VPN Manual Policy Configuration Fields | NETGEAR fvs114 guide

Reference Manual for the ProSafe VPN Firewall FVS114

The VPN Manual Policy fields are defined in the following table.

Table 6-1.	VPN Manual Policy Configuration Fields

Field		Description

General		These settings identify this policy and determine its major characteristics.

Policy Name		The name of the VPN policy. Each policy should have a unique policy
		name. This name is not supplied to the remote VPN Endpoint. It is used to
		help you identify VPN policies.

Remote VPN Endpoint		The WAN Internet IP address of the remote VPN firewall or client to which
		you wish to connect. The remote VPN endpoint must have this FVS114’s
		WAN Internet IP address entered as its Remote VPN Endpoint.

Traffic Selector		These settings determine if and when a VPN tunnel will be established. If
		network traffic meets all criteria, then a VPN tunnel will be created.

Local IP		The drop down menu allows you to configure the source IP address of the
		outbound network traffic for which this VPN policy will provide security.
		Usually, this address is from your network address space. The choices are:
		• ANY for all valid IP addresses in the Internet address space
		• Single IP Address
		• Range of IP Addresses
		• Subnet Address

Remote IP		The drop down menu allows you to configure the destination IP address of
		the outbound network traffic for which this VPN policy will provide security.
		Usually, this address is from the remote site's corporate network address
		space. The choices are:
		• ANY for all valid IP addresses in the Internet address space
		• Single IP Address
		• Range of IP Addresses
		• Subnet Address

Authenticating Header (AH)		AH specifies the authentication protocol for the VPN header. These
Configuration		settings must match the remote VPN endpoint.
		Note: The Incoming settings here must match the Outgoing settings on the
		remote VPN endpoint, and the Outgoing settings here must match the
		Incoming settings on the remote VPN endpoint.

SPI - Incoming		Enter a hexadecimal value (3 - 8 chars). Any value is acceptable, provided
		the remote VPN endpoint has the same value in its Outgoing SPI field.

SPI - Outgoing		Enter a hexadecimal value (3 - 8 chars). Any value is acceptable, provided
		the remote VPN endpoint has the same value in its Incoming SPI field.

Enable Authentication		Use this check box to enable or disable AH. Authentication is often not
		used. In this case, leave the check box unchecked.


Advanced Virtual Private Networking			6-11

202-10098-01, April 2005

Image 99

NETGEAR fvs114 manual VPN Manual Policy fields are defined in the following table, VPN Manual Policy Configuration Fields

