ZyXEL Communications NBG420N Manual Do Utilizador
Chapter 15 IPSec VPN
NBG420N User’s Guide
183
15.3 The SA Monitor Screen
In the web configurator, click
Security
> VPN > SA Monitor. Use this screen to display and
manage active VPN connections.
A Security Association (SA) is the group of security settings related to a specific VPN tunnel.
This screen displays active VPN connections. Use Refresh to display active VPN connections.
A Security Association (SA) is the group of security settings related to a specific VPN tunnel.
This screen displays active VPN connections. Use Refresh to display active VPN connections.
Figure 109 Security > VPN > SA Monitor
Enable Replay
Detection
As a VPN setup is processing intensive, the system is vulnerable to Denial of
Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate
packets to protect against replay attacks. Select Yes from the drop-down menu to
enable replay detection, or select No to disable it.
IPSec Protocol
Select the security protocols used for an SA.
Both AH and ESP increase processing requirements and communications latency
Both AH and ESP increase processing requirements and communications latency
(delay).
If you select ESP here, you must select options from the Encryption Algorithm
If you select ESP here, you must select options from the Encryption Algorithm
and Authentication Algorithm fields (described below).
Encryption
Algorithm
Select which key size and encryption algorithm to use in the IKE SA. Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
The NBG420N and the remote IPSec router must use the same algorithms and
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
The NBG420N and the remote IPSec router must use the same algorithms and
keys. Longer keys require more processing power, resulting in increased latency
and decreased throughput.
Encryption Key
This field is applicable when you select ESP in the IPSec Protocol field above.
With DES, type a unique key 8 characters long. With 3DES, type a unique key 24
With DES, type a unique key 8 characters long. With 3DES, type a unique key 24
characters long. Any characters may be used, including spaces, but trailing
spaces are truncated.
Authentication
Algorithm
Select which hash algorithm to use to authenticate packet data in the IPSec SA.
Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5,
but it is also slower.
Authentication
Key
Type a unique authentication key to be used by IPSec if applicable. Enter 16
characters for MD5 authentication or 20 characters for SHA-1 authentication. Any
characters may be used, including spaces, but trailing spaces are truncated.
Apply
Click Apply to save your changes back to the NBG420N.
Reset
Click Reset to begin configuring this screen afresh.
Cancel
Click Cancel to exit the screen without making any changes.
Table 65 Security > VPN > Rule Setup: Manual (continued)
LABEL
DESCRIPTION