ZyXEL Communications ZyXEL Prestige 794M User Manual page 86

Shdsl 4-port internet security gateway
Hide thumbs Also See for ZyXEL Prestige 794M:
Table of Contents

Advertisement

Table 44 VPN Rules (IKE): Add Policy (continued)
LABEL
Single Address
Subnet
IP Range
Proposal
ESP
Authentication
Encryption
AH
Authentication
Perfect Forward
Secret
Chapter 7 VPN
DESCRIPTION
Select Single Address to allow one VPN client with the specified IP address to
use the VPN connection.
Enter a single IP address in the IP Address field.
Select Subnet Address to allow more than one computer in the specified
subnet to use the VPN connection.
Enter the IP address and subnet mask in the IP Address and Netmask fields
respectively.
Select IP Range to allow more than one computer in the specified IP address
range to use the VPN connection.
Enter the starting and ending IP addresses in the IP Address and End IP fields
respectively.
Select ESP to provide basic authentication and data encryption for the VPN
connection.
Specify the method to authenticate data packet in this field. Choices are None,
MD5 and SHA1.
Select None to disable authentication.
Select MD5 (Message Digest 5) for minimal security and SHA1 (Secure Hash
Algorithm) for maximum security.
Specify the method to encrypt data packet in this field. Choices are NULL, DES,
3DES, AES128, AES 192 and AES 256.
When DES is used for data communications, both sender and receiver must
know the same secret key, which can be used to encrypt and decrypt the
message or to generate and verify a message authentication code. The DES
encryption algorithm uses a 56-bit key.
Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result,
3DES is more secure than DES. It also requires more processing power,
resulting in increased latency and decreased throughput.
For this implementation, select AES 128, AES 192 or AES 256 that uses
different encryption key lengths. AES is faster than 3DES. S
elect NULL to set up a tunnel without encryption. When you select NULL, you
do not enter an encryption key.
Select AH to authenticate and ensure the integrity of data packets.
Specify the method to authenticate data packet in this field. Choices are MD5
and SHA1.
Select MD5 (Message Digest 5) for minimal security and SHA1 (Secure Hash
Algorithm) for maximum security.
Perfect Forward Secret (PFS) is disabled (None) by default in phase 2 IPSec
SA setup. This allows faster IPSec setup, but is not so secure.
Specify an MODP (Modular Exponentiation Groups) mode from the drop-down
list box. Choices are MODP 768-bit (Group 1), MODP 1024-bit (Group 2) and
MODP 1536-bit (Group 5). The larger the random number bits, the higher the
security ut slower.
Prestige 794M User's Guide
86

Advertisement

Table of Contents
loading

This manual is also suitable for:

P-794m

Table of Contents