NETGEAR FVS318N Table 57. Add Mode Config Record screen settings (continued)

Virtual Private Networking Using IPSec and L2TP Connections

246

ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N

WINS Server If there is a WINS server on the local network, enter its IP address in the Primary

field. You can enter the IP address of a second WINS server in the Secondary field.

DNS Server Enter the IP address of the DNS server that is used by remote VPN clients in the

Primary field. You can enter the IP address of a second DNS server in the

Secondary field.

Traffic Tunnel Security Level

Note: Generally, the default settings work well for a Mode Config configuration.

PFS Key Group Select this check box to enable Perfect Forward Secrecy (PFS), and then select a

Diffie-Hellman (DH) group from the drop-down list. The DH Group sets the strength

of the algorithm in bits. The higher the group, the more secure the exchange. From

the drop-down list, select one of the following three strengths:

• Group 1 (768 bit)

• Group 2 (1024 bit). This is the default setting.

• Group 5 (1536 bit)

SA Lifetime The lifetime of the security association (SA) is the period or the amount of

transmitted data after which the SA becomes invalid and needs to be renegotiated.

From the drop-down list, select how the SA lifetime is specified:

• Seconds. In the SA Lifetime field, enter a period in seconds. The minimum value

is 300 seconds. The default setting is 3600 seconds.

• KBytes. In the SA Lifetime field, enter a number of kilobytes. The minimum value

is 1920000 KB.

Encryption Algorithm From the drop-down list, select one of the following five algorithms to negotiate the

security association (SA):

• None. No encryption.

• DES. Data Encryption Standard (DES).

• 3DES. Triple DES. This is the default algorithm.

• AES-128. Advanced Encryption Standard (AES) with a 128-bit key size.

• AES-192. AES with a 192-bit key size.

• AES-256. AES with a 256-bit key size.

Integrity Algorithm From the drop-down list, select one of the following two algorithms to be used in the

VPN header for the authentication process:

• SHA-1. Hash algorithm that produces a 160-bit digest. This is the default setting.

• MD5. Hash algorithm that produces a 128-bit digest.

Local IP Address The local IP address to which remote VPN clients have access. If you do not

specify a local IP address, the wireless VPN firewall’s default LAN IP address is

used (by default, 192.168.1.1).

Local Subnet Mask The local subnet mask. Typically, this is 255.255.255.0.

Note: If you do not specify a local IP address, you do not need to specify a subnet

either.

Table 57. Add Mode Config Record screen settings (continued)

Setting Description