SMC Networks D3GN4 Manual De Usuario
94
SMCD3GNV4 and SMCD3GNV4E Wireless EMTA Gateway Administrator Manual
Option
Description
IPSec Encryption
Select the authentication algorithm used to encrypt packet data. Choices are
•
3des = more secure method than DES, but with lower throughput.
•
aes = more secure than 3DES. The higher the bit rate, the stronger the encryption but the trade-off is lower
throughput.
•
null = no authentication used..
Both ends of the tunnel must use the same setting; otherwise, the VPN tunnel cannot be established. This field
is gray and unavailable if AH is selected for IPSec operation.
IPSec Authentication
Authentication method used when ESP is selected for IPSec Operation. Both ends of the tunnel must use the
same setting; otherwise, the VPN tunnel cannot be established. Choices are:
•
md5 = a one-way hashing algorithm that produces a 128-bit digest. (default)
•
sha = a one-way hashing algorithm that produces a 160-bit digest. SHA is more secure than MD5.
IPSec SA Life
Enter the number of seconds for the IPSec lifetime. This is the period of time that can pass before establishing
a new IPSec security association (SA) with the remote endpoint.
Perfect Forward Secrecy
Ensures that a session key derived from a set of long-term public and private keys will not be compromised if
one of the (long-term private keys is compromised in the future. Both sides of the VPN must be able to support
Perfect Forward Secrecy in order for it to work.
•
enable = ensures the same key will not be generated again, forcing a new D-H key exchange.
•
disable = feature is disabled.
IPSec DH Group
Select the D-H group used during the VPN negotiation stage. Choices are:
•
group 2 = provides basic security and good performance.
•
group 5 = like group 2. Actual initialization and rekey speed depend on a number of factors.
•
group 6 = offers the fastest performance. If performance times are a problem for your network, change to a
lower DH group.