Netgear SRXN3205 SRXN3205 Reference Manual - Page 121
Apply, IKE Policies, List of IKE Policies, Add IKE Policy, Mode Config, View selected, General
UPC - 606449057461
View all Netgear SRXN3205 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 121 highlights
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual 10. Specify the Local IP Subnet to which the remote client will have access. Typically, this is your firewall's LAN subnet, such as 192.168.2.1/255.255.255.0. (If not specified, it will default to the LAN subnet of the firewall.) 11. Specify the VPN policy settings. These settings must match the configuration of the remote VPN client. Recommended settings are: • SA Lifetime: 3600 seconds • Encryption Algorithm: 3DES • Authentication Algorithm: SHA-1 12. Click Apply. The new record should appear in the VPN > Mode Config Table. Next, you must configure an IKE Policy: 1. On the main menu, click VPN. The IKE Policies screen is displayed showing the current policies in the List of IKE Policies Table. (See Figure 6-3 on page 6-5.) 2. Click Add to configure a new IKE Policy. The Add IKE Policy screen displays. 3. Enable Mode Config by checking the Yes radio box and selecting the Mode Config record you just created from the pull-down menu. (You can view the parameters of the selected record by clicking the View selected radio box.) Mode Config works only in Aggressive Mode, and Aggressive Mode requires that both ends of the tunnel be defined by an FQDN. 4. In the General section: a. Enter a descriptive name in the Policy Name Field such as "salesperson". This name will be used as part of the remote identifier in the VPN client configuration. b. Set Direction/Type to Responder. c. The Exchange Mode will automatically be set to Aggressive. 5. For Local information: a. Select Fully Qualified Domain Name for the Local Identity Type. b. Enter an identifier in the Remote Identity Data field that is not used by any other IKE policies. This identifier will be used as part of the local identifier in the VPN client configuration. 6. Specify the IKE SA parameters. These settings must be matched in the configuration of the remote VPN client. Recommended settings are: • Encryption Algorithm: 3DES Virtual Private Networking Using IPsec v1.0, October 2008 6-19