Home » ZyXEL Manuals » Networking » ZyXEL LTE5121 » Manual Viewer

ZyXEL LTE5121 User Guide - Page 154

AES128, AES256, SHA2-256, SHA2-512, Diffie-Hellman Group2, Diffie-Hellman Group5, Diffie-Hellman

Get ZyXEL LTE5121 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 154 highlights

Chapter 16 VPN Table 62 IPSec VPN: Add LABEL Encryption Algorithm DESCRIPTION Select which key size and encryption algorithm to use in the IKE SA. Choices are: 3DES - a 168-bit key with the DES encryption algorithm AES128 - a 128-bit key with the AES encryption algorithm AES256 - a 256-bit key with the AES encryption algorithm The LTE Device and the remote IPSec router must use the same key size and encryption algorithm. Longer keys require more processing power, resulting in increased latency and decreased throughput. Authentication Select which hash algorithm to use to authenticate packet data. Choices are Algorithm MD5, SHA1, SHA2-256 and SHA2-512. SHA is generally considered stronger than MD5, but it is also slower. DH Select which Diffie-Hellman key group you want to use for encryption keys. Choices are: Diffie-Hellman Group2 - use a 1024-bit random number Diffie-Hellman Group5 - use a 1536-bit random number Diffie-Hellman Group14 - use a 2048-bit random number SA Life Time The longer the key, the more secure the encryption, but also the longer it takes to encrypt and decrypt information. Both routers must use the same DH key group. Define the length of time before an IPSec SA automatically renegotiates in this field. Phase 2 Encryption Algorithm A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys. However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected. Select which key size and encryption algorithm to use in the IKE SA. Choices are: DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm AES128 - a 128-bit key with the AES encryption algorithm AES256 - a 256-bit key with the AES encryption algorithm The LTE Device and the remote IPSec router must use the same key size and encryption algorithm. Longer keys require more processing power, resulting in increased latency and decreased throughput. Authentication Select which hash algorithm to use to authenticate packet data. Choices are Algorithm MD5, SHA1. SHA is generally considered stronger than MD5, but it is also slower. SA Life Time Define the length of time before an IPSec SA automatically renegotiates in this field. A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys. However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected. 154 LTE-5121 User's Guide

