ZyXEL MAX208M2W User Guide - Page 143
Single address, Subnet address, Tunnel, Transport, Encryption, Algorithm, Authentication, AES128
View all ZyXEL MAX208M2W manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 143 highlights
Chapter 8 Security Table 60 IPSec VPN: Add (continued) LABEL Address Type Start IP Address DESCRIPTION Select Single address or Subnet address to specify if the VPN connection terminates at an IP address or subnet. If Single address is selected, enter a (static) IP address on the LAN behind the remote IPSec's router. Subnet Mask Remote Port If Subnet address is selected, specify IP addresses on a network by their subnet mask by entering a (static) IP address on the LAN behind the remote IPSec's router. Then enter the subnet mask to identify the network address. If Subnet address is selected, enter the subnet mask to identify the network address. Select how the WiMAX Device checks the connection. The peer must be configured to respond to the method you select. Select icmp to have the WiMAX Device regularly ping the address you specify to make sure traffic can still go through the connection. You may need to configure the peer to respond to pings. IPSec Proposal Encapsulation Mode Active Protocol Select tcp or udp to have the WiMAX Device regularly perform a TCP or UDP handshake with the address you specify to make sure traffic can still go through the connection. You may need to configure the peer to accept the TCP or UDP connection. If you select tcp or udp, specify the port number to use for the connectivity check. Select Tunnel mode or Transport mode from the drop-down list box. Select the security protocols used for an SA. Both AH and ESP increase processing requirements and communications latency (delay). Encryption Algorithm If you select ESP here, you must select options from the Encryption Algorithm and Authentication Algorithm fields (described below). Select which key size and encryption algorithm to use in the IPSec SA. Choices are: • DES - a 56-bit key with the DES encryption algorithm • 3DES - a 168-bit key with the DES encryption algorithm • AES128 - a 128-bit key with the AES encryption algorithm • AES192 - a 192-bit key with the AES encryption algorithm • AES256 - a 256-bit key with the AES encryption algorithm The WiMAX Device and the remote IPSec router must use the same key size and encryption algorithm. Longer keys require more processing power, resulting in increased latency and decreased throughput. Authentication Select which hash algorithm to use to authenticate packet data. Choices are Algorithm SHA1 and MD5. SHA1 is generally considered stronger than MD5, but it is also slower. SA Life Time Define the length of time before an IPSec SA automatically renegotiates in this field. A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys. However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected. WiMAX Device Configuration User's Guide 143