degrees of security and speed of negotiation:

Main Mode: Uses the automated Internet Key Exchange (IKE) setup; most secure method with the highest level of security.

Aggressive Mode: Uses the automated Internet Key Exchange (IKE) setup; mid-level security. Speed is faster than Main mode.

Manual Key: Standard level of security. It is the fastest of the three

methods.

Method: There are two methods of checking the authentication information, AH (Authentication Header) and ESP (Encapsulating Security Payload). Use ESP for greater security so that data will be encrypted and authenticated. AH data will be authenticated but not encrypted.

Encryption Protocol: Select the encryption method from the pull-down menu. There are several options: DES, 3DES, and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency.

DES: Stands for Data Encryption Standard. It uses a 56-bit encryption

method.

3DES: Stands for Triple Data Encryption Standard. It uses a 168-bit encryption method.

AES: Stands for Advanced Encryption Standard. You can use 128, 192 or 256 bits as encryption method.

Authentication Protocol: Authentication establishes data integrity and ensures it is not tampered with while in transit. There are two options: Message Digest 5 (MD5), and Secure Hash Algorithm (SHA1). While slower, SHA1 is more resistant to brute-force attacks than MD5.

MD5: A one-way hashing algorithm that produces a 128−bit hash.

SHA1: A one-way hashing algorithm that produces a 160−bit hash. Perfect Forward Secure: Choose whether to enable PFS using Diffie-Hellman

public-key cryptography to change encryption keys during the second phase of VPN negotiation. This function will provide better security, but extends the VPN negotiation time. Diffie-Hellman is a public-key cryptography protocol that allows two parties to establish a shared secret over the Internet.

Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts).

IKE Life Time: Allows you to specify the timer interval for renegotiation of the IKE security association. The value is in seconds, e.g. 28800 seconds = 8 hours.

99

Page 98 Page 100
Page 99
Image 99
Billion Electric Company BiGuard 10, BiGuard 2 user manual
Page 98 Page 100
Top Page Image Contents