Netgear FWG114Pv1 – Wireless Firewall with USB Print Server Guide D’Exploitation

Virtual Private Networking

8-15

Whenever an IKE policy receives the certificate from a peer, it checks for this certificate in the 
CRL on the FWG114P obtained from the corresponding CA. If the certificate is not present in the 
CRL it means that the certificate is not revoked. IKE can then use this certificate for 
authentication. If the certificate is present in the CRL it means that the certificate is revoked, and 
the IKE will not authenticate the client.

You must manually update the FWG114P CRL regularly in order for the CA-based authentication 
process to remain valid.

There are a variety of configurations you might implement with the FWG114P. The scenarios 
listed below illustrate typical configurations you might use in your organization.

In order to help make it easier to set up an IPsec system, the following two scenarios are provided. 
These scenarios were developed by the VPN Consortium (

). The goal is to 

make it easier to get the systems from different vendors to interoperate. NETGEAR is providing 
you with both of these scenarios in the following two formats:

•

VPN Consortium Scenarios without Any Product Implementation Details as presented in 

 and 

•

VPN Consortium Scenarios Based on the FWG114P User Interface as presented in 

 

The purpose of providing these two versions of the same scenarios is to help you determine where 
the two vendors use different vocabulary. Seeing the examples presented in these different ways 
will reveal how systems from different vendors do the same thing.

Note: If you have turned NAT off, before configuring VPN IPSec tunnels you must first 
open UDP port 500 for inbound traffic as explained in