Section	Page
LTE5121	1
Contents Overview	3
Table of Contents	5
User’s Guide	13
Introduction	15
1.1 Overview	15
1.2 Applications for the LTE Device	15
1.2.1 Internet Access	15
1.2.2 VoIP Features	16
1.3 The WLAN Button	16
1.4 The WPS Button	16
1.5 Ways to Manage the LTE Device	17
1.6 Good Habits for Managing the LTE Device	17
1.7 LEDs (Lights)	17
1.8 The RESET Button	19
1.9 Wall-mounting Instructions	19
Introducing the Web Configurator	23
2.1 Overview	23
2.1.1 Accessing the Web Configurator	23
2.2 The Web Configurator Layout	25
2.2.1 Title Bar	25
2.2.2 Main Window	25
Technical Reference	27
Connection Status and System Info	29
3.1 Overview	29
3.2 The Connection Status Screen	29
3.3 The System Info Screen	30
Broadband	35
4.1 Overview	35
4.1.1 What You Can Do in this Chapter	35
4.1.2 What You Need to Know	35
4.1.3 Before You Begin	36
4.2 The Broadband Screen	36
4.2.1 Edit Internet Connection	38
4.3 The SIM Screen	39
4.3.1 PUK Code Screen	40
4.4 Technical Reference	41
Wireless	43
5.1 Overview	43
5.1.1 What You Can Do in this Chapter	43
5.1.2 Wireless Network Overview	43
5.1.3 Before You Begin	45
5.2 The Wireless General Screen	45
5.2.1 No Security	47
5.2.2 Basic (Static WEP/Shared WEP Encryption)	47
5.2.3 More Secure (WPA(2)-PSK)	49
5.2.4 WPA(2) Authentication	50
5.3 The More AP Screen	51
5.3.1 Edit More AP	52
5.4 The WPS Screen	53
5.5 The WMM Screen	55
5.6 Scheduling Screen	57
5.7 Channel Status Screen	57
5.8 Technical Reference	58
5.8.1 Additional Wireless Terms	59
5.8.2 Wireless Security Overview	59
5.8.3 Signal Problems	61
5.8.4 BSS	61
5.8.5 MBSSID	62
5.8.6 WiFi Protected Setup (WPS)	62
Home Networking	71
6.1 Overview	71
6.1.1 What You Can Do in this Chapter	71
6.1.2 What You Need To Know	71
6.2 The LAN Setup Screen	74
6.3 The Static DHCP Screen	75
6.3.1 Before You Begin	75
6.4 The UPnP Screen	77
6.5 The File Sharing Screen	77
6.5.1 Before You Begin	78
6.5.2 Add/Edit File Sharing	79
6.6 The Media Server Screen	80
6.7 The Printer Server Screen	81
6.7.1 Before You Begin	81
6.8 Technical Reference	82
6.9 Installing UPnP in Windows Example	86
6.10 Using UPnP in Windows XP Example	89
Static Route	95
7.1 Overview	95
7.2 Configuring Static Route	96
7.2.1 Add/Edit Static Route	97
DNS Route	99
8.1 Overview	99
8.1.1 What You Can Do in this Chapter	99
8.2 The DNS Route Screen	100
8.2.1 Add/Edit DNS Route Edit	100
Quality of Service (QoS)	103
9.1 Overview	103
9.1.1 What You Can Do in this Chapter	103
9.1.2 What You Need to Know	103
9.2 The QoS General Screen	104
9.3 The Queue Setup Screen	105
9.3.1 Add/Edit a QoS Queue	106
9.4 The Class Setup Screen	107
9.4.1 Add/Edit QoS Class	109
9.5 The QoS Monitor Screen	112
9.6 QoS Technical Reference	113
9.6.1 DiffServ	113
Network Address Translation (NAT)	115
10.1 Overview	115
10.1.1 What You Can Do in this Chapter	115
10.1.2 What You Need To Know	115
10.2 The Port Forwarding Screen	116
10.2.1 The Port Forwarding Screen	117
10.2.2 The Port Forwarding Edit Screen	118
10.3 The DMZ Screen	119
10.4 The Sessions Screen	119
10.5 The ALG Screen	120
10.6 Technical Reference	120
10.6.1 NAT Definitions	121
10.6.2 What NAT Does	121
10.6.3 How NAT Works	121
Dynamic DNS	123
11.1 Overview	123
11.1.1 What You Need To Know	123
11.2 The Dynamic DNS Screen	123
Firewall	125
12.1 Overview	125
12.1.1 What You Can Do in this Chapter	125
12.1.2 What You Need to Know	126
12.2 The General Screen	126
12.3 The Services Screen	127
12.3.1 The Add New Services Entry Screen	128
12.4 The Access Control Screen	129
12.4.1 The Add New ACL Rule/Edit Screen	130
12.5 The DoS Screen	131
12.6 Firewall Technical Reference	132
12.6.1 Guidelines For Enhancing Security With Your Firewall	132
12.6.2 Security Considerations	132
MAC Filter	133
13.1 Overview	133
13.1.1 What You Need to Know	133
13.2 The MAC Filter Screen	133
Parental Control	135
14.1 Overview	135
14.2 The Parental Control Screen	135
14.2.1 Add/Edit a Parental Control Rule	136
Certificates	139
15.1 Overview	139
15.1.1 What You Can Do in this Chapter	139
15.1.2 What You Need to Know	139
15.1.3 Verifying a Certificate	140
15.2 Local Certificates	141
15.3 Trusted CA	143
15.4 Trusted CA Import	143
15.5 View Certificate	144
15.6 VPN Certificates	145
15.7 VPN Certificate Import	147
VPN	149
16.1 Overview	149
16.2 The VPN Screen	149
16.3 IPSec VPN: Add	150
16.4 VPN Monitor Screen	155
16.5 Technical Reference	155
16.5.1 IPSec Architecture	156
16.5.2 Encapsulation	156
16.5.3 IKE Phases	157
16.5.4 Negotiation Mode	158
16.5.5 IPSec and NAT	159
16.5.6 VPN, NAT, and NAT Traversal	159
16.5.7 ID Type and Content	160
16.5.8 Pre-Shared Key	161
16.5.9 Diffie-Hellman (DH) Key Groups	161
VoIP	163
17.1 Overview	163
17.1.1 What You Can Do in this Chapter	163
17.1.2 What You Need to Know	163
17.1.3 Before You Begin	164
17.2 The SIP Service Provider Screen	165
17.3 The SIP Account Screen	171
17.3.1 Add/Edit SIP Account	172
17.4 Multiple SIP Accounts	175
17.5 Phone Screen	175
17.5.1 Edit Phone Device	175
17.6 The Phone Region Screen	177
17.7 The Call Rule Screen	177
17.8 Technical Reference	179
17.8.1 VoIP	179
17.8.2 SIP	179
17.8.3 Quality of Service (QoS)	183
17.8.4 Phone Services Overview	184
System Monitor	187
18.1 Overview	187
18.1.1 What You Can Do in this Chapter	187
18.1.2 What You Need To Know	187
18.2 The LTE Status Screen	188
18.3 The System Log Screen	190
18.4 The Phone Log Screen	191
18.5 The VoIP Call History Screen	192
18.6 The WAN Status Screen	192
18.7 The LAN Status Screen	193
18.8 The NAT Status Screen	194
18.9 The VoIP Status Screen	195
User Account	197
19.1 Overview	197
19.2 The User Account Screen	197
Remote MGMT	199
20.1 Overview	199
20.1.1 What You Need to Know	199
20.2 The Remote MGMT Screen	200
SNMP	201
21.1 Overview	201
21.2 The SNMP Screen	201
System	203
22.1 Overview	203
22.1.1 What You Need to Know	203
22.2 The System Screen	203
Time Setting	205
23.1 Overview	205
23.2 The Time Setting Screen	205
Log Setting	207
24.1 Overview	207
24.2 The Log Setting Screen	207
Firmware Upgrade	209
25.1 Overview	209
25.2 The Firmware Upgrade Screen	209
Backup/Restore	211
26.1 Overview	211
26.2 The Backup/Restore Screen	211
26.3 The Reboot Screen	213
Diagnostic	215
27.1 Overview	215
27.2 The Ping/TraceRoute Screen	215
27.3 LTE Diagnostic Screen	216
Troubleshooting	217
28.1 Overview	217
28.2 Power, Hardware Connections, and LEDs	217
28.3 LTE Device Access and Login	218
28.4 Internet Access	220
28.5 Wireless Internet Access	221
28.6 Phone Calls and VoIP	222
28.7 USB Device Connection	222
28.8 UPnP	223
Legal Information	225

