Netgear FVS318v3 – Cable/DSL ProSafe VPN Firewall with 8-Port Switch 참조 매뉴얼

Advanced Virtual Private Networking

5-21

The following is a typical gateway-to-gateway VPN that uses Public Key Infrastructure x.509 
(PKIX) certificates for authentication. The network setup is identical to the one given in 
Scenario 1. The IKE Phase 1 and Phase 2 parameters are identical to the ones given in Scenario 1, 
with the exception that the identification is done with signatures authenticated by PKIX 
certificates. 

1. Obtain a root certificate (see .

a. Obtain the root certificate (that includes the public key) from a Certificate Authority (CA).

b. Save the certificate as a text file called trust.txt.

2. Install the trusted CA certificate for the Trusted Root CA.

a. Log in to the FVS318v3. 

b. From the main menu VPN section, click the CAs link.

c. Click Add to add a CA.

d. Click Browse to locate the trust.txt file.

e. Click Upload.

3. Create a certificate request for the FVS318v3. 

a. From the main menu VPN section, click the Certificates link.

b. Click the Generate Request button to display the screen illustrated in 

Note: Before completing this configuration scenario, make sure the correct Time Zone is 

set on the FVS318v3. For instructions on this topic, see 

.

Note: The procedure for obtaining certificates differs from a CA like Verisign 

and a CA such as a Windows 2000 certificate server, which an 
organization operates for providing certificates for its members. For 
example, an administrator of a Windows 2000 certificate server might 
provide it to you via e-mail.