Netgear SRX5308 SRX5308 Reference Manual - Page 187
Table 5-15. Add Mode Config Record Settings continued
UPC - 606449065145
View all Netgear SRX5308 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 187 highlights
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 5-15. Add Mode Config Record Settings (continued) Item Description (or Subfield and Description) First Pool Second Pool Third Pool WINS Server DNS Server Assign at least one range of IP pool addresses in the First Pool fields to enable the VPN firewall to allocate these to remote VPN clients. The Second Pool and Third Pool fields are optional To specify any client pool, enter the starting IP address for the pool in the Starting IP field and enter the ending IP address for the pool in the Ending IP field. Note: No IP pool should be within the local network IP addresses. Use a different range of private IP addresses such as 172.173.xxx.xx. If there is a WINS server on the local network, enter its IP address in the Primary field. You can enter the IP address of a second WINS server in the Secondary field. Enter the IP address of the DNS server that is used by remote VPN clients in the Primary field. You can enter the IP address of a second DNS server in the Secondary field. Traffic Tunnel Security Level Note: Generally, the default settings work well for a Mode Config configuration. PFS Key Group Select this check box to enable Perfect Forward Secrecy (PFS), and then select a Diffie-Hellman (DH) group from the drop-down list. The DH Group sets the strength of the algorithm in bits. The higher the group, the more secure the exchange. From the drop-down list, select one of the following three strengths: • Group 1 (768 bit). • Group 2 (1024 bit). This is the default setting. • Group 5 (1536 bit). SA Lifetime The lifetime of the security association (SA) is the period or the amount of transmitted data after which the SA becomes invalid and must be renegotiated. From the drop-down list, select how the SA lifetime is specified: • Seconds. In the SA Lifetime field, enter a period in seconds. The minimum value is 300 seconds. The default value is 3600 seconds. • KBytes. In the SA Lifetime field, enter a number of kilobytes. The minimum value is 1920000 KB. Encryption Algorithm From the drop-down list, select one of the following five algorithms to negotiate the security association (SA): • DES. Data Encryption Standard (DES). • 3DES. Triple DES. This is the default algorithm. • AES-128. Advanced Encryption Standard (AES) with a 128-bits key size. • AES-192. AES with a 192-bits key size. • AES-256. AES with a 256-bits key size. Virtual Private Networking Using IPsec Connections v1.0, April 2010 5-45