ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

VPN Consortium Scenario 1:

Gateway-to-Gateway with Preshared Secrets

The following is a typical gateway-to-gateway VPN that uses a preshared secret for authentication.

Figure 6-4

Gateway A connects the internal LAN 10.5.6.0/24 to the Internet. Gateway A’s LAN interface has the address 10.5.6.1, and its WAN (Internet) interface has the address 14.15.16.17.

Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway B’s WAN (Internet) interface has the address 22.23.24.25. Gateway B’s LAN interface address, 172.23.9.1, can be used for testing IPsec but is not needed for configuring Gateway A.

The IKE Phase 1 parameters used in Scenario 1 are:

Main mode

TripleDES

SHA-1

MODP group 2 (1024 bits)

pre-shared secret of “hr5xb84l6aa9r6”

SA lifetime of 28800 seconds (eight hours) with no kilobytes rekeying

The IKE Phase 2 parameters used in Scenario 1 are:

TripleDES

SHA-1

ESP tunnel mode

MODP group 2 (1024 bits)

Perfect forward secrecy for rekeying

SA lifetime of 3600 seconds (one hour) with no kilobytes rekeying

Selectors for all IP protocols, all ports, between 10.5.6.0/24 and 172.23.9.0/24, using IPv4 subnets

Advanced Virtual Private Networking

6-9

v1.0, September 2007

Page 114 Page 116
Page 115
Image 115
NETGEAR FVG318NA manual V1.0, September
Page 114 Page 116
Top Page Image Contents