Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsNetworkingSRXN3205
141142143144145146147148149150
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Virtual Private Networking Using IPsec 6-37
v1.0, January 2010
Secret Phrase. Transactions between the client and the RADIUS server are authenticated
using a shared secret phrase, so the same Secret Phrase must be configured on both client
and server.
Primary Server NAS Identifier. (Network Access Server). This Identifier must be
present in a RADIUS request. Ensure the NAS Identifier is configured identically on both
client and server.
The VPN firewall is acting as a NAS (Network Access Server), allowing network access
to external users after verifying their authentication information. In a RADIUS
transaction, the NAS must provide some NAS Identifier information to the RADIUS
Server. Depending on the configuration of the RADIUS Server, the VPN firewall’s IP
address may be sufficient as an identifier, or the server may require a name, which you
would enter here. This name would also be configured on the RADIUS server, although in
some cases it should be left blank on the RADIUS server.
5. Enable a backup RADIUS Server (if required).
6. Set the Time Out Period, in seconds, that the VPN firewall should wait for a response from
the RADIUS server.
7. Set the Maximum Retry Count. This is the number of tries the VPN firewall will make to the
RADIUS server before giving up.
8. Click Apply to save the settings.
Configuring Keepalives and Dead Peer Detection
In some cases, it may not be desirable to have a VPN tunnel drop when traffic is idle; for example,
when client-server applications over the tunnel cannot tolerate the tunnel establishment time. If
you require your VPN tunnel to remain connected, you can use the Keepalive and Dead Peer
Detection features to prevent the tunnel from dropping and to force a reconnection if the tunnel
drops for any reason.
For Dead Peer Detection to function, the peer VPN device on the other end of the tunnel must also
support Dead Peer Detection. Keepalive, though less reliable than Dead Peer Detection, does not
require any support from the peer device.
Note: Selection of the Authentication Protocol, usually PAP or CHAP, is configured
on the individual IKE policy screens.