Scenario 2: Fwg114P V2 To Fwg114P V2 With Certificates - NETGEAR FWG114Pv2 - Wireless Firewall With USB Print Server Reference Manual

Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2
• Selectors for all IP protocols, all ports, between 10.5.6.0/24 and 172.23.9.0/24, using IPv4
subnets

Scenario 2: FWG114P v2 to FWG114P v2 with Certificates

The following is a typical gateway-to-gateway VPN that uses Public Key Infrastructure x.509
(PKIX) certificates for authentication. The network setup is identical to the one given in scenario
1. The IKE Phase 1 and Phase 2 parameters are identical to the ones given in scenario 1, with the
exception that the identification is done with signatures authenticated by PKIX certificates.
Note: Before completing this configuration scenario, make sure the correct Time Zone is set on the
FWG114P v2. For instructions on this topic, please see,
1. Obtain a root certificate.
Obtain the root certificate (which includes the public key) from a Certificate Authority
a.
(CA)
Note: The procedure for obtaining certificates differs from a CA like Verisign and a CA,
such as a Windows 2000 certificate server, which an organization operates for providing
certificates for its members. For example, an administrator of a Windows 2000 certificate
server might provide it to you via e-mail.
Save the certificate as a text file called trust.txt.
b.
2. Install the trusted CA certificate for the Trusted Root CA.
Log in to the FWG114P v2.
a.
From the main menu VPN section, click on the CA's link.
b.
Click Add to add a CA.
c.
Click Browse to locate the trust.txt file.
d.
Click Upload.
e.
3. Create a certificate request for the FWG114P v2.
From the main menu VPN section, click the Certificates link.
a.
8-26
"Setting the Time Zone" on page
201-10301-02, May 2005
6-13.
Virtual Private Networking