Reference Manual for the ProSafe VPN Firewall FVS114

FQDNs supplied by Dynamic DNS providers can allow a VPN endpoint with a dynamic IP address to initiate or respond to a tunnel request. Otherwise, the side using a dynamic IP address must always be the initiator.

What method will you use to configure your VPN tunnels?

The VPN Wizard using VPNC defaults (see Table 5-1)

Advanced methods (see Chapter 6, “Advanced Virtual Private Networking”)

Table 5-1.

Parameters recommended by the VPNC and used in the VPN Wizard

 

 

 

Parameter

 

Factory Default

 

 

Secure Association

Main Mode

 

 

Authentication Method

Pre-shared Key

 

 

Encryption Method

3DES

 

 

Authentication Protocol

SHA-1

 

 

Diffie-Hellman (DH) Group

Group 2 (1024 bit)

 

 

 

Key Life

 

8 hours

 

 

 

IKE Life Time

 

24 hours

 

 

 

NETBIOS

 

Enabled

 

 

 

What level of IPSec VPN encryption will you use?

DES — The Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting these values using a 56 bit key. Faster but less secure than 3DES.

3DES — 3DES (Triple DES) achieves a higher level of security by encrypting the data three times using DES with three different, unrelated keys.

AES — AES (Advanced Encryption Standard) is the optimal choice for security conscience organizations, but the hardware at each end of the tunnel must support it.

What level of authentication will you use?

MDS — 128 bits, faster but less secure.

SHA-1 — 160 bits, slower but more secure.

Note: NETGEAR publishes additional interoperability scenarios with various gateway and client software products.

5-4

Basic Virtual Private Networking

202-10098-01, April 2005

Page 60
Image 60
NETGEAR fvs114 manual Advanced methods see , Advanced Virtual Private Networking