ZyXEL VMG8324 User Guide - Page 227
bitDH Group1, 1024bitDH Group2, 1536bitDH Group5, 2048bitDH Group14, 3072bitDH Group15, 4096bitDH
View all ZyXEL VMG8324 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 227 highlights
Chapter 20 VPN Table 104 Security > IPSec VPN: Add/Edit LABEL Perfect Forward Secrecy (PFS) DESCRIPTION Select whether or not you want to enable Perfect Forward Secrecy (PFS) PFS changes the root key that is used to generate encryption keys for each IPSec SA. The longer the key, the more secure the encryption, but also the longer it takes to encrypt and decrypt information. Both routers must use the same DH key group. Choices are: None - do not use any random number. 768bit(DH Group1) - use a 768-bit random number 1024bit(DH Group2) - use a 1024-bit random number 1536bit(DH Group5) - use a 1536-bit random number 2048bit(DH Group14) - use a 2048-bit random number 3072bit(DH Group15) - use a 3072-bit random number Key Life Time 4096bit(DH Group16) - use a 4096-bit random number Define the length of time before an IPSec SA automatically renegotiates in this field. A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys. However, every time the VPN tunnel renegotiates, all users accessing remote resources are temporarily disconnected. The following fields are available if you select Manual in the Key Exchange Method field. Encryption Algorithm Select which key size and encryption algorithm to use in the IKE SA. Choices are: DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm Encryption Key EPS_NULL - no encryption key or algorithm This field is applicable when you select an Encryption Algorithm. Enter the encryption key, which depends on the encryption algorithm. DES - type a unique key 16 hexadecimal characters long 3DES - type a unique key 48 hexadecimal characters long Authentication Select which hash algorithm to use to authenticate packet data. Choices are MD5, SHA1. Algorithm SHA is generally considered stronger than MD5, but it is also slower. Authentication Enter the authentication key, which depends on the authentication algorithm. Key MD5 - type a unique key 32 hexadecimal characters long SHA1 - type a unique key 40 hexadecimal characters long SPI Type a unique SPI (Security Parameter Index) in hexadecimal characters. The SPI is used to identify the Device during authentication. OK Cancel The Device and remote IPSec router must use the same SPI. Click OK to save your changes. Click Cancel to restore your previously saved settings. VMG8324-B10A / VMG8324-B30A Series User's Guide 227