Netgear 05200007 User Manual

5-12

Using the Security Policy Editor

Before you configure the options for Security Policy in a connection, take these steps:

•

Make sure that the connection is secure: In the Connection Security group, click Secure 

. 

•

Configure My Identity for this connection.

The Phase 1 negotiation mode selected for Security Policy determines how the security association 
(SA) is established for each connection through IKE negotiations. 

1.

In the Security Policy Editor, in the Network Security Policy list, expand the specific secure 
connection .

2.

Expand Security Policy.

3.

In the Select Phase 1 Negotiation Mode group, click an option:

•

Main Mode ensures the highest level of security when the communicating parties are 
negotiating authentication (Phase 1).

•

Aggressive Mode is quicker than Main Mode, because it eliminates several steps when 
the communicating parties are negotiating authentication (Phase 1).

•

Use Manual Keys requires no negotiations; SafeNet recommends using this for 
troubleshooting only.

4.

To activate the perfect forward secrecy (PFS) feature, which requires exchanging independent 
keying material each time Key Exchange keys are generated, select the Enable Perfect 
Forward Secrecy (PFS) check box.

5.

If you selected the Enable Perfect Forward Secrecy (PFS) check box, in the PFS Key 
Group list, click a Diffie-Hellman Group 1, 2, or 5.

6.

To set a counter that determines if a packet is unique, select the Enable Replay Detection 
check box. 

7.

Click Save.

The Phase 1 Negotiation Mode you selected determines your next step:

•

If you selected Main Mode or Aggressive Mode, configure Authentication (Phase 1).

•

If you selected Use Manual Keys, configure Key Exchange (Phase 2).