Chapter 12 IPSec VPN

Table 75 Security > IPSec VPN > IPSec Setting > Manual (continued)

LABEL

DESCRIPTION

IP

When the remote IP address type is configured to Single Address,

Subnetmask

this field is not available.

 

When the remote IP address type is configured to Subnet, enter a

 

subnet mask on the network behind the remote IPSec router.

 

 

Protocol

This field displays ESP and the P-2812HNU-51c uses ESP

 

(Encapsulation Security Payload) for VPN. The ESP protocol (RFC 2406)

 

provides encryption as well as some of the services offered by AH.

 

 

Key Exchange

Select Auto(IKE) or Manual from the drop-down list box. Auto(IKE)

Method

provides more protection so it is generally recommended. Manual is a

 

useful option for troubleshooting if you have problems using

 

Auto(IKE) key management.

 

 

Encryption

Select DES, 3DES, AES(aes-cbc)or ESP_NULL from the drop-down

Algorithm

list box.

 

When you use one of these encryption algorithms for data

 

communications, both the sending device and the receiving device

 

must use the same secret key, which can be used to encrypt and

 

decrypt the message or to generate and verify a message

 

authentication code. The DES encryption algorithm uses a 56-bit key.

 

Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a

 

result, 3DES is more secure than DES. It also requires more

 

processing power, resulting in increased latency and decreased

 

throughput. This implementation of AES(aes-cbc)in Cipher Block

 

Chaining (CBC) mode uses a 128-bit key. AES is faster than 3DES.

 

Select ESP_NULL to set up a tunnel without encryption. When you

 

select ESP_NULL, you do not enter an encryption key.

 

 

Encryption Key

Type 16 hexadecimal ("0-9", "A-F") characters if you select to use the

 

DES encryption algorithm or 48 hexadecimal characters if you use the

 

3DES encryption algorithm.

 

 

Authentication

Select SHA1 or MD5 from the drop-down list box. MD5 (Message

Algorithm

Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used

 

to authenticate packet data. The SHA1 algorithm is generally

 

considered stronger than MD5, but is slower. Select MD5 for minimal

 

security and SHA-1for maximum security.

 

 

Authentication

Type 32 hexadecimal ("0-9", "A-F") characters if you select to use the

Key

MD5 authentication algorithm or 40 hexadecimal characters if you use

 

the SHA1 authentication algorithm.

 

 

SPI

Type a number (base 10) from 1 to 999999 for the Security Parameter

 

Index.

 

 

NAT Traversal

Select Enable if you want to set up a VPN tunnel when there are NAT

 

routers between the P-2812HNU-51c and remote IPSec router. The

 

remote IPSec router must also enable NAT traversal, and the NAT

 

routers have to forward UDP port 500 packets to the remote IPSec

 

router behind the NAT router. Otherwise, select Disable.

 

 

Advanced IKE

Click Show Advanced Settings to display and configure more

Settings

detailed settings of your IKE key management. Otherwise, click Hide

 

Advanced Settings.

 

 

Enable Manual

Select this option to specify how to identify the P-2812HNU-51c and

ID Type

remote IPSec router.

 

 

264

 

P-2812HNU-51c User’s Guide