ZyXEL LTE5121 User Guide - Page 154
AES128, AES256, SHA2-256, SHA2-512, Diffie-Hellman Group2, Diffie-Hellman Group5, Diffie-Hellman
View all ZyXEL LTE5121 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 154 highlights
Chapter 16 VPN Table 62 IPSec VPN: Add LABEL Encryption Algorithm DESCRIPTION Select which key size and encryption algorithm to use in the IKE SA. Choices are: 3DES - a 168-bit key with the DES encryption algorithm AES128 - a 128-bit key with the AES encryption algorithm AES256 - a 256-bit key with the AES encryption algorithm The LTE Device and the remote IPSec router must use the same key size and encryption algorithm. Longer keys require more processing power, resulting in increased latency and decreased throughput. Authentication Select which hash algorithm to use to authenticate packet data. Choices are Algorithm MD5, SHA1, SHA2-256 and SHA2-512. SHA is generally considered stronger than MD5, but it is also slower. DH Select which Diffie-Hellman key group you want to use for encryption keys. Choices are: Diffie-Hellman Group2 - use a 1024-bit random number Diffie-Hellman Group5 - use a 1536-bit random number Diffie-Hellman Group14 - use a 2048-bit random number SA Life Time The longer the key, the more secure the encryption, but also the longer it takes to encrypt and decrypt information. Both routers must use the same DH key group. Define the length of time before an IPSec SA automatically renegotiates in this field. Phase 2 Encryption Algorithm A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys. However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected. Select which key size and encryption algorithm to use in the IKE SA. Choices are: DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm AES128 - a 128-bit key with the AES encryption algorithm AES256 - a 256-bit key with the AES encryption algorithm The LTE Device and the remote IPSec router must use the same key size and encryption algorithm. Longer keys require more processing power, resulting in increased latency and decreased throughput. Authentication Select which hash algorithm to use to authenticate packet data. Choices are Algorithm MD5, SHA1. SHA is generally considered stronger than MD5, but it is also slower. SA Life Time Define the length of time before an IPSec SA automatically renegotiates in this field. A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys. However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected. 154 LTE-5121 User's Guide