Table 56. Add Mode Config Record screen settings (continued)
Setting
Traffic Tunnel Security Level
Note:
Generally, the default settings work well for a Mode Config configuration.
PFS Key Group
SA Lifetime
Encryption Algorithm
Integrity Algorithm
Local IP Address
Local Subnet Mask
5.
Click the Apply button.
Your changes are saved.
Continue the Mode Config configuration procedure by configuring an IKE policy.
6.
Select VPN > IPSec VPN.
The IPSec VPN submenu tabs display with the IKE Policies screen in view.
Virtual Private Networking Using IPSec and L2TP Connections
NETGEAR ProSAFE VPN Firewall FVS318G v2
Description
Select this check box to enable Perfect Forward Secrecy (PFS), and select a
Diffie-Hellman (DH) group from the list. The DH group sets the strength of the
algorithm in bits. The higher the group, the more secure the exchange. From the
list, select the strength:
•
Group 1 (768 bit)
•
Group 2 (1024 bit). This is the default setting.
•
Group 5 (1536 bit)
The lifetime of the security association (SA) is the period or the amount of
transmitted data after which the SA becomes invalid and must be renegotiated.
From the list, select how the SA lifetime is specified:
•
Seconds. In the SA Lifetime field, enter a period in seconds. The minimum
value is 300 seconds. The default setting is 3600 seconds.
•
KBytes. In the SA Lifetime field, enter a number of kilobytes. The minimum
value is 1920000 KB.
From the list, select the algorithm to negotiate the security association (SA):
•
None. No encryption.
•
DES. Data Encryption Standard (DES).
•
3DES. Triple DES. This is the default algorithm.
•
AES-128. Advanced Encryption Standard (AES) with a 128-bit key size.
•
AES-192. AES with a 192-bit key size.
•
AES-256. AES with a 256-bit key size.
From the list, select the algorithm to be used in the VPN header for the
authentication process:
•
SHA-1. Hash algorithm that produces a 160-bit digest. This is the default
setting.
•
MD5. Hash algorithm that produces a 128-bit digest.
The local IP address that remote VPN clients can access. If you do not specify a
local IP address, the VPN firewall's default LAN IP address is used (by default,
192.168.1.1).
The local subnet mask. Typically, this is 255.255.255.0.
Note:
If you do not specify a local IP address, you do not need to specify a subnet
either.
264