User's Manual
Table Of Contents
- Reference Manual for the NETGEAR ProSafe VPN Client
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Installation
- Chapter 4 Configuring L2TP Connections
- Chapter 5 Using the Security Policy Editor
- What is the Security Policy Editor?
- Basic Steps to Configure a Security Policy
- How to Secure All Connections
- How to Configure Global Policy Settings
- How to Configure Other Connections
- How to Add and Configure a Connection
- How to Enter a Preshared Key
- How to Configure a Gateway
- Configure My Identity
- Configure Security Policy Connection Options
- Configure Authentication (Phase 1)
- Configure Key Exchange (Phase 2)
- Edit a Distinguished Name
- Configure and Manage Connections
- Manage Proposals
- Manage Redundant Gateways
- Manage the Security Policy
- Chapter 6 Using the Certificate Manager
- What is the Certificate Manager?
- Obtain Certificates
- With Online (SCEP) Enrollment
- CAs that Support SCEP
- Retrieve a CA Certificate Online
- Configure a CA Certificate
- Use an HTTP Proxy Server for Online Certificate Requests and CRL Updates
- Import a CA Certificate
- Select a CSP
- Request a Personal Certificate
- Define How Often to Check for and Retrieve New Personal Certificates
- Retrieve a Personal Certificate Manually
- Manage Certificate Requests
- With Manual (File-Based) Enrollment
- Obtain Certificates Through Internet Explorer
- With Online (SCEP) Enrollment
- Manage Certificates
- Manage Certificate Revocation Lists (CRLs)
- Manage the Trust Policy
- Chapter 7 Using Sessions
- Chapter 8 Distributing Customized Profiles
- Chapter 9 Troubleshooting
- Appendix A Networks, Routing, and Firewall Basics
- Appendix B Virtual Private Networking
- Appendix C NETGEAR ProSafe VPN Client to NETGEAR FVS318 or FVM318 VPN Routers
- Appendix D NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
- Glossary
- Index
Reference Manual for the NETGEAR ProSafe VPN Client
5-4 Using the Security Policy Editor
202-10015-01
• The maximum size for the isakmp.log file is 100 KB. When the client computer, the client,
and the IKE service restart and the isakmp.log file size exceeds 100 KB, this isakmp.log
file is deleted and a new one created.
• On computers running Windows 95 and 98, when the isakmp.log file size exceeds 64 KB,
Notepad prompts the user to try WordPad instead because of the file's size. When the user
tries WordPad, however, WordPad prompts the user that it can't open the file because it is
in use by another program (the IKE service).
In this case, to view the file, try one of these options:
– Rename it, and then open it in WordPad.
– Open a read-only version of the file in Microsoft Word.
– Clear the Enable logging to a file check box, and then open the file.
7. If you don't use a smart card and reader or similar device to authenticate your identity, skip this
step.
If you do use a smart card and reader or similar device, the client can, when it detects that the
smart card or reader is removed, delete active keys and end these communications sessions.
This provides extra security. Only connections that use the keys on your smart card are
affected.
To enable this feature, select the Smart card removal clears keys check box.
8. Click OK.
9. Click Save.
How to Configure Other Connections
The security policy includes a connection called Other Connections. This connection, non-secure
by default, is designed to allow all non-encrypted IP traffic through and let you to access the
Internet and other public networks unsecured.
The client processes connections in the order in which they display in the Network Security
Policy list. Because Other Connections is the catchall or default rule for communications that don't
conform to the proposals for individual connections, it is always last in the connections list.
1. In the Security Policy Editor, click Options, point to Secure, and then click Specified
Connections.
2. In the Network Security Policy list, click Other Connections.