ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual

3.Complete the fields, select the radio buttons, and make your selections from the pull-down menus as explained Table 5-2.

Table 5-2. Add IKE Policy Settings

Item

Description (or Subfield and Description)

 

 

 

Mode Config Record

 

 

 

 

Do you want to use

Specify whether or not the IKE policy uses a Mode Config Record. For

Mode Config

information about how to define a Mode Config Record, see “Mode Config

Record?

Operation” on page 5-44. Select one of the following radio buttons:

 

Yes. IP addresses are assigned to remote VPN clients. You must select a Mode

 

Config record from the pull-down menu.

 

Note: Because Mode Config functions only in Aggressive Mode, selecting the

 

Yes radio button sets the tunnel exchange mode to Aggressive mode and

 

disables the Main mode. Mode Config also requires that both the local and

 

remote ends are defined by their FQDNs.

 

No. Disables Mode Config for this IKE policy.

 

Note: An XAUTH configuration via an edge device is not possible without Mode

 

Config and is therefore disabled too. For more information about XAUTH, see

 

“Configuring Extended Authentication (XAUTH)” on page 5-39.

 

 

 

 

Select Mode

From the pull-down menu, select one of the Mode Config

 

Config Record

records that you defined on the Add Mode Config Record

 

 

screen (see “Configuring Mode Config Operation on the VPN

 

 

Firewall” on page 5-45).

 

 

Note: Click the View Selected button to open the Selected

 

 

Mode Config Record Details popup window,

General

 

 

 

 

 

Policy Name

A descriptive name of the IKE policy for identification and management purposes.

 

Note: The name is not supplied to the remote VPN endpoint.

Direction / Type

From the pull-down menu, select the connection method for the VPN firewall:

 

Initiator. The VPN firewall initiates the connection to the remote endpoint.

 

Responder. The VPN firewall responds only to an IKE request from the remote

 

endpoint.

 

 

Both. The VPN firewall can both initiate a connection to the remote endpoint

 

and respond to an IKE request from the remote endpoint.

 

 

Exchange Mode

From the pull-down menu, select the exchange more between the VPN firewall

 

and the remote VPN endpoint:

 

Main. This mode is slower than the Aggressive mode but more secure.

 

Aggressive. This mode is faster than the Main mode but less secure.

 

Note: If you specify either a FQDN or a User FQDN name as the local ID and/or

 

remote ID (see the sections below), the aggressive mode is automatically

 

selected.

 

 

 

 

Virtual Private Networking

5-19

v1.1, August 2010

Page 116 Page 118
Page 117
Image 117
NETGEAR FVS318G manual Add IKE Policy Settings, Description or Subfield and Description, Mode Config Record, General
Page 116 Page 118
Top Page Image Contents