User's Manual Part 2
Table Of Contents
- Chapter 7 Print Server
- Chapter 8 Virtual Private Networking
- Overview of FWG114P Policy-Based VPN Configuration
- Using Digital Certificates for IKE Auto-Policy Authentication
- Walk-Through of Configuration Scenarios on the FWG114P
- How to Use the VPN Wizard to Configure a VPN Tunnel
- Netgear VPN Client to FWG114P
- Step-By-Step Configuration of FWG114P Gateway
- Step-By-Step Configuration of the Netgear VPN Client
Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P
8-12 Virtual Private Networking
March 2004, 202-10027-01
Authenticating Header (AH)
Configuration
AH specifies the authentication protocol for the VPN header. These
settings must match the remote VPN endpoint.
Note: The "Incoming" settings here must match the "Outgoing" settings on
the remote VPN endpoint, and the "Outgoing" settings here must match
the "Incoming" settings on the remote VPN endpoint.
SPI - Incoming
Enter a Hex value (3 - 8 chars). Any value is acceptable, provided the
remote VPN endpoint has the same value in its "Outgoing SPI" field.
SPI - Outgoing Enter a Hex value (3 - 8 chars). Any value is acceptable, provided the
remote VPN endpoint has the same value in its "Incoming SPI" field.
Enable Authentication Use this checkbox to enable or disable AH. Authentication is often not
used. In this case, leave the checkbox unchecked.
Authentication
Algorithm
If you enable AH, then select the authentication algorithm:
• MD5 is the default.
• SHA1 is more secure.
Enter the keys in the fields provided. For MD5, the keys should be 16
characters. For SHA-1, the keys should be 20 characters.
Key - In
Enter the keys.
• For MD5, the keys should be 16 characters.
• For SHA-1, the keys should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm "Key - Out" field.
Key - Out Enter the keys in the fields provided.
• For MD5, the keys should be 16 characters.
• For SHA-1, the keys should be 20 characters.
Any value is acceptable, provided the remote VPN endpoint has the same
value in its Authentication Algorithm "Key - In" field.
Encapsulated Security
Payload (ESP) Configuration
ESP provides security for the payload (data) sent through the VPN tunnel.
Generally, you will want to enable both encryption and authentication
when you use ESP. Two ESP modes are available:
• Plain ESP encryption
• ESP encryption with authentication
These settings must match the remote VPN endpoint.
SPI - Incoming
Enter a Hex value (3 - 8 chars). Any value is acceptable, provided the
remote VPN endpoint has the same value in its "Outgoing SPI" field.
Table 8-1. VPN Manual Policy Configuration Fields
Field Description