Netgear FVS318 FVS318v3 Reference Manual - Page 101
Using Digital Certificates for IKE Auto-Policy Authentication
UPC - 606449023381
View all Netgear FVS318 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 101 highlights
Reference Manual for the ProSafe VPN Firewall FVS318v3 Table 6-1. VPN Manual Policy Configuration Fields Field Enable Authentication Authentication Algorithm Key - In Key - Out NETBIOS Enable Description Use this check box to enable or disable ESP authentication for this VPN policy. If you enable authentication, then use this menu to select the algorithm: • MD5 - the default • SHA1 - more secure Enter the key. • For MD5, the key should be 16 characters. • For SHA-1, the key should be 20 characters. Any value is acceptable, provided the remote VPN endpoint has the same value in its Authentication Algorithm Key - Out field. Enter the key in the fields provided. • For MD5, the key should be 16 characters. • For SHA-1, the key should be 20 characters. Any value is acceptable, provided the remote VPN endpoint has the same value in its Authentication Algorithm Key - In field. Check this if you wish NETBIOS traffic to be forwarded over the VPN tunnel. The NETBIOS protocol is used by Microsoft Networking for such features as Network Neighborhood. Using Digital Certificates for IKE Auto-Policy Authentication Digital certificates are strings generated using encryption and authentication schemes that cannot be duplicated by anyone without access to the different values used in the production of the string. They are issued by Certification Authorities (CAs) to authenticate a person or a workstation uniquely. The CAs are authorized to issue these certificates by Policy Certification Authorities (PCAs), who are in turn certified by the Internet Policy Registration Authority (IPRA). The FVS318v3 is able to use certificates to authenticate users at the end points during the IKE key exchange process. The certificates can be obtained from a certificate server that an organization might maintain internally or from the established public CAs. The certificates are produced by providing the particulars of the user being identified to the CA. The information provided may include the user's name, e-mail ID, and domain name. Advanced Virtual Private Networking January 2005 6-13