Certificate Revocation List (Crl); Walk-Through Of Configuration Scenarios On The Fvs318V3 - NETGEAR FVS318 - ProSafe VPN Firewall Router Reference Manual

Vpn firewall

Hide thumbs Also See for FVS318 - ProSafe VPN Firewall Router:

Reference manual (222 pages)

Installation manual (22 pages)

Specifications (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

Table of Contents

Reference Manual for the ProSafe VPN Firewall FVS318v3

Each CA has its own certificate. The certificates of a CA are added to the FVS318v3 and then can

be used to form IKE policies for the user. Once a CA certificate is added to the FVS318v3 and a

certificate is created for a user, the corresponding IKE policy is added to the FVS318v3. Whenever

the user tries to send traffic through the FVS318v3, the certificates are used in place of pre-shared

keys during initial key exchange as the authentication and key generation mechanism. Once the

keys are established and the tunnel is set up the connection proceeds according to the VPN policy.

Certificate Revocation List (CRL)

Each Certification Authority (CA) maintains a list of the revoked certificates. The list of these

revoked certificates is known as the Certificate Revocation List (CRL).

Whenever an IKE policy receives the certificate from a peer, it checks for this certificate in the

CRL on the FVS318v3 obtained from the corresponding CA. If the certificate is not present in the

CRL it means that the certificate is not revoked. IKE can then use this certificate for

authentication. If the certificate is present in the CRL it means that the certificate is revoked, and

the IKE will not authenticate the client.

You must manually update the FVS318v3 CRL regularly in order for the CA-based authentication

process to remain valid.

Walk-Through of Configuration Scenarios on the FVS318v3

There are a variety of configurations you might implement with the FVS318v3. The scenarios

listed below illustrate typical configurations you might use in your organization.

In order to help make it easier to set up an IPsec system, the following two scenarios are provided.

These scenarios were developed by the VPN Consortium (http://www.vpnc.org). The goal is to

make it easier to get the systems from different vendors to interoperate. NETGEAR is providing

you with both of these scenarios in the following two formats:

•

VPN Consortium Scenarios without any product implementation details

•

VPN Consortium Scenarios based on the FVS318v3 User Interface

The purpose of providing these two versions of the same scenarios is to help you determine where

the two vendors use different vocabulary. Seeing the examples presented in these different ways

will reveal how systems from different vendors do the same thing.

6-14

Advanced Virtual Private Networking

January 2005

Table of Contents

Troubleshooting

This manual is also suitable for:

Prosafe fvs318v3

Certificate Revocation List (Crl); Walk-Through Of Configuration Scenarios On The Fvs318V3 - NETGEAR FVS318 - ProSafe VPN Firewall Router Reference Manual

Certificate Revocation List (CRL)

Walk-Through of Configuration Scenarios on the FVS318v3

Troubleshooting

Related Manuals for NETGEAR FVS318 - ProSafe VPN Firewall Router

Related Content for NETGEAR FVS318 - ProSafe VPN Firewall Router

This manual is also suitable for:

Table of Contents