Netgear FVS318v2 – Cable/DSL ProSafe VPN Firewall with 8-Port Switch Manual De Referencia
Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall
Virtual Private Networking
6-7
M-10146-01
The Security Association IKE Aggressive Mode fields are defined in the following table.
Configuring a SA Using Manual Key Management
Click the VPN Settings link of the Setup section of the main menu, and then click the radio button
of a VPN tunnel, and then click the Edit button and choose Aggressive Mode from the Security
Association drop-down list to display the Manual Keys menu shown in
of a VPN tunnel, and then click the Edit button and choose Aggressive Mode from the Security
Association drop-down list to display the Manual Keys menu shown in
.
Table 6-1.
Security Association Aggressive Mode Configuration Fields
Field
Description
Secure Association
Choose Aggressive Mode key exchange mode for this VPN tunnel:
• IKE Main Mode -- the default.
• IKE Aggressive Mode -- faster but less secure.
• Manual Keys -- more control but more complex.
• IKE Main Mode -- the default.
• IKE Aggressive Mode -- faster but less secure.
• Manual Keys -- more control but more complex.
Perfect Forward Secrecy Perfect Forward Secrecy (PFS) provides additional security by means of a
shared secret value. With PFS, if one key is compromised, previous and
subsequent keys are secure because they are not derived from previous keys.
subsequent keys are secure because they are not derived from previous keys.
Encryption Protocol
Longer keys are more secure but the throughput could be slower.
• Null - Fastest but no security.
• DES - The Data Encryption Standard (DES) processes input data that is 64
• Null - Fastest but no security.
• DES - The Data Encryption Standard (DES) processes input data that is 64
bits wide, encrypting these values using a 56 bit key. Faster but less secure
than 3DES or AES.
than 3DES or AES.
• 3DES - (Triple DES) achieves a higher level of security by encrypting the data
three times using DES with three different, unrelated keys.
• AES - 128, - 192, or - 256. Most secure. Advanced Encryption Standard is a
symmetric 128-bit block data encryption technique.
Key Group
This setting determines the Diffie-Hellman group bit size used in the key
exchange. This must match the value used on the remote gateway.
exchange. This must match the value used on the remote gateway.
Pre-Shared Key
Specify the key. Any value is acceptable, provided the remote VPN endpoint has
the same value in its Pre-Shared Key field.
the same value in its Pre-Shared Key field.
Key Life
The default is 3600 seconds (one hour).
IKE Life Time
At the end of this time, the connection will drop, the security association will be
re-established, and the connection will be reactivated. The default is 28800
seconds (eight hours).
re-established, and the connection will be reactivated. The default is 28800
seconds (eight hours).
NETBIOS Enable
If you need to run Microsoft networking functions such as Network
Neighborhood, click the NETBIOS Enable check box.
Neighborhood, click the NETBIOS Enable check box.