Fvm318 Vpn Configuration Planning - NETGEAR FVM318 Reference Manual

Cable/dsl prosafe wireless vpn security firewall

Hide thumbs Also See for FVM318:

Quick installation manual (2 pages)

Specifications (2 pages)

Reference manual (82 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

Table of Contents

Reference Manual for the Model FVM318 Cable/DSL ProSafe Wireless VPN Security Firewall

FVM318 VPN Configuration Planning

When you set up a VPN, it is helpful to plan the network configuration and record the

configuration parameters on a worksheet. These topics are discussed below and a blank

worksheets are provided at the end of this chapter on

To set up a VPN connection, you must configure each endpoint with specific identification and

connection information describing the other endpoint. This set of configuration information

defines a security association (SA) between the two points. When planning your VPN, you must

make a few choices first:

•

Will the remote end be a network or a single PC?

•

At least one side must have a fixed IP address. If one side has a dynamic IP address, the side

with a dynamic IP address must always be the initiator of the connection.

•

Will you use the typical automated Internet Key Exchange (IKE) setup, or a Manual Keying

setup in which you must specify each phase of the connection? IKE is an automated method

for establishing an SA.

•

For the WAN connection, what level of IPSec VPN encryption will you use, 56 bit DES, 168

bit 3DES, AES (128, 192, or 256)? Longer keys are more secure but the throughput will be

slower if the other endpoint encrypts via software rather than the hardware-based encryption

in the FVM318 firewall.

— DES - The Data Encryption Standard (DES) processes input data that is 64 bits wide,

encrypting these values using a 56 bit key. Faster but less secure than 3DES or AES.

— 3DES - (Triple DES) achieves a higher level of security by encrypting the data three times

using DES with three different, unrelated keys.

— AES - 128, - 192, or - 256. Most secure. Advanced Encryption Standard, a symmetric

128-bit block data encryption technique. It is an iterated block cipher with a variable block

length and a variable key length. The block length and the key length can be

independently specified to 128, 192 or 256 bits.The U.S government adopted the

algorithm as its encryption technique in October 2000, replacing the DES encryption it

used. AES works at multiple network layers simultaneously.

•

For the wireless LAN connection, what level of IPSec VPN encryption will you use, 56 bit

DES, 168 bit 3DES, AES (128, 192, or 256)? Longer keys are more secure but the throughput

will be slower if the other endpoint encrypts via software rather than the hardware-based

encryption in the FVM318 firewall. For instructions on configuring wireless VPN

connections, please see

Virtual Private Networking

"Configuring IPSec Wireless Connections" on page

page

5-22.

3-12.

5-3

Table of Contents

Chapters

Table of Contents

Fvm318 Vpn Configuration Planning - NETGEAR FVM318 Reference Manual

FVM318 VPN Configuration Planning

Chapters

Troubleshooting

Related Manuals for NETGEAR FVM318

Related Content for NETGEAR FVM318

Table of Contents