SonicWALL Internet Security Appliances Security Policy Settings using Manual Key

SonicWALL VPN Page 185

- Encrypt and Authenticate (ESP DES HMAC MD5) - uses 56-bit DES encryption and HMAC MD5

authentication. This method impacts the data throughput of VPN communications. SonicWALL

VPN client supports this method.

- Authe ntic ate (A H MD 5) - uses AH to authenticate and MD5 to generate a 128-bit message

digest.

- Authenticate (AH SHA1) - uses AH to authenticate and SHA1 to generate a 160-bit message

digest.

- Authenticate (ESP MD5) - authenticates using ESP as the security protocol and MD5 to

generate a 128-bit me ssage digest.

- Authenticate (ESP SHA1) - authenticates using ESP as the security protocol and SHA1 to

generate a 160-bit me ssage digest.

- Encrypt and Authenticate ( ESP DES HMAC SH A1) - uses 5 6-bit DES enc rypti on and HMAC S HA1

authentication.

- Strong Encryp t (ESP AES-128) - uses ESP to authenticate and 128-bit AES to encrypt.

- Strong Encrypt and Authenticate (ESP AES-128 HMAC MD5) - uses 128-bit AES encryption and

HMAC MD5 authentication.

- Strong Encrypt and Au thenti cate (E SP AES-1 28 HMAC SHA 1) - uses 128-bit AES encryption and

HMAC SHA1 authentication.

*AES support is available on ly on the PRO 230 and PRO 330.

•If IKE using Pre-sh ared Secret is selected for the IPSec Keying Mode, the Shared Secret field is

displayed and you can enter your shared secret.

Security Policy Settings using Manual Key

Manual Key is configured dif ferently than IKE using Pre-shared Secret or Group VPN. It requires an

Incoming and Outgoing Security Parameter Index (SPI) as well as an Encryption K ey and

Authentication Key.

•Incoming SPI - Enter the Security Parameter Index (SPI) that the remote location transmits to

identify the Security Association used for the VPN Tunnel. The SPI may be up to eight characters

long and is comprised of hexadecimal characters. Valid hexadecimal characters are "0" to "9",

and "a" to "f" inclu sive (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f).

•Outgoing SPI - Enter the Security Parameter Index (SPI) that the local SonicWALL transmits to

identify the Security Association used for the VPN Tunnel. The SPI may be up to eight characters

long and is comprise d of hexadecimal characters.

Tip A Security Association's SPI mu st be unique when compa red to SP Is used in other S ecurity

Associations. However, a Secur ity A sso ci ation' s I ncoming SP I may be th e same as t he Out goin g SPI .