Prestige 661H/HW Series User’s Guide
193
Chapter 15 VPN Screens
15.13 Manual Key Setup
Manual key management is useful if you have problems with
IKE
key management.
15.13.1 Security Parameter Index (SPI)
An SPI is used to distinguish different SAs terminating at the same destination and using the
same IPSec protocol. This data allows for the multiplexing of SAs to a single gateway. The
SPI
(Security Parameter Index) along with a destination IP address uniquely identify a
particular Security Association (SA). The
SPI
is transmitted from the remote VPN gateway to
the local VPN gateway. The local VPN gateway then uses the network, encryption and key
values that the administrator associated with the SPI to establish the tunnel.
Current ZyXEL implementation assumes identical outgoing and incoming SPIs.
Encryption
Algorithm
This field is available when you select
ESP
in the
Active Protocol
field.
Select
DES
,
3DES
,
AES
or
NULL
from the drop-down list box.
When you use one of these encryption algorithms for data communications, both
the sending device and the receiving device must use the same secret key, which
can be used to encrypt and decrypt the message or to generate and verify a
message authentication code. The DES encryption algorithm uses a 56-bit key.
Triple DES (
3DES
) is a variation on DES that uses a 168-bit key. As a result,
3DES
is more secure than
DES
. It also requires more processing power, resulting
in increased latency and decreased throughput. This implementation of AES uses
a 128-bit key.
AES
is faster than
3DES
.
Select
NULL
to set up a tunnel without encryption. When you select
NULL
, you
do not enter an encryption key.
Authentication
Algorithm
Select
SHA1
or
MD5
from the drop-down list box. MD5 (Message Digest 5) and
SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet
data. The SHA1 algorithm is generally considered stronger than MD5, but is
slower. Select
MD5
for minimal security and
SHA-1
for maximum security.
SA Life Time
(Seconds)
Define the length of time before an IKE SA automatically renegotiates in this field.
It may range from 60 to 3,000,000 seconds (almost 35 days).
A short SA Life Time increases security by forcing the two VPN gateways to
update the encryption and authentication keys. However, every time the VPN
tunnel renegotiates, all users accessing remote resources are temporarily
disconnected.
Encapsulation Select
Tunnel
mode or
Transport
mode from the drop-down list box.
Perfect Forward
Secrecy (PFS)
Perfect Forward Secrecy (PFS) is disabled (
NONE
) by default in phase 2 IPSec
SA setup. This allows faster IPSec setup, but is not so secure. Choose
DH1
or
DH2
from the drop-down list box to enable PFS.
DH1
refers to Diffie-Hellman
Group 1 a 768 bit random number.
DH2
refers to Diffie-Hellman Group 2 a 1024
bit (1Kb) random number (more secure, yet slower).
Apply
Click
Apply
to save your changes back to the Prestige and return to the
VPN-IKE
screen.
Cancel
Click
Cancel
to return to the
VPN-IKE
screen without saving your changes.
Table 59
VPN IKE: Advanced Setup (continued)
LABEL
DESCRIPTION
Содержание Prestige 661H Series
Страница 37: ...Prestige 661H HW Series User s Guide 37 List of Tables...
Страница 41: ...Prestige 661H HW Series User s Guide 41 Introduction to DSL...
Страница 51: ...Prestige 661H HW Series User s Guide 51 Chapter 1 Getting To Know Your Prestige...
Страница 67: ...Prestige 661H HW Series User s Guide 67 Chapter 3 Wizard Setup for Internet Access...
Страница 81: ...Prestige 661H HW Series User s Guide 81 Chapter 5 LAN Setup...
Страница 125: ...Prestige 661H HW Series User s Guide 125 Chapter 8 Network Address Translation NAT Screens...
Страница 143: ...Prestige 661H HW Series User s Guide 143 Chapter 11 Firewalls...
Страница 151: ...Prestige 661H HW Series User s Guide 151 Chapter 12 Firewall Configuration Figure 64 Firewall Edit Rule...
Страница 165: ...Prestige 661H HW Series User s Guide 165 Chapter 12 Firewall Configuration...
Страница 169: ...Prestige 661H HW Series User s Guide 169 Chapter 13 Content Filtering...
