ZyXEL Vantage CNM User Guide - Page 146
Server Mode, Local User, Local User Database, RADIUS, Client Mode, Aggressive, AES128/AES192/AES256
View all ZyXEL Vantage CNM manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 146 highlights
Chapter 6 Device Security Settings Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Gateway Policy Add/Edit LABEL DESCRIPTION Server Mode Select Server Mode to have this device authenticate extended authentication clients that request this VPN connection. You must also configure the extended authentication clients' usernames and passwords in the authentication server's local user database or a RADIUS server. Click Local User to go to the Local User Database screen where you can view and/or edit the list of user names and passwords. Click RADIUS to go to the RADIUS screen where you can configure the device to check an external RADIUS server. Client Mode User Name Password IKE Proposal Negotiation Mode Encryption Algorithm During authentication, if the device (in server mode) does not find the extended authentication clients' user name in its internal user database and an external RADIUS server has been enabled, it attempts to authenticate the client through the RADIUS server. Select Client Mode to have your device use a username and password when initiating this VPN connection to the extended authentication server device. Only a VPN extended authentication client can initiate this VPN connection. Enter a user name for your device to be authenticated by the VPN peer (in server mode). The user name can be up to 31 casesensitive ASCII characters, but spaces are not allowed. You must enter a user name and password when you select client mode. Enter the corresponding password for the above user name. The password can be up to 31 case-sensitive ASCII characters, but spaces are not allowed. Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. Select which key size and encryption algorithm to use in the IKE SA. Choices are: DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm AES128/AES192/AES256 - a 128/192/256-bit key with the AES encryption algorithm The selected and the remote IPSec router must use the same algorithms and Authentication Algorithm keys. Longer keys require more processing power, resulting in increased latency and decreased throughput. Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for maximum security. 146 Vantage CNM User's Guide