ZyXEL Vantage CNM User Guide - Page 159
Table 54
View all ZyXEL Vantage CNM manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 159 highlights
Chapter 6 Device Security Settings Table 54 Device Operation > Device Configuration > Security > VPN > VPN Rules (Manual) > Add/Edit (continued) LABEL DESCRIPTION Active Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption as well as some of the services offered by AH. If you select ESP here, you must select options from the Encryption Algorithm and Authentication Algorithm fields. Encryption Algorithm Select AH if you want to use AH (Authentication Header Protocol). The AH protocol (RFC 2402) was designed for integrity, authentication, sequence integrity (replay resistance), and non-repudiation but not for confidentiality, for which the ESP was designed. If you select AH here, you must select options from the Authentication Algorithm field. Select DES, 3DES or NULL from the drop-down list box. Authentication Algorithm Encryption Key Authentication Key Apply Cancel When you use DES or 3DES, both sender and receiver must know the Encryption Key, which can be used to encrypt and decrypt the messages. The DES encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result, 3DES is more secure than DES. It also requires more processing power, resulting in increased latency and decreased throughput. Select NULL to set up a tunnel without encryption. When you select NULL, you do not enter an encryption key. When you use SHA1 or MD5, both sender and receiver must know the Authentication Key, which can be used to generate and verify a message authentication code. Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for maximum security. This field only applies when you select ESP. With DES, type a unique key 8 ASCII characters long. With 3DES, type a unique key 24 ASCII characters long. Any characters may be used, including spaces, but trailing spaces are truncated. Type a unique authentication key to be used by IPSec if applicable. Enter 16 characters for MD5 authentication or 20 characters for SHA-1 authentication. Any characters may be used, including spaces, but trailing spaces are truncated. Click this to save your changes back to the device. Click this to begin configuring this screen afresh. Vantage CNM User's Guide 159