Netgear FWG114Pv1 FWG114P Reference Manual - Page 114
Using Digital Certificates for IKE Auto-Policy Authentication, Certificate Revocation List (CRL)
View all Netgear FWG114Pv1 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 114 highlights
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Table 8-1. VPN Manual Policy Configuration Fields Field Description Key - Out Enter the key in the fields provided. • For MD5, the key should be 16 characters. • For SHA-1, the key should be 20 characters. Any value is acceptable, provided the remote VPN endpoint has the same value in its Authentication Algorithm "Key - In" field. NETBIOS Enable Check this if you wish NETBIOS traffic to be forwarded over the VPN tunnel. The NETBIOS protocol is used by Microsoft Networking for such features as Network Neighborhood. Using Digital Certificates for IKE Auto-Policy Authentication Digital certificates are strings generated using encryption and authentication schemes which cannot be duplicated by anyone without access to the different values used in the production of the string. They are issued by Certification Authorities (CAs) to authenticate a person or a workstation uniquely. The CAs are authorized to issue these certificates by Policy Certification Authorities (PCAs), who are in turn certified by the Internet Policy Registration Authority (IPRA). The FWG114P is able to use certificates to authenticate users at the end points during the IKE key exchange process. The certificates can be obtained from a certificate server an organization might maintain internally or from the established public CAs. The certificates are produced by providing the particulars of the user being identified to the CA. The information provided may include the user's name, e-mail ID, domain name, and so on. Each CA has its own certificate. The certificates of a CA are added to the FWG114P and can then be used to form IKE policies for the user. Once a CA certificate is added to the FWG114P and a certificate is created for a user, the corresponding IKE policy is added to the FWG114P. Whenever the user tries to send traffic through the FWG114P, the certificates are used in place of pre-shared keys during initial key exchange as the authentication and key generation mechanism. Once the keys are established and the tunnel is set up the connection proceeds according to the VPN policy. Certificate Revocation List (CRL) Each Certification Authority (CA) maintains a list of the revoked certificates. The list of these revoked certificates is known as the Certificate Revocation List (CRL). 8-14 March 2004, 202-10027-01 Virtual Private Networking