ZyXEL Communications Vantage CNM 2.3 User Manual page 481
Centralized network management
Hide thumbs
Also See for Vantage CNM 2.3:
- Upgrade information (16 pages) ,
- Quick start manual (127 pages)
Table of Contents
Advertisement
Table 211 VPN Management > VPN Community > Add/Edit (continued)
FIELD
SA Life Time
(Seconds)
Key Group
Enable Multiple
Proposals
Phase 2
Active Protocol
Encryption
Algorithm
Authentication
Algorithm
SA Life Time
(Seconds)
Vantage CNM User's Guide
DESCRIPTION
Define the length of time before an IKE SA automatically
renegotiates in this field. It may range from 180 to 3,000,000
seconds (almost 35 days).
Select which Diffie-Hellman key group (DHx) you want to use for
encryption keys. Choices are:
DH1 - use a 768-bit random number
DH2 - use a 1024-bit random number
Select this to allow the Vantage CNM to use any of its phase 1 key
groups and encryption and authentication algorithms when
negotiating an IKE SA.
When you enable multiple proposals, the Vantage CNM allows the
remote IPSec router to select which phase 1 key groups and
encryption and authentication algorithms to use for the IKE SA,
even if they are less secure than the ones you configure for the VPN
rule.
Clear this to have the Vantage CNM use only the configured phase 1
key groups and encryption and authentication algorithms when
negotiating an IKE SA.
Select the security protocols used for an SA.
Both AH and ESP increase processing requirements and
communications latency (delay).
Select which key size and encryption algorithm to use in the IKE
SA. Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
NULL - no encryption key or algorithm
AES - a 128-bit key with the AES encryption algorithm
The Vantage CNM and the remote IPSec router must use the same
algorithms and keys. Longer keys require more processing power,
resulting in increased latency and decreased throughput.
Select which hash algorithm to use to authenticate packet data in
the IPSec SA. Choices are SHA1 and MD5. SHA1 is generally
considered stronger than MD5, but it is also slower.
Define the length of time before an IPSec SA automatically
renegotiates in this field. The minimum value is 180 seconds.
A short SA Life Time increases security by forcing the two VPN
gateways to update the encryption and authentication keys.
However, every time the VPN tunnel renegotiates, all users
accessing remote resources are temporarily disconnected.
Chapter 20 VPN Community
481
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications Vantage CNM 2.3
Related Products for ZyXEL Communications Vantage CNM 2.3
- ZyXEL Communications VANTAGE CNM - V3.1
- ZyXEL Communications VANTAGE CNM 2.0 -
- ZyXEL Communications VANTAGE CNM V2.0 -
- ZyXEL Communications Vantage CNM 2.2
- ZyXEL Communications VANTAGE REPORT -
- ZyXEL Communications VANTAGE REPORT - V3
- ZyXEL Communications VANTAGE REPORT - V3.0
- ZyXEL Communications Vantage Report 3.0
- ZyXEL Communications VANTAGE CNM - QUICK GUIDE V3.1
- ZyXEL Communications VANTAGE CNM QUICK START GUIDE - 1
- ZyXEL Communications Vantage Access
- ZyXEL Communications Centralized Network Management Vantage CNM
- ZyXEL Communications Comet 3356
- ZyXEL Communications CAM5525
- ZyXEL Communications COMET 336
- ZyXEL Communications Cable Modem