Netgear FVS318v1 – Prosafe Wireless N VPN Firewall Reference Manual

Virtual Private Networking

6-5

The most common configuration scenarios will use IKE to manage the authentication and 
encryption keys. The IKE protocol performs negotiations between the two VPN endpoints to 
automatically generate required parameters. The IKE Main Mode settings are introduced below. 
The IKE Aggressive Mode settings are introduced in the section after this one.

Click the VPN Settings link of the Setup section of the main menu, click the radio button of a VPN 
tunnel, and then click the Edit button display the Main Mode menu shown in 

.

The Security Association IKE Main Mode configuration fields are defined in the following table. 

Secure Association

Choose Main Mode key exchange mode for this VPN tunnel:
• IKE Main Mode -- the default.
• IKE Aggressive Mode -- faster but less secure.
• Manual Keys -- more control but more complex.

Perfect Forward Secrecy  Perfect Forward Secrecy provides additional security by means of a shared 

secret value. If one key is compromised, previous and subsequent keys are 
secure because they are not derived from previous keys. 

Encryption Protocol

The level of encryption. Longer keys are more secure but throughput may slow.
• Null - Fastest but no security.
• DES - The Data Encryption Standard (DES) processes input data that is 64 

bits wide, encrypting these values using a 56 bit key. Faster but less secure 
than 3DES or AES. 

• 3DES - (Triple DES) achieves a higher level of security by encrypting the data 

three times using DES with three different, unrelated keys. 

• AES - 128, - 192, or - 256. Advanced Encryption Standard. Most secure.