Manuals / Brands / Computer Equipment / Printer / NETGEAR / Computer Equipment / Printer

NETGEAR FWG114P v2 Virtual Private Networking 8-5, Table 8-1. IKE Policy Configuration Fields

1 296

Download 296 pages, 8.05 Mb

Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2

Virtual Private Networking 8-5

201-10301-02, May 2005

Remote These parameters apply to the target remote FWG114P v2, VPN gateway,

or VPN client.

Remote Identity Type Use this field to identify the re mote FWG114P v2. You can choose one of

the following four options from the drop-down list:

• By its Internet (WAN) port IP address.

• By its Fully Qualified Domain Name (FQDN) — your domain name.

• By a Fully Qualified User Name — your name, e-mail address, or

other ID.

• By DER ASN.1 DN — the binary DER encoding of your ASN.1 X.500

Distinguished Name.

Remote Identity Data This field lets you identify the target remote FWG114P v2 by name.

IKE SA Parameters These parameters determine the properties of the IKE Security

Association.

Encryption Algorithm Choose the encryption algorithm for this IKE policy:

• DES is the default.

• 3DES is more secure.

Authentication Algorithm If you enable Authentication Header (AH), this menu lets you to select from

these authentication algorithms:

• MD5 is the default.

• SHA-1 is more secure.

Authentication Method You may select Pre-Shared Key or RSA Signature.

Pre-Shared Key Specify the key according to the requirements of the Authentication

Algorithm you selected.

• For MD5, the key length should be 16 bytes.

• For SHA-1, the key length should be 20 bytes.

RSA Signature RSA Signature requires a certificate.

Diffie-Hellman (D-H) Group The DH Group setting determines the bit size used in the key exchange.

This must match the value used on the remote VPN gateway or client.

SA Life Time The amount of time in seconds before the Security Association expires;

over an hour (3600) is common.

