DropTheScience.com - Crossroads of Digital Technology and Media

 PadlaVersusMoij.net
Zoetronics.org
MorningStar Productions
Zoe.DynDNS.org
DTS Music
DTS Search

 Includes:
  Pro Audio Technology
  Digital Video, HD, & Film
  Studio Recording
  Location Recording, Foley
  Post Production
  Sound Design

Topic Areas:
  Music Industry
  Film & TV Industry
  IT Industry
  General Search
  National Search
  International Search

REFERENCE: VPN SECTION

VPN Description of Settings for Netgear FVS318 Prosafe Router VPN Firewall

A Virtual Private Network (VPN): allows two hosts or networks to connect securely over the public Internet. For each secure connection, you must create and configure a Security Association (SA), which is a set of policies and keys for authentication and encryption between the two sides.

VPN Security Association (SA):

Click the button next to a number on the table.
Click Edit to open the editing menu.
Type Security Association name in the Connection Name box.
(This is for identification purposes only.)
Enter a Local IPSec Identifier name for this router.
This name must be entered in the other endpoint as Remote IPSec Identifier.
Enter a Remote IPSec Identifier name for the remote router or host.
This name must be entered in the other endpoint as Local IPSec Identifier.
Define the remote network.
If the remote network is:
1) A remote PC that is directly connected to the Internet,
select Remote site is a single user and enter the
PC’s public IP or Fully Qualified Domain Name (FQDN) in Remote WAN IP or FQDN.
2) A remote PC that is connected to the Internet through a NAT router, select Remote site is a LAN and enter the PC’s LAN IP address in Remote LAN IP Address with subnet mask 255.255.255.255. Enter the NAT router’s public IP or FQDN in Remote WAN IP or FQDN.
3) a remote LAN that is connected to the Internet through a router, select Remote site is a LAN and enter the router’s LAN IP address and subnet mask in Remote LAN IP Address and Remote LAN Subnet Mask. Enter the remote router's public IP or FQDN in Remote WAN IP or FQDN.
Note: The Local and Remote IPSec Identifiers must not be used by any other Security Association defined in this network.

Note: A Fully Qualified Domain Name (FQDN) is the complete URL of the remote router or host. A dynamic DNS domain name can be used here for a remote site with a dynamically-assigned IP address.

Next you must choose the Security Association (SA) Mode. You can choose from Main Mode, Aggressive Mode, or Manual Keys. The Main and Aggressive Modes use the simpler Internet Key Exchange (IKE) setup. For Manual Keying, you must specify each phase of the connection. When you select the mode, the remaining fields will change depending on which method you choose.

IKE (Internet Key Exchange): is an automated method for establishing a shared security policy and authenticated keys. A preshared key is used for mutual identification.

Leave Perfect Forward Secrecy enabled unless the remote side does not support it.

For Encryption Protocol, select one:

Null - Fastest, but no security.
DES - Faster but less secure than 3DES.
3DES - Triple DES for increased security, but slowest.
AES - [key size] - More efficient than DES or 3DES. Longer key lengths mean increased security, decreased throughput.
Key Group - (Only in Aggressive Mode) Select D-H group to match the other endpoint.
PreShared Key - Use a secure combination of letters, numbers, and symbols
Key Life - Default is 3600 seconds (1 hour)
IKE Life Time - Default is 28800 seconds (8 hours).
A shorter time increases security, but users are periodically disconnected upon renegotiation.
Click Apply to enter the SA into the table or Cancel to discard the configuration settings.
Manual Security Association
You can manually specify the security policies. The settings at the remote router or host must match these settings exactly.

Incoming SPI - Enter the Security Parameter Index that the remote host will send to identify the Security Association (SA).
Outgoing SPI - Enter the Security Parameter Index that this router will send to identify the Security Association (SA).
The SPI should be a string of hexadecimal [0-9,A-F] characters, and should not be used in any other SA. The Incoming and Outgoing SPIs can be the same.
For Encryption Protocol, select one:

Null - Fastest, but no security.
DES - Faster but less secure than 3DES.
3DES - Triple DES for increased security, but slowest.
AES - [key size] - More efficient than DES or 3DES. Longer key lengths mean increased security, decreased throughput.
Encryption Key
Enter the required number of hexadecimal (0-9, a-f) characters:
DES: 16 characters.
3DES: 48 characters.
AES-128: 32 characters.
AES-192: 48 characters.
AES-256: 64 characters.
The encryption key must match exactly the key used by the remote router or host.
Authentication Protocol - Select MD5 (default) or SHA-1 to match the remote host.
Authentication Key - Enter 32 hexadecimal characters.
Click Apply to enter the SA into the table or Cancel to discard the configuration settings.
NETBIOS Enable
Check this box to pass NetBIOS traffic over the VPN tunnel. NetBIOS communications allow functions such as Network Neighborhood browsing.

a place where computer technology and media converge

Copyright 2003 ©  DropTheScience.com All rights reserved.
Design by TemplatesBox.com