Netgear FVS318N 사용자 설명서
Virtual Private Networking Using IPSec and L2TP Connections
246
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
WINS Server
If there is a WINS server on the local network, enter its IP address in the Primary
field. You can enter the IP address of a second WINS server in the Secondary field.
field. You can enter the IP address of a second WINS server in the Secondary field.
DNS Server
Enter the IP address of the DNS server that is used by remote VPN clients in the
Primary field. You can enter the IP address of a second DNS server in the
Secondary field.
Primary field. You can enter the IP address of a second DNS server in the
Secondary field.
Traffic Tunnel Security Level
Note:
Generally, the default settings work well for a Mode Config configuration.
PFS Key Group
Select this check box to enable Perfect Forward Secrecy (PFS), and then select a
Diffie-Hellman (DH) group from the drop-down list. The DH Group sets the strength
of the algorithm in bits. The higher the group, the more secure the exchange. From
the drop-down list, select one of the following three strengths:
Diffie-Hellman (DH) group from the drop-down list. The DH Group sets the strength
of the algorithm in bits. The higher the group, the more secure the exchange. From
the drop-down list, select one of the following three strengths:
• Group 1 (768 bit)
• Group 2 (1024 bit). This is the default setting.
• Group 5 (1536 bit)
SA Lifetime
The lifetime of the security association (SA) is the period or the amount of
transmitted data after which the SA becomes invalid and needs to be renegotiated.
From the drop-down list, select how the SA lifetime is specified:
transmitted data after which the SA becomes invalid and needs to be renegotiated.
From the drop-down list, select how the SA lifetime is specified:
• Seconds. In the SA Lifetime field, enter a period in seconds. The minimum value
is 300 seconds. The default setting is 3600 seconds.
• KBytes. In the SA Lifetime field, enter a number of kilobytes. The minimum value
is 1920000 KB.
Encryption Algorithm
From the drop-down list, select one of the following five algorithms to negotiate the
security association (SA):
security association (SA):
• None. No encryption.
• DES. Data Encryption Standard (DES).
• 3DES. Triple DES. This is the default algorithm.
• AES-128. Advanced Encryption Standard (AES) with a 128-bit key size.
• AES-192. AES with a 192-bit key size.
• AES-256. AES with a 256-bit key size.
Integrity Algorithm
From the drop-down list, select one of the following two algorithms to be used in the
VPN header for the authentication process:
VPN header for the authentication process:
• SHA-1. Hash algorithm that produces a 160-bit digest. This is the default setting.
• MD5. Hash algorithm that produces a 128-bit digest.
Local IP Address
The local IP address to which remote VPN clients have access. If you do not
specify a local IP address, the wireless VPN firewall’s default LAN IP address is
used (by default, 192.168.1.1).
specify a local IP address, the wireless VPN firewall’s default LAN IP address is
used (by default, 192.168.1.1).
Local Subnet Mask
The local subnet mask. Typically, this is 255.255.255.0.
Note:
If you do not specify a local IP address, you do not need to specify a subnet
either.
Table 57. Add Mode Config Record screen settings (continued)
Setting
Description