Table of Contents
Advertisement
Table 54 VPN Branch Office rule setup
Label
ESP
AH
Encryption Algorithm
Authentication
Algorithm
Advanced
Apply
Cancel
Description
Select ESP if you want to use ESP (Encapsulation Security
Payload). The ESP protocol (RFC 2406) provides encryption as
well as the services offered by AH. If you select ESP here, you
must select options from the Encryption Algorithm and
Authentication Algorithm fields (described next).
Select AH if you want to use AH (Authentication Header
Protocol). The AH protocol (RFC 2402) was designed for integrity,
authentication, sequence integrity (replay resistance), and
nonrepudiation, but not for confidentiality, for which the ESP was
designed. If you select AH here, you must select options from the
Authentication Algorithm field.
Select DES, 3DES, AES 128, AES 192, AES 256 or NULL from
the drop-down list.
When you use one of these encryption algorithms for data
communications, both the sending device and the receiving
device must use the same secret key, which can be used to
encrypt and decrypt the message or to generate and verify a
message authentication code. The DES encryption algorithm
uses a 56-bit key. Triple DES (3DES) is a variation on DES that
uses a 168-bit key. As a result, 3DES is more secure than DES. It
also requires more processing power, resulting in increased
latency and decreased throughput. You can select a 128-bit,
192-bit, or 256-bit key with this implementation of AES. AES is
faster than 3DES.
Select NULL to set up a tunnel without encryption. When you
select NULL, you do not enter an encryption key.
Select SHA1 or MD5 from the drop-down list. MD5 (Message
Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms
used to authenticate packet data. The SHA1 algorithm is
generally considered stronger than MD5, but is slower. Select
MD5 for minimal security and SHA-1 for maximum security.
Click Advanced to go to a screen where you can configure
detailed IKE (Internet Key Exchange) negotiation–phase 1
(Authentication) and phase 2 (Key Exchange) settings for the
rule.
Click Apply to save your changes to the Business Secure Router.
Click Cancel to return to the VPN Summary screen without
saving your changes.
Nortel Business Secure Router 252 Configuration — Basics
Chapter 13 VPN 229
Advertisement
Table of Contents
Troubleshooting
