Netgear FWG114Pv1 – Wireless Firewall with USB Print Server Manual De Referência
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
Virtual Private Networking
8-15
March 2004, 202-10027-01
Whenever an IKE policy receives the certificate from a peer, it checks for this certificate in the
CRL on the FWG114P obtained from the corresponding CA. If the certificate is not present in the
CRL it means that the certificate is not revoked. IKE can then use this certificate for
authentication. If the certificate is present in the CRL it means that the certificate is revoked, and
the IKE will not authenticate the client.
CRL on the FWG114P obtained from the corresponding CA. If the certificate is not present in the
CRL it means that the certificate is not revoked. IKE can then use this certificate for
authentication. If the certificate is present in the CRL it means that the certificate is revoked, and
the IKE will not authenticate the client.
You must manually update the FWG114P CRL regularly in order for the CA-based authentication
process to remain valid.
process to remain valid.
Walk-Through of Configuration Scenarios on the FWG114P
There are a variety of configurations you might implement with the FWG114P. The scenarios
listed below illustrate typical configurations you might use in your organization.
listed below illustrate typical configurations you might use in your organization.
In order to help make it easier to set up an IPsec system, the following two scenarios are provided.
These scenarios were developed by the VPN Consortium (
These scenarios were developed by the VPN Consortium (
http://www.vpnc.org
). The goal is to
make it easier to get the systems from different vendors to interoperate. NETGEAR is providing
you with both of these scenarios in the following two formats:
you with both of these scenarios in the following two formats:
•
VPN Consortium Scenarios without Any Product Implementation Details as presented in
and
•
VPN Consortium Scenarios Based on the FWG114P User Interface as presented in
The purpose of providing these two versions of the same scenarios is to help you determine where
the two vendors use different vocabulary. Seeing the examples presented in these different ways
will reveal how systems from different vendors do the same thing.
the two vendors use different vocabulary. Seeing the examples presented in these different ways
will reveal how systems from different vendors do the same thing.
How to Use the VPN Wizard to Configure a VPN Tunnel
Note: If you have turned NAT off, before configuring VPN IPSec tunnels you must first
open UDP port 500 for inbound traffic as explained in
open UDP port 500 for inbound traffic as explained in