Reference Manual for the Model FVS318 Cable/DSL ProSafe VPN Firewall
6-12 Virtual Private Networking
3. Type a name for this Security Association in the Connection Name box.
(This name is only to help you identify the Security Association)
4. Enter a Local IPSec Identifier name for this FVS318.
You can leave this as ‘Local’.
5. Enter a Remote IPSec Identifier name for the remote FVS318.
You can leave this as ‘Remote’.
6. Define the remote network by entering its Remote IP Address and IP Subnet Mask.
In this case, the remote network is a single PC, and its IP address is unknown since it will be
assigned dynamically by the user’s ISP. We will choose an arbitrary “fixed virtual” IP address
to define this connection. This IP address will be used in the configuration of the VPN client.
For this example, we will choose 192.168.100.100.
7. Since the remote network is a single PC, enter 255.255.255.255 for the Subnet Mask.
8. Since the remote PC has a dynamically assigned IP address, enter 0.0.0.0 as the Remote
Gateway IP Address.
Note: Only one side may have a dynamic IP address, and that side must always initiate the
connection.
Choose whether the Security Association (SA) will use the simpler Internet Key Exchange (IKE)
setup, or Manual Keying. IKE is an automated method for establishing a shared security policy
and authenticated keys. A preshared key is used for mutual identification. With Manual Keying,
you must specify each phase of the connection.
9. Under Secure Association, click the radio button for IKE.
10. Enable Perfect Forward Secrecy.
11. For Encryption Protocol, select one:
a. Null - Fastest, but no security.
b. DES - Faster but less secure than 3DES.
c. 3DES - (Triple DES) Most secure.
12. Enter a PreShared Key - Use a secure combination of letters, numbers, and symbols
The PreShared Key should be between 8 and 80 characters. For greater security, enter a
combination of letters, numbers and symbols, such as "r>T(h4&3@#kB". Letters are case
sensitive.
13. Key Life - Default is 3600 seconds (1 hour)