Manuals / Brands / Computer Equipment / Network Card / ZyXEL Communications / Computer Equipment / Network Card

ZyXEL Communications 794M 7.3 IPSec, 7.3.1 AH (Authentication Header), 7.3.2 ESP (Encapsulating Security Payload)

1 119

Download 119 pages, 5.18 Mb

83

Prestige 794M User’s Guide

7.3 IPSec

Internet Protocol Security (IPSec) is a standards-based VPN that offers flexible solutions for secure data communications across a public network like the Internet. IPSec is built around a number of standardized cryptographic techniques to provide confidentiality, data integrity and authentication at the IP layer.

7.3.1 AH (Authentication Header)

AH protocol (RFC 2402) was designed for integrity, authentication, sequence integrity (replay resistance), and non-repudiation but not for confidentiality, for which the ESP was designed.

In applications where confidentiality is not required or not sanctioned by government encryption restrictions, an AH can be employed to ensure integrity. This type of implementation does not protect the information from dissemination but will allow for verification of the integrity of the information and authentication of the originator.

7.3.2 ESP (Encapsulating Security Payload)

The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP authenticating properties are limited compared to the AH due to the non-inclusion of the IP header information during the authentication process. However, ESP is sufficient if only the upper layer protocols need to be authenticated.

An added feature of the ESP is payload padding, which further protects communications by concealing the size of the packet being transmitted.

Table 43 ESP and AH

	ESP	AH

Encryption	DES (default)
	Data Encryption Standard (DES) is a
	widely used method of data encryption
	using a secret key. DES applies a 56-bit
	key to each 64-bit block of data.
	3DES
	Triple DES (3DES) is a variant of DES,
	which iterates three times with three
	separate keys (3 x 56 = 168 bits),
	effectively doubling the strength of DES.
	AES
	Advanced Encryption Standard is a
	newer method of data encryption that
	also uses a secret key. Various secret
	key lengths (128, 192 and 256 bits) are
	implemented. AES is faster than 3DES.
	Select NULL to set up a phase 2 tunnel
	without encryption.

83	Chapter 7 VPN

Contents

User’s Guide Copyright Disclaimer Trademarks Federal Communications Commission (FCC) Interference Statement Notice Certifications Safety Warnings ZyXEL Limited Warranty Note Safety Warnings Customer Support Page Table of Contents Page Page QoS (Quality of Service) Static Route Page Page List of Figures Page List of Tables Page Preface About This User's Guide Related Documentation User Guide Feedback Syntax Conventions Graphics Icons Key Introduction 1.1 About Your Prestige 1.2 Features Multi-ModeStandard 10/100M Auto-negotiatingEthernet/Fast Ethernet Interface(s) Multiplexing Full Network Management Universal Plug and Play (UPnP) Network Address Translation (NAT) Firewall 1.3 Applications 1.3.1 Internet Access 1.3.2 Firewall for Secure Broadband Internet Access 1.3.3 VPN Application 1.3.4 LAN-to-LANApplication 1.4 Hardware Connection 1.4.1 Front Panel 1.5 Rear Panel The Web Configurator 2.1 Overview 2.2Accessing the Web Configurator 2.3 Resetting the Prestige 2.3.1 Procedure To Use The Reset Button 2.4Navigating the Web Configurator 2.4.1 The Status Screen 2.5System Status 2.6 ARP Table 2.6.1 How ARP Works 2.7 Routing Table 2.7.1 PPTP Status 2.7.2 IPSec Status 2.7.3 L2TP Status 2.7.4 Email Status 2.7.5 Event Log 2.7.6 Error Log 2.7.7 NAT Sessions 2.8 Internet Access Quick Start Setup Page 2.8.1 Auto Scan LAN 3.1 Overview 3.2 LAN TCP/IP 3.2.1 Factory LAN Defaults 3.2.2 IP Address and Subnet Mask 3.3The Ethernet Screen 3.4 Ethernet Client Filter 3.4.1 Ethernet Client Filter Candidates 3.5 Port Setting 3.6 DHCP 3.6.1 IP Pool Setup 3.6.2 DNS Servers 3.6.3DHCP Setup 3.6.3.1 Disable DHCP 3.6.3.2 DHCP Server Setup Page 3.6.4 DHCP Relay Agent DHCP Relay WAN 4.1 Overview 4.1.1 Encapsulation Types 4.1.1.1 RFC 4.1.1.2 PPPoE 4.2 ISP 4.2.1 Edit Settings 4.2.1.1 Advanced PPP Options Page 4.2.2 Change Connection Type 4.3DNS 4.4 SHDSL Parameters Table 25 SHDSL Page System 5.1 Overview 5.2 Time Zone 5.3 Remote Access 5.4 Firmware Upgrade 5.5Backup/Restore 5.6 Restart Router 5.7 User Management 5.7.1 Create a New User Account Page Firewall 6.1 Overview 6.2 Types of Firewalls 6.2.1Packet Filtering Firewalls 6.2.2 Application-levelFirewalls 6.2.3Stateful Inspection Firewalls 6.3 General Settings 6.4 Packet Filter Policy Firewall: General Settings 6.4.1 Add a New TCP/UDP Packet Filter 6.4.2 Add a New Raw Packet Filter 6.5 Intrusion Detection Intrusion Detection 6.6 URL Filter 6.6.1 Keywords Filtering 6.6.2 Domain Filtering 6.7 Firewall Log Page VPN 7.1 Overview 7.2 PPTP 7.2.1 PPTP Summary 7.2.2 Creating a PPTP VPN Rule 7.2.2.1 Remote Access Connection Page 7.2.2.2 LAN to LAN Connection Page 7.3 IPSec 7.3.1 AH (Authentication Header) 7.3.2 ESP (Encapsulating Security Payload) 7.3.3 Perfect Forward Secrecy (PFS) 7.3.4 Pre-SharedKey 7.3.5 IPSec VPN Summary 7.3.6 IPSec VPN Configuration Page 7.4 L2TP 7.4.1 Creating a New L2TP Rule 7.4.1.1 Remote Access L2TP Connection Page 7.4.1.2 LAN to LAN L2TP Connection Page Page 7.5 VPN Example 7.5.1 Example: Remote PPTP VPN Dial-inConnection 7.5.2 Example: Remote PPTP VPN Dial-outConnection MUST QoS (Quality of Service) 8.1 Overview 8.1.1 Prioritization Page 8.2 IP Throttling Page 8.3 QoS Example 8.3.1 Example Prioritization with QoS 8.3.2 Rate Limiting with IP Throttling Example 8.4 Time Schedule 8.4.1 Configuring a Time Schedule Page Static Route 9.1 Overview 9.2 Configuration Page Dynamic DNS 10.1 Overview 10.1.1 Configuration Page Check Emails 11.1 Overview 11.2 Configuring Page Device Management 12.1 Overview 12.1.1 Universal Plug and Play (UPnP) 12.1.1.1 How do I know if I'm using UPnP 12.1.1.2 Cautions with UPnP 12.1.2.1SNMPv3 12.1.2.2 SNMP Traps and MIBs 12.2 The Device Management Screen WAN Page 12.3 IGMP Numerics Index