Home » Netgear Manuals » Network Security & Firewall Devices » Netgear FVS318N » Manual Viewer

Netgear FVS318N FVS318 Reference Manual - Page 71

Configuring a SA Using Manual Key Management, Table 6-1. - throughput

Add to My Manuals
Save this manual to your list of manuals

Page 71 highlights

Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall The Security Association IKE Aggressive Mode fields are defined in the following table. Table 6-1. Security Association Aggressive Mode Configuration Fields Field Description Secure Association Choose Aggressive Mode key exchange mode for this VPN tunnel: • IKE Main Mode -- the default. • IKE Aggressive Mode -- faster but less secure. • Manual Keys -- more control but more complex. Perfect Forward Secrecy Perfect Forward Secrecy (PFS) provides additional security by means of a shared secret value. With PFS, if one key is compromised, previous and subsequent keys are secure because they are not derived from previous keys. Encryption Protocol Longer keys are more secure but the throughput could be slower. • Null - Fastest but no security. • DES - The Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting these values using a 56 bit key. Faster but less secure than 3DES or AES. • 3DES - (Triple DES) achieves a higher level of security by encrypting the data three times using DES with three different, unrelated keys. • AES - 128, - 192, or - 256. Most secure. Advanced Encryption Standard is a symmetric 128-bit block data encryption technique. Key Group This setting determines the Diffie-Hellman group bit size used in the key exchange. This must match the value used on the remote gateway. Pre-Shared Key Specify the key. Any value is acceptable, provided the remote VPN endpoint has the same value in its Pre-Shared Key field. Key Life IKE Life Time The default is 3600 seconds (one hour). At the end of this time, the connection will drop, the security association will be re-established, and the connection will be reactivated. The default is 28800 seconds (eight hours). NETBIOS Enable If you need to run Microsoft networking functions such as Network Neighborhood, click the NETBIOS Enable check box. Configuring a SA Using Manual Key Management Click the VPN Settings link of the Setup section of the main menu, and then click the radio button of a VPN tunnel, and then click the Edit button and choose Aggressive Mode from the Security Association drop-down list to display the Manual Keys menu shown in Figure 6-5. Virtual Private Networking 6-7 M-10146-01

