ZyXEL UAG4100 User Guide - Page 344
Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit continued
View all ZyXEL UAG4100 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 344 highlights
Chapter 30 IPSec VPN Table 156 Configuration > VPN > IPSec VPN > VPN Connection > Add/Edit (continued) LABEL Active Protocol DESCRIPTION Select which protocol you want to use in the IPSec SA. Choices are: AH (RFC 2402) - provides integrity, authentication, sequence integrity (replay resistance), and non-repudiation but not encryption. If you select AH, you must select an Authentication algorithm. ESP (RFC 2406) - provides encryption and the same services offered by AH, but its authentication is weaker. If you select ESP, you must select an Encryption algorithm and Authentication algorithm. Both AH and ESP increase processing requirements and latency (delay). Encapsulation The UAG and remote IPSec router must use the same active protocol. Select which type of encapsulation the IPSec SA uses. Choices are Tunnel - this mode encrypts the IP header information and the data. Transport - this mode only encrypts the data. Proposal Add Edit Remove # Encryption The UAG and remote IPSec router must use the same encapsulation. Use this section to manage the encryption algorithm and authentication algorithm pairs the UAG accepts from the remote IPSec router for negotiating the IPSec SA. Click this to create a new entry. Select an entry and click this to be able to modify it. Select an entry and click this to delete it. This field is a sequential value, and it is not associated with a specific proposal. The sequence of proposals should not affect performance significantly. This field is applicable when the Active Protocol is ESP. Select which key size and encryption algorithm to use in the IPSec SA. Choices are: NULL - no encryption key or algorithm DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm AES128 - a 128-bit key with the AES encryption algorithm AES192 - a 192-bit key with the AES encryption algorithm AES256 - a 256-bit key with the AES encryption algorithm The UAG and the remote IPSec router must both have at least one proposal that uses use the same encryption and the same key. Authentication Longer keys are more secure, but require more processing power, resulting in increased latency and decreased throughput. Select which hash algorithm to use to authenticate packet data in the IPSec SA. Choices are SHA1, SHA256, SHA512 and MD5. SHA is generally considered stronger than MD5, but it is also slower. The UAG and the remote IPSec router must both have a proposal that uses the same authentication algorithm. UAG Series User's Guide 344