Netgear FVL328 参照マニュアル
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Virtual Private Networking
6-27
May 2004, 202-10030-02
2.
To test connectivity between the FVL328 Gateway A and Gateway B WAN ports, follow these
steps:
steps:
a.
Using our example, log in to the FVL328 on LAN A, go to the main menu Maintenance
section and click the Diagnostics link.
section and click the Diagnostics link.
b.
To test connectivity to the WAN port of Gateway B, enter
22.23.24.25
, and then click
Ping.
c.
This will cause a ping to be sent to the WAN interface of Gateway B. After between
several seconds and two minutes, the ping response should change from “timed out” to
“reply.” You may have to run this test several times before you get the “reply” message
back from the target FVL328.
several seconds and two minutes, the ping response should change from “timed out” to
“reply.” You may have to run this test several times before you get the “reply” message
back from the target FVL328.
d.
At this point the connection is established.
Note: If you want to ping the FVL328 as a test of network connectivity, be sure the FVL328 is
configured to respond to a ping on the Internet WAN port by checking the check box seen in
the Rules menu. However, to preserve a high degree of security, you should turn off this
feature when you are finished with testing.
configured to respond to a ping on the Internet WAN port by checking the check box seen in
the Rules menu. However, to preserve a high degree of security, you should turn off this
feature when you are finished with testing.
3.
To view the FVL328 event log and status of Security Associations, follow these steps:
a.
Go to the FVL328 main menu VPN section and click the VPN Status link.
b.
The log screen will display a history of the VPN connections, and the IPSec SA and IKE
SA tables will report the status and data transmission statistics of the VPN tunnels for each
policy.
SA tables will report the status and data transmission statistics of the VPN tunnels for each
policy.
FVL328 Scenario 2: Authenticating with RSA Certificates
The following is a typical gateway-to-gateway VPN that uses Public Key Infrastructure X.509
(PKIX) certificates for authentication. The network setup is identical to the one given in Scenario
1. The IKE Phase 1 and Phase 2 parameters are identical to the ones given in Scenario 1, with the
exception that the identification is done with signatures authenticated by PKIX certificates.
(PKIX) certificates for authentication. The network setup is identical to the one given in Scenario
1. The IKE Phase 1 and Phase 2 parameters are identical to the ones given in Scenario 1, with the
exception that the identification is done with signatures authenticated by PKIX certificates.
Note: Before completing this configuration scenario, make sure the correct Time Zone is set on the
FVL328. For instructions on this topic, please see,
FVL328. For instructions on this topic, please see,
.
1. Obtain a root certificate.
a.
Obtain the root certificate (which includes the CA’s public key) from a Certificate
Authority (CA).
Authority (CA).