Netgear FVS318v2 – Cable/DSL ProSafe VPN Firewall with 8-Port Switch Manual De Referencia
Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall
6-2
Virtual Private Networking
M-10146-01
VPN client access allows a remote PC to connect to your network from any location on the
Internet. In this case, the remote PC is one tunnel endpoint, running VPN client software. The
FVS318 VPN Firewall router on your network is the other tunnel endpoint
Internet. In this case, the remote PC is one tunnel endpoint, running VPN client software. The
FVS318 VPN Firewall router on your network is the other tunnel endpoint
•
The FVS318 VPN Firewall supports up to eight concurrent tunnels.
These scenarios are described below.
Understanding How FVS318 VPN Tunnels Are Configured
You create VPN tunnels definitions via the VPN Settings link under the Setup section of the main
menu on the FVS318. The VPN tunnel configuration consists of these two kinds of information:
menu on the FVS318. The VPN tunnel configuration consists of these two kinds of information:
•
Connection. Identifies the VPN endpoints by IPSec ID, IP address, or a fully qualified domain
name (FQDN).
name (FQDN).
Note: A FQDN is the complete URL of the router. Using a dynamic DNS service for a
FVS318 with a dynamically-assigned IP address enables that FVS318 to both initiate and
respond to requests to open a VPN tunnel. Otherwise, a FVS318 with a dynamically-assigned
IP address can only initiate a request to open a VPN tunnel because no other initiators can
know its IP address.
FVS318 with a dynamically-assigned IP address enables that FVS318 to both initiate and
respond to requests to open a VPN tunnel. Otherwise, a FVS318 with a dynamically-assigned
IP address can only initiate a request to open a VPN tunnel because no other initiators can
know its IP address.
•
Security Association (SA). There are three kinds of SA key exchange modes:
— IKE Main Mode: Uses the Internet Key Exchange (IKE) protocol to define the
authentication scheme and automatically generate the encryption keys. Main Mode
authentication is slightly slower than Aggressive Mode but more secure.
authentication is slightly slower than Aggressive Mode but more secure.
— IKE Aggressive Mode: Uses the IKE protocol to define the authentication scheme and
automatically generate the encryption keys. Aggressive Mode authentication is slightly
faster than Main Mode but less secure.
faster than Main Mode but less secure.
Note:
The FVS318 VPN Firewall uses industry standard VPN protocols. However, due
to variations in how manufacturers interpret these standards, many VPN products do not
interoperate. NETGEAR provides support for connections between NETGEAR VPN
Firewalls, and between an FVS318 VPN Firewall and the SafeNet SoftRemote VPN
Client for Windows. This manual is written based on tests with the FVS318 and versions
8 and 9 of the SafeNet client. Although the FVS318 can interoperate with many other
VPN products, it is not possible for NETGEAR to provide specific technical support for
every other interconnection. Please see NETGEAR's web site for additional VPN
information.
interoperate. NETGEAR provides support for connections between NETGEAR VPN
Firewalls, and between an FVS318 VPN Firewall and the SafeNet SoftRemote VPN
Client for Windows. This manual is written based on tests with the FVS318 and versions
8 and 9 of the SafeNet client. Although the FVS318 can interoperate with many other
VPN products, it is not possible for NETGEAR to provide specific technical support for
every other interconnection. Please see NETGEAR's web site for additional VPN
information.