Home » Netgear Manuals » Bridges & Routers » Netgear FVS318 » Manual Viewer

Netgear FVS318 FVS318 Reference Manual - Page 74

using DES with three different, unrelated keys. - replacement

UPC - 606449023381

Add to My Manuals
Save this manual to your list of manuals

Page 74 highlights

Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall • Will the local end be any device on the LAN, a portion of the local network (as defined by a subnet or by a range of IP addresses), or a single PC? • Will the remote end be any device on the remote LAN, a portion of the remote network (as defined by a subnet or by a range of IP addresses), or a single PC? • At least one side must have a fixed IP address or you must be using a dynamic DNS service for FQDN configurations. Otherwise, if one side has a dynamic IP address, the side with a dynamic IP address must always be the initiator of the connection. • Will you use the typical automated Internet Key Exchange (IKE) setup, or a Manual Keying setup in which you must specify each phase of the connection? • For the WAN connection, what level of IPSec VPN encryption will you use? - DES - The Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting these values using a 56 bit key. Faster but less secure than 3DES or AES. - 3DES - (Triple DES) achieves a higher level of security by encrypting the data three times using DES with three different, unrelated keys. - AES - 128, - 192, or - 256. Most secure. Advanced Encryption Standard, a symmetric 128-bit block data encryption technique. The the key length can be specified to 128, 192 or 256 bits.The U.S government adopted the algorithm as its encryption technique in October 2000, replacing the DES encryption it used. AES works at multiple network layers simultaneously. 6-10 M-10146-01 Virtual Private Networking

