Manualsbrain.com
  1. Manuali
  2. Marche
  3. Cirkuit Planet
  4. MH-1000
  5. Manuale Utente

Cirkuit Planet MH-1000 Manuale Utente

Scarica
Pagina di 141
Multi-Homing Security Gateway User’s Manual 
  Method: There are two methods of checking the authentication information, AH (Authentication Header) 
and ESP (Encapsulating Security Payload). Use ESP for greater security so that data will be encrypted and 
authenticated. AH data will be authenticated but not encrypted. 
  Encryption Protocol: Select the encryption method from the pull-down menu. There are several 
options: DES, 3DES, and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency. 
  
DES:
 Stands for Data Encryption Standard. It uses a 56-bit encryption method. 
  
3DES:
 Stands for Triple Data Encryption Standard. It uses a 168-bit encryption method. 
  
AES:
 Stands for Advanced Encryption Standard. You can use 128, 192 or 256 bits as encryption 
method. 
  Authentication Protocol: Authentication establishes data integrity and ensures it is not tampered with 
while in transit. There are two options: Message Digest 5 (MD5), and Secure Hash Algorithm (SHA1). 
While slower, SHA1 is more resistant to brute-force attacks than MD5. 
  
MD5:
 A one-way hashing algorithm that produces a 128−bit hash. 
  
SHA1:
 A one-way hashing algorithm that produces a 160−bit hash. 
  Perfect Forward Secure: Choose whether to enable PFS using Diffie-Hellman public-key cryptography 
to change encryption keys during the second phase of VPN negotiation. This function will provide better 
security, but extends the VPN negotiation time. Diffie-Hellman is a public-key cryptography protocol that 
allows two parties to establish a shared secret over the Internet. 
  Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol. IKE is used to establish a shared 
security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec 
traffic can be passed, each router must be able to verify the identity of its peer. This can be done by 
manually entering the pre-shared key into both sides (router or hosts). 
  IKE Life Time: Allows you to specify the timer interval for renegotiation of the IKE security association. 
The value is in seconds, eg. 28800 seconds = 8 hours. 
  Key Life Time: Allows you to specify the timer interval for renegotiation of another key. The value is in 
seconds eg. 3600 seconds = 1 hour. 
Netbios Broadcast:
 Allows MH-1000 to send local Netbios Broadcast packet through the IPSec Tunnel, 
please select Enable or Disable
DPD Setting:   
DPD function:
 Select Enable, MH-1000 will send out informational packet to see if remote VPN device 
responds the packets, the function is used to detect the tunnel is alive or not. Check Disable to stop the 
feature. 
Detection Interval:
 The interval time to check the remote IPSec device. By default is 30 seconds. 
Idle Timeout:
 If the remote VPN device does not respond, MH-1000 will retry to send out the packets. 
When the frequency reaches to the Idle Timeout setting, MH-1000 will disconnect the VPN connection 
automatically. The range of Idle Timeout can be set within 1 to 10. 
 
Click the Apply button to save your changes. 
 
 
 
 
 
- 69 -