Prestige 2602H/HW Series User’s Guide
17.2.2 ESP (Encapsulating Security Payload) Protocol
The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP authenticating properties are limited compared to the AH due to the
An added feature of the ESP is payload padding, which further protects communications by concealing the size of the packet being transmitted.
Table 66 AH and ESP
| ESP | AH |
|
|
|
| DES (default) | MD5 (default) |
| Data Encryption Standard (DES) is a widely | MD5 (Message Digest 5) produces a |
| used method of data encryption using a | digest to authenticate packet data. |
| private (secret) key. DES applies a |
|
| to each |
|
| 3DES | SHA1 |
| Triple DES (3DES) is a variant of DES, which | SHA1 (Secure Hash Algorithm) produces a |
| iterates three times with three separate keys | |
ENCRYPTION | (3 x 56 = 168 bits), effectively doubling the |
|
strength of DES. |
| |
|
| |
| AES |
|
| Advanced Encryption Standard is a newer |
|
| method of data encryption that also uses a |
|
| secret key. This implementation of AES |
|
| applies a |
|
| AES is faster than 3DES. |
|
| Select NULL to set up a phase 2 tunnel |
|
| without encryption. |
|
| MD5 (default) | MD5 (default) |
| MD5 (Message Digest 5) produces a | MD5 (Message Digest 5) produces a |
| digest to authenticate packet data. | digest to authenticate packet data. |
AUTHENTICATION | SHA1 | SHA1 |
| SHA1 (Secure Hash Algorithm) produces a | SHA1 (Secure Hash Algorithm) produces a |
| ||
| Select MD5 for minimal security and SHA1 for maximum security. | |
|
|
|
17.3 My IP Address
My IP Address is the WAN IP address of the Prestige. The Prestige has to rebuild the VPN tunnel if the My IP Address changes after setup.
The following applies if this field is configured as 0.0.0.0:
•The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel.
214 | Chapter 17 VPN Screens |