User's Manual Part 2
Table Of Contents
- Chapter 7 Print Server
- Chapter 8 Virtual Private Networking
- Overview of FWG114P Policy-Based VPN Configuration
- Using Digital Certificates for IKE Auto-Policy Authentication
- Walk-Through of Configuration Scenarios on the FWG114P
- How to Use the VPN Wizard to Configure a VPN Tunnel
- Netgear VPN Client to FWG114P
- Step-By-Step Configuration of FWG114P Gateway
- Step-By-Step Configuration of the Netgear VPN Client
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
8-8 Virtual Private Networking
March 2004, 202-10027-01
Traffic Selector These settings determine if and when a VPN tunnel will be established. If
network traffic meets all criteria, then a VPN tunnel will be created.
Local IP The drop-down menu allows you to configure the source IP address of the
outbound network traffic for which this VPN policy will provide security.
Usually, this address will be from your network address space. The
choices are:
• Default: ANY for all valid IP addresses in the Internet address space
Note: Selecting ANY means all traffic goes through the IPSec tunnel
and prevents access to the Internet.
• Single IP Address
• Range of IP Addresses
• Subnet Address
Remote IP The drop-down menu allows you to configure the destination IP address of
the outbound network traffic for which this VPN policy will provide security.
Usually, this address will be from the remote site's corporate network
address space. The choices are:
• ANY for all valid IP addresses in the Internet address space
Note: Selecting ANY means all traffic goes through the IPSec tunnel
and prevents access to the Internet.
• Single IP Address
• Range of IP Addresses
• Subnet Address
Authenticating Header (AH)
Configuration
AH specifies the authentication protocol for the VPN header. These
settings must match the remote VPN endpoint.
Enable Authentication Use this checkbox to enable or disable AH for this VPN policy.
Authentication
Algorithm
If you enable AH, then select the authentication algorithm:
• MD5 is the default.
• SHA1 is more secure.
Encapsulated Security
Payload (ESP) Configuration
ESP provides security for the payload (data) sent through the VPN tunnel.
Generally, you will want to enable both Encryption and Authentication.
Two ESP modes are available:
• Plain ESP encryption
• ESP encryption with authentication
These settings must match the remote VPN endpoint.
Table 8-1. VPN Auto Policy Configuration Fields
Field Description