ZyXEL Communications 2602H Series manual 431

DESCRIPTION

Press [SPACE BAR] to choose from Main or Aggressive and then press [ENTER].

See earlier for a discussion of these modes. Multiple SAs connecting through a

secure gateway must have the same negotiation mode.

Prestige gateways authenticate an IKE VPN session by matching pre-shared keys.

Pre-shared keys are best for small networks with fewer than ten nodes. Enter your

pre-shared key here. Enter up to 31 characters. Any character may be used, including

spaces, but trailing spaces are truncated.

Both ends of the VPN tunnel must use the same pre-shared key. You will receive a

“PYLD_MALFORMED” (payload malformed) packet if the same pre-shared key is not

used on both ends.

The Prestige and the remote IPSec router generate an encryption key from the Diffie-

Hellman key exchange. Prestige DES encryption algorithm uses a 56-bit key.

Triple DES (3DES), is a variation on DES that uses a 168-bit key. As a result, 3DES is

more secure than DES. It also requires more processing power, resulting in slightly

increased latency and decreased throughput.

This implementation of AES uses a 128-bit key. AES is faster than 3DES.

Press [SPACE BAR] to choose from DES, 3DES or AES and then press [ENTER].

MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms

used to authenticate packet data. The SHA1 algorithm is generally considered

stronger than MD5, but is slightly slower.

Press [SPACE BAR] to choose from SHA1 or MD5 and then press [ENTER].

Define the length of time before an IKE Security Association automatically

renegotiates in this field. It may range from 60 to 3,000,000 seconds (almost 35 days).

A short SA Life Time increases security by forcing the two VPN gateways to update

the encryption and authentication keys. However, every time the VPN tunnel

renegotiates, all users accessing remote resources are temporarily disconnected.