Section	Page
Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall	1
Contents	5
Chapter 1 About This Manual	13
Audience	13
Scope	13
Typographical Conventions	14
Special Message Formats	14
How to Use the HTML Version of this Manual	15
How to Print this Manual	16
Chapter 2 Introduction	17
About the FVS318	17
Key Features	17
Virtual Private Networking (VPN)	17
A Powerful, True Firewall	18
Content Filtering	18
Configurable Auto Uplink™ Ethernet Connection	18
Protocol Support	19
Easy Installation and Management	20
What’s in the Box?	21
The Firewall’s Front Panel	21
The Firewall’s Rear Panel	22
Chapter 3 Connecting the Firewall to the Internet	23
What You Will Need Before You Begin	23
LAN Hardware Requirements	23
Computer Requirements	23
Cable or DSL Modem Requirement	23
LAN Configuration Requirements	24
Internet Configuration Requirements	24
Where Do I Get the Internet Configuration Parameters?	24
Worksheet for Recording Your Internet Connection Information	25
How to Connect the FVS318 VPN Firewall	26
Wizard-Detected PPPoE Option	31
Wizard-Detected Dynamic IP Option	32
Wizard-Detected Fixed IP (Static) Option	33
Testing Your Internet Connection	34
How to Manually Configure Your Internet Connection	35
Chapter 4 Protecting Your Network	39
Protecting Access to Your FVS318 VPN Firewall	39
How to Change the Built-In Password	39
How to Change the Administrator Login Timeout	40
Using Basic Firewall Services	40
How to Block Keywords and Sites	41
How to Block or Allow Services	43
How to Add to the List of Services	45
Setting Times and Scheduling Firewall Services	48
How to Set Your Time Zone	48
How to Schedule Firewall Services	49
Chapter 5 Advanced WAN and LAN Configuration	51
Configuring Advanced WAN Settings	51
Setting Up A Default DMZ Server	51
Enabling Access to Local Servers Through a FVS318	52
How to Configure Port Forwarding to Local Servers	52
Respond to Ping on Internet WAN Port	53
How to Support Internet Services, Applications, or Games	53
How to Clear a Port Assignment	54
Local Web and FTP Server Example	54
How to Set Up Computers for Half Life, KALI or Quake III	54
Working with LAN IP Settings	55
What Does UPnP Support Do for Me?	55
How to Enable UPnP	56
Understanding LAN TCP/IP Setup Parameters	57
Setting the MTU Size	58
Using the Router as a DHCP Server	58
How to Specify Reserved IP Addresses	59
How to Configure LAN TCP/IP Settings	60
How to Configure Dynamic DNS	61
Using Static Routes	62
Static Route Example	62
How to Configure Static Routes	63
Chapter 6 Virtual Private Networking	65
Overview of VPN Configuration	65
Understanding How FVS318 VPN Tunnels Are Configured	66
Configuring VPN Network Connection Parameters	67
Configuring a SA Using IKE Main Mode	69
Configuring a SA Using IKE Aggressive Mode	70
Configuring a SA Using Manual Key Management	71
Planning a VPN	73
How to Configure a Network to Network VPN Tunnel	75
How to Configure a Remote PC to Network VPN	80
Monitoring the PC VPN Connection Using SafeNet Tools	90
How to Configure Manual Keys as an Alternative to IKE	92
How to Delete a Security Association	94
Blank VPN Tunnel Configuration Worksheets	95
Chapter 7 Managing Your Network	97
Network Management Information	97
Viewing Router Status and Usage Statistics	97
Viewing Attached Devices	100
Viewing, Selecting, and Saving Logged Information	101
Selecting What Information to Log	102
Saving Log Files on a Server	103
Examples of log messages	103
Activation and Administration	103
Dropped Packets	103
Enabling Security Event E-mail Notification	104
Backing Up, Restoring, or Erasing Your Settings	105
How to Back Up the Configuration to a File	105
How to Restore a Configuration from a File	106
How to Erase the Configuration	107
Running Diagnostic Utilities and Rebooting the Router	107
How to Enable Remote Management	108
How to Upgrade the Router’s Firmware	109
Chapter 8 Troubleshooting	111
Basic Functions	111
Power LED Not On	112
Test LED Never Turns On or Test LED Stays On	112
Local or Internet Port Link LEDs Not On	112
Troubleshooting the Web Configuration Interface	113
Troubleshooting the ISP Connection	114
Troubleshooting a TCP/IP Network Using a Ping Utility	115
Testing the LAN Path to Your Firewall	116
Testing the Path from Your PC to a Remote Device	116
Restoring the Default Configuration and Password	117
Problems with Date and Time	118
Appendix A Technical Specifications	119
Technical Specifications	119
Appendix B Networks, Routing, and Firewall Basics	121
Related Publications	121
Basic Router Concepts	121
What is a Router?	121
Routing Information Protocol	122
IP Addresses and the Internet	122
Netmask	124
Subnet Addressing	124
Private IP Addresses	127
Single IP Address Operation Using NAT	128
MAC Addresses and Address Resolution Protocol	129
Related Documents	129
Domain Name Server	129
IP Configuration by DHCP	130
Internet Security and Firewalls	130
What is a Firewall?	131
Stateful Packet Inspection	131
Denial of Service Attack	131
Ethernet Cabling	131
Category 5 Cable Quality	132
Inside Twisted Pair Cables	133
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	134
Appendix C Preparing Your Network	137
Preparing Your Computers for TCP/IP Networking	137
Configuring Windows 95, 98, and Me for TCP/IP Networking	138
Install or Verify Windows Networking Components	138
Enabling DHCP to Automatically Configure TCP/IP Settings	140
Selecting Windows’ Internet Access Method	142
Verifying TCP/IP Properties	142
Configuring Windows NT4, 2000 or XP for IP Networking	143
Install or Verify Windows Networking Components	143
DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4	144
DHCP Configuration of TCP/IP in Windows XP	144
DHCP Configuration of TCP/IP in Windows 2000	146
DHCP Configuration of TCP/IP in Windows NT4	149
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	150
Configuring the Macintosh for TCP/IP Networking	151
MacOS 8.6 or 9.x	151
MacOS X	152
Verifying TCP/IP Properties for Macintosh Computers	153
Verifying the Readiness of Your Internet Account	154
Are Login Protocols Used?	154
What Is Your Configuration Information?	154
Obtaining ISP Configuration Information for Windows Computers	155
Obtaining ISP Configuration Information for Macintosh Computers	156
Restarting the Network	157
Appendix D Virtual Private Networking	159
What is a VPN?	159
What Is IPSec and How Does It Work?	160
IPSec Security Features	160
IPSec Components	160
Encapsulating Security Payload (ESP)	161
Authentication Header (AH)	162
IKE Security Association	162
Mode	163
Key Management	164
Understand the Process Before You Begin	164
VPN Process Overview	165
Network Interfaces and Addresses	165
Interface Addressing	165
Firewalls	166
Setting Up a VPN Tunnel Between Gateways	166
VPNC IKE Security Parameters	168
VPNC IKE Phase I Parameters	168
VPNC IKE Phase II Parameters	169
Testing and Troubleshooting	169
Additional Reading	169
Appendix E NETGEAR VPN Configuration of FVS318 or FVM318 to FVL328	171
Configuration Profile	171
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	172
Step-By-Step Configuration of FVL328 Gateway B	175
Test the VPN Connection	179
Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to Cisco IOS	181
Configuration Profile	181
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	182
Step-By-Step Configuration of Cisco IOS Gateway B	185
Test the VPN Connection	188
Appendix G NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328	191
Configuration Profile	191
The Use of a Fully Qualified Domain Name (FQDN)	192
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	193
Step-By-Step Configuration of FVL328 Gateway B	197
Test the VPN Connection	202
Glossary	203
Numeric	203
A	203
B	204
C	205
D	206
E	207
F	207
G	208
H	208
I	208
L	210
M	210
N	211
O	212
P	212
Q	214
R	214
S	214
T	215
U	215
V	216
W	216

Match case Limit results 1 per page

Reference Manual for the Model FVS318 Broadband

ProSafe VPN Firewall

6-10

Virtual Private Networking

M-10146-01

•

Will the local end be any device on the LAN, a portion of the local network (as defined by a

subnet or by a range of IP addresses), or a single PC?

•

Will the remote end be any device on the remote LAN, a portion of the remote network (as

defined by a subnet or by a range of IP addresses), or a single PC?

•

At least one side must have a fixed IP address or you must be using a dynamic DNS service for

FQDN configurations. Otherwise, if one side has a dynamic IP address, the side with a

dynamic IP address must always be the initiator of the connection.

•

Will you use the typical automated Internet Key Exchange (IKE) setup, or a Manual Keying

setup in which you must specify each phase of the connection?

•

For the WAN connection, what level of IPSec VPN encryption will you use?

—

DES - The Data Encryption Standard (DES) processes input data that is 64 bits wide,

encrypting these values using a 56 bit key. Faster but less secure than 3DES or AES.

—

3DES - (Triple DES) achieves a higher level of security by encrypting the data three times

using DES with three different, unrelated keys.

—

AES - 128, - 192, or - 256. Most secure. Advanced Encryption Standard, a symmetric

128-bit block data encryption technique. The the key length can be specified to 128, 192

or 256 bits.The U.S government adopted the algorithm as its encryption technique in

October 2000, replacing the DES encryption it used. AES works at multiple network

layers simultaneously.