Netgear FVS328 Manual De Referência
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
Virtual Private Networking
7-25
May 2004, 202-10031-01
2.
To test connectivity between the FVS328 Gateway A and Gateway B WAN ports, follow these
steps:
steps:
a.
Using our example, log in to the FVS328 on LAN A, go to the main menu Maintenance
section and click the Diagnostics link.
section and click the Diagnostics link.
b.
To test connectivity to the WAN port of Gateway B, enter
22.23.24.25
, and then click
Ping.
c.
This will cause a ping to be sent to the WAN interface of Gateway B. After between
several seconds and two minutes, the ping response should change from “timed out” to
“reply.” You may have to run this test several times before you get the “reply” message
back from the target FVS328.
several seconds and two minutes, the ping response should change from “timed out” to
“reply.” You may have to run this test several times before you get the “reply” message
back from the target FVS328.
d.
At this point the connection is established.
Note: If you want to ping the FVS328 as a test of network connectivity, be sure the FVS328 is
configured to respond to a ping on the Internet WAN port. However, to preserve a high degree
of security, you should turn off this feature when you are finished with testing.
configured to respond to a ping on the Internet WAN port. However, to preserve a high degree
of security, you should turn off this feature when you are finished with testing.
3.
To view the FVS328 event log and status of Security Associations, follow these steps:
a.
Go to the FVS328 main menu VPN section and click the VPN Status link.
b.
The log screen will display a history of the VPN connections, and the IPSec SA and IKE
SA tables will report the status and data transmission statistics of the VPN tunnels for each
policy.
SA tables will report the status and data transmission statistics of the VPN tunnels for each
policy.
FVS328 Scenario 2: Authenticating with RSA Certificates
The following is a typical gateway-to-gateway VPN that uses Public Key Infrastructure X.509
(PKIX) certificates for authentication. The network setup is identical to the one given in Scenario
1. The IKE Phase 1 and Phase 2 parameters are identical to the ones given in Scenario 1, with the
exception that the identification is done with signatures authenticated by PKIX certificates.
(PKIX) certificates for authentication. The network setup is identical to the one given in Scenario
1. The IKE Phase 1 and Phase 2 parameters are identical to the ones given in Scenario 1, with the
exception that the identification is done with signatures authenticated by PKIX certificates.
Note: Before completing this configuration scenario, make sure the correct Time Zone is set on the
FVS328. For instructions on this topic, please see,
FVS328. For instructions on this topic, please see,
1. Obtain a root certificate.
a.
Obtain the root certificate (which includes the CA’s public key) from a Certificate
Authority (CA).
Authority (CA).