Additional Ipsec Vpn Topics - ZyXEL Communications NBG-460N User Manual
Wireless n gigabit router
Hide thumbs
Also See for NBG-460N:
- User manual (370 pages) ,
- Quick start manual (85 pages) ,
- Specifications (2 pages)
Table of Contents
Advertisement
Chapter 15 IPSec VPN
Additional IPSec VPN Topics
This section discusses other IPSec VPN topics that apply to either IKE SAs or IPSec SAs or
both. Relationships between the topics are also highlighted.
SA Life Time
SAs have a lifetime that specifies how long the SA lasts until it times out. When an SA times
out, the NBG460N automatically renegotiates the SA in the following situations:
• There is traffic when the SA life time expires
• The IPSec SA is configured on the NBG460N as nailed up (see below)
Otherwise, the NBG460N must re-negotiate the SA the next time someone wants to send
traffic.
Note: If the IKE SA times out while an IPSec SA is connected, the IPSec SA stays
connected.
An IPSec SA can be set to keep alive Normally, the NBG460N drops the IPSec SA when the
life time expires or after two minutes of outbound traffic with no inbound traffic. If you set the
IPSec SA to keep alive , the NBG460N automatically renegotiates the IPSec SA when the SA
life time expires, and it does not drop the IPSec SA if there is no inbound traffic.
Note: The SA life time and keep alive settings only apply if the rule identifies the
remote IPSec router by a static IP address or a domain name. If the Secure
Gateway Address field is set to 0.0.0.0, the NBG460N cannot initiate the
tunnel (and cannot renegotiate the SA).
Encryption and Authentication Algorithms
In most NBG460Ns, you can select one of the following encryption algorithms for each
proposal. The encryption algorithms are listed here in order from weakest to strongest.
• Data Encryption Standard (DES) is a widely used (but breakable) method of data
encryption. It applies a 56-bit key to each 64-bit block of data.
• Triple DES (3DES) is a variant of DES. It iterates three times with three separate keys,
effectively tripling the strength of DES.
You can select one of the following authentication algorithms for each proposal. The
algorithms are listed here in order from weakest to strongest.
• MD5 (Message Digest 5) produces a 128-bit digest to authenticate packet data.
• SHA1 (Secure Hash Algorithm) produces a 160-bit digest to authenticate packet data.
Private DNS Server
In cases where you want to use domain names to access Intranet servers on a remote private
network that has a DNS server, you must identify that DNS server. You cannot use DNS
servers on the LAN or from the ISP since these DNS servers cannot resolve domain names to
private IP addresses on the remote private network.
190
NBG460N User's Guide
- Quick Links:
- Getting to Know Your Nbg460N
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