Страница 175: ...Prestige 661H HW Series User s Guide 175 Chapter 14 Introduction to IPSec...
Страница 203: ...Prestige 661H HW Series User s Guide 203 Chapter 15 VPN Screens...
Страница 207: ...Prestige 661H HW Series User s Guide 207 Chapter 16 Remote Management Configuration...
Страница 221: ...Prestige 661H HW Series User s Guide 221 Chapter 17 Universal Plug and Play UPnP...
Страница 227: ...Prestige 661H HW Series User s Guide 227 Chapter 18 Logs Screens...
Страница 241: ...Prestige 661H HW Series User s Guide 241 Chapter 19 Media Bandwidth Management Advanced Setup...
Страница 265: ...Prestige 661H HW Series User s Guide 265 Chapter 21 Maintenance...
Страница 275: ...Prestige 661H HW Series User s Guide 275 Chapter 23 Menu 1 General Setup...
Страница 279: ...Prestige 661H HW Series User s Guide 279 Chapter 24 Menu 2 WAN Backup Setup...
Страница 283: ...Prestige 661H HW Series User s Guide 283 Chapter 25 Menu 3 LAN Setup...
Страница 287: ...Prestige 661H HW Series User s Guide 287 Chapter 26 Wireless LAN Setup...
Страница 293: ...Prestige 661H HW Series User s Guide 293 Chapter 27 Internet Access...
Страница 307: ...Prestige 661H HW Series User s Guide 307 Chapter 29 Static Route Setup...
Страница 311: ...Prestige 661H HW Series User s Guide 311 Chapter 30 Bridging Setup...
Страница 327: ...Prestige 661H HW Series User s Guide 327 Chapter 31 Network Address Translation NAT...
Страница 343: ...Prestige 661H HW Series User s Guide 343 Chapter 33 Filter Configuration...
Страница 363: ...Prestige 661H HW Series User s Guide 363 Chapter 36 System Information and Diagnosis...
Страница 375: ...Prestige 661H HW Series User s Guide 375 Chapter 37 Firmware and Configuration File Maintenance...
Страница 381: ...Prestige 661H HW Series User s Guide 381 Chapter 38 System Maintenance...
Страница 385: ...Prestige 661H HW Series User s Guide 385 Chapter 39 Remote Management...
Страница 395: ...Prestige 661H HW Series User s Guide 395 Chapter 40 IP Policy Routing...
Страница 399: ...Prestige 661H HW Series User s Guide 399 Chapter 41 Call Scheduling...
Страница 411: ...Prestige 661H HW Series User s Guide 411 Chapter 42 VPN IPSec Setup...
Страница 415: ...Prestige 661H HW Series User s Guide 415 Chapter 43 SA Monitor...
Страница 427: ...Prestige 661H HW Series User s Guide 427 Chapter 44 Troubleshooting Figure 275 Security Setting ActiveX Controls...
Страница 431: ...Prestige 661H HW Series User s Guide 431 Appendix A...
Страница 451: ...Prestige 661H HW Series User s Guide 451 Appendix C IP Subnetting...
Страница 455: ...Prestige 661H HW Series User s Guide 455 Appendix E Command Interpreter...
Страница 461: ...Prestige 661H HW Series User s Guide 461 Appendix F Firewall Commands...
Страница 464: ...Prestige 661H HW Series User s Guide Appendix G NetBIOS Filter Commands 464...
Страница 465: ...Prestige 661H HW Series User s Guide 465 Appendix G NetBIOS Filter Commands...
Страница 478: ...Prestige 661H HW Series User s Guide Appendix H VPN Setup 478 ftp 5631148 bytes sent in 614 8Seconds 9 17Kbytes sec...
Страница 479: ...Prestige 661H HW Series User s Guide 479 Appendix H VPN Setup...
Страница 482: ...Prestige 661H HW Series User s Guide Appendix I Splitters and Microfilters 482...
Страница 483: ...Prestige 661H HW Series User s Guide 483 Appendix I Splitters and Microfilters...
Страница 537: ...Prestige 661H HW Series User s Guide 537 Appendix M Internal SPTGEN...