130
C
HAPTER
9: C
ONFIGURING
V
IRTUAL
P
RIVATE
N
ETWORK
S
ERVICES
Select your preferred method from the
Encryption Method
drop-down
box.
Shared Secret
A shared secret is a predefined field that the two endpoints of a VPN
tunnel use to set up an IKE SA. This field can be any combination of
Table 5
Firewall Encryption Methods
Method
Speed
Security
Supported
by
Tunnel Only (ESP NULL)
provides no
encryption or authentication but can be
used to access machines at private
addresses behind NAT. Can also be used
to allow unsupported protocols through
the Firewall.
Very Fast
Low
Manual Key,
IKE
Encrypt (ESP DES)
uses 56 bit DES to
provide an encrypted VPN tunnel.
Security professionals consider DES to be
a very secure encryption method but it
will have a significant impact on the data
throughput of the Firewall.
Slow
High
Manual Key,
IKE
Fast Encrypt (ESP ARCFour)
uses 56 bit
ARCFour to provide an encrypted VPN
tunnel. ARCFour is widely considered to
be a secure encryption method.
Medium
Medium
Manual Key,
IKE
Encrypt for Check Point (ESP DES
rfc1829)
uses 56 bit DES as specified in
RFC 1829 to provide an encrypted VPN
tunnel. This method will provide
interoperability with other IPSec VPN
gateways, such as Check Point FW-1.
Slow
High
Manual Key,
IKE, Check
Point FW-1
Encrypt and Authenticate (ESP DES
HMAC MD5)
uses 56 bit DES to encrypt
and HMAC MD5 to authenticate the
VPN tunnel.
Very Slow
Very High
GroupVPN,
Manual Key,
IKE
Strong Encrypt (ESP 3DES)
uses 168 bit
3DES to provide an encrypted VPN
tunnel. Security professionals consider
3DES to be an extremely secure
encryption method.
Extremely
Slow
Extremely
High
GroupVPN,
Manual Key,
IKE
Authenticate (AH MD5)
provides and
unencrypted but authenticated VPN
tunnel. This method uses an
Authentication Header (AH) to
authenticate the data.
Fast
Low
Manual Key,
IKE
DUA1611-0AAA02.book Page 130 Thursday, August 2, 2001 4:01 PM
Summary of Contents for 3C16111 - SuperStack 3 Firewall Web Site Filter
Page 18: ...18 DUA1611 0AAA02 book Page 18 Thursday August 2 2001 4 01 PM ...
Page 50: ...50 DUA1611 0AAA02 book Page 50 Thursday August 2 2001 4 01 PM ...
Page 122: ...122 CHAPTER 8 ADVANCED SETTINGS DUA1611 0AAA02 book Page 122 Thursday August 2 2001 4 01 PM ...
Page 152: ...152 DUA1611 0AAA02 book Page 152 Thursday August 2 2001 4 01 PM ...
Page 174: ...174 DUA1611 0AAA02 book Page 174 Thursday August 2 2001 4 01 PM ...
Page 192: ...192 DUA1611 0AAA02 book Page 192 Thursday August 2 2001 4 01 PM ...
Page 206: ...206 APPENDIX D TECHNICAL SUPPORT DUA1611 0AAA02 book Page 206 Thursday August 2 2001 4 01 PM ...
Page 212: ...212 INDEX DUA1611 0AAA02 book Page 212 Thursday August 2 2001 4 01 PM ...
Page 214: ...DUA1611 0AAA02 book Page 214 Thursday August 2 2001 4 01 PM ...