Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsNetworkingSRXN3205
141142143144145146147148149150
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Virtual Private Networking Using IPsec 6-33
v1.0, January 2010
3. On the left-side of the menu, choose Security Policy.
a. Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio
button.
b. Check the Enable Perfect Forward Secrecy (PFS) radio button, and choose the Diffie-
Hellman Group 2 from the PFS Key Group pull-down menu.
c. Enable Replay Detection should be checked.
4. Click on Authentication (Phase 1) on the left-side of the menu and choose Proposal 1. Enter
the Authentication values to match those on the VPN firewall’s ModeConfig Record screen.
5. Click on Key Exchange (Phase 2) on the left-side of the menu and choose Proposal 1. Enter
the values to match your configuration of the VPN firewall’s ModeConfig Record screen. (The
SA Lifetime can be longer, such as 8 hours [28800 seconds])
6. Click the Save icon to save the Security Policy and close the VPN ProSafe VPN client.
Testing the Mode Config Connection
To test the Mode Config connection that you just created:
1. Right-click on the VPN client icon in the Windows toolbar and click Connect. The connection
policy you configured will appear; in this case “My Connections\modecfg_test”.
2. Click on the connection. Within 30 seconds the message “Successfully connected to
MyConnections/modecfg_test is displayed and the VPN client icon in the toolbar will read
“On”.
3. From the client PC, ping a computer on the VPN firewall LAN.
Configuring Extended Authentication (XAUTH)
When connecting many VPN clients to the VPN firewall, an administrator may want a unique user
authentication method beyond relying on a single common preshared key for all clients. Although
the administrator could configure a unique VPN policy for each user, it is more convenient for the
VPN firewall to authenticate users from a stored list of user accounts. XAUTH provides the
mechanism for requesting individual authentication information from the user, and a local User
Database or an external authentication server, such as a RADIUS server, provides a method for
storing the authentication information centrally in the local network.