ZyXEL MAX318M User Guide - Page 141
Security, WiMAX Device Configuration User's Guide, Domain Name, E-mail, Remote Endpoint
View all ZyXEL MAX318M manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 141 highlights
Chapter 8 Security Table 60 IPSec VPN: Add (continued) LABEL Remote ID Type DESCRIPTION Select IP to identify the remote IPSec router by its IP address. Select Domain Name to identify the remote IPSec router by a domain name. Content Select E-mail to identify the remote IPSec router by an e-mail address. The configuration of the remote content depends on the remote ID type. For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the WiMAX Device will use the address in the Remote Endpoint field (refer to the Remote Endpoint field description). For Domain Name or E-mail, type a domain name or e-mail address by which to identify the remote IPSec router. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated. The domain name or e-mail address is for identification purposes only and can be any string. It is recommended that you type an IP address other than 0.0.0.0 or use the Domain Name or E-mail ID type in the following situations: IKE Phase 1 Proposal # Encryption • When there is a NAT router between the two IPSec routers. • When you want the WiMAX Device to distinguish between VPN connection requests that come in from remote IPSec routers with dynamic WAN IP addresses. This field is a sequential value, and it is not associated with a specific proposal. The sequence of proposals should not affect performance significantly. Select which key size and encryption algorithm to use in the IKE SA. Choices are: • DES - a 56-bit key with the DES encryption algorithm • 3DES - a 168-bit key with the DES encryption algorithm • AES128 - a 128-bit key with the AES encryption algorithm • AES192 - a 192-bit key with the AES encryption algorithm • AES256 - a 256-bit key with the AES encryption algorithm The WiMAX Device and the remote IPSec router must use the same key size and encryption algorithm. Longer keys require more processing power, resulting in increased latency and decreased throughput. Authentication Select which hash algorithm to use to authenticate packet data. Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also slower. Remove Select an entry and click this to delete it. Add Click this to create a new entry. OK Click this to save the changes. Key Group Select which Diffie-Hellman key group (DHx) you want to use for encryption keys. Choices are: • DH1 - use a 768-bit random number • DH2 - use a 1024-bit random number • DH5 - use a 1536-bit random number The longer the key, the more secure the encryption, but also the longer it takes to encrypt and decrypt information. Both routers must use the same DH key group. WiMAX Device Configuration User's Guide 141