Section	Page
Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall	1
Contents	5
Chapter 1 About This Manual	13
Audience	13
Scope	13
Typographical Conventions	14
Special Message Formats	14
How to Use the HTML Version of this Manual	15
How to Print this Manual	16
Chapter 2 Introduction	17
About the FVS318	17
Key Features	17
Virtual Private Networking (VPN)	17
A Powerful, True Firewall	18
Content Filtering	18
Configurable Auto Uplink™ Ethernet Connection	18
Protocol Support	19
Easy Installation and Management	20
What’s in the Box?	21
The Firewall’s Front Panel	21
The Firewall’s Rear Panel	22
Chapter 3 Connecting the Firewall to the Internet	23
What You Will Need Before You Begin	23
LAN Hardware Requirements	23
Computer Requirements	23
Cable or DSL Modem Requirement	23
LAN Configuration Requirements	24
Internet Configuration Requirements	24
Where Do I Get the Internet Configuration Parameters?	24
Worksheet for Recording Your Internet Connection Information	25
How to Connect the FVS318 VPN Firewall	26
Wizard-Detected PPPoE Option	31
Wizard-Detected Dynamic IP Option	32
Wizard-Detected Fixed IP (Static) Option	33
Testing Your Internet Connection	34
How to Manually Configure Your Internet Connection	35
Chapter 4 Protecting Your Network	39
Protecting Access to Your FVS318 VPN Firewall	39
How to Change the Built-In Password	39
How to Change the Administrator Login Timeout	40
Using Basic Firewall Services	40
How to Block Keywords and Sites	41
How to Block or Allow Services	43
How to Add to the List of Services	45
Setting Times and Scheduling Firewall Services	48
How to Set Your Time Zone	48
How to Schedule Firewall Services	49
Chapter 5 Advanced WAN and LAN Configuration	51
Configuring Advanced WAN Settings	51
Setting Up A Default DMZ Server	51
Enabling Access to Local Servers Through a FVS318	52
How to Configure Port Forwarding to Local Servers	52
Respond to Ping on Internet WAN Port	53
How to Support Internet Services, Applications, or Games	53
How to Clear a Port Assignment	54
Local Web and FTP Server Example	54
How to Set Up Computers for Half Life, KALI or Quake III	54
Working with LAN IP Settings	55
What Does UPnP Support Do for Me?	55
How to Enable UPnP	56
Understanding LAN TCP/IP Setup Parameters	57
Setting the MTU Size	58
Using the Router as a DHCP Server	58
How to Specify Reserved IP Addresses	59
How to Configure LAN TCP/IP Settings	60
How to Configure Dynamic DNS	61
Using Static Routes	62
Static Route Example	62
How to Configure Static Routes	63
Chapter 6 Virtual Private Networking	65
Overview of VPN Configuration	65
Understanding How FVS318 VPN Tunnels Are Configured	66
Configuring VPN Network Connection Parameters	67
Configuring a SA Using IKE Main Mode	69
Configuring a SA Using IKE Aggressive Mode	70
Configuring a SA Using Manual Key Management	71
Planning a VPN	73
How to Configure a Network to Network VPN Tunnel	75
How to Configure a Remote PC to Network VPN	80
Monitoring the PC VPN Connection Using SafeNet Tools	90
How to Configure Manual Keys as an Alternative to IKE	92
How to Delete a Security Association	94
Blank VPN Tunnel Configuration Worksheets	95
Chapter 7 Managing Your Network	97
Network Management Information	97
Viewing Router Status and Usage Statistics	97
Viewing Attached Devices	100
Viewing, Selecting, and Saving Logged Information	101
Selecting What Information to Log	102
Saving Log Files on a Server	103
Examples of log messages	103
Activation and Administration	103
Dropped Packets	103
Enabling Security Event E-mail Notification	104
Backing Up, Restoring, or Erasing Your Settings	105
How to Back Up the Configuration to a File	105
How to Restore a Configuration from a File	106
How to Erase the Configuration	107
Running Diagnostic Utilities and Rebooting the Router	107
How to Enable Remote Management	108
How to Upgrade the Router’s Firmware	109
Chapter 8 Troubleshooting	111
Basic Functions	111
Power LED Not On	112
Test LED Never Turns On or Test LED Stays On	112
Local or Internet Port Link LEDs Not On	112
Troubleshooting the Web Configuration Interface	113
Troubleshooting the ISP Connection	114
Troubleshooting a TCP/IP Network Using a Ping Utility	115
Testing the LAN Path to Your Firewall	116
Testing the Path from Your PC to a Remote Device	116
Restoring the Default Configuration and Password	117
Problems with Date and Time	118
Appendix A Technical Specifications	119
Technical Specifications	119
Appendix B Networks, Routing, and Firewall Basics	121
Related Publications	121
Basic Router Concepts	121
What is a Router?	121
Routing Information Protocol	122
IP Addresses and the Internet	122
Netmask	124
Subnet Addressing	124
Private IP Addresses	127
Single IP Address Operation Using NAT	128
MAC Addresses and Address Resolution Protocol	129
Related Documents	129
Domain Name Server	129
IP Configuration by DHCP	130
Internet Security and Firewalls	130
What is a Firewall?	131
Stateful Packet Inspection	131
Denial of Service Attack	131
Ethernet Cabling	131
Category 5 Cable Quality	132
Inside Twisted Pair Cables	133
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	134
Appendix C Preparing Your Network	137
Preparing Your Computers for TCP/IP Networking	137
Configuring Windows 95, 98, and Me for TCP/IP Networking	138
Install or Verify Windows Networking Components	138
Enabling DHCP to Automatically Configure TCP/IP Settings	140
Selecting Windows’ Internet Access Method	142
Verifying TCP/IP Properties	142
Configuring Windows NT4, 2000 or XP for IP Networking	143
Install or Verify Windows Networking Components	143
DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4	144
DHCP Configuration of TCP/IP in Windows XP	144
DHCP Configuration of TCP/IP in Windows 2000	146
DHCP Configuration of TCP/IP in Windows NT4	149
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	150
Configuring the Macintosh for TCP/IP Networking	151
MacOS 8.6 or 9.x	151
MacOS X	152
Verifying TCP/IP Properties for Macintosh Computers	153
Verifying the Readiness of Your Internet Account	154
Are Login Protocols Used?	154
What Is Your Configuration Information?	154
Obtaining ISP Configuration Information for Windows Computers	155
Obtaining ISP Configuration Information for Macintosh Computers	156
Restarting the Network	157
Appendix D Virtual Private Networking	159
What is a VPN?	159
What Is IPSec and How Does It Work?	160
IPSec Security Features	160
IPSec Components	160
Encapsulating Security Payload (ESP)	161
Authentication Header (AH)	162
IKE Security Association	162
Mode	163
Key Management	164
Understand the Process Before You Begin	164
VPN Process Overview	165
Network Interfaces and Addresses	165
Interface Addressing	165
Firewalls	166
Setting Up a VPN Tunnel Between Gateways	166
VPNC IKE Security Parameters	168
VPNC IKE Phase I Parameters	168
VPNC IKE Phase II Parameters	169
Testing and Troubleshooting	169
Additional Reading	169
Appendix E NETGEAR VPN Configuration of FVS318 or FVM318 to FVL328	171
Configuration Profile	171
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	172
Step-By-Step Configuration of FVL328 Gateway B	175
Test the VPN Connection	179
Appendix F NETGEAR VPN Configuration FVS318 or FVM318 to Cisco IOS	181
Configuration Profile	181
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	182
Step-By-Step Configuration of Cisco IOS Gateway B	185
Test the VPN Connection	188
Appendix G NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVL328	191
Configuration Profile	191
The Use of a Fully Qualified Domain Name (FQDN)	192
Step-By-Step Configuration of FVS318 or FVM318 Gateway A	193
Step-By-Step Configuration of FVL328 Gateway B	197
Test the VPN Connection	202
Glossary	203
Numeric	203
A	203
B	204
C	205
D	206
E	207
F	207
G	208
H	208
I	208
L	210
M	210
N	211
O	212
P	212
Q	214
R	214
S	214
T	215
U	215
V	216
W	216

