Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsPC ComponentsNetgear FVS338
131132133134135136137138139140
ProSafe VPN Firewall 50 FVS338 Reference Manual
Virtual Private Networking 5-37
v1.0, January 2010
4. In the General section:
Enter a description name in the Policy Name field such as “SalesPerson”. This name will
be used as part of the remote identifier in the VPN client configuration.
Set Direction/Type to Responder.
The Exchange Mode will automatically be set to Aggressive.
5. In the Local section, select FQDN for the Identity Type.
6. In the Local section, choose which WAN port to use as the VPN tunnel end point.
7. In the IKE SA Parameters section, specify the IKE SA parameters. These settings must be
matched in the configuration of the remote VPN client. Recommended settings are:
Encryption Algorithm: 3DES
Authentication Algorithm: SHA-1
Diffie-Hellman: Group 2
SA Lifetime: 3600 seconds
8. Enter a Pre-Shared Key that will also be configured in the VPN client.
9. XAUTH is disabled by default. To enable XAUTH, in the Extended Authentication section,
select one of the following:
Edge Device to use the VPN firewall as a VPN concentrator where one or more gateway
tunnels terminate. (If selected, you must specify the Authentication Type to be used in
verifying credentials of the remote VPN gateways.)
IPsec Host if you want the VPN firewall to be authenticated by the remote gateway. Enter
a Username and Password to be associated with the IKE policy. When this option is
chosen, you will need to specify the user name and password to be used in authenticating
this gateway (by the remote gateway). \
For more information on XAUTH, see “Configuring XAUTH for VPN Clients” on page 5-27.
10. If Edge Device was enabled, select the Authentication Type from the pull down menu which
will be used to verify account information: User Database, RADIUS-CHAP or RADIUS-PAP.
Users must be added thorough the User Database screen (see “User Database Configuration”
on page 5-29 or “RADIUS Client Configuration” on page 5-30).
11. Click Apply. The new policy will appear in the The new policy will appear in the List of IKE
Policies table.
Note: If RADIUS-PAP is selected, the VPN firewall will first check the User
Database to see if the user credentials are available. If the user account is not
present, the VPN firewall will then connect to the RADIUS server.