in Scenario
1. The IKE Phase 1 and Phase 2 parameters are identical to the ones given in Scenario 1, with the
exception that the identification is done with signatures authenticated by PKIX certificates.
Note
: Before completing this configuration scenario, make sure the correct Time Zone is set on the
FVS328. For instructions on this topic, please see,
“How to Set Your Time Zone” on page 6-13
.
1.
Obtain a root certificate.
a.
Obtain the root certificate (which includes the CA’s public key) from a Certificate
Authority (CA).
Page 97 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Virtual Private Networking
7-23
December 2003, M-10041-01
Note:
The procedure for obtaining certificates differs between a CA like Verisign and a
CA such as a Windows 2000 certificate server, which an organization operates for
providing certificates for its members. For example, an administrator of a Windows 2000
certificate server might provide it to you via e-mail.
b.
Save the certificate as a text file called
trust.txt
.
2.
Install the trusted CA certificate for the Trusted Root CA.
a.
Log in to the FVS328.
b.
From the main menu VPN section, click the CAs link.
c.
Click Add to add a CA.
d.
Click Browse to locate the
trust.txt
file.
e.
Click Upload.
Figure 7-11:
Certificate Authorities table
You will now see a screen such as the one above showing that the Certificate Authority is
now registered with the FVS328.
3.
Create a certificate request for the FVS328.
a.
From the main menu VPN section, click the Certificates link.
Page 98 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
7-24
Virtual Private Networking
December 2003, M-10041-01
b.
Click the Generate Request button to display the screen illustrated in
Figure 7-12
below.
.
Figure 7-12:
Generate Self Certificate Request menu
c.
Fill in the fields on the Add Self Certificate screen.
Required
Name. Enter a name to identify this certificate.
Subject. This is the name other organizations will see as the holder (owner) of this
certificate. This should be your registered business name or official company
name. Generally, all certificates should have the same value in the Subject field.
Hash Algorithm. Select the desired option: MD5 or SHA1.
Signature Algorithm: RSA.
Signature Key Length. Select the desired option: 512, 1024, or 2048.
Optional
IP Address. If you have a fixed IP address on your WAN (Internet) port, you can
enter it here. Otherwise, you should leave this blank.
Domain Name. If you have a domain name, you can enter it here. Otherwise, you
should leave this blank.
E-mail Address. You can enter your e-mail address here.
Page 99 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Virtual Private Networking
7-25
December 2003, M-10041-01
d.
Click the Next button to continue. The FVS328 generates a Self Certificate Request as
shown below.
Figure 7-13:
Self Certificate Request data
4.
Transmit the Self Certificate Request data to the Trusted Root CA.
a.
Highlight the text in the Data to supply to CA area, copy it, and paste it into a text file.
b.
Give the certificate request data to the CA. In the case of a Windows 2000 internal CA,
you might simply e-mail it to the CA administrator. The procedures of a CA like Verisign
and a CA such as a Windows 2000 certificate server administrator will differ. Follow the
procedures of your CA.
c.
When you have finished gathering the Self Certificate Request data, click the Done button.
You will return to the Certificates screen where your pending “FVS328” Self Certificate
Request will be listed, as illustrated in
Figure 7-14
below.
Highlight, copy and
paste this data into
a text file.
Page 100 / 224
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
7-26
Virtual Private Networking
December 2003, M-10041-01
Figure 7-14:
Self Certificate Requests table
5.
Receive the certificate back from the Trusted Root CA and save it as a text file.
Note:
In the case of a Windows 2000 internal CA, the CA administrator might simply email it
to back to you. Follow the procedures of your CA. Save the certificate you get back from the
CA as a text file called
final.txt
.
6.
Upload the new certificate.
a.
From the main menu VPN section, click the Certificates link.
b.
Click the radio button of the Self Certificate Request you want to upload.
c.
Click the Upload Certificate button.
d.
Browse to the location of the file you saved in step 5 above, which contains the certificate
from the CA.
e.
Click the Upload button.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top