Netgear FVS318v3 – Cable/DSL ProSafe VPN Firewall with 8-Port Switch Reference Manual
ProSafe VPN Firewall FVS318v3 Reference Manual
5-26
Advanced Virtual Private Networking
v5.0, January 2012
Now, the traffic from devices within the range of the LAN subnet addresses on FVS318v3 A
and Gateway B will be authenticated using the certificates rather than via a shared key.
and Gateway B will be authenticated using the certificates rather than via a shared key.
8. Set up Certificate Revocation List (CRL) checking.
a. Get a copy of the CRL from the CA and save it as a text file.
b. From the main menu VPN section, click the CRL link.
c. Click Add to add a CRL.
d. Click Browse to locate the CRL file.
e. Click Upload.
Now, expired or revoked certificates will not be allowed to use the VPN tunnels managed by
IKE policies which use this CA.
IKE policies which use this CA.
Checking VPN Connections
You can test connectivity and view VPN status information on the FVS318v3 (see also
).
To test the Gateway A FVS318v3 LAN and the Gateway B LAN connection:
1. Using our example, from a PC attached to the FVS318v3 on LAN A, on a Windows PC click
the Start button on the taskbar and then click Run.
2. Type ping -t 172.23.9.1, and then click OK.
3. This will cause a continuous ping to be sent to the LAN interface of Gateway B. Within two
minutes, the ping response should change from timed out to reply.
4. At this point the connection is established.
5. To test connectivity between the FVS318v3 Gateway A and Gateway B WAN ports, follow
these steps:
Note: The procedure for obtaining a CRL differs from a CA like Verisign and a
CA such as a Windows 2000 certificate server, which an organization
operates for providing certificates for its members. Follow the procedures
of your CA.
operates for providing certificates for its members. Follow the procedures
of your CA.
Note: You must update the CRLs regularly in order to maintain the validity of the
certificate-based VPN policies.