Match case Limit results 1 per page

Reference Manual for the Model FVS318 Broadband

ProSafe VPN Firewall

Virtual Private Networking

6-7

M-10146-01

The Security Association IKE Aggressive Mode fields are defined in the following table.

Configuring a SA Using Manual Key Management

Click the VPN Settings link of the Setup section of the main menu, and then click the radio button

of a VPN tunnel, and then click the Edit button and choose Aggressive Mode from the Security

Association drop-down list to display the Manual Keys menu shown in

Figure 6-5

Table 6-1.

Security Association Aggressive Mode Configuration Fields

Field

Description

Secure Association

Choose Aggressive Mode key exchange mode for this VPN tunnel:

•

IKE Main Mode -- the default.

•

IKE Aggressive Mode -- faster but less secure.

•

Manual Keys -- more control but more complex.

Perfect Forward Secrecy

Perfect Forward Secrecy (PFS) provides additional security by means of a

shared secret value. With PFS, if one key is compromised, previous and

subsequent keys are secure because they are not derived from previous keys.

Encryption Protocol

Longer keys are more secure but the throughput could be slower.

•

Null - Fastest but no security.

•

DES - The Data Encryption Standard (DES) processes input data that is 64

bits wide, encrypting these values using a 56 bit key. Faster but less secure

than 3DES or AES.

•

3DES - (Triple DES) achieves a higher level of security by encrypting the data

three times using DES with three different, unrelated keys.

•

AES - 128, - 192, or - 256. Most secure. Advanced Encryption Standard is a

symmetric 128-bit block data encryption technique.

Key Group

This setting determines the Diffie-Hellman group bit size used in the key

exchange. This must match the value used on the remote gateway.

Pre-Shared Key

Specify the key. Any value is acceptable, provided the remote VPN endpoint has

the same value in its Pre-Shared Key field.

Key Life

The default is 3600 seconds (one hour).

IKE Life Time

At the end of this time, the connection will drop, the security association will be

re-established, and the connection will be reactivated. The default is 28800

seconds (eight hours).

NETBIOS Enable

If you need to run Microsoft networking functions such as Network

Neighborhood, click the NETBIOS Enable check box.