ProSafe 802.11g Wireless VPN Firewall FVG318 Reference Manual

VPN Consortium Scenario 2: FVG318 Gateway to Gateway with Digital Certificates

The following is a typical gateway-to-gateway VPN that uses Public Key Infrastructure x.509 (PKIX) certificates for authentication. The network setup is identical to the one given in

WAN IP Address

Scenario 1. The IKE Phase 1 and Phase 2 parameters are identical to the ones given in Scenario 1, with the exception that the identification is done with signatures authenticated by PKIX certificates.

 

Note: Before completing this configuration scenario,

LAN IP Addresses

 

correct Time Zone is

 

set on the FVG318. For

topic, see

Your Time

 

Zone” on page 2-11.

 

 

 

 

 

 

1.Obtain a root certificate.

a. Obtain the root certificate (that includes the public key) from a Certificate Authority (CA)

Note: The procedure for obtaining certificates differs from a CA like Verisign and a CA such as a Windows 2000 certificate server, which an

organization operates for providing certificates for its members. For example, an administrator of a Windows 2000 certificate server might provide it to you via e-mail.

b.Save the certificate as a text file called trust.txt.

2.Install the trusted CA certificate for the Trusted Root CA.

a.Log in to the FVG318.

b.Select VPN > Certificates from the menu.

c.In the Self Certificate Requests section, click Browse to locate the trust.txt file.

d.Click Upload.

3.Create a certificate request for the FVG318.

e.Fill in the required fields on the Generate Self Certificate section.

Name. Enter a name to identify this certificate.

Subject. This is the name that other organizations will see as the holder (owner) of this certificate. This should be your registered business name or official company name. Generally, all certificates should have the same value in the Subject field.

Advanced Virtual Private Networking

6-15

v1.0, September 2007

Page 121
Image 121
NETGEAR FVG318NA manual Your Time