Using the VPN tabs
Issue 4 May 2005
145
LZS. - This refers to Lempel-Ziv-Stac hardware date compression technique used prior to
encryption. Yes/No enables or disables its use.
AH/ESP. - This is the Authentication Header (AH)/Encapsulation Security Payload (ESP). IKE
VPNs authenticate IP packets using either an ESP trailer as defined in RFC2406, IP Protocol
51, or AH as defined in RFC2402, IP Protocol 52.
Perfect Forward Secrecy. - Perfect Forward Secrecy defines a parameter of IKE that
discloses long-term secret keying material that does not compromise the secrecy of the
exchanged keys from previous communications. Enabling Perfect Forward Secrecy is more
secure, but involves more overhead. It is recommended that your VPN use this option if your
VPN encryption algorithm is DES. See RFC2409 for additional information on Perfect Forward
Secrecy.
When enabled (Yes), a Diffie-Hellman Group number must be selected.
Diffie-Hellman Group. - Diffie-Hellman Group defines mathematical parameters used during
IKE negotiations. Group 1 specifies use of a 768- bit modulus, Group 2 specifies use of a
1024-bit modulus (Group 2 is more secure). See RFC2409 for additional information on
Diffie-Hellman Groups.
IPSec Proposals
The IPSec proposals area displays a list of all currently defined proposals ranked by priority of
negotiation. You can add, edit or delete new IPSec proposals and you can relocate them in the
list. A maximum of four IPSEC proposals are allowed in the IPSEC Proposal Priority Proposal
list.
An extranet is an example of when several proposals are desirable. By having several choices,
the odds of a finding a mutually common proposal on both sides is increased. Another example
is where international security gateways (DES only) and a domestic security gateways (DES or
3DES) are part of the same VPN. Having a DES proposal establishes a common ground for the
two security gateways to communicate.
Содержание 3.7
Страница 1: ...VPNmanager Configuration Guide Release 3 7 670 100 600 Issue 4 May 2005...
Страница 4: ......
Страница 20: ...Preface 20 Avaya VPNmanager Configuration Guide Release 3 7...
Страница 32: ...Overview of implementation 32 Avaya VPNmanager Configuration Guide Release 3 7...
Страница 53: ...Preferences Issue 4 May 2005 53 Figure 16 Tunnel End Point Policy...
Страница 54: ...Using VPNmanager 54 Avaya VPNmanager Configuration Guide Release 3 7...
Страница 244: ...Using advanced features 244 Avaya VPNmanager Configuration Guide Release 3 7...
Страница 292: ...Upgrading firmware and licenses 292 Avaya VPNmanager Configuration Guide Release 3 7...