1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FWG114P
    5. /
  5. 25
Page 121 / 296 Scroll up to view Page 116 - 120
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Virtual Private Networking
8-9
201-10301-02, May 2005
VPN Policy Configuration for Manual Key Exchange
With Manual Key Management, you will not use an IKE policy. You must manually type in all the
required key information. Click the VPN Policies link from the VPN section of the main menu to
display the menu shown below.
Enable Encryption
Use this checkbox to enable or disable ESP Encryption.
Encryption
Algorithm
If you enable ESP encryption, then select the encryption algorithm:
DES is the default.
3DES is more secure.
Enable Authentication
Use this checkbox to enable or disable ESP transform for this VPN policy.
You can also select the ESP mode with this menu.
Two ESP modes are available:
Plain ESP
ESP with authentication
Authentication
Algorithm
If you enable AH, then use this menu to select which authentication
algorithm will be employed.
The choices are:
MD5 is the default.
SHA1 is more secure.
NETBIOS Enable
Check this if you wish NETBIOS traffic to be forwarded over the VPN
tunnel. The NETBIOS protocol is used by Microsoft Networking for such
features as Network Neighborhood.
Table 8-1.
VPN Auto Policy Configuration Fields
Field
Description
Page 122 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
8-10
Virtual Private Networking
201-10301-02, May 2005
Figure 8-4:
VPN - Manual Policy Menu
Page 123 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Virtual Private Networking
8-11
201-10301-02, May 2005
The VPN Manual Policy fields are defined in the following table.
Table 8-1.
VPN Manual Policy Configuration Fields
Field
Description
General
These settings identify this policy and determine its major characteristics.
Policy Name
The name of the VPN policy. Each policy should have a unique policy
name. This name is not supplied to the remote VPN Endpoint. It is used to
help you identify VPN policies.
Remote VPN Endpoint
The WAN Internet IP address of the remote VPN firewall or client to which
you wish to connect. The remote VPN endpoint must have this FWG114P
v2’s WAN Internet IP address entered as its “Remote VPN Endpoint.”
Traffic Selector
These settings determine if and when a VPN tunnel will be established. If
network traffic meets
all
criteria, then a VPN tunnel will be created.
Local IP
The drop down menu allows you to configure the source IP address of the
outbound network traffic for which this VPN policy will provide security.
Usually, this address will be from your network address space. The
choices are:
ANY for all valid IP addresses in the Internet address space
Note:
Selecting ANY means all traffic goes through the IPSec tunnel
and prevents access to the Internet.
Single IP Address
Range of IP Addresses
Subnet Address
Remote IP
The drop down menu allows you to configure the destination IP address of
the outbound network traffic for which this VPN policy will provide security.
Usually, this address will be from the remote site's corporate network
address space. The choices are:
ANY for all valid IP addresses in the Internet address space
Note:
Selecting ANY means all traffic goes through the IPSec tunnel
and prevents access to the Internet.
Single IP Address
Range of IP Addresses
Subnet Address
Authenticating Header (AH)
Configuration
AH specifies the authentication protocol for the VPN header. These
settings must match the remote VPN endpoint.
Note:
The "Incoming" settings here must match the "Outgoing" settings on
the remote VPN endpoint, and the "Outgoing" settings here must match
the "Incoming" settings on the remote VPN endpoint.
Page 124 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
8-12
Virtual Private Networking
201-10301-02, May 2005
SPI - Incoming
Enter a Hex value (3 - 8 chars). Any value is acceptable, provided the
remote VPN endpoint has the same value in its "Outgoing SPI" field.
SPI - Outgoing
Enter a Hex value (3 - 8 chars). Any value is acceptable, provided the
remote VPN endpoint has the same value in its "Incoming SPI" field.
Enable Authentication
Use this checkbox to enable or disable AH. Authentication is often not
used. In this case, leave the checkbox unchecked.
Authentication
Algorithm
If you enable AH, then select the authentication algorithm:
MD5 is the default.
SHA1 is more secure.
Enter the keys in the fields provided. For MD5, the keys should be 16
characters. For SHA-1, the keys should be 20 characters.
Key - In
Enter the keys.
For MD5, the keys should be 16 characters.
For SHA-1, the keys should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm "Key - Out" field.
Key - Out
Enter the keys in the fields provided.
For MD5, the keys should be 16 characters.
For SHA-1, the keys should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm "Key - In" field.
Encapsulated Security
Payload (ESP) Configuration
ESP provides security for the payload (data) sent through the VPN tunnel.
Generally, you will want to enable both encryption and authentication
when you use ESP. Two ESP modes are available:
Plain ESP encryption
ESP encryption with authentication
These settings must match the remote VPN endpoint.
SPI - Incoming
Enter a Hex value (3 - 8 chars). Any value is acceptable, provided the
remote VPN endpoint has the same value in its "Outgoing SPI" field.
SPI - Outgoing
Enter a Hex value (3 - 8 chars). Any value is acceptable, provided the
remote VPN endpoint has the same value in its "Incoming SPI" field.
Enable Encryption
Use this checkbox to enable or disable ESP Encryption.
Table 8-1.
VPN Manual Policy Configuration Fields
Field
Description
Page 125 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Virtual Private Networking
8-13
201-10301-02, May 2005
Encryption
Algorithm
If you enable ESP Encryption, then select the Encryption Algorithm:
DES is the default.
3DES is more secure.
Key - In
Enter the key in the fields provided.
For DES, the key should be 8 characters.
For 3DES, the key should be 24 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Encryption Algorithm "Key - Out" field.
Key - Out
Enter the key in the fields provided.
For DES, the key should be 8 characters.
For 3DES, the key should be 24 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Encryption Algorithm "Key - In" field.
Enable Authentication
Use this checkbox to enable or disable ESP authentication for this VPN
policy.
Authentication
Algorithm
If you enable authentication, then use this menu to select the algorithm:
MD5 is the default.
SHA1 is more secure.
Key - In
Enter the key.
For MD5, the key should be 16 characters.
For SHA-1, the key should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm "Key - Out" field.
Key - Out
Enter the key in the fields provided.
For MD5, the key should be 16 characters.
For SHA-1, the key should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm "Key - In" field.
NETBIOS Enable
Check this if you wish NETBIOS traffic to be forwarded over the VPN
tunnel. The NETBIOS protocol is used by Microsoft Networking for such
features as Network Neighborhood.
Table 8-1.
VPN Manual Policy Configuration Fields
Field
Description

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top