ZyXEL P-2802HWL-I3 User Guide - Page 185
VPN Screens
View all ZyXEL P-2802HWL-I3 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 185 highlights
CHAPTER 14 VPN Screens This chapter introduces the VPN screens. See Chapter 22 on page 289 for information on viewing logs and the appendix for IPSec log descriptions. 14.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections. 14.2 IPSec Algorithms The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an IPSec VPN. An SA is built from the authentication provided by the AH and ESP protocols. The primary function of key management is to establish and maintain the SA between systems. Once the SA is established, the transport of data may commence. 14.2.1 AH (Authentication Header) Protocol AH protocol (RFC 2402) was designed for integrity, authentication, sequence integrity (replay resistance), and non-repudiation but not for confidentiality, for which the ESP was designed. In applications where confidentiality is not required or not sanctioned by government encryption restrictions, an AH can be employed to ensure integrity. This type of implementation does not protect the information from dissemination but will allow for verification of the integrity of the information and authentication of the originator. 14.2.2 ESP (Encapsulating Security Payload) Protocol The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP authenticating properties are limited compared to the AH due to the non-inclusion of the IP header information during the authentication process. However, ESP is sufficient if only the upper layer protocols need to be authenticated. An added feature of the ESP is payload padding, which further protects communications by concealing the size of the packet being transmitted. P-2802H(W)(L)-I Series User's Guide 185