Planet VRT-401 User Manual page 83

These settings must match the remote VPN. Note that you cannot use both AH and
ESP.
Manually assigned Keys
AH Authentication
ESP Encryption
ESP Authentica-
tion
ESP SPI
AH (Authentication Header) specifies the authentication
protocol for the VPN header, if used. (AH is often NOT used)
If AH is not enabled, the following settings can be ignored.
Keys
The "in" key here must match the "out" key on the remote
VPN, and the "out" key here must match the "in" key on
the remote VPN.
Keys can be in ASCII or Hex (0..9 A..F)
For MD5, the keys should be 32 hex/16 ASCII characters.
For SHA-1, the keys should be 40 hex/20 ASCII charac-
ters.
SPI
Each SPI (Security Parameter Index) must be unique.
The "in" SPI here must match the "out" SPI on the remote
VPN, and the "out" SPI here must match the "in" SPI on
the remote VPN.
Each SPI should be at least 3 characters.
ESP (Encapsulating Security Payload) provides security for
the payload (data) sent through the VPN tunnel. Generally,
you will want to enable both Encryption and Authentication.
The "3DES" algorithm provides greater security than
"DES", but is slower.
The "in" key here must match the "out" key on the remote
VPN, and the "out" key here must match the "in" key on
the remote VPN.
Generally, you should enable ESP Authentication. There is
little difference between the available algorithms. Just ensure
each endpoint use the same setting.
The "in" key here must match the "out" key on the remote
VPN, and the "out" key here must match the "in" key on
the remote VPN.
Keys can be in ASCII or Hex (0..9 A..F)
For MD5, the keys should be 32 hex/16 ASCII characters.
For SHA-1, the keys should be 40 hex/20 ASCII charac-
ters.
This is required if either ESP Encryption or ESP Authen-
tication is enabled.
Each SPI (Security Parameter Index) must be unique.
The "in" SPI here must match the "out" SPI on the remote
VPN, and the "out" SPI here must match the "in" SPI on
the remote VPN.
Each SPI should be at least 3 characters.
VPN
79