Phase 2 Encryption
Select the key size and encryption algorithm to use for data
communications.
Null: No data encryption in IPSec SA. Not recommended.
DES: a 56-bit key with the DES encryption algorithm
3DES: a 168-bit key with the DES encryption algorithm. Both the cable
modem/router and the remote IPSec router must use the same
algorithms and key , which can be used to encrypt and decrypt the
message or to generate and verify a message authentication code. Longer
keys require more processing power, resulting in increased latency and
decreased throughput.
AES: Advanced Encryption Standard is a newer method of data
encryption that also uses a secret key. This implementation of AES
applies a 128-bit key to 128-bit blocks of data. AES is faster than 3DES.
Here you have the choice of AES-128, AES-192 and AES-256.
Phase 2 Authentication
Select the hash algorithm used to authenticate packet data in the IKE SA.
SHA1 is generally considered stronger than MD5, but it is also slower.
Phase 2 SA Lifetime
In this field define the length of time before an IPSec SA automatically
renegotiates. This value may range from 120 to 86400 seconds.
Key Management
Select to use IKE (ISAKMP) or manual key configuration in order to set
up a VPN.
IKE Negotiation Mode
Select how Security Association (SA) will be established for each
connection through IKE negotiations.
Main Mode: ensures the highest level of security when the
communicating parties are negotiating authentication (phase 1).
Aggressive Mode: quicker than Main Mode because it eliminates several
steps when the communicating parties are negotiating authentication
(phase 1).
Perfect Forward
Secrecy (PFS)
Perfect Forward Secret (PFS) is disabled by default in phase 2 IPSec SA
setup. This allows faster IPSec setup, but is not as secure. You can select
DH1, DH2 or DH5 to enable PFS.
Phase 2 DH Group
Select DHx after enabling PFS.
Replay Detection
Select Enable to enable replay detection. As VPN setup is processing
intensive, the system is vulnerable to Denial of Service (DOS) attacks.
The IPSec receiver can detect and reject old or duplicate packets to
protect against replay attacks.
93
Содержание 5350
Страница 1: ...Cable Modem Router with Wireless N U S E R M A N U A L ...
Страница 30: ...Table 4 describes the items you can select Figure 7 Example of Diagnostics Ping Page 30 ...
Страница 39: ...Figure 13 Example of Backup Page 39 ...
Страница 63: ...Figure 25 Example of Basic Page 63 ...
Страница 71: ...Figure 29 Example of Radio Page 71 ...
Страница 81: ...Figure 37 Example of Advanced Page 81 ...
Страница 85: ...Figure 39 Example of WMM Page 85 ...
Страница 95: ...Figure 43 Example of L2TP PPTP Page 95 ...