Contents

Reference Manual for the ProSafe VPN Firewall FVS114 Certificate of the Manufacturer/Importer TrademarksStatement of Conditions EN 55 022 Declaration of Conformance Product and Publication Details 202-10098-01, April Contents Chapter Firewall Protection Content Filtering Chapter Advanced Virtual Private Networking Chapter Advanced Configuration Appendix C Virtual Private Networking Appendix D Preparing Your Network Contents Xii Contents Manual Scope Chapter About This ManualAudience, Scope, Conventions, and Formats Typographical Conventions How to Use This Manual Printing the Full Manual How to Print this ManualPrinting a Page in the Html View Printing a Chapter Reference Manual for the ProSafe VPN Firewall FVS114 Chapter Introduction Key Features of the VPN Firewall Security Powerful, True Firewall with Content Filtering Extensive Protocol Support Autosensing Ethernet Connections with Auto Uplink Maintenance and Support Easy Installation and Management Package Contents LED Descriptions FVS114 Rear Panel NETGEAR-Related Products DC power input ON/OFF switchNETGEAR-Related Products Netgear Product Registration, Support, and Documentation Reference Manual for the ProSafe VPN Firewall FVS114 Connecting the Firewall to the Internet Prepare to Install Your FVS114 ProSafe VPN FirewallFirst, Connect the FVS114 Modem VPN Firewall Restart Your Network in the Correct Sequence Status lights Now, Configure the FVS114 for Internet Access Netgear Smart Wizard Configuration Assistant welcome screen Make sure the Ethernet cables are securely plugged Troubleshooting TipsMake sure the network settings of the computer are correct Be sure to restart your network in this sequence Ways to access the firewall Overview of How to Access the FVS114 VPN Firewall Login URL Login result FVS114 home How to Bypass the Configuration Assistant Using the Smart Setup Wizard ISP Does Not Require Login How to Manually Configure Your Internet Connection Reference Manual for the ProSafe VPN Firewall FVS114 10 Basic Settings ISP list Reference Manual for the ProSafe VPN Firewall FVS114 Firewall Protection and Content Filtering Overview Chapter Firewall Protection Content Filtering Block Sites menu Block Sites Using Rules to Block or Allow Specific Kinds of Traffic Rules menu Reference Manual for the ProSafe VPN Firewall FVS114 Inbound Rule Example a Local Public Web Server Inbound Rules Port Forwarding Rule example a local public Web server Considerations for Inbound Rules Outbound Rules Service Blocking Rule example blocking Instant Messenger Outbound Rule Example Blocking Instant Messenger Rules table Order of Precedence for Rules Services menu Services Add Custom Service menu Schedule Using a Schedule to Block or Allow Specific Traffic Time Zone 10 E-mail menu Getting E-Mail Notifications of Event Logs and Alerts Reference Manual for the ProSafe VPN Firewall FVS114 11 Logs menu Viewing Logs of Web Access or Attempted Web Access Log entry descriptions SyslogLog entries are described in Table Log action buttons are described in Table Chapter Basic Virtual Private Networking VPN Tunnel Single Advanced methods see , Advanced Virtual Private Networking VPN Tunnel Configuration VPN Wizard start screen Configuring the Client-to-Gateway VPN Tunnel on the FVS114 Connection Name and Remote IP Type Summary screen below displays Vpnc Recommended Settings Configuring the Netgear ProSafe VPN Client on the Remote PC Security Policy Editor new connection Select Secure in the Connection Security check box 11 Security Policy Editor Security Policy 12 Security Policy Editor My Identity 13 Security Policy Editor Pre-Shared Key 15 Security Policy Editor Key Exchange 16 Running a Ping test to the LAN from the PC 18 Log Viewer screen Exporting a Security Policy Transferring a Security Policy to Another Client Importing a Security Policy Select Export Security Policy from the File pulldown Scenario1 Select the security policy to import FVS114 VPN Firewall PCs 23 VPN Wizard start screen Procedure to Configure a Gateway-to-Gateway VPN Tunnel 25 Remote IP 27 VPN Wizard Summary 28 VPN Recommended Settings 30 VPN Status/Log screen Activating a VPN Tunnel Start Using a VPN Tunnel to Activate ItUsing the VPN Status Page to Activate a VPN Tunnel VPN Tunnel Control 32 VPN Status/Log screen Activate the VPN Tunnel by Pinging the Remote Endpoint Type ping Type ping -t 192.168.3.1 and then click OK 36 Pinging test results Verifying the Status of a VPN Tunnel 38 Current VPN Tunnels SAs screen Deactivating a VPN Tunnel 39 VPN Policies Using the VPN Status Page to Deactivate a VPN Tunnel 41 Current VPN Tunnels SAs screen Deleting a VPN Tunnel Virtual Private Using Automatic Key Management Using Policies to Manage VPN Traffic IKE Policy Configuration Menu IKE Policies’ Automatic Key and Authentication Management Field Description General IKE Policy Configuration fields Field Description Remote VPN Policy Configuration for Auto Key Negotiation VPN Auto Policy menu VPN Auto Policy fields are defined in the following table VPN Auto Policy Configuration Fields Authenticating Header AH Netbios Enable VPN Policy Configuration for Manual Key Exchange VPN Manual Policy menu VPN Manual Policy fields are defined in the following table VPN Manual Policy Configuration Fields Value in its Authentication Algorithm Key Out field Netbios Enable Certificate Revocation List CRL Walk-Through of Configuration Scenarios on the FVS114 VPN Consortium Scenario Are IPv4 From Settings menu FVS114 Internet IP Address menu WAN IP addresses LAN IP Setup menu Scenario 1 IKE Policy Set up the IKE Policy illustrated below on the FVS114 10 Scenario 1 VPN Auto Policy Set up the FVS114 VPN -Auto Policy illustrated below Testing the Gateway a FVS114 LAN and the Gateway B LAN How to Check VPN Connections Create a certificate request for the FVS114 Install the trusted CA certificate for the Trusted Root CAFVS114 Scenario 2 FVS114 to FVS114 with RSA Certificates Obtain a root certificate 11 Generate Self Certificate Request menu 12 Self Certificate Request data Highlight, copy and paste this