User's Manual
Table Of Contents
- Reference Manual for the NETGEAR ProSafe VPN Client
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Installation
- Chapter 4 Configuring L2TP Connections
- Chapter 5 Using the Security Policy Editor
- What is the Security Policy Editor?
- Basic Steps to Configure a Security Policy
- How to Secure All Connections
- How to Configure Global Policy Settings
- How to Configure Other Connections
- How to Add and Configure a Connection
- How to Enter a Preshared Key
- How to Configure a Gateway
- Configure My Identity
- Configure Security Policy Connection Options
- Configure Authentication (Phase 1)
- Configure Key Exchange (Phase 2)
- Edit a Distinguished Name
- Configure and Manage Connections
- Manage Proposals
- Manage Redundant Gateways
- Manage the Security Policy
- Chapter 6 Using the Certificate Manager
- What is the Certificate Manager?
- Obtain Certificates
- With Online (SCEP) Enrollment
- CAs that Support SCEP
- Retrieve a CA Certificate Online
- Configure a CA Certificate
- Use an HTTP Proxy Server for Online Certificate Requests and CRL Updates
- Import a CA Certificate
- Select a CSP
- Request a Personal Certificate
- Define How Often to Check for and Retrieve New Personal Certificates
- Retrieve a Personal Certificate Manually
- Manage Certificate Requests
- With Manual (File-Based) Enrollment
- Obtain Certificates Through Internet Explorer
- With Online (SCEP) Enrollment
- Manage Certificates
- Manage Certificate Revocation Lists (CRLs)
- Manage the Trust Policy
- Chapter 7 Using Sessions
- Chapter 8 Distributing Customized Profiles
- Chapter 9 Troubleshooting
- Appendix A Networks, Routing, and Firewall Basics
- Appendix B Virtual Private Networking
- Appendix C NETGEAR ProSafe VPN Client to NETGEAR FVS318 or FVM318 VPN Routers
- Appendix D NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
- Glossary
- Index
Reference Manual for the NETGEAR ProSafe VPN Client
B-6 Virtual Private Networking
202-10015-01
Key Management
IPSec uses the Internet Key Exchange (IKE) protocol to facilitate and automate the SA setup and
the exchange of keys between parties transferring data. Using keys ensures that only the sender
and receiver of a message can access it.
IPSec requires that keys be re-created, or refreshed, frequently so that the parties can communicate
securely with each other. IKE manages the process of refreshing keys; however, a user can control
the key strength and the refresh frequency. Refreshing keys on a regular basis ensures data
confidentiality between sender and receiver.
Understand the Process Before You Begin
It is a good idea to gather all the necessary information required to establish a VPN before you
begin the configuration process. You should understand whether the firmware is up to date, all of
the addresses that will be necessary, and all of the parameters that need to be set on both sides. Try
to understand any incompatibilities before you begin, so that you minimize any potential
complications which may arise from normal firewall or WAN processes.
NETGEAR is a member of the VPN Consortium, a group formed to facilitate IPSec VPN vendor
interoperability. The VPN Consortium has developed specific scenarios to aid system
administrators in the often confusing process of connecting two different vendor implementations
of the IPSec standard. Additional information regarding inter-vendor interoperability may be
found at http://www.vpnc.org/interop.html.
If you are not a full-time system administrator, it is a good idea to familiarize yourself with the
mechanics of a VPN. The brief description in this document will help. Other good sources include:
• The NETGEAR VPN Tutorial – http://www.netgear.com/planetvpn/pvpn_2.html
• The VPN Consortium – http://www.vpnc.org/
• The VPN bibliography in “Additional Reading“ on page B-11.
VPN Process Overview
Even though IPSec is standards-based, each vendor has its own set of terms and procedures for
implementing the standard. Because of these differences, it may be a good idea to review some of