Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsPC ComponentsNetgear FVS338
111112113114115116117118119120
ProSafe VPN Firewall 50 FVS338 Reference Manual
Virtual Private Networking 5-19
v1.0, January 2010
Name. Each policy is given a unique name (the Connection Name when using the VPN
Wizard). Client policies are annotated by an “*”.
Type. The type is “Auto” or “Manual” as described previously (Auto is used during VPN
Wizard configuration).
Local. IP address (either a single address, range of address or subnet address) on your local
LAN. Traffic must be from (or to) these addresses to be covered by this policy. (The subnet
address is supplied as the default IP address when using the VPN Wizard).
Remote. IP address or address range of the remote network. Traffic must be to (or from) these
addresses to be covered by this policy. (The VPN Wizard default requires the remote LAN IP
address and subnet mask).
AH. Authentication Header. The default setting using the VPN Wizard is SHA1. (This setting
must match the remote VPN.)
ESP. Encapsulating Security Payload. The default setting using the VPN Wizard is 3DES.
(This setting must match the remote VPN.)
Action. Allows you to access individual policies to make any changes or modifications.
Managing Certificates
Digital Certificates (also known as X509 Certificates) are used to authenticate the identity of users
and systems, and are issued by various CAs (Certification Authorities). Digital Certificates are
used by the VPN firewall during the IKE (Internet Key Exchange) authentication phase as an
alternative authentication method.
The VPN firewall uses Digital Certificates during the Internet Key Exchange (IKE) authentication
phase to authenticate connecting VPN gateways or clients, or to be authenticated by remote
entities. The same Digital Certificates are extended for secure web access connections over
HTTPS.
Digital Certificates can be either self signed or can be issued by Certification Authorities (CA)
such as via an in-house Windows server, or by an external organization such as Verisign or
Thawte.
However, if the Digital Certificates contain the extKeyUsage extension then the certificate must be
used for one of the purposes defined by the extension. For example, if the Digital Certificate
contains the extKeyUsage extension defined to SNMPV2 then the same certificate cannot be used
for secure web management.