ZyXEL Communications Prestige 662HW Series, Руководство пользователя

Страница: 188 / 458

Prestige 662HW Series User’s Guide
16-20 VPN Screens
Table 16-9 VPN: Manual Key
LABEL DESCRIPTION
Address Information
My IP Address Enter the WAN IP address of your Prestige. The VPN tunnel has to be rebuilt if this IP
address changes.
The following applies if this field is configured as 0.0.0.0 :
The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up the
VPN tunnel.
If the WAN connection goes down, the Prestige uses the dial backup IP address for the
VPN tunnel when using dial backup or the LAN IP address when using traffic redirect.
See the chapter on WAN for details on dial backup and traffic redirect.
Secure Gateway
Address Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with
which you're making the VPN connection.
Security Protocol
IPSec Protocol Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol
(RFC 2406) provides encryption as well as some of the services offered by AH . If you
select ESP here, you must select options from the Encryption Algorithm and
Authentication Algorithm fields (described next).
Encryption Algorithm Select DES , 3DES or NULL from the drop-down list box.
When DES is used for data communications, both sender and receiver must know the
same secret key, which can be used to encrypt and decrypt the message or to generate
and verify a message authentication code. The
DES encryption algorithm uses a 56-bit
key. Triple DES ( 3DES ) is a variation on DES that uses a 168-bit key. As a result, 3DES
is more secure than DES . It also requires more processing power, resulting in increased
latency and decreased throughput. Select NULL to set up a tunnel without encryption.
When you select NULL , you do not enter an encryption key.
Encapsulation Key
(only with ESP) With DES , type a unique key 8 characters long. With 3DES , type a unique key 24
characters long. Any characters may be used, including spaces, but trailing spaces are
truncated.
Authentication
Algorithm Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and SHA1
(Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The
SHA1 algorithm is generally considered stronger than MD5 , but is slower. Select MD5
for minimal security and SHA-1 for maximum security.
Authentication Key Type a unique authentication key to be used by IPSec if applicable. Enter 16 characters
for
MD5 authentication or 20 characters for SHA-1 authentication. Any characters may
be used, including spaces, but trailing spaces are truncated.
Back Click Back to return to the previous screen.
Apply Click Apply to save your changes back to the Prestige.
Cancel Click Cancel to begin configuring this screen afresh.
Delete Click Delete to remove the current rule.
16.15 Viewing SA Monitor
Click VPN and Monitor to open the SA Monitor screen as shown. Use this screen to display and
manage active VPN connections.
A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This
screen displays active VPN connections. Use
Refresh to display active VPN connections. This screen
is read-only. The following table describes the fields in this tab.