NETGEAR ProSafe FVS336Gv2 Reference Manual page 93

Prosafe dual wan gigabit firewall with ssl & ipsec vpn

Hide thumbs Also See for ProSafe FVS336Gv2:

Installation manual (2 pages)

Datasheet (3 pages)

Reference manual (691 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

Table of Contents

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual

In the Mode Config Record section, enable Mode Config by checking the Yes radio

button and selecting the Mode Config record you just created from the drop-down list.

(To view the parameters of the selected record, click the view selected button.)

Mode Config works only in Aggressive Mode, and Aggressive Mode requires that both

ends of the tunnel are defined by an FQDN.

In the General section:

•

Enter a descriptive name in the Policy Name field such as "salesperson". This name

will be used as part of the remote identifier in the VPN client configuration.

•

Set Direction/Type to Responder.

•

The Exchange Mode will automatically be set to Aggressive.

In the Local section, select FQDN for the Identity Type.

In the Local section, choose which WAN port to use as the VPN tunnel end point.

In the Remote section, enter an identifier in the Identity Type field that is not used by

any other IKE policies. This identifier will be used as part of the local identifier in the

VPN client configuration.

In the IKE SA Parameters section, specify the IKE SA parameters. These settings must

be matched in the configuration of the remote VPN client. Recommended settings are:

•

Encryption Algorithm: 3DES

•

Authentication Algorithm: SHA-1

•

Diffie-Hellman: Group 2

•

SA Lifetime: 3600 seconds

Enter a Pre-Shared Key that will also be configured in the VPN client.

10.

XAUTH is disabled by default. To enable XAUTH, in the Extended Authentication

section, select one of the following:

•

Edge Device to use this VPN firewall as a VPN concentrator where one or more

gateway tunnels terminate. (If selected, you must specify the Authentication Type to

be used in verifying credentials of the remote VPN gateways.)

•

IPsec Host if you want the VPN firewall to be authenticated by the remote gateway.

Enter a username and password to be associated with the IKE policy. When this

option is chosen, you will need to specify the user name and password to be used in

authenticating this gateway (by the remote gateway).

For more information on XAUTH, see

11.

If Edge Device was enabled, choose the Authentication Type from the pull down menu

which will be used to verify account information: User Database, RADIUS-CHAP or

RADIUS-PAP. Users must be added through the User Database screen (see

New User Account"

"Configuring XAUTH for VPN Clients"

on page 120 or

"RADIUS Client Configuration"

Chapter 5: Virtual Private Networking Using IPsec

on page 86.

"Creating a

on page 88).

| 93

Table of Contents

NETGEAR ProSafe FVS336Gv2 Reference Manual page 93

Troubleshooting

Related Products for NETGEAR ProSafe FVS336Gv2

NETGEAR ProSafe FVS336Gv2 Reference Manual page 93

Troubleshooting

Related Manuals for NETGEAR ProSafe FVS336Gv2

Related Products for NETGEAR ProSafe FVS336Gv2

Table of Contents