Netgear FWG114P v2 User Manual
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2
Virtual Private Networking
8-19
201-10301-02, May 2005
VPNC Scenario 1: Gateway to Gateway with Preshared Secrets
The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication.
Figure 8-10: VPN Consortium Scenario 1
Gateway A connects the internal LAN 10.5.6.0/24 to the Internet. Gateway A's LAN interface has
the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17.
the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17.
Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway B's WAN (Internet)
interface has the address 22.23.24.25. Gateway B's LAN interface address, 172.23.9.1, can be used
for testing IPsec but is not needed for configuring Gateway A.
interface has the address 22.23.24.25. Gateway B's LAN interface address, 172.23.9.1, can be used
for testing IPsec but is not needed for configuring Gateway A.
The IKE Phase 1 parameters used in Scenario 1 are:
•
Main mode
•
TripleDES
•
SHA-1
•
MODP group 2 (1024 bits)
•
pre-shared secret of "hr5xb84l6aa9r6"
•
SA lifetime of 28800 seconds (eight hours) with no kbytes rekeying
The IKE Phase 2 parameters used in Scenario 1 are:
•
TripleDES
•
SHA-1
•
ESP tunnel mode
•
MODP group 2 (1024 bits)
•
Perfect forward secrecy for rekeying
•
SA lifetime of 3600 seconds (one hour) with no kbytes rekeying
•
Selectors for all IP protocols, all ports, between 10.5.6.0/24 and 172.23.9.0/24, using IPv4
subnets
subnets
10.5.6.0/24
10.5.6.1
Gateway A
14.15.16.17
22.23.24.25
172.23.9.0/24
Internet
Gateway B
172.23.9.1