Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall
Virtual Private Networking 6-7
3. Type a name for this Security Association in the Connection Name box.
(This name is only to help you identify the Security Association)
4. Enter a Local IPSec Identifier name for this FVS318.
You can leave this as ‘Local’.
5. Enter a Remote IPSec Identifier name for the remote FVS318.
You can leave this as ‘Remote’.
6. Define the remote network by entering its Remote IP Address and IP Subnet Mask.
In this case, the Remote network address is the LAN network address of the second FVS318,
which is 192.168.3.0 and the Subnet Mask is 255.255.255.0.
7. Type the Remote Gateway IP Address, which is the public IP address of the second FVS318.
If the second FVS318 has a dynamic address, type 0.0.0.0.
Note: Only one side may have a dynamic IP address, and that side must always initiate the
connection.
At this point, you must choose whether the Security Association (SA) will use the simpler Internet
Key Exchange (IKE) setup, or Manual Keying. IKE is an automated method for establishing a
shared security policy and authenticated keys. A preshared key is used for mutual identification.
With Manual Keying, you must specify each phase of the connection.
8. Under Secure Association, click the radio button for IKE.
9. Enable Perfect Forward Secrecy.
10. For Encryption Protocol, select one:
a. Null - Fastest, but no security.
b. DES - Faster but less secure than 3DES.
c. 3DES - (Triple DES) Most secure.
11. Enter a PreShared Key - Use a secure combination of letters, numbers, and symbols
The PreShared Key should be between 8 and 80 characters. For greater security, enter a
combination of letters, numbers and symbols, such as "r>T(h4&3@#kB". Letters are case
sensitive.
12. Key Life - Default is 3600 seconds (1 hour)
13. IKE Life Time - Default is 28800 seconds (8 hours).
A shorter time increases security, but users will be temporarily disconnected upon
renegotiation.
14. Click Apply to enter the SA into the table.