Manualshelf

Quick Reference Guide

ManualsBrandsNETGEAR ManualsNetwork RouterFVS328
201202203204205206207208209210
Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual
H-4 NETGEAR VPN Client to NETGEAR the FVS328
May 2004, 202-10031-01
From the Local Identity drop-down box, select Fully Qualified Domain Name (the actual
WAN IP address of the FVS328 will also be used in the Connection ID Type fields of the
VPN Client as seen in “Security Policy Editor New Connection” on page H-8).
For this example we typed FVS328 in the Local Identity Data field.
From the Remote Identity drop-down box, select Fully Qualified Domain Name.
–Type VPNclient in the Remote Identity Data. This will also be entered in the VPN Client
My Identity ID Type fields, as seen in “My Identity” on page H-9.
From the Encryption Algorithm drop-down box, select 3DES. This will also be selected in
the VPN Client Security Policy Authentication Phase 1 Proposal 1 Encrypt Alg field, as
seen in “Connection Security Policy Authentication (Phase 1)” on page H-11.
From the Authentication Algorithm drop-down box, select SHA-1.This will also be
selected in the VPN Client Security Policy Authentication Phase 1 Proposal 1 Hash Alg
field, as seen in “Connection Security Policy Authentication (Phase 1)” on page H-11.
From the Authentication Method radio button, select Pre-shared Key. This will also be
selected in the VPN Client Security Policy Authentication Phase 1 Proposal 1
Authentication Method field, as seen in “Connection Security Policy Authentication
(Phase 1)” on page H-11.
In the Pre-Shared Key field, type hr5xb84l6aa9r6. You must make sure the key is the
same for both the client and the FVS328 Firewall. This will also be selected in the VPN
client Security Policy Authentication Phase 1 Proposal 1 Encrypt Alg field, as seen in
“Connection Identity Pre-Shared Key” on page H-10.
From the Diffie-Hellman (DH) Group drop-down box, select Group 2 (1024 Bit). This
will also be selected in the VPN Client Security Policy Authentication Phase 1 Proposal 1
Key Group field, as seen in “Connection Security Policy Authentication (Phase 1)” on
page H-11.
–In the SA Life Time field, type 86400.
Click Apply. This will bring you back to the IKE Policies Menu.The FVS328 IKE Policy is
now displayed in the IKE Policies page.
Note: Selecting Remote Access as the Direction Type, Aggressive Mode as the
Exchange Mode, and Fully Qualified Domain Name as the Local Identity type enables
list a traveling user with a direct Internet connection or a home telecommuter behind a
NAT router to connect regardless of the IP address they have on their remote PC.
However, this configuration does not require FQDN be set up on the WAN port of the
FVS328.