ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Manage IPSec VPN Policies

Manage IKE Policies

Manage VPN Policies

After you have used the VPN Wizard to set up a VPN tunnel, a VPN policy and an IKE policy are stored in separate policy tables. The name that you selected as the VPN tunnel connection name during the VPN Wizard setup identifies both the VPN policy and IKE policy. You can edit existing policies, or manually add new VPN and IKE policies directly in the policy tables.

Manage IKE Policies

The Internet Key Exchange (IKE) protocol performs negotiations between the two VPN gateways and provides automatic management of the keys that are used for IPSec connections. It is important to remember that:

An automatically generated VPN policy (auto policy) needs to use the IKE negotiation protocol.

A manually generated VPN policy (manual policy) cannot use the IKE negotiation protocol.

IKE policies are activated when the following situations occur:

1.The VPN policy selector determines that some traffic matches an existing VPN policy of an auto policy type.

2.The IKE policy that is specified in the Auto Policy Parameters section of the Add VPN Policy screen (see Figure 142 on page 233) for the VPN policy is used to start negotiations with the remote VPN gateway.

3.An IKE session is established, using the security association (SA) settings that are specified in a matching IKE policy:

Keys and other settings are exchanged.

An IPSec SA is established, using the settings that are specified in the VPN policy.

The VPN tunnel is then available for data transfer.

When you use the VPN Wizard to set up a VPN tunnel, an IKE policy is established and populated in the List of IKE Policies, and is given the same name as the new VPN connection name. You can also edit exiting policies or add new IKE policies from the IKE Policies screen.

Virtual Private Networking Using IPSec and L2TP Connections

222

Page 222
Image 222
NETGEAR FVS318N manual Manage IPSec VPN Policies, Manage IKE Policies, 222