NETGEAR FVS318N Reference Manual page 201

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
3. Complete the settings as explained in the following table:
Table 49. Add Mode Config Record screen settings
Setting
Client Pool
Record Name
First Pool
Second Pool
Third Pool
WINS Server
DNS Server
Traffic Tunnel Security Level
Note: Generally, the default settings work well for a Mode Config configuration.
PFS Key Group
SA Lifetime
Encryption Algorithm
Virtual Private Networking Using IPv4 IPSec and L2TP Connections
Description
A descriptive name of the Mode Config record for identification and management
purposes.
Assign at least one range of IP pool addresses in the First Pool fields to enable the
wireless VPN firewall to allocate these to remote VPN clients. The Second Pool and
Third Pool fields are optional. To specify any client pool, enter the starting IP
address for the pool in the Starting IP field, and enter the ending IP address for the
pool in the Ending IP field.
Note: No IP pool should be within the range of the local network IP addresses. Use
a different range of private IP addresses such as 172.16.xxx.xx.
If there is a WINS server on the local network, enter its IP address in the Primary
field. You can enter the IP address of a second WINS server in the Secondary field.
Enter the IP address of the DNS server that is used by remote VPN clients in the
Primary field. You can enter the IP address of a second DNS server in the
Secondary field.
Select this check box to enable Perfect Forward Secrecy (PFS), and then select a
Diffie-Hellman (DH) group from the drop-down list. The DH Group sets the strength
of the algorithm in bits. The higher the group, the more secure the exchange. From
the drop-down list, select one of the following three strengths:
• Group 1 (768 bit)
• Group 2 (1024 bit). This is the default setting.
• Group 5 (1536 bit)
The lifetime of the security association (SA) is the period or the amount of
transmitted data after which the SA becomes invalid and needs to be renegotiated.
From the drop-down list, select how the SA lifetime is specified:
• Seconds. In the SA Lifetime field, enter a period in seconds. The minimum value
is 300 seconds. The default setting is 3600 seconds.
• KBytes. In the SA Lifetime field, enter a number of kilobytes. The minimum value
is 1920000 KB.
From the drop-down list, select one of the following five algorithms to negotiate the
security association (SA):
• None. No encryption.
• DES. Data Encryption Standard (DES).
• 3DES. Triple DES. This is the default algorithm.
• AES-128. Advanced Encryption Standard (AES) with a 128-bit key size.
• AES-192. AES with a 192-bit key size.
• AES-256. AES with a 256-bit key size.
201