ZyXEL Communications Vantage CNM 2.3 User Manual page 328
Centralized network management
Hide thumbs
Also See for Vantage CNM 2.3:
- Upgrade information (16 pages) ,
- Quick start manual (127 pages)
Table of Contents
Advertisement
Chapter 11 IPSec VPN
Table 130 Device Operation > Device Configuration > VPN > IPSec VPN > VPN
Connection > Add/Edit (IKE) (continued)
LABEL
Encryption
Authentication
Add icon
Total Records
SA Life Time
Perfect
Forward
Secrecy (PFS)
328
DESCRIPTION
This field is applicable when the Active Protocol is ESP. Select which
key size and encryption algorithm to use in the IPSec SA. Choices
are:
NULL - no encryption key or algorithm
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
AES128 - a 128-bit key with the AES encryption algorithm
AES192 - a 192-bit key with the AES encryption algorithm
AES256 - a 256-bit key with the AES encryption algorithm
The ZyWALL and the remote IPSec router must both have at least one
proposal that uses use the same encryption and the same key.
Longer keys are more secure, but require more processing power,
resulting in increased latency and decreased throughput.
Select which hash algorithm to use to authenticate packet data in the
IPSec SA. Choices are SHA1 and MD5. SHA1 is generally considered
stronger than MD5, but it is also slower.
The ZyWALL and the remote IPSec router must both have a proposal
that uses the same authentication algorithm.
This column contains icons to add and remove proposals.
To add a proposal, click the Add icon at the top of the column.
To remove a proposal, click the Remove icon next to the proposal.
The Vantage CNM confirms that you want to delete it before doing so.
This field displays the total number of proposals to use in the IPSec
SA.
Type the maximum number of seconds the IPSec SA can last. Shorter
life times provide better security. The ZyWALL automatically
negotiates a new IPSec SA before the current one expires, if there are
users who are accessing remote resources.
Select whether or not you want to enable Perfect Forward Secrecy
(PFS) and, if you do, which Diffie-Hellman key group to use for
encryption. Choices are:
NONE - disable PFS
DH1 - enable PFS and use a 768-bit random number
DH2 - enable PFS and use a 1024-bit random number
DH5 - enable PFS and use a 1536-bit random number
PFS changes the root key that is used to generate encryption keys for
each IPSec SA. The longer the key, the more secure the encryption,
but also the longer it takes to encrypt and decrypt information. Both
routers must use the same DH key group.
Vantage CNM User's Guide
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications Vantage CNM 2.3
Related Products for ZyXEL Communications Vantage CNM 2.3
- ZyXEL Communications VANTAGE CNM - V3.1
- ZyXEL Communications VANTAGE CNM 2.0 -
- ZyXEL Communications VANTAGE CNM V2.0 -
- ZyXEL Communications Vantage CNM 2.2
- ZyXEL Communications VANTAGE REPORT -
- ZyXEL Communications VANTAGE REPORT - V3
- ZyXEL Communications VANTAGE REPORT - V3.0
- ZyXEL Communications Vantage Report 3.0
- ZyXEL Communications VANTAGE CNM - QUICK GUIDE V3.1
- ZyXEL Communications VANTAGE CNM QUICK START GUIDE - 1
- ZyXEL Communications Vantage Access
- ZyXEL Communications Centralized Network Management Vantage CNM
- ZyXEL Communications Comet 3356
- ZyXEL Communications CAM5525
- ZyXEL Communications COMET 336
- ZyXEL Communications Cable Modem