NETGEAR FVL328 Reference Manual page 71

Table 6-1. IKE Policy Configuration Fields
Field
Remote Identity Type
Remote Identity Data
IKE SA Parameters
Encryption Algorithm
Authentication Algorithm
Authentication Method
Pre-Shared Key
RSA Signature
Diffie-Hellman (DH) Group
SA Life Time
Virtual Private Networking
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual
Description
Use this field to identify the remote FVL328. You can choose one of the
following four options from the drop-down list:
• By its Internet (WAN) port IP address.
• By its Fully Qualified Domain Name (FQDN) – your domain name.
• By a Fully Qualified User Name – your name, E-mail address, or
other ID.
• By DER ASN.1 DN – the binary DER encoding of your ASN.1 X.500
Distinguished Name.
This field lets you identify the target remote FVL328 by name.
These parameters determine the properties of the IKE Security
Association.
Choose the encryption algorithm for this IKE policy:
• DES
• 3DES is more secure and is the default
If you enable Authentication Headers (AH), this menu lets you select from
these authentication algorithms:
• MD5 –- the default
• SHA-1 – more secure
You can select Pre-Shared Key or RSA Signature.
Specify the key according to the requirements of the Authentication
Algorithm you selected.
• For MD5, the key length should be 16 bytes.
• For SHA-1, the key length should be 20 bytes.
RSA Signature requires a certificate.
The Diffie-Hellman groups are MODP Oakley Groups 1 and 2. The DH
Group setting determines the size of the key used in the key exchange.
This must match the value used on the remote VPN gateway or client.
Select Group 1 (768 bit) or Group 2 (1024 bit).
The amount of time in seconds before the Security Association expires;
over an hour (3600) is common.
M-10144-01
6-5