Chapter 3
Configuration via Local Pages
Parameter table The following table summarizes the parameters comprised in the connection security descriptor:
Parameter | Description | |
|
| |
Descriptor name | Symbolic name to identify the Descriptor. | |
|
| |
Crypto | Cryptographic function to be used for the IPSec Security | |
Association. | ||
| ||
|
| |
Integrity | Hashing function used for message authentication. | |
|
| |
Encapsulation | Selects the ESP encapsulation mode. | |
|
| |
PFS | Selects the use of Perfect Forward Secrecy | |
|
| |
The lifetime of the IPSec Security Association. At | ||
expiration of this period | ||
| ||
|
| |
The maximum data volume transported before | ||
occurs. | ||
| ||
|
|
Connection Descriptor Internal symbolic name to identify the Connection Descriptor. name
Crypto The table below shows the cryptographic functions supported by the SpeedTouch™ along with their corresponding key size:
Algorithm | Valid key lengths (bits) |
|
|
DES | 56 |
|
|
3DES | 168 |
|
|
AES | 128, 192, 256 |
|
|
NULL | - |
|
|
DES is relatively slow and is the weakest of the algorithms, but it is the industry standard.
3DES is a stronger version of DES, but is the slowest of the supported algorithms (for a comparable key length).
AES is the new encryption standard selected by the American government to replace DES/3DES. It is recommended to use AES since it is the most advanced of the supported encryption methods.
NULL encryption: The message is not encrypted. Selecting NULL encryption achieves authentication without encryption, being equivalent to the use of the Authentication Header (AH) that is no longer supported from Release R5.3.0 onwards.
In addition, NULL encryption may be useful for testing purposes since the messages on the communication link can be interpreted. Message authentication remains active.
97 | |
|
