Prestige 2602HW Series User’s Guide

17.2.2 ESP (Encapsulating Security Payload) Protocol

The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP authenticating properties are limited compared to the AH due to the non-inclusion of the IP header information during the authentication process. However, ESP is sufficient if only the upper layer protocols need to be authenticated.

An added feature of the ESP is payload padding, which further protects communications by concealing the size of the packet being transmitted.

Table 59 AH and ESP

 

ESP

AH

 

 

 

 

 

 

 

DES (default)

MD5 (default)

 

Data Encryption Standard (DES) is a widely

MD5 (Message Digest 5) produces a 128-bit

 

used method of data encryption using a

digest to authenticate packet data.

 

private (secret) key. DES applies a 56-bit key

 

 

to each 64-bit block of data.

 

 

3DES

SHA1

 

Triple DES (3DES) is a variant of DES, which

SHA1 (Secure Hash Algorithm) produces a

ENCRYPTION

iterates three times with three separate keys

160-bit digest to authenticate packet data.

(3 x 56 = 168 bits), effectively doubling the

 

 

strength of DES.

 

 

AES

 

 

Advanced Encryption Standard is a newer

 

 

method of data encryption that also uses a

 

 

secret key. This implementation of AES

 

 

applies a 128-bit key to 128-bit blocks of data.

 

 

AES is faster than 3DES.

 

 

Select NULL to set up a phase 2 tunnel

 

 

without encryption.

 

 

MD5 (default)

MD5 (default)

 

MD5 (Message Digest 5) produces a 128-bit

MD5 (Message Digest 5) produces a 128-bit

 

digest to authenticate packet data.

digest to authenticate packet data.

AUTHENTICATION

SHA1

SHA1

 

SHA1 (Secure Hash Algorithm) produces a

SHA1 (Secure Hash Algorithm) produces a

 

160-bit digest to authenticate packet data.

160-bit digest to authenticate packet data.

 

Select MD5 for minimal security and SHA1 for maximum security.

 

 

 

17.3 My IP Address

My IP Address is the WAN IP address of the Prestige. The Prestige has to rebuild the VPN tunnel if the My IP Address changes after setup.

The following applies if this field is configured as 0.0.0.0:

The Prestige uses the current Prestige WAN IP address (static or dynamic) to set up the VPN tunnel.

202

Chapter 17 VPN Screens