Refer
e
nc
e M
anu
al
for
the
Pr
oSafe
802.11
g
Wire
less
VPN Fir
e
wal
l FVG318
7-
14
Adva
nced Vir
tu
a
l Private Networkin
g
BE
TA
Each CA has its own c
ertificate. The certifica
tes of
a CA
a
re
ad
de
d to
the
FV
G
31
8 a
nd th
en
c
an
be
used to
form IKE policies
for the
user
. Once a
CA c
ertific
ate is adde
d to
the FVG318 and a
certifica
te is create
d for a
user
, the c
orres
ponding
IKE
po
lic
y is ad
de
d to
the FVG318. Whene
ve
r
the
user tries to send traf
fic th
ro
ug
h th
e FVG3
18
, the certifica
tes are used in pla
ce of
pre-shared
ke
ys
du
ring
ini
tial
key
ex
ch
ange as th
e au
then
tication and key generation mechanism. Once the
keys ar
e established and
the tunnel
is
set up
th
e connec
tion proc
eeds acc
ording to the
V
PN
polic
y.
Certificate Revocation List (CRL)
Each Certification Authority (CA) maintains a list
of the
revoked ce
rtific
ates. The
lis
t of thes
e
revoked
ce
rtificates
is
known as the
C
ertificate Re
vocation List (CRL).
Whe
never an IKE
polic
y rec
eive
s the c
ertific
ate
from a pe
er
, it checks for this certificate
in the
CRL on
the FVG3
18
ob
tain
ed fro
m the
corre
sponding CA. If the ce
rt
ific
ate is not pres
ent in the
CRL it
means that
the cert
ificat
e is not re
voke
d. IKE can then us
e this ce
rtific
ate for
authentication. If the ce
rtific
ate is
present i
n the
CRL
it means
that
the certificate is
revoked,
and
the
IKE
will not aut
henticate the client.
Y
ou must manu
all
y u
pdate th
e
FVG3
18
CRL regu
larl
y in
ord
er for
the CA-based
auth
en
ticati
on
process to remain valid.
W
alk-Through of Configurati
on Scenarios on the FVG318
The
re
are
a va
rie
ty of
co
nf
igu
ratio
ns yo
u mig
ht
implement with the FVG318. The scenarios listed
below illustr
ate typical configurati
ons
you mi
ght
use in
your or
ganization.
In order to help make it easie
r
to set up an
IPse
c system, the following tw
o sc
ena
rios are
provided.
The
se sce
na
rio
s were
dev
elo
pe
d by
the
V
PN
Co
ns
ortiu
m (
ht
tp://www
.vpnc.or
g
). The
goal i
s
to
ma
ke it eas
ier to ge
t the systems from
dif
fe
rent
vend
ors to
int
ero
perate
. NETGEAR
is providing
yo
u with
bo
th of th
ese
s
cenarios
in the following two formats:
•
V
PN Consortium
Scenarios without
an
y p
rod
uct implemen
tat
ion
details
•
V
PN Consortium
Sc
ena
rios base
d
on
th
e
FV
G3
18
U
ser
Inte
rfa
ce
The purpose
of
providing these two
ve
rsions of the
sa
me sc
ena
rios
is to help you
determine where
the
two ve
ndors
use dif
fe
rent voc
abulary
. See
ing
the examples
pres
ente
d
in these dif
fe
rent wa
ys
will
reveal how systems
from dif
fer
ent vendors do t
he same thi
ng.