ZyXEL Communications VMG8324-B10A series User Manual page 227
Wireless n vdsl2 voip combo wan gigabit iad
Hide thumbs
Also See for VMG8324-B10A series:
- Quick start manual (2 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
Table 104 Security > IPSec VPN: Add/Edit
LABEL
Perfect Forward
Secrecy (PFS)
Key Life Time
The following fields are available if you select Manual in the Key Exchange Method field.
Encryption
Algorithm
Encryption
Key
Authentication
Algorithm
Authentication
Key
SPI
OK
Cancel
VMG8324-B10A / VMG8324-B30A Series User's Guide
DESCRIPTION
Select whether or not you want to enable Perfect Forward Secrecy (PFS)
PFS changes the root key that is used to generate encryption keys for each IPSec SA. The
longer the key, the more secure the encryption, but also the longer it takes to encrypt and
decrypt information. Both routers must use the same DH key group. Choices are:
None - do not use any random number.
768bit(DH Group1) - use a 768-bit random number
1024bit(DH Group2) - use a 1024-bit random number
1536bit(DH Group5) - use a 1536-bit random number
2048bit(DH Group14) - use a 2048-bit random number
3072bit(DH Group15) - use a 3072-bit random number
4096bit(DH Group16) - use a 4096-bit random number
Define the length of time before an IPSec SA automatically renegotiates in this field.
A short SA Life Time increases security by forcing the two VPN gateways to update the
encryption and authentication keys. However, every time the VPN tunnel renegotiates, all
users accessing remote resources are temporarily disconnected.
Select which key size and encryption algorithm to use in the IKE SA. Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
EPS_NULL - no encryption key or algorithm
This field is applicable when you select an Encryption Algorithm.
Enter the encryption key, which depends on the encryption algorithm.
DES - type a unique key 16 hexadecimal characters long
3DES - type a unique key 48 hexadecimal characters long
Select which hash algorithm to use to authenticate packet data. Choices are MD5, SHA1.
SHA is generally considered stronger than MD5, but it is also slower.
Enter the authentication key, which depends on the authentication algorithm.
MD5 - type a unique key 32 hexadecimal characters long
SHA1 - type a unique key 40 hexadecimal characters long
Type a unique SPI (Security Parameter Index) in hexadecimal characters.
The SPI is used to identify the Device during authentication.
The Device and remote IPSec router must use the same SPI.
Click OK to save your changes.
Click Cancel to restore your previously saved settings.
Chapter 20 VPN
227
- Quick Links:
- Introducing the Device
- Leds (Lights)
Hide quick links:
Advertisement
Table of Contents
