Netgear FVS318v3 – Cable/DSL ProSafe VPN Firewall with 8-Port Switch Reference Manual
ProSafe VPN Firewall FVS318v3 Reference Manual
5-2
Advanced Virtual Private Networking
v5.0, January 2012
•
IKE Policies: Define the authentication scheme and automatically generate the encryption
keys. As an alternative option, to further automate the process, you can create an IKE policy
that uses a trusted certificate authority to provide the authentication while the IKE policy still
handles the encryption.
keys. As an alternative option, to further automate the process, you can create an IKE policy
that uses a trusted certificate authority to provide the authentication while the IKE policy still
handles the encryption.
•
VPN Policies: Apply the IKE policy to specific traffic that requires a VPN tunnel. Or, you can
create a VPN policy that does not use an IKE policy but in which you manually enter all the
authentication and key parameters.
create a VPN policy that does not use an IKE policy but in which you manually enter all the
authentication and key parameters.
Since VPN policies use IKE policies, you define the IKE policy first. The FVS318v3 also allows
you to manually input the authentication scheme and encryption key values. In the case of manual
key management there will not be any IKE policies.
you to manually input the authentication scheme and encryption key values. In the case of manual
key management there will not be any IKE policies.
In order to establish secure communication over the Internet with the remote site you need to
configure matching VPN policies on both the local and remote VPN firewalls. The outbound VPN
policy on one end must match to the inbound VPN policy on other end, and vice versa.
configure matching VPN policies on both the local and remote VPN firewalls. The outbound VPN
policy on one end must match to the inbound VPN policy on other end, and vice versa.
When the network traffic enters into the FVS318v3 from the LAN network interface, if there is no
VPN policy found for a type of network traffic, then that traffic passes through without any
change. However, if the traffic is selected by a VPN policy, then the IPSec authentication and
encryption rules are applied to it as defined in the VPN policy.
VPN policy found for a type of network traffic, then that traffic passes through without any
change. However, if the traffic is selected by a VPN policy, then the IPSec authentication and
encryption rules are applied to it as defined in the VPN policy.
By default, a new VPN policy is added with the least priority, that is, at the end of the VPN policy
table.
table.
IKE Policy Automatic Key and Authentication Management
The most common configuration scenarios will use IKE policies to automatically manage the
authentication and encryption keys. Based on the IKE policy, some parameters for the VPN tunnel
are generated automatically. The IKE protocols perform negotiations between the two VPN
endpoints to automatically generate required parameters.
authentication and encryption keys. Based on the IKE policy, some parameters for the VPN tunnel
are generated automatically. The IKE protocols perform negotiations between the two VPN
endpoints to automatically generate required parameters.
Some organizations will use an IKE policy with a Certificate Authority (CA) to perform
authentication. Typically, CA authentication is used in large organizations that maintain their own
internal CA server. This requires that each VPN gateway have a certificate from the CA. Using
CAs reduces the amount of data entry required on each VPN endpoint.
authentication. Typically, CA authentication is used in large organizations that maintain their own
internal CA server. This requires that each VPN gateway have a certificate from the CA. Using
CAs reduces the amount of data entry required on each VPN endpoint.
Click the IKE Policies link from the VPN section of the main menu, and then click the Add button
of the IKE Policies screen to display the IKE Policy Configuration menu shown in
of the IKE Policies screen to display the IKE Policy Configuration menu shown in
.