data into a text file 13 Self Certificate Requests table Click the Upload Certificate button 14 Self Certificates table Set up Certificate Revocation List CRL checking Reference Manual for the ProSafe VPN Firewall FVS114 Viewing VPN Firewall Status Information Chapter Maintenance FVS114 Status fields This screen shows the following parameters Connection Status action buttons Click Show WAN Status to display the WAN connection statusThis screen shows the following statistics Connection Status fields Click Show Statistics to display firewall usage statistics WAN Status action buttons are described in the table belowRouter Statistics fields Upgrading the Firewall Software Viewing a List of Attached Devices Router Upgrade menu Configuration File Management Backing Up the Configuration Restoring the ConfigurationErasing the Configuration Diagnostics Changing the Administrator Password Ping or Trace an IP address Diagnostics menu Reference Manual for the ProSafe VPN Firewall FVS114 WAN Setup Chapter Advanced Configuration Default DMZ Server Respond to Ping on Internet WAN Port How to Configure Dynamic DNSTo assign a computer or server to be a Default DMZ server Click Default DMZ Server Dynamic DNS Configuring LAN TCP/IP Setup Parameters Using the LAN IP Setup Options Reference Manual for the ProSafe VPN Firewall FVS114 Using Address Reservation Using the Firewall as a Dhcp server Click Edit or Delete Configuring Static Routes Static Routes table Static Route Example Enabling Remote Management Access Remote Management menu Https//134.177.0.1238080 UPnP menu UPnP Reference Manual for the ProSafe VPN Firewall FVS114 Chapter Troubleshooting Power LED Not OnBasic Functioning LAN or Internet Port LEDs Not On LEDs Never Turn Off Troubleshooting the Web Configuration Interface Troubleshooting the ISP Connection Testing the LAN Path to Your Firewall Troubleshooting a TCP/IP Network Using a Ping Utility Ping -n 10 IP address Testing the Path from Your PC to a Remote DeviceIf the path is working, you see this message If the path is not working, you see this message Problems with Date and Time Restoring the Default Configuration and Password Reference Manual for the ProSafe VPN Firewall FVS114 Appendix a Technical Specifications Data and Routing ProtocolsPPP over Ethernet PPPoE Interface Specifications 10BASE-T or 100BASE-Tx, RJ-45Electromagnetic Emissions Related Publications Basic Router Concepts Appendix B Network, Routing, and Firewall Basics Is normally written as What is a Router?IP Addresses and the Internet Routing Information Protocol Figure B-1 Three Main Address Classes Netmask Combined withEquals Figure B-2 Example of Subnetting a Class B Address Subnet Addressing Table B-2. Netmask formats Table B-1 Netmask notation translation table for one octet Table B-2 Netmask formats Private IP Addresses Figure B-3 Single IP Address Operation Using NAT Single IP Address Operation Using NAT MAC Addresses and Address Resolution Protocol Related DocumentsDomain Name Server Internet Security and Firewalls IP Configuration by Dhcp Stateful Packet Inspection What is a Firewall?Denial of Service Attack Ethernet Cabling Category 5 Cable Quality Table B-3 UTP Ethernet cable wiring, straight-through Figure B-4illustrates straight-through twisted pair cable Inside Twisted Pair Cables Uplink Switches, Crossover Cables, and MDI/MDIX Switching Reference Manual for the ProSafe VPN Firewall FVS114 Reference Manual for the ProSafe VPN Firewall FVS114 Appendix C Virtual Private Networking What is a VPN? IPSec contains the following elements What Is IPSec and How Does It Work?IPSec Security Features IPSec Components Encapsulating Security Payload ESP IKE Security Association Authentication Header AH Mode Key Management Understand the Process Before You Begin VPN Process Overview AddressesIt functions as a VPN Tunnel Between Gateways FirewallsTable C-2 Subnet addressing IPSec Security Association SA negotiation IPSec Security Association IKE VPN Tunnel Negotiation Steps Vpnc IKE Security Parameters Vpnc IKE Phase I Parameters Testing and Troubleshooting Vpnc IKE Phase II ParametersAdditional Reading Relevant RFCs listed numerically Preparing Your Computers for TCP/IP Networking Appendix D Preparing Your Network Install or Verify Windows Networking Components Configuring Windows 95, 98, and Me for TCP/IP Networking Select TCP/IP, and then click OK Select Microsoft Enabling Dhcp to Automatically Configure TCP/IP Settings Choose Settings, and then Control PanelRestart your PC for the changes to take effect Primary Network Logon is set to Windows logon Selecting Windows’ Internet Access Method Verifying TCP/IP PropertiesClick OK to continue Restart the PC Double-click the Network and Dialup Connections icon Configuring Windows NT4, 2000 or XP for IP Networking Dhcp Configuration of TCP/IP in Windows XP Then, restart your PCLocate your Network Neighborhood icon Reference Manual for the ProSafe VPN Firewall FVS114 Dhcp Configuration of TCP/IP in Windows Reference Manual for the ProSafe VPN Firewall FVS114 Obtain an IP address automatically is selected Dhcp Configuration of TCP/IP in Windows NT4 Reference Manual for the ProSafe VPN Firewall FVS114 TCP/IP Properties dialog box now displays Verifying TCP/IP Properties for Windows XP, 2000, and NT4 MacOS Configuring the Macintosh for TCP/IP NetworkingDefault gateway is Type exit MacOS 8.6 or Verifying TCP/IP Properties for Macintosh Computers Are Login Protocols Used? What Is Your Configuration Information?Verifying the Readiness of Your Internet Account Select the Gateway tab Select the IP Address tab Reference Manual for the ProSafe VPN Firewall FVS114 Restarting the Network Reference Manual for the ProSafe VPN Firewall FVS114 Numeric List of Glossary Terms AES Packet sent to all devices on a network DNS See Internet Control Message Protocol Internet service provider Megabits per second Set of rules for communication between devices on a network Radius See Wide Area Network Reference Manual for the ProSafe VPN Firewall FVS114 Reference Manual for the ProSafe VPN Firewall FVS114