Netgear FVS336G Guia De Referência
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
Virtual Private Networking Using IPsec
5-23
v1.0, October 2007
a. Enter a descriptive name in the Policy Name Field such as “salesperson”. This name will
be used as part of the remote identifier in the VPN client configuration.
b. Set Direction/Type to Responder.
c.
The Exchange Mode will automatically be set to Aggressive.
5. For Local information:
a. Select Fully Qualified Domain Name for the Local Identity Type.
b. Enter an identifier in the Remote Identity Data field that is not used by any other IKE
policies. This identifier will be used as part of the local identifier in the VPN client
configuration.
configuration.
6. Specify the IKE SA parameters. These settings must be matched in the configuration of the
remote VPN client. Recommended settings are:
•
Encryption Algorithm: 3DES
•
Authentication Algorithm: SHA-1
•
Diffie-Hellman: Group 2
•
SA Lifetime: 3600 seconds
7. Enter a Pre-Shared Key that will also be configured in the VPN client.
8. XAUTH is disabled by default. To enable XAUTH, choose one of the following:
•
Edge Device to use this VPN firewall as a VPN concentrator where one or more gateway
tunnels terminate. (If selected, you must specify the Authentication Type to be used in
verifying credentials of the remote VPN gateways.)
tunnels terminate. (If selected, you must specify the Authentication Type to be used in
verifying credentials of the remote VPN gateways.)
•
IPsec Host if you want this gateway to be authenticated by the remote gateway. Enter a
Username and Password to be associated with the IKE policy. When this option is chosen,
you will need to specify the user name and password to be used in authenticating this
gateway (by the remote gateway).
Username and Password to be associated with the IKE policy. When this option is chosen,
you will need to specify the user name and password to be used in authenticating this
gateway (by the remote gateway).
9. If Edge Device was enabled, choose the Authentication Type from the pull down menu
which will be used to verify account information: User Database, RADIUS-CHAP or
RADIUS-PAP. Users must be added through the User Database screen (see
RADIUS-PAP. Users must be added through the User Database screen (see
or
).
10. Click Apply. The new policy will appear in the IKE Policies Table.
Note: If RADIUS-PAP is selected, the VPN firewall will first check the User
Database to see if the user credentials are available. If the user account is not
present, the VPN firewall will then connect to the RADIUS server.
present, the VPN firewall will then connect to the RADIUS server.