ZyXEL ISG50-PSTN User Guide - Page 378
Table 124, Label, Description
View all ZyXEL ISG50-PSTN manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 378 highlights
Chapter 24 IPSec VPN Table 124 Configuration > VPN > IPSec VPN > VPN Connection > Add > Manual Key (continued) LABEL Secure Gateway Address SPI DESCRIPTION Type the IP address of the remote IPSec router in the IPSec SA. Type a unique SPI (Security Parameter Index) between 256 and 4095. The SPI is used to identify the ISG50 during authentication. Encapsulation Mode The ISG50 and remote IPSec router must use the same SPI. Select which type of encapsulation the IPSec SA uses. Choices are Tunnel - this mode encrypts the IP header information and the data Transport - this mode only encrypts the data. You should only select this if the IPSec SA is used for communication between the ISG50 and remote IPSec router. If you select Transport mode, the ISG50 automatically switches to Tunnel mode if the IPSec SA is not used for communication between the ISG50 and remote IPSec router. In this case, the ISG50 generates a log message for this change. Active Protocol The ISG50 and remote IPSec router must use the same encapsulation. Select which protocol you want to use in the IPSec SA. Choices are: AH (RFC 2402) - provides integrity, authentication, sequence integrity (replay resistance), and non-repudiation but not encryption. If you select AH, you must select an Authentication Algorithm. ESP (RFC 2406) - provides encryption and the same services offered by AH, but its authentication is weaker. If you select ESP, you must select an Encryption Algorithm and Authentication Algorithm. Encryption Algorithm The ISG50 and remote IPSec router must use the same protocol. This field is applicable when the Active Protocol is ESP. Select which key size and encryption algorithm to use in the IPSec SA. Choices are: NULL - no encryption key or algorithm DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm AES128 - a 128-bit key with the AES encryption algorithm AES192 - a 192-bit key with the AES encryption algorithm AES256 - a 256-bit key with the AES encryption algorithm Authentication Algorithm The ISG50 and the remote IPSec router must use the same algorithm and key. Longer keys require more processing power, resulting in increased latency and decreased throughput. Select which hash algorithm to use to authenticate packet data in the IPSec SA. Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also slower. The ISG50 and remote IPSec router must use the same algorithm. 378 ISG50 User's Guide