Netgear FVS318Gv2 – ProSAFE VPN Firewall Series User Manual
Configure VPN Tunnels
32
NETGEAR ProSAFE VPN Client
Note:
For XAUTH, NETGEAR recommends that you do not complete the
Login and Password fields on this page. Leave these fields blank so
that the VPN Client user enters these credentials. This method is
referred to as dynamic extended authentication.
Login and Password fields on this page. Leave these fields blank so
that the VPN Client user enters these credentials. This method is
referred to as dynamic extended authentication.
32.
6.
To enable this mode, select the Hybrid Mode check box and
enter a name in the
Login field
and a password in the Password field.
7.
Select the type of local ID and enter the associated value for the ID in the field to the right.
The following selections are available:
•
IP Address. Enter a standard IP address (for example, 195.100.205.101).
•
DNS. Enter a fully qualified domain name (FQDN) (for example, mydomain.com).
•
DER ASN1 DN. Enter a certificate issuer (for more information, see
57). If you do not enter a certificate, the IP address of the VPN
Client is used.
•
Subject from X509. These fields are automatically set when you import a certificate
(see
(see
Note:
If a VPN tunnel closes because the computer changed its IP address,
the VPN tunnel does not reopen automatically when the network
becomes available again.
the VPN tunnel does not reopen automatically when the network
becomes available again.
8.
Select the type of remote ID and enter the associated value for the ID in the field to the right.
The remote ID is the identity that the VPN Client receives from the VPN gateway during
the authentication phase. The following selections are available:
the authentication phase. The following selections are available:
•
IP Address. Enter a standard IP address (for example, 203.0.113.4).
•
DNS. Enter a fully qualified domain name (FQDN) (for example,
gateway.mydomain.com).
gateway.mydomain.com).
•
DER ASN1 DN. Enter a certificate issuer (for more information, see
57). If you do not enter a certificate, the IP address of the VPN
gateway is used.
9.
Select Configuration > Save or press Ctrl + S.
Your settings are saved.
Configure XAUTH
Extended authentication (XAUTH) is an extension of the IKE protocol. IKE is an important
element of the public key infrastructure (PKI) that defines how security credentials are
exchanged over the IPSec tunneling protocol. For extended authentication (XAUTH), IPSec
negotiation requires the definition of a login name and password on the remote VPN gateway.
The VPN Client supports several authentication protocols, including CHAP and one-time
password (OTP).
element of the public key infrastructure (PKI) that defines how security credentials are
exchanged over the IPSec tunneling protocol. For extended authentication (XAUTH), IPSec
negotiation requires the definition of a login name and password on the remote VPN gateway.
The VPN Client supports several authentication protocols, including CHAP and one-time
password (OTP).