Using Digital Certificates For Ike Auto-Policy Authentication; Certificate Revocation List (Crl) - NETGEAR FVG318 Reference Manual

Prosafe 802.11g wireless vpn firewall

Hide thumbs Also See for FVG318:

Reference manual (204 pages)

Configuration manual (11 pages)

Features manual (11 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

Table of Contents

Table 6-1. VPN Manual and Auto Policy Configuration Fields (continued)

Field

PFS Key Group

Select IKE Policy

Using Digital Certificates for IKE Auto-Policy Authentication

Digital certificates are strings generated using encryption and authentication schemes that cannot

be duplicated by anyone without access to the different values used in the production of the string.

They are issued by Certification Authorities (CAs) to authenticate a person or a workstation

uniquely. The CAs are authorized to issue these certificates by Policy Certification Authorities

(PCAs), who are in turn certified by the Internet Policy Registration Authority (IPRA). The

FVG318 is able to use certificates to authenticate users at the end points during the IKE key

exchange process (see.

The certificates can be obtained from a certificate server that an organization might maintain

internally or from the established public CAs. The certificates are produced by providing the

particulars of the user being identified to the CA. The information provided may include the user's

name, e-mail ID, and domain name.

Each CA has its own certificate. The certificates of a CA are added to the FVG318 and then can be

used to form IKE policies for the user. Once a CA certificate is added to the FVG318 and a

certificate is created for a user, the corresponding IKE policy is added to the FVG318. Whenever

the user tries to send traffic through the FVG318, the certificates are used in place of pre-shared

keys during initial key exchange as the authentication and key generation mechanism. Once the

keys are established and the tunnel is set up the connection proceeds according to the VPN policy.

Certificate Revocation List (CRL)

Each Certification Authority (CA) maintains a list of the revoked certificates. The list of these

revoked certificates is known as the Certificate Revocation List (CRL).

Advanced Virtual Private Networking

ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

Description

Perfect Forward Secrecy (PFS) improves security. While this is slower, it

will ensure that a Diffie-Hellman exchange is performed for every phase

2 negotiation.

• DH Group 1 (768 bit)

• DH Group 2 (1024 bit)

• DH Group 5 (1536 bit)

The existing IKE policies are presented a drop-down list. You can also

click view selected to review the settings of the selected IKE policy. This

IKE policy will define the characteristics of phase 1 negotiation.

Note: You must create the IKE policy before creating a VPN Auto Policy.

v1.0, September 2007

6-7

Table of Contents

Troubleshooting

This manual is also suitable for:

Fvg318na Fvg318v1 - prosafe 802.11g wireless vpn firewall switch Fvg318v2 - prosafe 802.11g wireless vpn firewall switch

Using Digital Certificates For Ike Auto-Policy Authentication; Certificate Revocation List (Crl) - NETGEAR FVG318 Reference Manual

Using Digital Certificates for IKE Auto-Policy Authentication

Certificate Revocation List (CRL)

Troubleshooting

Related Manuals for NETGEAR FVG318

Related Content for NETGEAR FVG318

This manual is also suitable for:

Table of Contents