SonicWALL Internet Security Appliances

Page 184 SonicWALL Internet Security Appliance Administrator’s Guide

•Phase 1 Encryption/Authentication - select an encrypt ion method from the Encrypt io n/Authen-

tication for the VPN tunnel. If you select IKE using Pre-S hared Secret f or y our SA, yo u c an se lec t

from one of eight encryption met hods:

*AES support is available on ly on the PRO 230 and PRO 330.

The encryption methods are listed in order from least secure to most secure. If network speed

is preferred, then select DES & MD5. If network security is preferred, select 3DES & SHA1. To

compromise between network speed and network security, select DES & SHA1. AES (Advanced

Encryption Standard) is an encryption method for securing sensitive but unclassified material

by U.S. Government agencies.

Phase 2 Encryption/Authentication - The following encryption methods are available for IKE using

Preshared Secret:

- Tun nel Only (ES P Null) - does not provide encryption or authentication. This option offers

access to computers at private addresses behind NAT and allows unsupported services through

the SonicWALL.

- Encrypt (ESP DES) - uses 56-bit DES to encrypt data. DES is an extremely secure encryption

method supporting over 72 quadrillion possible encryption keys to encrypt data.

- Fast E ncrypt (ESP ARCFour) - uses 56-bit ARCFour to encrypt data. ARCFour is a secure

encryption method and has little impact on the throughput of the SonicWALL.

- Strong Encrypt (ESP 3DES) - uses 168-bit 3DES (Triple DES) to encrypt data. 3DES is

considered to be an almost “unbreakable” encryption method, applying three DES keys in

succession, but it significantly impacts the data throughput of the SonicWALL.

- Strong Encrypt and Authenticate (ESP 3DES HMAC MD5) - uses 168-bit 3DES encryption and

HMAC MD5 authentication. 3DES is an extremely secure encryption method, and HMAC MD5 is

used to verify integrity. This method signi ficantly i mpacts the d ata throughput of the SonicWAL L.

- Strong Encrypt for Checkpoint (ESP 3DES) - interoper able with CheckPoi nt Firewall-1. In

manual key mode, Encrypt for CheckPoint uses 168-bit DES to encrypt data.

- Strong Encrypt and Authentic ate (ESP 3DES HMAC SHA1) - uses 168-bit 3DES encryption and

HMAC SHA1 authe ntication. 3DES is an extrem ely secure encryption meth od, and HMAC SHA1

is used to verify integrity. This method significantly impacts the data throughput of the

SonicWALL.

- Encrypt for Check poi nt (ESP DES HM AC MD 5) - uses 56-bit DES encryption and HMAC MD5

authentication. This method is compatible with CheckPoint Firewall-1.

DES & MD5 A E S -12 8 & MD 5*

DES & SHA1 AES-128 & SHA1*

3DES & MD5 AES-256 & MD5*

3DES & SHA1 AES-256 & SHA1*