Netgear FVL328 참조 매뉴얼
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
6-14
Virtual Private Networking
May 2004, 202-10030-02
Using Digital Certificates for IKE Auto-Policy Authentication
Digital certificates are character strings generated using encryption and authentication schemes
which cannot be duplicated by anyone without access to the different values used in the production
of the string. They are issued by Certification Authorities (CAs) to authenticate a person or a
workstation uniquely. The CAs are authorized to issue these certificates by Policy Certification
Authorities (PCAs), who are in turn certified by the Internet Policy Registration Authority (IPRA).
The FVL328 is able to use certificates to authenticate users at the endpoints during the IKE key
exchange process.
which cannot be duplicated by anyone without access to the different values used in the production
of the string. They are issued by Certification Authorities (CAs) to authenticate a person or a
workstation uniquely. The CAs are authorized to issue these certificates by Policy Certification
Authorities (PCAs), who are in turn certified by the Internet Policy Registration Authority (IPRA).
The FVL328 is able to use certificates to authenticate users at the endpoints during the IKE key
exchange process.
The certificates can be obtained from a certificate server an organization might maintain internally
or from the established public CAs. The certificates are produced by providing the particulars of
the user being identified to the CA. The information provided may include the user's name, e-mail
ID, domain name, etc.
or from the established public CAs. The certificates are produced by providing the particulars of
the user being identified to the CA. The information provided may include the user's name, e-mail
ID, domain name, etc.
Enable Authentication
Use this check box to enable or disable ESP authentication for this VPN policy.
Authentication
Algorithm
If you enable authentication, then use this menu to select the algorithm:
• MD5 – the default
• SHA1 – more secure
• MD5 – the default
• SHA1 – more secure
Key - In
Enter the key.
• For MD5, the key should be 16 characters.
• For SHA-1, the key should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm "Key - Out" field.
• For MD5, the key should be 16 characters.
• For SHA-1, the key should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm "Key - Out" field.
Key - Out
Enter the key in the fields provided.
• For MD5, the key should be 16 characters.
• For SHA-1, the key should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm "Key - In" field.
• For MD5, the key should be 16 characters.
• For SHA-1, the key should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm "Key - In" field.
NetBIOS Enable
Check this if you want NetBIOS traffic to be forwarded over the VPN tunnel.
The NetBIOS protocol is used by Microsoft Networking for such features as
Network Neighborhood.
The NetBIOS protocol is used by Microsoft Networking for such features as
Network Neighborhood.
Table 6-1.
VPN Manual Policy Configuration Fields
Field
Description