Match case Limit results 1 per page

Chapter 16 VPN

LTE-5121 User’s Guide

154

Encryption

Algorithm

Select which key size and encryption algorithm to use in the IKE SA. Choices

are:

3DES

- a 168-bit key with the DES encryption algorithm

AES128

- a 128-bit key with the AES encryption algorithm

AES256

- a 256-bit key with the AES encryption algorithm

The LTE Device and the remote IPSec router must use the same key size and

encryption algorithm. Longer keys require more processing power, resulting in

increased latency and decreased throughput.

Authentication

Algorithm

Select which hash algorithm to use to authenticate packet data. Choices are

MD5

SHA1

SHA2-256

and

SHA2-512

SHA

is generally considered stronger

than

MD5

, but it is also slower.

Select which Diffie-Hellman key group you want to use for encryption keys.

Choices are:

Diffie-Hellman Group2

- use a 1024-bit random number

Diffie-Hellman Group5

- use a 1536-bit random number

Diffie-Hellman Group14

- use a 2048-bit random number

The longer the key, the more secure the encryption, but also the longer it takes

to encrypt and decrypt information. Both routers must use the same DH key

group.

SA Life Time

Define the length of time before an IPSec SA automatically renegotiates in this

field.

A short SA Life Time increases security by forcing the two VPN gateways to

update the encryption and authentication keys. However, every time the VPN

tunnel renegotiates, all users accessing remote resources are temporarily

disconnected.

Phase 2

Encryption

Algorithm

Select which key size and encryption algorithm to use in the IKE SA. Choices

are:

DES

- a 56-bit key with the DES encryption algorithm

3DES

- a 168-bit key with the DES encryption algorithm

AES128

- a 128-bit key with the AES encryption algorithm

AES256

- a 256-bit key with the AES encryption algorithm

The LTE Device and the remote IPSec router must use the same key size and

encryption algorithm. Longer keys require more processing power, resulting in

increased latency and decreased throughput.

Authentication

Algorithm

Select which hash algorithm to use to authenticate packet data. Choices are

MD5

SHA1

SHA

is generally considered stronger than

MD5

, but it is also

slower.

SA Life Time

Define the length of time before an IPSec SA automatically renegotiates in this

field.

A short SA Life Time increases security by forcing the two VPN gateways to

update the encryption and authentication keys. However, every time the VPN

tunnel renegotiates, all users accessing remote resources are temporarily

disconnected.

Table 62

IPSec VPN: Add

LABEL

DESCRIPTION