Table 8-1. IKE Policy Configuration Fields

Field Description

Contents

Main ii 201-10301-02, May 2005 Trademarks Statement of Conditions Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice FCC Caution Product and Publication Details Page Contents Page Page Page Page Page Page Page Page Page Chapter 1 About This Manual Audience, Scope, Conventions, and Formats How to Use This Manual How to Print this Manual Page Chapter 2 Introduction Key Features of the FWG114P v2 Full Routing on Both the Broadband and Serial Ports 802.11g and 802.11b Wireless Networking Virtual Private Networking Wireless Multimedia (WMM) Support A Powerful, True Firewall with Content Filtering Security Autosensing Ethernet Connections with Auto Uplink Extensive Protocol Support Easy Installation and Management NETGEAR Related Products Package Contents The FWG114P v2 Front Panel 2-8 Introduction The FWG114P v2 Rear Panel Table 2-1. LED Descriptions Page Page Chapter 3 Connecting the FWG114P v2 to the Internet What You Will Need Before You Begin Cabling and Computer Hardware Requirements Computer Network Configuration Requirements Internet Configuration Requirements Where Do I Get the Internet Configuration Parameters? Record Your Internet Connection Information Connecting the FWG114P v2 Wireless Firewall/Print Server A Verify That Basic Requirements Are Met B Internet Port Local Port 4 DC Page Page Page 4. RUN THE SETUP WIZARD TO CONNECT TO THE INTERNET Basic Setup Troubleshooting Tips FWG114P v2 Setup Wizard Auto Detection Wizard-Detected Login Account Setup Page Wizard-Detected Dynamic IP Account Setup Wizard-Detected Fixed IP Account Setup How to Configure the Serial Port as the Primary Internet Connection Page Testing Your Internet Connection Page How to Manually Configure the Primary Internet Connection Page Chapter 4 Wireless Configuration Observing Performance, Placement, and Range Guidelines Implementing Appropriate Wireless Security :LUHOHVV'DWD 6HFXULW\2SWLRQV 5DGLXV8SWR)HHW FWG114P Understanding Wireless Settings Page Page Default Factory Settings Before You Change the SSID and WEP Settings How to Set Up and Test Basic Wireless Connectivity How to Restrict Wireless Access by MAC Address How to Configure WEP Page How to Configure WPA with Radius Page How to Configure WPA2 with Radius Page How to Configure WPA and WPA2 with Radius Page How to Configure WPA-PSK Page How to Configure WPA2-PSK How to Configure WPA-PSK and WPA2-PSK Page Chapter 5 Serial Port Configuration Configuring a Serial Port Modem Basic Requirements for Serial Port Modem Configuration How to Configure a Serial Port Modem Configuring Auto-Rollover Basic Requirements for Auto-Rollover How to Configure Auto-Rollover Configuring Dial-in on the Serial Port Basic Requirements for Dial-in How to Configure Dial-in 5-6 Serial Port Configuration 201-10301-02, May 2005M-10207- 01, Reference Manual v2 Configuring LAN-to-LAN Settings LAN-to-LAN enables direct communications between two FWG114P v2 wireless firewall/print servers. 6HULDO&RQQHFWLRQ Page Page Chapter 6 Firewall Protection and Content Filtering Firewall Protection and Content Filtering Overview Using the Block Sites Menu to Screen Content Page Services and Rules Regulate Inbound and Outbound Traffic Defining a Service Using Inbound/Outbound Rules to Block or Allow Services Page Examples of Using Services and Rules to Regulate Traffic Inbound Rules (Port Forwarding) Page Page Outbound Rules (Service Blo cking or Port Filtering) Other Rules Considerations Order of Precedence for Rules Rules Menu Options Using a Schedule to Block or Allow Content or Traffic Setting the Time Zone Getting E-Mail Notifications of Event Logs and Alerts Page Page Viewing Logs of Web Access or Attempted Web Access What to Include in the Event Log Page Chapter 7 Print Server Printing Options For Windows XP and 2000, Use TCP/IP LPR Printing Page Page Page For Windows 95/98/Me, Use the Netgear Printer Port Driver Page Page Printing from the Macintosh Windows Printer Port Management Page Troubleshooting the Print Server Page Page Page Page Virtual Private Networking 8-1 Chapter 8 Virtual Private Networking #OMPUTERS Figure 8-1: Secure access through FWG114P v2 VPN routers Overview of FWG114P v2 Policy-Based VPN Configuration 931WXQQHOV HQFU\SWGDWD Using Policies to Manage VPN Traffic Using Automatic Key Management Page 8-4 Virtual Private Networking The IKE Policy Configuration fields are defined in the following table. Table 8-1. IKE Policy Configuration Fields Virtual Private Networking 8-5 Table 8-1. IKE Policy Configuration Fields Page Virtual Private Networking 8-7 The VPN Auto Poli cy fields ar e defined in the following table. 8-8 Virtual Private Networking Virtual Private Networking 8-9 VPN Policy Configuration for Manual Key Exchange Page Virtual Private Networking 8-11 The VPN Manual Policy fields are defined in the following table. 