Netgear FWG114Pv1 – Wireless Firewall with USB Print Server Guide D’Exploitation
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
8-14
Virtual Private Networking
March 2004, 202-10027-01
Using Digital Certificates for IKE Auto-Policy Authentication
Digital certificates are strings generated using encryption and authentication schemes which
cannot be duplicated by anyone without access to the different values used in the production of the
string. They are issued by Certification Authorities (CAs) to authenticate a person or a workstation
uniquely. The CAs are authorized to issue these certificates by Policy Certification Authorities
(PCAs), who are in turn certified by the Internet Policy Registration Authority (IPRA). The
FWG114P is able to use certificates to authenticate users at the end points during the IKE key
exchange process.
cannot be duplicated by anyone without access to the different values used in the production of the
string. They are issued by Certification Authorities (CAs) to authenticate a person or a workstation
uniquely. The CAs are authorized to issue these certificates by Policy Certification Authorities
(PCAs), who are in turn certified by the Internet Policy Registration Authority (IPRA). The
FWG114P is able to use certificates to authenticate users at the end points during the IKE key
exchange process.
The certificates can be obtained from a certificate server an organization might maintain internally
or from the established public CAs. The certificates are produced by providing the particulars of
the user being identified to the CA. The information provided may include the user's name, e-mail
ID, domain name, and so on.
or from the established public CAs. The certificates are produced by providing the particulars of
the user being identified to the CA. The information provided may include the user's name, e-mail
ID, domain name, and so on.
Each CA has its own certificate. The certificates of a CA are added to the FWG114P and can then
be used to form IKE policies for the user. Once a CA certificate is added to the FWG114P and a
certificate is created for a user, the corresponding IKE policy is added to the FWG114P. Whenever
the user tries to send traffic through the FWG114P, the certificates are used in place of pre-shared
keys during initial key exchange as the authentication and key generation mechanism. Once the
keys are established and the tunnel is set up the connection proceeds according to the VPN policy.
be used to form IKE policies for the user. Once a CA certificate is added to the FWG114P and a
certificate is created for a user, the corresponding IKE policy is added to the FWG114P. Whenever
the user tries to send traffic through the FWG114P, the certificates are used in place of pre-shared
keys during initial key exchange as the authentication and key generation mechanism. Once the
keys are established and the tunnel is set up the connection proceeds according to the VPN policy.
Certificate Revocation List (CRL)
Each Certification Authority (CA) maintains a list of the revoked certificates. The list of these
revoked certificates is known as the Certificate Revocation List (CRL).
revoked certificates is known as the Certificate Revocation List (CRL).
Key - Out
Enter the key in the fields provided.
• For MD5, the key should be 16 characters.
• For SHA-1, the key should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm "Key - In" field.
• For MD5, the key should be 16 characters.
• For SHA-1, the key should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm "Key - In" field.
NETBIOS Enable
Check this if you wish NETBIOS traffic to be forwarded over the VPN
tunnel. The NETBIOS protocol is used by Microsoft Networking for such
features as Network Neighborhood.
tunnel. The NETBIOS protocol is used by Microsoft Networking for such
features as Network Neighborhood.
Table 8-1.
VPN Manual Policy Configuration Fields
Field
Description