NETGEAR FVS336Gv3 - Page 376

NETGEAR FVS336Gv3

693 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Set Up Virtual Private Networking With IPSec Connections

376

ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv3

Diffie-Hellman (DH)

Group

The DH Group sets the strength of the algorithm in bits. The higher the group, the

more secure the exchange. From the menu, select the strength:

• Group 1 (768 bit).

• Group 2 (1024 bit). This is the default setting.

• Group 5 (1536 bit).

Note: Ensure that the DH group is configured identically on both sides.

SA-Lifetime (sec) The period in seconds for which the IKE SA is valid. When the period times out,

the next rekeying occurs. The default is 28800 seconds (eight hours).

Enable Dead Peer

Detection

Select a radio button to specify whether Dead Peer Detection (DPD) is enabled:

• No. This feature is disabled. This is the default setting.

• Yes. This feature is enabled. When the VPN firewall detects an IKE

connection failure, it removes the IPSec and IKE SA and forces a

reestablishment of the connection. You must specify the detection period in

the Detection Period field and the maximum number of times that the VPN

firewall attempts to reconnect in the Reconnect after failure count field.

Note: For more information, see Manage Keep-Alives and Dead Peer Detection

on page 414.

Detection Period The period in seconds between consecutive DPD R-U-THERE messages, which

are sent only when the IPSec traffic is idle.

Reconnect after failure

count

The maximum number of DPD failures before the VPN firewall tears down the

connection and then attempts to reconnect to the peer. The default is 3 failures.

Extended Authentication

XAUTH Configuration Select a radio button to specify whether Extended Authentication (XAUTH) is

enabled and, if enabled, which device is used to verify user account information:

• None. XAUTH is disabled. This the default setting.

• Edge Device. The VPN firewall functions as a VPN concentrator on which

one or more gateway tunnels terminate. The authentication modes that are

available for this configuration are User Database, RADIUS PAP, or RADIUS

CHAP.

• IPSec Host. The VPN firewall functions as a VPN client of the remote

gateway. In this configuration, the VPN firewall is authenticated by a remote

gateway with a user name and password combination.

Note: For more information about XAUTH and its authentication modes, see

Enable and Configure Extended Authentication for VPN Clients on page 392.

Setting Description

Table of Contents

Related product manuals

Preview: NETGEAR FVS336G

NETGEAR FVS336G

Preview: NETGEAR ProSAFE FVS336G v3

NETGEAR ProSAFE FVS336G v3

Preview: NETGEAR FVS318N

NETGEAR FVS318N

Preview: FVS318 - ProSafe VPN Firewall Router

FVS318 - ProSafe VPN Firewall Router

Preview: NETGEAR FVS124G

NETGEAR FVS124G

Preview: NETGEAR ProSafe FVS114

NETGEAR ProSafe FVS114

Preview: NETGEAR FVX538NA

NETGEAR FVX538NA

Preview: NETGEAR ProSafe FVG318

NETGEAR ProSafe FVG318

Preview: NETGEAR FWG114P

NETGEAR FWG114P

Preview: NETGEAR ProSAFE SRX5308

NETGEAR ProSAFE SRX5308

Preview: NETGEAR UTM5

Preview: NETGEAR SRX5308

NETGEAR SRX5308