NETGEAR FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router Reference Manual page 110

ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual
10. Specify the VPN policy settings. These settings must match the configuration of the remote
VPN client. Recommended settings are:
• SA Lifetime: 3600 seconds
• Authentication Algorithm: SHA-1
• Encryption Algorithm: 3DES
11. Click Apply.
The new record should appear in the VPN Remote Host Mode Config Table.
Next, you must configure an IKE Policy:
1. Click VPN > IPsec VPN in the main menu. The IKE Policies screen is displayed showing the
current policies in the List of IKE Policies Table.
2. Click Add to configure a new IKE Policy. The Add IKE Policy screen is displayed.
3. Enable Mode Config by checking the Yes radio button and selecting the Mode Config record
you just created from the pull-down menu. (You can view the parameters of the selected
record by clicking the View selected radio button.)
Mode Config works only in Aggressive Mode, and Aggressive Mode requires that both ends
of the tunnel be defined by an FQDN.
4. In the General section:
a. Enter a descriptive name in the Policy Name Field such as "salesperson". This name will
be used as part of the remote identifier in the VPN client configuration.
b. Set Direction/Type to Responder.
c. The Exchange Mode will automatically be set to Aggressive.
5. For Local information:
a. Select Fully Qualified Domain Name for the Local Identity Type.
b. Enter an identifier in the Remote Identity Data field that is not used by any other IKE
policies. This identifier will be used as part of the local identifier in the VPN client
configuration.
6. Specify the IKE SA parameters. These settings must be matched in the configuration of the
remote VPN client. Recommended settings are:
• Encryption Algorithm: 3DES
• Authentication Algorithm: SHA-1
• Diffie-Hellman: Group 2
• SA Lifetime: 3600 seconds
5-24 Virtual Private Networking Using IPsec
1.1 November, 2009