Chapter 3
Configuration via Local Pages
Integrity The SpeedTouch™ supports two types of hashing algorithms:
Hashing algorithm
MD5
SHA1
HMAC is always used as integrity algorithm, combined with either MD5 or
SHA1.
SHA1 is stronger than MD5, but slightly slower.
Encapsulation Tunnel mode is used in all applications where the SpeedTouch™ is the IPSec
Security Gateway for the connected hosts.
Transport mode can be used only for information streams generated or terminated by the SpeedTouch™ itself. For example, remote management applications may use this setting.
PFS Enables or disables the use of Perfect Forward Secrecy. A lot of vendors have Perfect Forward Secrecy (PFS) enabled by default for the Phase 2 negotiation. In order to configure this on the SpeedTouch™, the use of PFS must be enabled in the Connection Security Descriptor by selecting the PFS check box.
PFS provides better security, but increases the key calculation overhead. With PFS enabled, the independence of Phase 2 keying material is guaranteed. Each time the Phase 2 tunnel is rekeyed, a
Not enabling PFS means that the new Phase 2 key is derived from keying material present in the SpeedTouch™ as a result of the
lifetime measured in: | Minimum value | Maximum value |
|
|
|
seconds | 240 (=4 minutes) | 31536000 (=1 year) |
|
|
|
lifetime measured in: | Minimum value | Maximum value |
|
|
|
kilobytes | 1 | 230 = 1 073 741 824 |
|
|
|
98 | |
|
