Netgear FVS318v3 – Cable/DSL ProSafe VPN Firewall with 8-Port Switch Reference Manual
ProSafe VPN Firewall FVS318v3 Reference Manual
Advanced Virtual Private Networking
5-15
v5.0, January 2012
FVS318v3 Scenario 1: Gateway-to-Gateway with Preshared
Secrets
Secrets
The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication.
Figure 5-5
Gateway A connects the internal LAN 10.5.6.0/24 to the Internet. Gateway A's LAN interface has
the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17.
the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17.
Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway B's WAN (Internet)
interface has the address 22.23.24.25. Gateway B's LAN interface address, 172.23.9.1, can be used
for testing IPsec but is not needed for configuring Gateway A.
interface has the address 22.23.24.25. Gateway B's LAN interface address, 172.23.9.1, can be used
for testing IPsec but is not needed for configuring Gateway A.
The IKE Phase 1 parameters used in Scenario 1 are:
•
•
Main mode
•
TripleDES
•
SHA-1
•
MODP group 2 (1024 bits)
•
pre-shared secret of “hr5xb84l6aa9r6”
•
SA lifetime of 28800 seconds (eight hours) with no kilobytes rekeying
The IKE Phase 2 parameters used in Scenario 1 are:
•
•
TripleDES
•
SHA-1
•
ESP tunnel mode
Note: Before installing the NETGEAR ProSafe VPN Client software, be sure to turn off
any virus protection or firewall software you may be running on your PC.
10.5.6.0/24
10.5.6.1
Gateway A
14.15.16.17
22.23.24.25
172.23.9.0/24
Internet
Gateway B
172.23.9.1