User's Manual
Table Of Contents
- Reference Manual for the NETGEAR ProSafe VPN Client
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Installation
- Chapter 4 Configuring L2TP Connections
- Chapter 5 Using the Security Policy Editor
- What is the Security Policy Editor?
- Basic Steps to Configure a Security Policy
- How to Secure All Connections
- How to Configure Global Policy Settings
- How to Configure Other Connections
- How to Add and Configure a Connection
- How to Enter a Preshared Key
- How to Configure a Gateway
- Configure My Identity
- Configure Security Policy Connection Options
- Configure Authentication (Phase 1)
- Configure Key Exchange (Phase 2)
- Edit a Distinguished Name
- Configure and Manage Connections
- Manage Proposals
- Manage Redundant Gateways
- Manage the Security Policy
- Chapter 6 Using the Certificate Manager
- What is the Certificate Manager?
- Obtain Certificates
- With Online (SCEP) Enrollment
- CAs that Support SCEP
- Retrieve a CA Certificate Online
- Configure a CA Certificate
- Use an HTTP Proxy Server for Online Certificate Requests and CRL Updates
- Import a CA Certificate
- Select a CSP
- Request a Personal Certificate
- Define How Often to Check for and Retrieve New Personal Certificates
- Retrieve a Personal Certificate Manually
- Manage Certificate Requests
- With Manual (File-Based) Enrollment
- Obtain Certificates Through Internet Explorer
- With Online (SCEP) Enrollment
- Manage Certificates
- Manage Certificate Revocation Lists (CRLs)
- Manage the Trust Policy
- Chapter 7 Using Sessions
- Chapter 8 Distributing Customized Profiles
- Chapter 9 Troubleshooting
- Appendix A Networks, Routing, and Firewall Basics
- Appendix B Virtual Private Networking
- Appendix C NETGEAR ProSafe VPN Client to NETGEAR FVS318 or FVM318 VPN Routers
- Appendix D NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
- Glossary
- Index
Reference Manual for the NETGEAR ProSafe VPN Client
5-12 Using the Security Policy Editor
202-10015-01
Configure Security Policy Connection Options
Before you configure the options for Security Policy in a connection, take these steps:
• Make sure that the connection is secure: In the Connection Security group, click Secure .
• Configure My Identity for this connection.
The Phase 1 negotiation mode selected for Security Policy determines how the security association
(SA) is established for each connection through IKE negotiations.
1. In the Security Policy Editor, in the Network Security Policy list, expand the specific secure
connection .
2. Expand Security Policy.
3. In the Select Phase 1 Negotiation Mode group, click an option:
• Main Mode ensures the highest level of security when the communicating parties are
negotiating authentication (Phase 1).
• Aggressive Mode is quicker than Main Mode, because it eliminates several steps when
the communicating parties are negotiating authentication (Phase 1).
• Use Manual Keys requires no negotiations; SafeNet recommends using this for
troubleshooting only.
4. To activate the perfect forward secrecy (PFS) feature, which requires exchanging independent
keying material each time Key Exchange keys are generated, select the Enable Perfect
Forward Secrecy (PFS) check box.
5. If you selected the Enable Perfect Forward Secrecy (PFS) check box, in the PFS Key
Group list, click a Diffie-Hellman Group 1, 2, or 5.
6. To set a counter that determines if a packet is unique, select the Enable Replay Detection
check box.
7. Click Save.
The Phase 1 Negotiation Mode you selected determines your next step:
• If you selected Main Mode or Aggressive Mode, configure Authentication (Phase 1).
• If you selected Use Manual Keys, configure Key Exchange (Phase 2).