Netgear SRX5308 Client-to-Box VPN using Certificate Authentication
Netgear SRX5308 - ProSafe® Quad WAN Gigabit SSL VPN Firewall Manual
UPC - 606449065145
View all Netgear SRX5308 manuals
Add to My Manuals
Save this manual to your list of manuals |
Netgear SRX5308 manual content summary:
- Netgear SRX5308 | Client-to-Box VPN using Certificate Authentication - Page 1
Using certificates as authentication method for VPN connections between Netgear ProSafe Routers and the ProSafe VPN Client This document describes how to use certificates as an authentication method when establishing a VPN Client-to-Box connection. Version 2.0 - Netgear SRX5308 | Client-to-Box VPN using Certificate Authentication - Page 2
deployment you are not using an external CA (Certificate Authority) you will need to create your own CA downloaded from the following link: http://www.slproweb.com/products/Win32OpenSSL.html 2- Additionally you will need to install the Perl interpreter. We used ActivePerl which can be downloaded - Netgear SRX5308 | Client-to-Box VPN using Certificate Authentication - Page 3
.ca.html 2- Netgear doesn't support ST relative distinguish name so please edit the openssl.cfg (in the original location and in your new CA folder) to avoid using this parameter. 3- From the guide linked above, you need only to execute all the commands up to step 4. The certificate request step and - Netgear SRX5308 | Client-to-Box VPN using Certificate Authentication - Page 4
self certificate request (router), cacert.crt - CA certification, cakey.pem - CA keys, router1.crt - signed certificate (router). 7- Load CA certificate: "cacert.crt" and your signed certificate: "router1.crt" on your device. They now should display like this: 8- Reboot your router. Version - Netgear SRX5308 | Client-to-Box VPN using Certificate Authentication - Page 5
using Certificate Manager which is built-in functionality of Netgear's ProSafe VPN Client following these steps: First, click on Request Certificate. Then, click on 'Yes' when you get the filebased request prompt. For last, input the settings like instructed in the screenshot. Note: Do not change - Netgear SRX5308 | Client-to-Box VPN using Certificate Authentication - Page 6
crt - CA certification, cakey.pem - CA keys, client1.crt - signed certificate (client). 12- Install CA certificate: "cacert.crt" in your system. If you are using Microsoft Windows just select: "Install" from files' context menu. 13- Load your signed certificate using the Certificate Manager: Version - Netgear SRX5308 | Client-to-Box VPN using Certificate Authentication - Page 7
14- Create a new VPN connection according to these steps: First, input your own details in the same way that is instructed here and click on Edit Name. Verify your settings are input correctly in this screen and click on OK. Select the correct certificate, leave the ID Type as Distinguished Name. - Netgear SRX5308 | Client-to-Box VPN using Certificate Authentication - Page 8
In the Security Policy section, verify your settings match those in this screenshot. For the "Proposal 1" of the Authentication phase (Phase 1), the Authentication Method should be RSA Signatures. The Key Exchange Proposal should be correct by default, but check it to make sure it matches the - Netgear SRX5308 | Client-to-Box VPN using Certificate Authentication - Page 9
the VPN Policy, leaving the IKE policy. 3. Create new record for Mode Config in the following way: Note: IP address ranges defined in: First, Second and Third Pool should be different then router's own LAN IP address range. 4. Modify your IKE Policy according to the following settings: Version
Version 2.0
Using certificates as authentication method for VPN connections between
Netgear ProSafe Routers and the ProSafe VPN Client
This document describes how to use certificates as an authentication method when establishing a
VPN Client-to-Box connection.