The Sa Monitor Screen; Figure 109 Security > Vpn > Sa Monitor - ZyXEL Communications ZyXEL NBG420N User Manual
Wireless n router
Hide thumbs
Also See for ZyXEL NBG420N:
- Specifications (2 pages) ,
- Quick start manual (85 pages) ,
- User manual (20 pages)
Table of Contents
Advertisement
Table 65 Security > VPN > Rule Setup: Manual (continued)
LABEL
Enable Replay
Detection
IPSec Protocol
Encryption
Algorithm
Encryption Key
Authentication
Algorithm
Authentication
Key
Apply
Reset
Cancel
15.3 The SA Monitor Screen
In the web configurator, click
manage active VPN connections.
A Security Association (SA) is the group of security settings related to a specific VPN tunnel.
This screen displays active VPN connections. Use Refresh to display active VPN connections.
Figure 109 Security > VPN > SA Monitor
NBG420N User's Guide
DESCRIPTION
As a VPN setup is processing intensive, the system is vulnerable to Denial of
Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate
packets to protect against replay attacks. Select Yes from the drop-down menu to
enable replay detection, or select No to disable it.
Select the security protocols used for an SA.
Both AH and ESP increase processing requirements and communications latency
(delay).
If you select ESP here, you must select options from the Encryption Algorithm
and Authentication Algorithm fields (described below).
Select which key size and encryption algorithm to use in the IKE SA. Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
The NBG420N and the remote IPSec router must use the same algorithms and
keys. Longer keys require more processing power, resulting in increased latency
and decreased throughput.
This field is applicable when you select ESP in the IPSec Protocol field above.
With DES, type a unique key 8 characters long. With 3DES, type a unique key 24
characters long. Any characters may be used, including spaces, but trailing
spaces are truncated.
Select which hash algorithm to use to authenticate packet data in the IPSec SA.
Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5,
but it is also slower.
Type a unique authentication key to be used by IPSec if applicable. Enter 16
characters for MD5 authentication or 20 characters for SHA-1 authentication. Any
characters may be used, including spaces, but trailing spaces are truncated.
Click Apply to save your changes back to the NBG420N.
Click Reset to begin configuring this screen afresh.
Click Cancel to exit the screen without making any changes.
> VPN > SA Monitor. Use this screen to display and
Security
Chapter 15 IPSec VPN
183
Advertisement
Table of Contents
Troubleshooting
