ZyXEL Communications Vantage CNM User Manual page 188

Vantage CNM User's Guide
Table 65 Configuration > VPN >Manual Tunnel IPSec Detail (continued)
LABEL
Peer IP
Address Start
Address End
SPI
Active Protocol
Encapsulation
Encryption Algorithm
Authentication Algorithm
Encryption Key
Authentication Key
187
Type the IP address of the computer with which you will make the VPN
connection or leave the field blank to have the ZyXEL device
automatically use the address in the Secure Gateway field.
When the Address Type field is configured to Single, enter a (static)
IP address on the LAN behind the ZyXEL device. When the Address
Type field is configured to Range, enter the beginning (static) IP
address, in a range of computers on the LAN behind the ZyXEL
device. When the Address Type field is configured to Subnet, this is a
(static) IP address on the LAN behind the ZyXEL device.
When the Address Type field is configured to Single, this field is N/A.
When the Address Type field is configured to Range, enter the end
(static) IP address, in a range of computers on the LAN behind the
ZyXEL device. When the Address Type field is configured to Subnet,
this is a subnet mask on the LAN behind the ZyXEL device.
Type a number (base 10) from 1 to 999999 for the Security Parameter
Index.
Select ESP if you want to use ESP (Encapsulation Security Payload).
The ESP protocol (RFC 2406) provides encryption as well as some of
the services offered by AH. If you select ESP here, you must select
options from the Encryption Algorithm and Authentication
Algorithm fields.
Select AH if you want to use AH (Authentication Header Protocol). The
AH protocol (RFC 2402) was designed for integrity, authentication,
sequence integrity (replay resistance), and non-repudiation but not for
confidentiality, for which the ESP was designed. If you select AH here,
you must select options from the Authentication Algorithm field.
Select Tunnel mode or Transport mode from the drop-down list box.
Select DES, 3DES or NULL from the drop-down list box.
When you use DES or 3DES, both sender and receiver must know the
Encryption Key, which can be used to encrypt and decrypt the
messages. The DES encryption algorithm uses a 56-bit key. Triple
DES (3DES) is a variation on DES that uses a 168-bit key. As a result,
3DES is more secure than DES. It also requires more processing
power, resulting in increased latency and decreased throughput.
Select NULL to set up a tunnel without encryption. When you select
NULL, you do not enter an encryption key.
When you use SHA1 or MD5, both sender and receiver must know the
Authentication Key, which can be used to generate and verify a
message authentication code. Select SHA1 or MD5 from the drop-
down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash
Algorithm) are hash algorithms used to authenticate packet data. The
SHA1 algorithm is generally considered stronger than MD5, but is
slower. Select MD5 for minimal security and SHA-1 for maximum
security.
This field only applies when you select ESP. With DES, type a unique
key 8 ASCII characters long. With 3DES, type a unique key 24 ASCII
characters long. Any characters may be used, including spaces, but
trailing spaces are truncated.
Type a unique authentication key to be used by IPSec if applicable.
Enter 16 characters for MD5 authentication or 20 characters for SHA-1
authentication. Any characters may be used, including spaces, but
trailing spaces are truncated.
DESCRIPTION
Chapter 11 Configuration > VPN