8-12 Virtual Private Networking Virtual Private Networking 8-13 Using Digital Certificates for IKE Auto-Policy Authentication Certificate Revocation List (CRL) Walk-Through of Configuration Scenarios on the FWG114P v2 How to Use the VPN Wizard to Configure a VPN Tunnel Page Page Page VPNC Scenario 1: Gateway to Gateway with Preshared Secrets Scenario 1: FWG114P v2 to FWG114P v2 with Preshared Secrets Page Page Page How to Check VPN Connections VPNC Scenario 2: Gateway-to-Gateway with Certificates Scenario 2: FWG114P v2 to FWG114P v2 with Certificates Page Page Page Page Page Netgear VPN Client to FWG114P v2 Configuration Profile Step-By-Step Configuration of FWG114P v2 Gateway 1HWZRUN$GGUHVVHV Page Page Page Page Step-By-Step Configuration of the Netgear VPN Client Page Page Page Page Page Page Testing the VPN Connection From the Client PC to the FWG114P v2 From the FWG114P v2 to the Client PC Monitoring the PC VPN Connection Viewing the FWG114P v2 VPN Status and Log Information Page Page Page Maintenance 9-3 Table 9-1. Status Fields Click WAN Status to display the WAN connection status. This screen shows the following statistics:. Log action buttons are described in Table 9-2. Click Show Statistics to display router usage statistics. This screen shows the following statistics: Viewing a List of Attached Devices Upgrading the Router Software Configuration File Management Restoring and Backing Up the Configuration Erasing the Configuration Changing the Administrator Password Page Chapter 10 Advanced Configuration Using the WAN Setup Options Page How to Configure Dynamic DNS Page Using the LAN IP Setup Options Configuring LAN TCP/IP Setup Parameters Page Using the Router as a DHCP server Using Address Reservation Configuring Static Routes Page Enabling Remote Management Access Using Universal Plug and Play (UPnP) Advanced Wireless Settings Page Page Chapter 11 Troubleshooting Basic Functioning Power LED Not On LEDs Never Turn Off LAN or Internet Port LEDs Not On Troubleshooting the W e b Configuration Interface Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your Router Testing the Path from Your Computer to a Remote Device Restoring the Default Configuration and Password Problems with Date and Time Page Appendix A Technical Specifications Page Appendix B Networks, Routing, and Firewall Basics Related Publications Basic Router Concepts What is a Router? Routing Information Protocol IP Addresses and the Internet Page Netmask Subnet Addressing Page Page Private IP Addresses Single IP Address Operation Using NAT Page MAC Addresses and Address Resolution Protocol Related Documents Domain Name Server IP Configuration by DHCP Internet Security and Firewalls What is a Firewall? Stateful Packet Inspection Denial of Service Attack Ethernet Cabling Category 5 Cable Quality Inside Twisted Pair Cables Uplink Switches, Crossover Cables, and MDI/MDIX Switching Page Page Appendix C Preparing Your Network Preparing Your Computers for TCP/IP Networking Configuring Windows 95, 98, and Me for TCP/IP Networking Install or Verify Windows Networking Components Page Enabling DHCP to Automatically Configure TCP/IP Settings Verifying TCP/IP Properties Configuring Windows NT, 2000 or XP for IP Networking Installing or Verifying Windows Networking Components Verifying TCP/IP Properties Configuring the Macintosh for TCP/IP Networking MacOS 8.6 or 9.x MacOS X Verifying TCP/IP Properties for Macintosh Computers Verifying the Readiness of Your Internet Account Are Login Protocols Used? What Is Your Configuration Information? Obt aining ISP Configuration Information for W indows Computers Obtaining ISP Configuration Information for Macintosh Computers Page Firewall Log Formats D-1 Appendix D Firewall Log Formats Action List Outgoing packets that match the Firewall rules are logged. Field List Outbound Log Inbound Log Incoming packets that match the Firewall rules are logged. Some special packets matching the Firewall rules, like VPN connection, etc. are logged. Other IP Traffic Firewall Log Formats D-3 Router Operation Operations that the router initiates are logged. D-4 Firewall Log Formats Other Connections and Traffic to this Router DoS Attack/Scan Common attacks and scans are logged. Firewall Log Formats D-5 Access Block Site All Web Sites and News Groups Visited System Admin Sessions Firewall Log Formats D-7 Policy Administration LOG Page Appendix E Wireless Networking Basics Wireless Networking Overview Infrastructure Mode Ad Hoc Mode (Peer-to-Peer Workgroup) Network Name: Extended Service Set Identification (ESSID) Authentication and WEP Data Encryption 802.11 Authentication Open System Authentication Shared Key Authentication 2SHQ6\VWHP $XWKHQWLFDWLRQ6WHSV Overview of WEP Parameters 6KDUHG.H\ $XWKHQWLFDWLRQ6WHSV Key Size WEP Configuration Options Wireless Channels WPA Wireless Security How Does WPA Compare to WEP? How Does WPA Compare to IEEE 802.11i? What are the Key Features of WPA Security? Page Wired Network with Optional 802.1x Port Based Network Access Control Wireless LAN Page Page Page Is WPA Perfect? Product Support for WPA Page Page Appendix F Virtual Private Networking What is a VPN? What is IPSec and How Does It Work? IPSec Security Features IPSec Components Encapsulating Security Payload (ESP) Authentication Header (AH) IKE Security Association Page Key Management Understand the Process Before You Begin VPN Process Overview Network Interfaces and Addresses Setting Up a VPN Tunnel Between Gateways AB IPSec Security Association IKE VPN Tunnel Negotiation Steps VPNC IKE Security Parameters VPNC IKE Phase I Parameters VPNC IKE Phase II Parameters Testing and Troubleshooting Additional Reading Page Appendix G NETGEAR VPN Configuration FVS318 or FVM318 to FWG114P v2 Configuration Template S tep-By-Step Configuration of FVS318 or FVM318 Gateway A Page Page Step-By-Step Configuration of FWG114P Gateway B Page Page Page Test the VPN Connection Page Appendix H NETGEAR VPN Configuration FVS318 or FVM318 with FQDN to FVS328 Configuration Template Using DDNS and Fully Qualified Domain Names (FQDN) S tep-By-Step Configuration of FVS318 or FVM318 Gateway A Page Page Page Step-By-Step Configuration of FVS328 Gateway B Page Page Page Test the VPN Connection Page Glossary Use the list below to find definitions for technical terms used in this manual.