Manualsbrain.com
  1. Manuais
  2. Marcas
  3. ZyXEL
  4. p-334
  5. Manual Do Utilizador

ZyXEL p-334 Manual Do Utilizador

Download
Página de 366
Prestige 334 User’s Guide
Chapter 15 VPN Screens
174
15.13  Manual Key Setup
Manual key management is useful if you have problems with IKE key management.
IPSec Protocol 
Select ESP or AH from the drop-down list box. The Prestige's IPSec Protocol 
should be identical to the secure remote gateway. The ESP (Encapsulation 
Security Payload) protocol (RFC 2406) provides encryption as well as the 
authentication offered by AH. If you select ESP here, you must select options 
from the Encryption Algorithm and Authentication Algorithm fields (described 
below). The AH protocol (Authentication Header Protocol) (RFC 2402) was 
designed for integrity, authentication, sequence integrity (replay resistance), 
and non-repudiation but not for confidentiality, for which the ESP was 
designed. If you select AH here, you must select options from the 
Authentication Algorithm field. 
Encryption Algorithm 
The encryption algorithm for the Prestige and the secure remote gateway 
should be identical. When DES is used for data communications, both sender 
and receiver must know the same secret key, which can be used to encrypt 
and decrypt the message. The DES encryption algorithm uses a 56-bit key. 
Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result, 
3DES is more secure than DES. It also requires more processing power, 
resulting in increased latency and decreased throughput. 
Authentication 
Algorithm 
Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) 
and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate 
packet data. The SHA1 algorithm is generally considered stronger than MD5, 
but is slower. Select MD5 for minimal security and SHA-1 for maximum 
security. 
SA Life Time 
Define the length of time before an IKE SA automatically renegotiates in this 
field. It may range from 60 to 3,000,000 seconds (almost 35 days). A short SA 
Life Time increases security by forcing the two VPN gateways to update the 
encryption and authentication keys. However, every time the VPN tunnel 
renegotiates, all users accessing remote resources are temporarily 
disconnected. 
Perfect Forward 
Secrecy (PFS) 
Perfect Forward Secrecy (PFS) is disabled (None) by default in phase 2 IPSec 
SA setup. This allows faster IPSec setup, but is not so secure. Choose from 
DH1 or DH2 to enable PFS. DH1 refers to Diffie-Hellman Group 1, a 768 bit 
random number. DH2 refers to Diffie-Hellman Group 2, a 1024 bit (1Kb) 
random number (more secure, yet slower). 
Basic
Select Basic to go to the previous VPN configuration screen.
Apply
Click Apply to save your changes. 
Reset
Click Reset to begin configuring this screen afresh.
Table 52   VPN IKE: Advanced
LABEL
DESCRIPTION