ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

Table 54. Add New VPN Policy screen settings for IPv4 and IPv6 (continued)

Setting

Description

 

 

Integrity Algorithm

From the drop-down list, select one of the following two algorithms to be used in

 

the VPN header for the authentication process:

 

SHA-1. Hash algorithm that produces a 160-bit digest. This is the default

 

setting.

 

MD5. Hash algorithm that produces a 128-bit digest.

 

 

PFS Key Group

Select this check box to enable Perfect Forward Secrecy (PFS), and then select

 

a Diffie-Hellman (DH) group from the drop-down list. The DH Group sets the

 

strength of the algorithm in bits. The higher the group, the more secure the

 

exchange. From the drop-down list, select one of the following three strengths:

 

Group 1 (768 bit).

 

Group 2 (1024 bit). This is the default setting.

 

Group 5 (1536 bit).

 

 

Select IKE Policy

Select an existing IKE policy that defines the characteristics of the Phase-1

 

negotiation. To display the selected IKE policy, click the View Selected button.

5.Click Apply to save your settings. The VPN policy is added to the List of VPN Policies table.

To edit a VPN policy:

1.Select VPN > IPSec VPN > VPN Policies. The VPN Policies screen displays the IPv4 settings (see Figure 141 on page 231).

2.Specify the IP version for which you want to edit a VPN policy:

IPv4. In the upper right of the screen, the IPv4 radio button is already selected by default. Go to Step 3.

IPv6. Select the IPv6 radio button. The VPN Policies screen for IPv6 displays.

3.In the List of VPN Policies table, click the Edit table button to the right of the VPN policy that you want to edit. The Edit VPN Policy screen displays. This screen shows the same fields as the Add New VPN Policy screen (for IPv4, see Figure 142 on page 233; for IPv6 see Figure 143 on page 234).

4.Modify the settings that you wish to change (see the previous table).

5.Click Apply to save your changes. The modified VPN policy is displayed in the List of VPN Policies table.

Configure Extended Authentication (XAUTH)

Configure XAUTH for VPN Clients

User Database Configuration

RADIUS Client and Server Configuration

When many VPN clients connect to a wireless VPN firewall, you might want to use a unique user authentication method beyond relying on a single common pre-shared key for all clients. Although you could configure a unique VPN policy for each user, it is more efficient to

Virtual Private Networking Using IPSec and L2TP Connections

238

Page 238
Image 238
NETGEAR FVS318N manual Configure Extended Authentication Xauth,  To edit a VPN policy, 238